Category Archives: Powershell

Reset Azure VM Admin password with Domain Controller installed

Active Directory Admin Password

We had a security lab on Azure with 12 machines, It included 2 DCs and 10 other machines of different OS and had RDP closed on all the machines except one machine to use.

The Password was set for something simple however it seems that someone has changed it and no one was able to access the domain controller anymore nor any of the machines.

I had another user created for backup but it seems that user was also changed.

The usual method of resetting Azure VM is going through portal or PowerShell

Resetting Via Azure Portal

When you try to reset the password from Azure Virtual machine itself. If the VM has Domain Controller it will fail to reset the password with the following error:

Failed to reset RDP configuration

VM has reported a failure when processing extension ‘enablevmaccess’. Error message: “VMAccess Extension does not support Domain Controller.” More information on troubleshooting is available at https://aka.ms/vmextensionwindowstroubleshoot

image

Through PowerShell

To reset a password, we first need to define the VM we’re working with. To do this, we can use the Get-AzureRmVm cmdlet. I’ll go ahead and assign variables to both the VM name and the resource group since we’ll need to reference those later, as well.

$vmName = 'YOURVMNAMEHERE'
$resourceGroupName = 'YOURRGHERE'
$vm = Get-AzureRmVm -Name $vmName -ResourceGroupName $resourceGroupName

Next, we’ll need some way to pass the username and password into the script. A great way to do that is through the Get-Credential cmdlet.

$credential = Get-Credential

Once the credential is saved, we can then execute the command to actually make the password change using the variables we set earlier. Notice we had to use the GetNetworkCredential() method on the pscredential object. This method will not work if the credential is retrieved from another computer or from another user account. This shouldn’t be a problem, though, since you’re likely to execute this in a single script.

$extensionParams = @{
    'VMName' = $vmName
    'Username' = $Credential.UserName
    'Password' = $Credential.GetNetworkCredential().Password
    'ResourceGroupName' = $resourceGroupName
    'Name' = 'AdminPasswordReset'
    'Location' = $vm.Location
}

$result = Set-AzureRmVMAccessExtension @extensionParams

Once this completed (hopefully successfully), the VM will need to be rebooted. We can do that by using the Restart-AzureRmVm cmdlet.

$vm | Restart-AzureRmVM

While this PowerShell script might work with a normal VM, It will not work with a DC and would result in the same error as in the portal.

Solution

The solution is to write a script which would run through the CustomScriptExtension that you can deploy from the Azure Portal on the intended VM that has the Domain Controller Deployed on it.

Once you get the script ready to change the administrator Password you can upload the script and deploy it.

Let’s get the script ready and demonstrate these steps one by one.

– On my Computer I will write a tiny script that will say

Net User domainadmin Adm!nPassw0rd1

image

– Save the file on your desktop for later use. Go to Azure Portal, Virtual Machines and select your Domain Controller.

– Go to Extensions.

– Click on Add

image

– Select Custom script Extension

image

– Click Create

– Browse the PowerShell script on your Desktop.

– Select Storage Account

– Select an existing container or create new one

– Upload the file to the container

image

image

image

image

image

Result

Once deployed, it’ll take few mins to reset the password and you don’t have to restart the server.

Through PowerShell

image

After this I was able to access the machine again using the new password in the script.

ref:

https://docs.microsoft.com/en-us/azure/virtual-machines/extensions/features-windows#troubleshoot-vm-extensions

https://docs.microsoft.com/en-us/azure/virtual-machines/windows/run-command

https://mcpmag.com/articles/2017/12/13/azure-vm-password-with-powershell.aspx

https://docs.microsoft.com/en-us/azure/virtual-machines/troubleshooting/reset-local-password-without-agent

Upgrading Exchange Online PowerShell to V2 Module

Managing Exchange Online

If you have Exchange Online and your users are MFA enabled then you most likely will be using Exchange Online’ s ECP (Exchange Control Panel or Admin Center) to connect to Exchange Online PowerShell through the Hybrid Windows since this is the only supported way with MFA.

image

Clicking on Configure would install the PowerShell Module of Exchange Online which looks like the below screenshot.

image

New PowerShell with MFA support

If you have launched Exchange Online PowerShell today then you most likely have noticed there’s a red line stating the possibility to try the new (Preview Version) of Exchange PowerShell V2 .

Microsoft has recently released a new version of Exchange Online PowerShell Module which supports MFA and can be run directly from your computer without the need to login to Exchange Online Admin Center and download any files from there.  Check details in this link

As stated in the article, the Module is just in preview so it has some known and maybe unknown bugs as well.

How to Install it?

The installation process is pretty straightforward, Launch Windows PowerShel as an Administrator (It’s required for the installation).

Run these 4 cmdlets

Set-ExecutionPolicy RemoteSigned

Install-Module PowershellGet –Force

Update-Module PowershellGet

Install-Module -Name ExchangeOnlineManagement

image

You might get a warning that the Module you’re about to install is from an Untrusted Repository, Accept it by typing Y and hit enter

Type the following cmdlet to ensure that Exchange Online Management module is installed

Import-Module ExchangeOnlineManagement; Get-Module ExchangeOnlineManagement

image

Connecting to Exchange Online

To connect to Exchange Online, Run the following cmdlet along with the new parameter –EnableErrorReporting which gives the ability to record all the cmdlets that you have run along with errors generated as well.

Connect-ExchangeOnline -EnableErrorReporting -LogDirectoryPath e:\ExchOnlineLogs.txt -LogLevel All

image

image

After connecting, I am going to try and run two commands the Old Cmdlets and New Cmdlet and see the difference between them:

  1. Get-CASMailbox -ResultSize 10
  2. Get-EXOCasMailbox -ResultSize 10

image

The new Cmdlet has much more details, although it says that it runs faster but it took few seconds more than the old one to run (Probably first time).

image

After you run those two Cmdlets, There will be two files generated in the log directory which we have pointed the parameter to save files to.

The CSV files have details about the two cmdlets and the HTTP Method they are utilizing in order to connect along the Request and response latency.

imageimage

This new version seems to be extremely useful esp in environments where such deep details are needed for troubleshooting issues.

Stay tuned for more

Reference:

https://docs.microsoft.com/en-us/powershell/exchange/exchange-online/exchange-online-powershell-v2/exchange-online-powershell-v2?view=exchange-ps

How to Sync Cloud User to On-premises AD ?

The Story:

I have got this client who constantly keeps on making the mistake of create user from Cloud and provision them with a license in an Exchange Hybrid environment.

Although this is not difficult to fix but it’s not the recommended approach when creating a new user especially in a Hybrid environment since Exchange on-premises won’t recognize this user and most likely will consider any incoming emails from it as spoof or spam.

How to Create a Cloud user from Exchange On-premises?

From Exchange on-premises ECP Admin panel you have the option to directly create user on-cloud which will also create a user object on on-premises AD.

image

Second option – Using Powershell

It’s not that much different than the Web UI option but it’s just for people who prefer using PowerShell than GUI

Enable-RemoteMailbox –Identity User –RemoteRoutingAddress user@yourTenant.mail.onmicrosoft.com

The reason to follow those two methods is due to the need of Exchange on-premises being aware of each of those users so mail flow between Exchange on-premises and Online would not get affected and route this users mail to the wrong place or flag it as spammed or spoof …etc.

The Real Question now is: How to Sync Cloud User to On-premises AD ?

If by mistake we created a user on Cloud (Office 365) and we forgot to create an AD User for this account, that user might already have started using his account on Office 365 (Sharepoint, Exchange, Teams) etc.

There also might be the intention of moving users from Cloud to On-premises Exchange in case the company wanted to decrease their spending on cloud users and in this case when Migrating a cloud user to on-premises you will get the following errors:

image

test3@domain.com

Status: Failed

test3@domain.com Skipped item details

User status

Data migrated:

Migration rate:

Last successful sync date:

Error: MigrationPermanentException: Cannot find a recipient that has mailbox GUID ‎’03c9764e-8b8e-4f33-94d1-ef098c4de656‎’. –> Cannot find a recipient that has mailbox GUID ‎’03c9764e-8b8e-4f33-94d1-ef098c4de656‎’.

So how do we overcome this situation since syncing a user might require you to delete the cloud user and recreate it on AD?

Solution:

To sync the user from the Cloud to on-premises you will need to follow these steps :

1- Create an on-premises Mailbox where the following attributes would be matching the cloud user

  • UserPrincipalname
  • ProxyAddresses
  • SamAccountName
  • Alias

2- The Location of the OU where the On-premises user is going to be created must be provisioned by ADConnect (Azure AD Connect)

You can look which of these OU are provisioned by Starting AD Connect Sync Manager

image

By verifying the user you created in the AD is in the right OU, You can now start AD Sync from PowerShell to speed up the process.

image

Below, You can see the user has been successfully synchronized to the cloud without any issue.

image

Now we’ll see it from the portal to confirm the user is synced with AD

image

Depending on the Source anchor being used in ADConnect there might be a GUID conflict or not, You will get an error similar to when trying to migrate the user in the beginning however you can solve this by replacing the cloud user’s GUID (ImmutableID) with the on-premises user which will force the user to merge with the On-prem user.

Let’s confirm in our case if the user on-cloud has a matching GUID with the one on-premises.

From CMD or Powershell you can use the following command to get the user’s ImmutableID (ObjectGUID) .

ldifde -f c:\Test.txt -d “cn=Test3,DC=Domain,DC=com”

image

Checking the notepad we just exported you can see the Immutable ID on AD for the User test3 is IkTni9mw7Ee4YefeGpz7IA==

image

To be able to see the user on Office 365, We need to logon to MSOL through Exchange Online powershell

Connect to Exchange Online’s powershell using your Online ECP.

image

Once you click on Configure this should download an executable file that will launch PowerShell Online which allows you to use the Modern Authentication (MFA) to use PowerShell safely.

image

Connect-Msoluser will connect you to Office 365 and you’ll be able to get the user’s properties and see if the Immutable ID is matching to the user’s GUID.

Once you’re connect you can use the following cmdlet to get the user’s properties.

Get-MsolUser -UserPrincipalName test3@domain.com |fl DisplayName,ImmutableID

image

You can see they are matching each other, In case there’s a conflict then you can simply set the online user’s Immutable ID to the on-premises user and that should solve the problem.

Ref:

https://support.microsoft.com/en-us/help/2956029/migrationpermanentexception-cannot-find-a-recipient-that-has-mailbox-g

https://docs.microsoft.com/en-us/exchange/hybrid-deployment/create-cloud-based-archive

Powershell script to audit users who authenticated against DC servers

The story:

I have got a request from a client asking to find out which server(s) is using which domain admin or a highly privileged account as a service.

To find this I already wrote a powershell script that does this, Search the non standard/(Domain only users) and show the services and name of the servers where those accounts are configured on utilizing Remote powershell to do so and the use of a Domain Admin user.

You can refer to this link to see this article by clicking here

Creating the script process:

The same client wanted to also know which of those accounts did authenticate and wanted to know from which server/Computer did the request originate from and to which DC did it go.

I have started thinking of the process of doing so by again utilizing remote PowerShell to check against certain security events on AD to check which user among the Domain admin members did authenticate.

After sometime and with the help of some forums I managed to get script ready which looks in all Domain Controllers for users that are members of the Domain Admin groups who triggered an event ID 4624 and from which Computer did this request came from.

The Script :

# Get domain admin user list
$DomainAdminList = Get-ADGroupMember -Identity 'Domain Admins'
# Get all Domain Controller names
$DomainControllers = Get-ADDomainController -Filter * | Sort-Object HostName
# EventID
$EventID = '4624'
#
# Get only last 24hrs
$Date = (Get-Date).AddDays(-3)
# Limit log event search for testing as this will take a LONG time on most domains
# For normal running, this will have to be set to zero
$MaxEvent = 100

# Loop through Dcs
$DALogEvents = $DomainControllers | ForEach-Object {
    $CurDC = $_.HostName
    Write-Host "`nSearching $CurDC logs..."
    Get-WinEvent  -ComputerName $CurDC -FilterHashtable @{Logname='Security';ID=$EventID;StartTime = $Date} -MaxEvents $MaxEvent |`
    Where-Object { $_.Properties[5].Value -in $DomainAdminList.SamAccountName } |`
    ForEach-Object {
        [pscustomobject]@{SourceIP = $_.Properties[18].Value; SamAccountName = $_.Properties[5].Value;Time = $_.TimeCreated;LogonEventLocation = $CurDC}
    }
}
$DALogEvents

How to run:

The Script must be run on DC with a privileged account in order to get the write results, The default time interval is set to 3 days but you can choose to increase that.

You can also change the default group where you want to search for members by changing Domain Admin groups to something else.

Screenshot of the result

How to Bulk Delete Exchange Online Distribution and Office 365 groups


Part of Office 365 security auditing is to ensure that all users and groups in your organization are created for a purpose of which you’re aware of and can control these users, groups.

After auditing groups on Office 365 Exchange CP, I noticed that it’s not possible to bulk or multi delete groups from CP and it has to be done one by one or go through the better and more professional way of using PowerShell.


Create CSV for groups to be deleted:

In order for you to delete multiple groups at once you’ll need to first create file with the groups that needs to be deleted. Download the CSV from Groups tab in Exchange Admin Center as in the below screenshot.


image

Once you download the file you can create a new column where you’ll highlight the once to be deleted and export the csv after filtering the once to be deleted.


image


Connect to Office 365:

Once you’ve got the file ready, You only need to connect to Office 365, You might want to make sure you have an App Password created with the privileged account if your MFA is enabled to delete/create groups or users.

To create an app password you must login to your account and follow these steps

https://support.office.com/en-us/article/create-an-app-password-for-office-365-3e7c860f-bda4-4441-a618-b53953ee1183

After logging in to Exchange Online ( Office 365 ) you will be able to bulk delete groups using the following script

# This script deletes selected groups imported from csv file “Groups-to-delete.csv”
# CSV file contains the following
# DISPLAYNAME,GROUPTYPE,STATUS,EMAIL,Delete
# Group1(ADEO),Distribution list,Group1@Moh10ly.com,yes
# Make sure you use an APP Password to authenticate Exchange Online
$cres = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $cres -Authentication Basic -AllowRedirection
Import-PSSession $Session
$groups = Import-Csv “C:\Users\groups-to-delete.csv”
foreach ($group in $groups)
{
$GroupID = $Group.Email
$DN = $group.DISPLAYNAME
$State = $group.STATUS
If (Get-DistributionGroup -Identity $GroupID){
Write-Host $DN exists and will be deleted -ForegroundColor Green
Remove-DistributionGroup -Identity $GroupID -Confirm } else
{
Write-Host $DN “Group doesn’t exist”
}
}

image


Delete Office 365 Type Groups:

In the case you have Office 365 type groups, Those groups are not considered Exchange groups and they don’t reside in Exchange server but Azure AD and they must be deleted from there. Assuming I want to delete some Office 365 groups that has name (Kaizala) in their display name.

First let’s connect to Azure AD, which will allow you to see the Office 365 groups and be able to delete them.


Connecting to Azure AD

image

Let’s get the Kaizala groups and see if the powershell command will show us the result positively.

Get-AzureADMSGroup | Where-Object {$_.displayname -like “*kaiza*”}

image

Let’s delete these groups using this cmdlet

Get-AzureADMSGroup | Where-Object {$_.displayname -like “*kaiza*”} | Remove-AzureADMSGroup

image

image

After deleting, now we can see that Kaizala groups are all deleted.

NOTE: Microsoft will keep those groups for a day if you mistakenly have deleted them you’ll be able to recover them from ECP.

If not, They will remain in the Recycle bin for 30 days before permanently getting deleted.


Hope this article helped you.

Connect-MsolService fails with Exception of type was thrown


If you are working on Windows 10 and try to connect to Microsoft Online PowerShell you might get exposed to couple of failures and errors.

The first error that would appear is the following:


image


Connect-msolservice : Exception of type ‘Microsoft.Online.Administration.Automation.MicrosoftOnlineException’ was
thrown PS C:\WINDOWS\system32> $msolcred = get-credential



Cmdlet Get-Credential at command pipeline position 1
Supply values for the following parameters:
Credential
PS C:\WINDOWS\system32> connect-msolservice -credential $msolcred
connect-msolservice : Exception of type ‘Microsoft.Online.Administration.Automation.MicrosoftOnlineException’ was
thrown.
At line:1 char:1
+ connect-msolservice -credential $msolcred
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     + CategoryInfo          : OperationStopped: (:) [Connect-MsolService], MicrosoftOnlineException
     + FullyQualifiedErrorId : 0x800434D4,Microsoft.Online.Administration.Automation.ConnectMsolService


The first thing that came to mind was the MFA that Microsoft has forced during this month. So I created an app password and tried it but that didn’t work neither and I got the following error


image

PS C:\WINDOWS\system32> $msolcred = get-credential

cmdlet Get-Credential at command pipeline position 1
Supply values for the following parameters:
Credential
PS C:\WINDOWS\system32> connect-msolservice -credential $msolcred
connect-msolservice : The user name or password is incorrect. Verify your user name, and then type your password again.
At line:1 char:1
+ connect-msolservice -credential $msolcred
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     + CategoryInfo          : OperationStopped: (:) [Connect-MsolService], MicrosoftOnlineException
     + FullyQualifiedErrorId : 0x80048821,Microsoft.Online.Administration.Automation.ConnectMsolService

