使用Powershell远程调用Azure中的命令

Question

我正在编写一系列自动化脚本，这些脚本将使我们的开发人员能够在Azure中建立一个简单的开发环境。 该环境具有3个主要属性：

1. 有一个客户端计算机（Windows 10），将使用诸如IDE和代码之类的开发工具。
2. 有一台服务器计算机（Windows Server 2016），其脚本将作为目标服务器。
3. 这两个计算机都位于同一域中，并且可以使用1个Domain Admin用户。

我已将第1步和第2步脚本化了，但是3步很混乱。 由于该脚本是为在开发人员的本地工作站上工作而设计的，因此我需要将该脚本远程访问Windows Server，并运行一些命令来设置域控制器。

这是我目前的代码：

Invoke-Command -ComputerName "$RGName-$VMPurpose" -ScriptBlock 
{
    $ADFeature = Install-WindowsFeature AD-Domain-Services
    If ($ADFeature.Success -eq $true)
    {
        Import-Module ADDSDeployment
        Install-ADDSForest -CreateDnsDelegation:$false -DatabasePath 
"C:\Windows\NTDS" -DomainMode "Win2016R2" -DomainName "$project.com" -
DomainNetbiosName "$project" -ForestMode "Win2016R2" -InstallDns:$true -
LogPath "C:\Windows\NTDS" -NoRebootOnCompletion $false -sysvolpath 
"C:\Windows\SYSVOL" -force $true
        $domUserPassword = ConvertTo-SecureString "Th1s is a bad password" -
AsPlainText -Force
        New-ADUser -Name "$VMPurpose-DomAdm" -AccountPassword 
$domUserPassword
        Add-ADGroupMember -Name "Administrators" -Member {Get-ADUser 
"$VMPurpose-DomAdm"}
    }
} -Credential $Cred

当我尝试运行此程序时，出现错误，显示WinRM无法连接，特别是此错误：

[Foo] Connecting to remote server Foo failed with the following error 
message : WinRM cannot process the request. The following error with 
errorcode 0x80090311
occurred while using Kerberos authentication: There are currently no logon 
servers available to service the logon request.
 Possible causes are:
  -The user name or password specified are invalid.
  -Kerberos is used when no authentication method and no user name are 
specified.
  -Kerberos accepts domain user names, but not local user names.
  -The Service Principal Name (SPN) for the remote computer name and port 
does not exist.
  -The client and remote computers are in different domains and there is no 
trust between the two domains.
 After checking for the above issues, try the following:
  -Check the Event Viewer for events related to authentication.
  -Change the authentication method; add the destination computer to the 
WinRM TrustedHosts configuration setting or use HTTPS transport.
 Note that computers in the TrustedHosts list might not be authenticated.
   -For more information about WinRM configuration, run the following 
command: winrm help config. For more information, see the 
about_Remote_Troubleshooting Help topic.
    + CategoryInfo          : OpenError: (Foo:String) [], 
PSRemotingTransportException
    + FullyQualifiedErrorId : AuthenticationFailed,PSSessionStateBroken

我将目标计算机（Foo）添加到WinRM中的TrustedHosts配置设置中（实际上我添加了IP地址以确保没有发生任何DNS问题），然后出现此错误：

[Foo's IP] Connecting to remote server <Foo's IP> failed with the following 
error message : WinRM cannot complete the operation. Verify that the 
specified computer name is valid, that the
computer is accessible over the network, and that a firewall exception for 
the WinRM service is enabled and allows access from this computer. By 
default, the WinRM firewall exception for public
profiles limits access to remote computers within the same local subnet. For 
more information, see the about_Remote_Troubleshooting Help topic.
    + CategoryInfo          : OpenError: (Foo's Ip[:String) [], 
PSRemotingTransportException
    + FullyQualifiedErrorId : WinRMOperationTimeout,PSSessionStateBroken

有什么想法吗？ 我只是想通过Powershell来工作吗？

Answer 1

根据您的错误消息，我们可以使用此PowerShell脚本调用对Azure的命令：

$username = 'jason'
$pass = ConvertTo-SecureString -string 'password' -AsPlainText -Force
$cred = New-Object -typename System.Management.Automation.PSCredential -argumentlist $username, $pass
$s = New-PSSession -ConnectionUri 'http://23.99.82.2:5985' -Credential $cred -SessionOption (New-PSSessionOption -SkipCACheck -SkipCNCheck -SkipRevocationCheck)
Invoke-Command -Session $s -ScriptBlock {Get-Process PowerShell}

PowerShell结果如下：

有关invoke命令的更多信息，请参考此答案 。