Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #Setting UP JEA for AD Connect
- return
- #The first step is to run the following command to verify that remote access is enabled on the machine
- Enable-PSRemoting
- #Each session can be restricted to give PowerShell just a limited set of functionality. To list them, use the
- Get-PSSessionConfiguration | Select-Object Name
- #Next step is to create our own session file. These files use the “.pssc” extension and can be created via the New-PSSessionConfigurationFile cmdlet
- New-Item -Path "${env:ProgramData}\JEAConfiguration" -ItemType Directory
- New-Item -Path "${env:ProgramData}\JEAConfiguration\Transcripts" -ItemType Directory
- New-PSSessionConfigurationFile -Path "${env:ProgramData}\JEAConfiguration\JEA_ADConnect.pssc" -Full
- #Edit the endpoint configuration file
- psedit "${env:ProgramData}\JEAConfiguration\JEA_ADConnect.pssc"
- #@ Line 22 Change SessionType field value to 'RestrictedRemoteServer'
- #Uncomment the line with the TranscriptDirectory field and then replace the field value with 'C:\ProgramData\JEAConfiguration\Transcripts'
- #Uncomment the line with the RunAsVirtualAccount field.
- #Change the RoleDefinition to
- # RoleDefinitions = @{'CONTOSO\JEA_ADConnect' = @{RoleCapabilities = 'JEA_ADConnectOperator'}}
- #Now we just have to register the configuration
- Register-PSSessionConfiguration -Name 'JEA_ADConnect' -Path "${env:ProgramData}\JEAConfiguration\JEA_ADConnect.pssc"
- #Unregister-PSSessionConfiguration -Name 'JEA_ADConnect'
- New-Item -Path 'C:\Program Files\WindowsPowerShell\Modules\JEA_ADConnectOperator' -ItemType Directory
- New-ModuleManifest -Path 'C:\Program Files\WindowsPowerShell\Modules\JEA_ADConnectOperator\JEA_ADConnectOperator.psd1' -RootModule JEAHelpdeskOperator.psm1
- New-Item -Path 'C:\Program Files\WindowsPowerShell\Modules\JEA_ADConnectOperator\JEA_ADConnectOperator.psm1' -ItemType File
- New-Item -Path 'C:\Program Files\WindowsPowerShell\Modules\JEA_ADConnectOperator\RoleCapabilities' -ItemType Directory
- New-PSRoleCapabilityFile -Path 'C:\Program Files\WindowsPowerShell\Modules\JEA_ADConnectOperator\RoleCapabilities\JEA_ADConnectOperator.psrc'
- psedit "${env:ProgramFiles}\WindowsPowershell\Modules\JEA_ADConnectOperator\RoleCapabilities\JEA_ADConnectOperator.psrc"
- #Edit the VisibleCmdLets on line 25 with
- #VisibleCmdlets = 'Start-ADSyncSyncCycle','Get-ADSyncConnectorRunStatus','Get-ADSyncScheduler','Get-Module'
- Get-PSSessionCapability -Username 'CONTOSO\simon' -ConfigurationName JEA_ADConnect
- #Validate your config
- $nonAdminCred = Get-Credential -Credential "CONTOSO\simon"
- Enter-PSSession -ComputerName . -ConfigurationName JEA_ADConnect -Credential $nonAdminCred
- Get-Command -CommandType All
- Start-ADSyncSyncCycle -PolicyType Delta
- #Start-ADSyncSyncCycle -PolicyType Initial
- Exit-PSSession
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement