CODEWITHSUNDEEP
powershelldnsinvoke-command
J. Diefenbaker
J. Diefenbaker

Reputation: 1

Add-DnsServerResourceRecordCName throws CimException when run through Invoke-Command

This code:

$zonename = "mydomain.ca"
$username = 'mydomain\svc_dns'
$dnsserver = 'dns.mydomain.ca'
$password = 'password'
$securePassword = ConvertTo-SecureString $password -AsPlainText -Force
$credential = New-Object System.Management.Automation.PSCredential ($username, $securePassword)

Invoke-Command -ComputerName localhost -Credential $credential -ScriptBlock {
    write-host $Using:zonename
    Write-Host $Env:UserDomain $Env:UserName $(whoami)
    write-host $Using:dnsserver
    Add-DnsServerResourceRecordCName -Name $Using:workspace -HostNameAlias $Using:webserver -ZoneName $Using:zonename -ComputerName $Using:dnsserver
}

Throws the following error when run:

Failed to get the zone information for mydomain.ca on server dns.mydomain.ca.
    + CategoryInfo          : PermissionDenied: (abc0001y:root/Microsoft/...urceRecordCName) [Add-DnsServerResourceRecordCName], CimException
    + FullyQualifiedErrorId : WIN32 5,Add-DnsServerResourceRecordCName
    + PSComputerName        : localhost

Running basically the same Add-DnsServerResourceRecordCName command while logged in as user mydomain\svc_dns works fine, even on a non-elevated prompt. I don't think I should be running into second hop permissions issues, but maybe I'm wrong on that.

Upvotes: 0

Views: 381

Answers (1)

Chris Ryan
Chris Ryan

Reputation: 1

Why are you using invoke-command against itself (localhost)? not sure I see the point of that. Is it so you can run a different username/password for the session?

why not just run the invoke-command against the dnsserver and not localhost and omit the '-ComputerName $Using:dnsserver' of the add command. like the below example, which will run the command directly on the dns server itself.

Invoke-Command -ComputerName $dnsserver -Credential $credential -ScriptBlock {
    write-output $Using:zonename
    Write-output $Env:UserDomain $Env:UserName $(whoami)
    write-output $Using:dnsserver
    Add-DnsServerResourceRecordCName -Name $Using:workspace -HostNameAlias $Using:webserver -ZoneName $Using:zonename 
}

Upvotes: 0

Related Questions