none
Granfeldt PowerShell MA Import-PSSession? RRS feed

  • Question

  • Firstly Søren Granfeldt thank you for writing and releasing this MA! I'm using it for Account Expiration dates already!! My issue is when trying to connect to Exchange Online (O365) to manage mailboxes.

    I'm using the Granfeldt PowerShell MA to access data in Office 365 but not just the dirsync (is the user licensed) but also properties on the Exchange Online.

    I can connect to Exchange Online (O365)  when running the script as the service account (FIMService). It connects using stored credentials to Exchange Online using Remote PowerShell and Importing the session with -AllowClobber. However I get an error on the Import-PSSession line saying that $Session is undefined / Null when the MA Runs it.

    I have a couple of questions.

    1) If I edit the import.ps1 script (Import Script) do I need to refresh the PowerShell MA Schema for it to pick up the changes or does it load and run this on the fly?

    2) Has any one ran an Import-PSSession with the Granfeldt  PowerShell and gotten a script Error: Script error in line 24: [Cannot validate argument on parameter 'Session'. The argument is null. Supply a non-null argument and try the command again.] - (At {REMOVED}
    +     Import-PSSession -Session $mySession -AllowClobber -WarningAction SilentlyCo ...

    The error is under the $mySession variable, it should connect just fine, I've gone so far as hard coding the password into the script.

    3) Is there any way to make the import script "Run as Admin / Elevated" ?

    Thanks in advance!!!!

    Jonathan Manley

    Thursday, April 10, 2014 7:41 PM

Answers

  • Ok I turned off Impersonation (cleared the credentials and domain) and now it is working...

    • Marked as answer by jmanley WI Wednesday, April 30, 2014 6:33 PM
    Monday, April 21, 2014 8:02 PM

All replies

  • Hello!

    1. With MS Powershell MA you does not need to refresh schema after updating script, It is not relevant so i'm quite sure is the same with Søren's PS MA.

    2. The error you get is basically saying that the $mySession variable is NULL, so when you create it with "New-PsSession" earlier in the code it fails, try to dump out the content of that variable with "$mySession | export-clixml c:\mySession.xml" right after its created to se what it contains with "Import-clixml c:\mySession.xml".

    /Robert


    • Edited by Robert Kielén Thursday, April 10, 2014 7:59 PM
    • Marked as answer by jmanley WI Tuesday, April 15, 2014 7:02 PM
    • Unmarked as answer by jmanley WI Tuesday, April 15, 2014 8:57 PM
    Thursday, April 10, 2014 7:58 PM
  • Hello!

    1. With MS Powershell MA you does not need to refresh schema after updating script, It is not relevant so i'm quite sure is the same with Søren's PS MA.

    2. The error you get is basically saying that the $mySession variable is NULL, so when you create it with "New-PsSession" earlier in the code it fails, try to dump out the content of that variable with "$mySession | export-clixml c:\mySession.xml" right after its created to se what it contains with "Import-clixml c:\mySession.xml".

    /Robert



    It has this: <Objs Version="1.1.0.1" xmlns="http://schemas.microsoft.com/powershell/2004/04" />
    Thursday, April 10, 2014 8:18 PM
  • If thats the output from the $mySession object it looks like you found the problem.

    /Robert

    Saturday, April 12, 2014 6:28 AM
  • Thanks for the troubleshooting tip Robert! Had not clue you could export objects like that!

    -Thanks

    Jonathan

    Tuesday, April 15, 2014 7:03 PM
  • Still can't get it to work. If I connect to the local exchange it runs fine if I connect to O365 Exchange then no dice, and it fails with the error in my original post.

    I'm wondering if the PowerShell-MA keeps processing before the New-PSSession to Office 365 is finished being created???

    The user it is running as has PS-Remote on Exchange Online (O365).

    I've ran the script under the service account using a NON-Administrative instance of powerShell and it RAN FINE! :(

    For some reason when I run it under the PowerShell MA it doesn't want to run.

    Any ideas?

    -Thanks

    Jonathan

    Tuesday, April 15, 2014 9:01 PM
  • If it runs when debugging for example using ISE it should also work when running in the PS MA. A common problem that will make it not work is if your script puts something in the pipe for the MA to pick up.

    Make sure there is no output from script during the session setup or before. I think you will discover this if you turn on the debug log on the PS MA.

