Poweshell under the security context of another user (RunAs)

Recently i needed to run some powershell scripts under multiple security context’s – the main reason for this was my client’s strict delegation model.

We ended up with multiple service account with rights only to the needed systems (Its not such a bad thing!)

The result was this powershell script to change security context

$SPAccountName = “<username>”;
$AccountPassword = “<password>”;
$AccountPasswordAsSecureString = $AccountPassword | ConvertTo-SecureString -Force -AsPlainText
$credential = New-Object System.Management.Automation.PsCredential(“$env:userdomain\$SPAccountName”,$AccountPasswordAsSecureString)
$SvcAccSession = New-PSSession -Credential $credential;
Invoke-Command -Session $SvcAccSession -Script { Import-Module ActiveDirectory }
Invoke-Command -Session $SvcAccSession -Script { Get-AdGroupMember “Some-group”}

In the above example we just get the member of some application group – but really, you can do whatever you like.

If you need it to query a specific server you can use -Computername <servername> right after New-PSSession.

This method also came in rather handy when running service-side powershell execution invoked by a webservice.. but more on that later

 

Unable to use Power Shell AD cmdlets on Remote Server

I came across this error when building a web service executing powershell cmdlets

When executing the commands directly on the server worked without problems

but when using New-PSSession to invoke the scripts I ended up with the following error:

WARNING: Error initializing default drive: ‘Unable to contact the server. This
may be because this server does not exist, it is currently down, or it does not
have the Active Directory Web Services running.’.
Unable to contact the server. This may be because this server does not exist,
it is currently down, or it does not have the Active Directory Web Services
running.
+ CategoryInfo : ResourceUnavailable: (:) [Get-ADObject], ADServe
rDownException
+ FullyQualifiedErrorId : ActiveDirectoryServer:0,Microsoft.ActiveDirector
y.Management.Commands.GetADObject
+ PSComputerName : localhost

Note that PSComputerName was not defined in my script – default is localhost.

To resolve the problem i did the following:

  1. Added “-Computername <Server1>” to my script file (Server1 is a domain controller, that had Active Directory Web Services running (default on Domain controllers running Windows Server 2012 R2) (Check Link for running on Windows Server 2003 and Windows Server 2008)
  2. Executed “Winrm QuickConfig” on Server1

I was searching for groups with a specific like description with the following command: get-adobject -Filter {description -like “ps1*”}

and the result with the problem solved:

PSComputerName : Server1
RunspaceId : b83f4390-36b7-4cfa-8539-279b12fce09f
DistinguishedName : CN=Application Group
1,OU=Applications,DC=ThomasMarcussen,DC=com
Name : Application Group 1
ObjectClass : group
ObjectGUID : 4c57f3b5-726b-4de7-882b-2c80b3f0fdb8

PSComputerName : Server1
RunspaceId : b83f4390-36b7-4cfa-8539-279b12fce09f
DistinguishedName : CN=Application Group
2,OU=Applications,DC=ThomasMarcussen,DC=com
Name : Application Group 2
ObjectClass : group
ObjectGUID : 70289cdd-0277-457e-bc2d-162703342f74

 

 

Change the size of a virtual machine by using a Azure PowerShell script

Finally i got around to moving my demo environment to Azure

I don’t need my environment to perform 100% while not using it, so came a cross this nice way to scale my environment on-demand.

This is possbile with a simple powershell script:

Function HowTo-SetAzureVMSize{
[CmdletBinding()]
param(
[parameter(Mandatory=$true)]
[string]$ServiceName,
[parameter(Mandatory=$false)]
[ValidateNotNullOrEmpty()]
[string]$Name=$ServiceName,
[parameter(Mandatory=$true)]
[string]$VMSize
)
PROCESS{
Get-AzureVM –ServiceName $ServiceName –Name $Name |
Set-AzureVMSize $VMSize |
Update-AzureVM
}
}
HowTo-SetAzureVMSize -ServiceName {your-cloud-service-name} -Name {your-vm} –VMSize “{your-desired-vm-size}”

Example:

Function HowTo-SetAzureVMSize{
[CmdletBinding()]
param(
[parameter(Mandatory=$true)]
[string]$ServiceName,
[parameter(Mandatory=$false)]
[ValidateNotNullOrEmpty()]
[string]$Name=$ServiceName,
[parameter(Mandatory=$true)]
[string]$VMSize
)
PROCESS{
Get-AzureVM –ServiceName $ServiceName –Name $Name |
Set-AzureVMSize $VMSize |
Update-AzureVM
}
}
HowTo-SetAzureVMSize -ServiceName ThomasMarcussen -Name TMSRV001 –VMSize “Standard_D2”

Currently not all hardware configurations are available in all locations – I tested in Western Europe.

Virtual Machine Sizes:

A0 (Shared core, 768 MB Memory)
A1 (1 core, 1.75 GB Memory)
A2 (2 cores, 3.5 GB Memory)
A3 (4 cores, 7 GB Memory)
A4 (8 cores, 14 GB Memory)
A5 (2 cores, 14 GB Memory
A6 (4 cores, 28 GB Memory)
A7 (8 cores, 56 GB Memory)

D1 (1 core, 1.75 GB Memory)
D2 (2 cores, 7 GB Memory)
D3 (4 cores, 14 GB Memory)
D4 (8 cores, 28 GB Memory)
D11 (2 cores, 14 GB Memory)
D12 (4 cores, 28 GB Memory)
D13 (8 cores, 56 GB Memory)
D13 (16 cores, 112 GB Memory)

Allowed values are:

ExtraSmall
Small
Medium
Large
ExtraLarge
A5
A6
A7
A8
A9

Basic_A0
Basic_A1
Basic_A2
Basic_A3
Basic_A4

Standard_D1
Standard_D2
Standard_D3
Standard_D4
Standard_D11
Standard_D12
Standard_D13
Standard_D14