Skip to content

Instantly share code, notes, and snippets.

@ephos
Last active February 1, 2019 18:48
Show Gist options
  • Save ephos/4981e4f7fe08161c735a5efa1a992a22 to your computer and use it in GitHub Desktop.
Save ephos/4981e4f7fe08161c735a5efa1a992a22 to your computer and use it in GitHub Desktop.
function Test-ComputerSecureChannelPSSession
{
[CmdletBinding(SupportsShouldProcess = $true, ConfirmImpact = 'Low')]
param
(
[Parameter(Mandatory = $true, ValueFromPipelineByPropertyName = $true, Position = 0)]
[ValidateNotNullOrEmpty()]
[string]$ComputerName,
[Parameter(Mandatory = $false, Position = 1)]
[ValidateNotNullOrEmpty()]
[Alias("LdapServer")]
[string]$Server,
[Parameter(Mandatory = $false, Position = 2)]
[switch]$Repair,
[Parameter(Mandatory = $true, Position = 3)]
[ValidateNotNullOrEmpty()]
[System.Management.Automation.PSCredential]
[System.Management.Automation.CredentialAttribute()]
[pscredential]$DomainCredential,
[Parameter(Mandatory = $true, Position = 4)]
[ValidateNotNullOrEmpty()]
[System.Management.Automation.PSCredential]
[System.Management.Automation.CredentialAttribute()]
[pscredential]$LocalCredential
)
begin
{
$winRM = Get-Service -Name WinRM
if ($winRM.Status -ne 'Running')
{
throw "WinRM service on $env:computername was $($winRM.Status). Please start service so WSMan Trusted hosts can be validated prior to Invoke-Command."
}
try
{
Test-NetConnection -ComputerName $ComputerName -CommonTCPPort WINRM -InformationLevel Quiet -ErrorAction Stop | Out-Null
}
catch
{
throw "WinRM could not be contacted on $ComputerName, please resolve before continuing."
}
if ($PSBoundParameters.ContainsKey('Server'))
{
try
{
Resolve-DnsName -Name "$LdapServer" -ErrorAction Stop | Out-Null
}
catch
{
throw "Could not resolve Domain Controller $LdapServer, please make sure the domain controller is valid."
}
}
}
process
{
$testComputerSecureChannelParams = @{
'Credential' = $DomainCredential
}
if ($PSBoundParameters.ContainsKey('Server'))
{
$testComputerSecureChannelParams.Add('Server', $LdapServer)
}
if ($PSBoundParameters.ContainsKey('Repair'))
{
$testComputerSecureChannelParams.Add('Repair', $true)
}
if ($PSCmdlet.ShouldProcess("$ComputerName, Testing machine to domain trust for, $fqdn"))
{
Invoke-Command -ComputerName $ComputerName -Credential $LocalCredential -ScriptBlock {Test-ComputerSecureChannel @using:testComputerSecureChannelParams} -ErrorAction Stop
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment