Forum Discussion
How do I PowerShell Remote from an AAD machine to an AD machine?
After posting my reply I did manage to figure it out. Do the following from an Administrative PS window.
On the machine you are running Enter-PSSession on (Client), first ensure WinRM is running (and setting it to Automatic for ease of use)
Set-Service -Name WinRM -Status Running -StartupType AutomaticAdd either all (*) or just the servers you want to connect to into the TrustedHosts list
Set-Item -Path WSMan:\localhost\Client\TrustedHosts -Value 'server1'or -Value *
To append to the list in the future use -Concatenate at the end of the command. You can also specify multiple servers in the command by using 'server1,server2,server3'
Now you should be able to remote to these servers from an Azure Joined server.
One additional note, you may have to specify credentials in the DOMAIN\Username format in the Enter-PSSession command with the -Credential parameter:
Enter-PSSession server1 -Credential (Get-Credential)
Roger Seekell Did you ever figure this out? I was hopeful to finally find a thread with this question but sad to see there were no replies.
After posting my reply I did manage to figure it out. Do the following from an Administrative PS window.
On the machine you are running Enter-PSSession on (Client), first ensure WinRM is running (and setting it to Automatic for ease of use)
Set-Service -Name WinRM -Status Running -StartupType AutomaticAdd either all (*) or just the servers you want to connect to into the TrustedHosts list
Set-Item -Path WSMan:\localhost\Client\TrustedHosts -Value 'server1'or -Value *
To append to the list in the future use -Concatenate at the end of the command. You can also specify multiple servers in the command by using 'server1,server2,server3'
Now you should be able to remote to these servers from an Azure Joined server.
One additional note, you may have to specify credentials in the DOMAIN\Username format in the Enter-PSSession command with the -Credential parameter:
Enter-PSSession server1 -Credential (Get-Credential)- Sorry for my delay, but your solution has worked for me! Thanks so much! I didn't realize that the initiating computer needed to have WinRM service enabled and have the target machines in its TrustedHosts list. Thanks again!
I have WINRM completely stopped & disabled yet I'm able to run Enter-PSSession -ComputerName 192.168.128.140 -Credential 192.168.128.140\user just fine.
- PS Remoting is much easier when both the client\server are both members of the same domain due to the trust that is already there because of the domain join
o (not tested) have not tested if client\server are both joined to the same Azure AD
o Other wise if they are both part of a workgroup on the same LAN then you will need to add the client to the server’s trusted hosts
o (Not tested) or you can enable HTTPS transport and add the firewall rule for WSMAN/WINRM server
- PS remoting will require enable-PSremoting in both cases whether the client\server are members of the same domain or member of a work group
o you will run enable-PSremoting on the server (not the client)- when client\server are both part of a workgroup (not AD domain) then you will use IP addresses instead of high level computer names to connect