I checked the following links on google to see if I am up to date

https://support.microsoft.com/en-us/help/2887306

https://support.microsoft.com/en-us/help/2887306/connect-msolservice-exception-of-type-was-thrown-error-when-you-use-th

Apparently the only thing not mentioned is how to update the MSOnline module on your computer, Microsoft requires Latest module of MSOnline 1.1 in order for you to connect.

Get-Module MSOnline

image

Solution 1:

In order for you to get this to work, You need to update the module manually using Powershell with Administrative Privileges.

First Find the module and make sure it reads the latest version which is supposed to be different than the one installed on your PC.

Find-Module -name MSOnline

image

Trying to Install MSOnline using the following CMDLet resulted in a warning that I am using version 1.0 and need to use –force parameter.

Install-Module -Name MSOnline

image

Solution 2:

Instead, I used the following cmdlet to force installation of version 1.1.183.17 but also ended up with an error stating the following:

Find-Module -name msonline |Install-Module –Force

image

PackageManagement\Install-Package : The following commands are already available on this system:’Add-MsolAdministrative
UnitMember,Add-MsolForeignGroupToRole,Add-MsolGroupMember,Add-MsolRoleMember,Add-MsolScopedRoleMember,Confirm-MsolDomai
n,Confirm-MsolEmailVerifiedDomain,Connect-MsolService,Convert-MsolFederatedUser,Get-MsolAccountSku,Get-MsolAdministrati


Solution 3:

The parameter which resolves the issue is the –AllowClobber, AllowClobber Overrides warning messages about conflicts with existing commands. Overwrites existing commands that have the same name as commands being installed according to MS’s article.

Find-Module -name msonline |Install-Module -Force –AllowClobber


You should now close Powershell and relaunch it as administrator and the moment you type Connect-MsolService you should get a window asking for your credentials.


image


image

How to get all domain Joined Server services that using a unique or domain user

If you’re wondering which of your servers are using domain joined account or a non regular account like network service or system. You will need to go through every server’s service console and check that one by one but thanks to PowerShell this job was made like a piece of cake.


The requirement to run this script is a domain admin account since the PowerShell will require access to other servers using Remote PowerShell using Invoke command and run a Get-WMIObject script to find out those details. So in short I will write the required things for this to work

1- Logged in to Active Directory (In order for AD PowerShell module to run and find computers).

2- Domain admin account (To run the remote PowerShell on other servers and get service details)

3- Firewall for domain joined computers is open (To allow remote PowerShell to work) or have remote PowerShell enabled via GPO.


The Script will also show you the offline (inaccessible servers) and will state those servers as down as you can see in the screenshot below.


The script will also prompt you for a path to save the output. You can enter something like C:\Services.csv  as soon as you type the file path and extension it’ll be opened using Notepad.

image

#Check servers down and get services from the responsive servers

$Computers = Get-ADComputer -Filter { OperatingSystem -Like ‘*Windows Server*’}

$Input = ForEach ($computer in $computers)

{

             $comp = $Computer.DNSHostName

             $dist = $Computer.DistinguishedName

             if (Test-Connection -Computername $comp -count 2 -Quiet )

             {

             Invoke-Command -ComputerName $comp -ScriptBlock {Get-WmiObject win32_service | where {$_.StartName -notlike “*LocalSystem*” -and $_.StartName -notlike “*LocalService*” -and $_.StartName -notlike “*NetworkService*” -and $_.StartName -notlike “*System*”} | select DisplayName,StartName,State }}

else{ Write-host $comp is down -foregroundColor red -BackGroundColor black

             }

}

$Output = Read-Host “Enter File path and Name to save output to”

Out-File -FilePath $Output -InputObject $Input -Encoding ascii

Notepad $Output

image

image

Bulk Copy Files to Domain Joined Computers

Using Powershell to copy Files between Joined Computers in a domain 

While doing projects sometimes you have to work with the GPO to copy certain files, scripts to apply certain commands on clients Computers however, The GPO’s File/Folder creation method takes long time to gets created and until replication through all clients is done you’ll have to wait for “God knows how long” till the shows you placed gets copied to the destination computers.