    Friday, April 18, 2014 7:09 AM
  • If it runs when debugging for example using ISE it should also work when running in the PS MA. A common problem that will make it not work is if your script puts something in the pipe for the MA to pick up.

    Make sure there is no output from script during the session setup or before. I think you will discover this if you turn on the debug log on the PS MA.

    Kent;

    Thank you for your reply. From what I can tell I have the sessions setup to not output any extra text to the pipeline. I'm using -CommandName  and -DisableNameChecking on Import-PSSession. During my debug runs in the ISE there is no extra text output. However it still does not work.

    I'm not really sure what else to do. Any suggestions would be appreciated.

    -Jonathan

    Monday, April 21, 2014 1:42 PM
  • I have not had the time to set up PS Remoting against Exchange Online but the script below for Lync is working fine in Sorens PS MA. I might be able to configure my testenvironment for Exchange Online later this week.

    $LyncServer = "lync.ad.company.com"
    $pw = ConvertTo-SecureString -AsPlainText -Force -String $Password
    $cred = New-Object -TypeName System.Management.Automation.PSCredential -argumentlist $Username,$pw
    $remoteURI = "https://$LyncServer/OcsPowerShell"
    $session = New-PSSession -ConnectionUri $remoteURI -Credential $cred
    Import-PSSession $session

    Monday, April 21, 2014 5:07 PM
  • I have not had the time to set up PS Remoting against Exchange Online but the script below for Lync is working fine in Sorens PS MA. I might be able to configure my testenvironment for Exchange Online later this week.

    $LyncServer = "lync.ad.company.com"
    $pw = ConvertTo-SecureString -AsPlainText -Force -String $Password
    $cred = New-Object -TypeName System.Management.Automation.PSCredential -argumentlist $Username,$pw
    $remoteURI = "https://$LyncServer/OcsPowerShell"
    $session = New-PSSession -ConnectionUri $remoteURI -Credential $cred
    Import-PSSession $session

    Kent FYI It works fine connecting to our On Premise Exchange (we have a hybrid environment - with a sync`d AD). However when I try to connect to the Office365 Exchange is when I run into issues.

    I'll see if I can do a connection to Lync in O365 and see what happens and report back

    -Thanks Again!

    Jonathan

    Monday, April 21, 2014 5:30 PM
  • I was able to make a test against Exchange Online. The below Import.ps1 works fine in Sorens PS MA.

    param (
        $Username,
        $Password
        )

    #Create Session
    $pw = ConvertTo-SecureString -AsPlainText -Force -String $Password
    $O365Credentials = New-Object -TypeName System.Management.Automation.PSCredential -argumentlist $Username,$pw
    $session = New-PSSession -ConfigurationName "Microsoft.Exchange" -ConnectionUri "https://ps.outlook.com/powershell" -Credential $O365Credentials -Authentication Basic -AllowRedirection

    $result = Import-PSSession $session -AllowClobber -CommandName Get-MailUSer

    $MailUsers = Get-MailUser

    ForEach($MailUser in $MailUsers)
        {
        $obj = @{}
        $obj.Add("Alias",$MailUser.Alias)
        $obj.Add("objectClass", "MailUser")
        $obj
        }

    Monday, April 21, 2014 6:04 PM
  • My PS MA runs the script and waits for it to return. Nothing goes on in the MA while the scripts is running.

    Long shot. Have you remember to specify credentials on the properties of the MA?  The latest version 5.5 has the option to impersonate another user when running.

    My guesses may be way off - but post your script if you still have problems and I'll see if something sticks out; I've done a lot of scripting with this MA including Office 365 and Remote PowerShell against SharePoint 2010 and I've gotten it all to run fine so lets see if we can't get yours running as well...


