I have an interesting problem where I have been tasked to run a simple PS script remotely on multiple severs. The script is inconsequential, however the challenge is that even though we can manually remotely enter a session on each server (Enter-PSsession) due to the fact that we have a VPN to each site, each server is on a completely different domain…meaning the administrator credentials to each server requires different "domain name "/administrator and passswords.
Usually if I create an automated script that needs to reach out to a different server like this, I create a secure password file and then use that to authenticate, however there are 60 + servers to connect to, which implies I would have to create 60 + secure password files.
Is there any other easier way to accomplish this?
You can use the Get-SBCredential function of the AZSBTools PS module.
The script may go something like this:
# Install-Module -Name AZSBTools
[CmdletBinding(ConfirmImpact='Low')]
Param(
[Parameter(Mandatory=$false)][HashTable[]]$ComputerList = @(
@{ ComputerName = 'Server1.domain1.com'; AdminName = 'domain1\admin1'}
@{ ComputerName = 'Server2.domain2.com'; AdminName = 'domain2\admin2'}
@{ ComputerName = 'Server3.domain3.com'; AdminName = 'domain3\admin3'}
),
[Parameter(Mandatory=$false)][ValidateScript({Test-Path $_})][String]$KeyChainFolder = 'd:\Sandbox\KeyChain'
)
foreach ($ComputerITem in $ComputerList) {
$Cred = Get-SBCredential -UserName $ComputerITem.ComputerName -CredPath $KeyChainFolder
Invoke-Command -ComputerName $ComputerITem.ComputerName -Credential $Cred -ScriptBlock {
Get-ADUser 'samb' -Properties LastLogon # or some other task
}
}
The first time a credential is used you will be prompted to type in the pwd. It will be saved in an encrypted file in the $KeyChain folder