Hard Part

After having to copy certain folder to about 800 machine immediately in order to apply certain script I had to create a script to copy this folder to all the machines straight ahead.

Script

The script below will read computer hostnames,FQDN from a file that I exported from certain Organizational Unit and check if the Computer is online then copy folder to it if not it’ll report that it’s not online with Red font color and yellow background using Robocopy.

Hope this scripts will help someone out there.

#This Script will copy files to destination computers which you will define in a stored file.
#The Format of the CSV fille will contain only two columns (Name,DNSHostname) you can use the below script to export computer objects from certain OU.
#Get-ADComputer -Filter * -SearchBase “OU=Computers,DC=Domain,DC=com” | select name,dnshostname | Export-Csv C:\Computers.csv -NoTypeInformation
$computers = Import-Csv “C:\computer1.csv”
Start-Transcript
Foreach ($computer in $Computers){
$fullcomp = $computer.dnshostname
If (Test-Connection -ComputerName $computer.name -Quiet) {
.\Robocopy.exe \\SourceServer\c$\nk2edit \\$fullcomp\C$\nk2edit
Write-Host Files has been copied to $fullcomp -ForegroundColor Green -BackgroundColor black}else{
Write-host $computer.name is not online -ForegroundColor Red -BackgroundColor Yellow
}
}

clip_image001

Useful Powershell script to resolve the X500 address

In migration, Powershell can be a very crucial tool to achieve success and finalize projects within deadline or even fix issues.

During the time of working with Exchange we had lots of issues with users not able to send an email to their migrated colleagues due to some issues with contacts which was caused by the Legacy Exchange DN not being migrated with the user or lost due to some wrong deletion.

Once users try to send an email to that particular user with the missing Legacy Exchange DN. The receiving Exchange server will result an error and send it to the user as NDR message explaining to them that the error is due to not finding the particular address.

image

The solution to this particular problem is very simple especially if it’s couple of users however to resolve the address you’ll need to google and understand the language that Exchange server users to match the original used address in the missing user’s attributes.

The below script would work accordingly with whatever situation that faced me and it became very handy to me.

How to use:

1- Copy the script to a notepad and save as convert.ps1 on Desktop

2- Run script and try to type in powershell convert-X500 then hit enter.

3- Copy and paste the address you got from the error message above.

image

Once you copy and paste hit enter and you’ll get the final result

image

Note: Make sure you remove the @domain.local in the end

Function Convert-X500{ # Define the Legacy Exchange DN here
Write-Host “”Enter your X500 Address here…”” -ForegroundColor Green -BackgroundColor Black
$X500Source  = read-host

# Converts the various strings to the proper syntax
$X500 = $X500Source.Replace(“_”, “/”)
$X500 = $X500.Replace(“+20″, ” “)
$X500 = $X500.Replace(“IMCEAEX-“, “”)
$X500 = $X500.Replace(“+28”, “(“)
$X500 = $X500.Replace(“+29”, “)”)
$X500 = $X500.Replace(“+2E”, “.”)
$X500 = $X500.Replace(“+5F”, “_”)
$X500 = $X500.Replace(“@YourDC.localHere“, “”)

Write-Host X500:$X500}

Enable PowerShell remotely on all PCs in a domain

Enable PowerShell remotely on all PCs in a domain

First from the DC I’ll get all the PCs list in the forest/domain and add them to a text file called “Servers.txt” in C root drive.

Add-Content -path C:\Servers.txt -Value Dummy ; Get-ADComputer -LDAPFilter “(name=*)” -SearchBase “DC=moh10ly,DC=com” | Select -expand Name | Out-File -Encoding utf8 “C:\Servers.txt” -append

Next I will add those servers list to the syntax $PC

$PC = Get-content “c:\servers.txt”

Then I will get the list of the PCs in the $PC (server.txt file) to get ready for processing commands with a domain admin credentials.

Invoke-Command -ComputerName $PC -ScriptBlock { hostname } -Credential moh10ly\administrator

Enable powershell access remotely on all clients in the text file.

Get-Content C:\Servers.txt | ForEach-Object {Enable-PSRemoting -Force} –Verbose

This should do the job and now you ‘ll be able to access powershell remotely on all your domain clients.

https://technet.microsoft.com/en-us/library/hh847893.aspx

https://technet.microsoft.com/en-us/magazine/ff700227.aspx