Closed adriandeller closed 3 years ago
PrzemyslawKlys
commented
3 years ago I havent tested it yet, but my understanding is - you either give parameter and ask Domain Contoller, or you use Invoke-Command. Not both. Could it be the case?
So dcdiag should not use /s parameter. And instead push it thru with invoke-command
adriandeller
commented
3 years ago in my understanding, either run Dcdiag locally and use the /s parameter and provide a DCs FQDN or run Dcdiag in a PS remote session to run the tests against the local domain controller (without using the /s parameter)
PrzemyslawKlys
commented
3 years ago When I run my command in my test environment
I even went ahead and tested
$Result = $null
$Computer = 'AD1'
$Result = Invoke-Command -ComputerName $Computer -ScriptBlock {
dcdiag /v /test:RidManager /s:AD2
}
$Resultand it worked.
This works as well
$Result = $null
$Computer = 'AD1'
$Result = Invoke-Command -ComputerName $Computer -ScriptBlock {
dcdiag /v /test:RidManager
}
$ResultAre you having problem with my command or with yours? or both?
adriandeller
commented
3 years ago that's interesting. maybe I have to look for an issue in my environment. did you run the command locally on one of these domain controller or on a non-DC computer/server?
PrzemyslawKlys
commented
3 years ago Executed from Windows 10.
https://github.com/EvotecIT/ADEssentials/blob/9090b9b857a75efcca90f2a221f6e0b779a11b20/Public/Test-ADDomainController.ps1#L21
does this work in your environment this way? I've stumbled accross the problem, that the "RIDmaster" test always failed, except on the DC holding that role.
while running the test locally on a non-DC server it works:
dcdiag /v /test:RidManager /s:$DomainControllerI've found this comment where a kerberos double-hop problem was mentioned as the issue's cause. https://stackoverflow.com/questions/56061971/dcdiag-returns-different-output-in-powershell
do you have any idea or experience with that?