    Regards, Soren Granfeldt
    blog is at http://blog.goverco.com | facebook https://www.facebook.com/TheIdentityManagementExplorer | twitter at https://twitter.com/#!/MrGranfeldt

    Monday, April 21, 2014 7:37 PM
  • I was able to make a test against Exchange Online. The below Import.ps1 works fine in Sorens PS MA.

    param (
        $Username,
        $Password
        )

    #Create Session
    $pw = ConvertTo-SecureString -AsPlainText -Force -String $Password
    $O365Credentials = New-Object -TypeName System.Management.Automation.PSCredential -argumentlist $Username,$pw
    $session = New-PSSession -ConfigurationName "Microsoft.Exchange" -ConnectionUri "https://ps.outlook.com/powershell" -Credential $O365Credentials -Authentication Basic -AllowRedirection

    $result = Import-PSSession $session -AllowClobber -CommandName Get-MailUSer

    $MailUsers = Get-MailUser

    ForEach($MailUser in $MailUsers)
        {
        $obj = @{}
        $obj.Add("Alias",$MailUser.Alias)
        $obj.Add("objectClass", "MailUser")
        $obj
        }

    Kent;

    Thank you for the script. I created a new import script with just the code here in the post by itself. I still get the following error in the Logs (Turned the logs on using the Registery key per Soren's blog post.)

    I'm just including one line above the error and one line below the error. Let me know if more would help.

    It's like for some reason the remote PowerShell session doesn't get connected.

    4/21/2014 7:48:47 PM: Should impersonate: True
    4/21/2014 7:48:50 PM: Script error in line 11: [Cannot validate argument on parameter 'Session'. The argument is null. Supply a non-null argument and try the command again.] - (At C:\Office365-MA\O365Import2.ps1:11 char:28
    + $result = Import-PSSession $session -AllowClobber -CommandName Get-MailUSer
    +                            ~~~~~~~~)
    4/21/2014 7:48:50 PM: Script error: [ps.outlook.com] Closing remote server shell instance failed with the following error message : Access is denied. For more information, see the about_Remote_Troubleshooting Help topic.
    4/21/2014 7:48:50 PM: Page token returned: ''

    Monday, April 21, 2014 7:52 PM
  • My PS MA runs the script and waits for it to return. Nothing goes on in the MA while the scripts is running.

    Long shot. Have you remember to specify credentials on the properties of the MA?  The latest version 5.5 has the option to impersonate another user when running.

    My guesses may be way off - but post your script if you still have problems and I'll see if something sticks out; I've done a lot of scripting with this MA including Office 365 and Remote PowerShell against SharePoint 2010 and I've gotten it all to run fine so lets see if we can't get yours running as well...


    Regards, Soren Granfeldt
    blog is at http://blog.goverco.com | facebook https://www.facebook.com/TheIdentityManagementExplorer | twitter at https://twitter.com/#!/MrGranfeldt

    Soren;

    Thank you for your reply. I do love the management agent!! Thank you for your work on it!!

    I've specified the credentials in the MA, and I've also hard coded them in the script as a trouble shooting step. This did not appear to have any affect.

    I'll post the script in it's own post below.

    -Thanks Again

    -Jonathan

    Monday, April 21, 2014 7:54 PM
  • Could you verify that you have specified correct credentials on the Property pages of the MA in Sync Service Manager? Whatever you have specified there, gets passed in $Username and $Password and from your script I can see that you are constructing the O365 creds from these values.


    Regards, Soren Granfeldt
    blog is at http://blog.goverco.com | facebook https://www.facebook.com/TheIdentityManagementExplorer | twitter at https://twitter.com/#!/MrGranfeldt

    Monday, April 21, 2014 8:00 PM
  • Ok I turned off Impersonation (cleared the credentials and domain) and now it is working...

    • Marked as answer by jmanley WI Wednesday, April 30, 2014 6:33 PM
    Monday, April 21, 2014 8:02 PM
  • Great. There you go :-) Enjoy the rest of the "fight"...

    Regards, Soren Granfeldt
    blog is at http://blog.goverco.com | facebook https://www.facebook.com/TheIdentityManagementExplorer | twitter at https://twitter.com/#!/MrGranfeldt

    Monday, April 21, 2014 8:04 PM
  • If you feel your question has been answered, please mark it as answered.

    Thank you.


    Regards, Soren Granfeldt
    blog is at http://blog.goverco.com | facebook https://www.facebook.com/TheIdentityManagementExplorer | twitter at https://twitter.com/#!/MrGranfeldt

    Wednesday, April 30, 2014 11:00 AM
  • If you feel your question has been answered, please mark it as answered.

    Thank you.


    Regards, Soren Granfeldt
    blog is at http://blog.goverco.com | facebook https://www.facebook.com/TheIdentityManagementExplorer | twitter at https://twitter.com/#!/MrGranfeldt

    Thanks for the reminder and for all of the help Soren! 

    Wednesday, April 30, 2014 6:34 PM