I'm trying to run a Powershell script triggered by a Service Request via Quick Action (run a program). The script does some stuff in Active Directory.
When the script is run by the Quick Action on a remote server, I get the following errors:
After "Import-Module ActiveDirectory":
WARNING: Error initializing default drive: 'Unable to contact the server. This may be because this server does not
exist, it is currently down, or it does not have the Active Directory Web Services running.'.
Afer any following AD cmdlet, e.g. "Get-ADUser -Identity AdamSam":
Unable to contact the server. This may be because this server does not exist, it is currently down, or it does not
have the Active Directory Web Services running.
+ CategoryInfo : ResourceUnavailable: (AdamSam:ADUser) [Get-ADUser], ADServerDownException
+ FullyQualifiedErrorId : ActiveDirectoryServer:0,Microsoft.ActiveDirectory.Management.Commands.GetADUser
I did some research and there is a way to do this by using Credssp authentication ("2nd-Hop-Problem", Kerberos Delegation). So I followed instructions to enable Credssp.
Manually I run a Powershell console and use the command:
Enter-PSSession -ComputerName <targetcomputer> -Credential (Get-Credential) -Authentication Credssp
Works fine! I had the same errors described above when I tried it manually before Credssp was enabled, so Credssp is a resolution.
My question now is: how do I set up the quick action to use Credssp?
Currently it looks like this:
Connection: MyConnection (connection to target computer configured with an user that has admin rights)
Program with path: C:\Windows\System32\WindowsPowerShell\v1.0\Powershell.exe
Arguments: -File D:\Scripts\MyScript.ps1 param1 param2 param2
Wait for the program to finish: true
Show Output: true
Output Field: ScriptResult
As far as I know, there is no commandline parameter for Powershell.exe to change authentication method
Has anybody tried this yet?