This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(259.20000000000005, 36%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
I'm trying to create a powershell script that part of it creates a SMB share on our file server. I first tried doing with by entering a PSSession, but the commands after the PSSession never run. It's as if it doesn't enter the PSSession until the after the script runs. So I looked at the invoke-command. I first started off by using
Invoke-Command -ComputerName servername -Credential $cred { G: cd $project_folder mkdir $username New-SmbShare -Name $username -Path "G:\home\"+$username -ChangeAccess "NTGROUP\$username" -FullAccess "domain\Domain Admins" }
However, this doesn't work as I get access denied and that -Path is null. I tried many different ways to specify what the path is. I even put the new-smbshare in to a variable outside of the invoke-command and just ran the variable. Doesn't help. I know I need to run the command as administrator, but the rest of the script won't work if I run the whole thing as administrator. So I guess I need a way to run just this one part as administrator and fix the -path part. I was looking at the start-process command, but it seems that works best if you're calling another script. I'm trying to keep everything in one script if possible. Any ideas??
The scriptblock needs to refer back to the variables in the calling script with "$using:".
Invoke-Command -ComputerName servername -Credential $cred {
"Process project {0} for user {1}." -f $using:project_folder, $using:username
G:
cd $using:project_folder
mkdir $using:username
New-SmbShare -Name $using:username -Path "G:\home\"+$using:username -ChangeAccess "NTGROUP\$using:username" -FullAccess "domain\Domain Admins"
}
Still getting this error:
Cannot process argument because the value of argument "path" is null. Change the value of argument "path" to a
non-null value.
Cannot bind argument to parameter 'Path' because it is null.
No mapping between account names and security IDs was done.
Did this statement show the correct variable contents?
"Process project {0} for user {1}." -f $using:project_folder, $using:username
Add more diagnostic displays of variables so that you can see what it's doing.
Invoke-Command -ComputerName servername -Credential $cred {
"Process project {0} for user {1}." -f $using:project_folder, $using:username
G:
cd $using:project_folder
"Here is the current drive and folder."
Get-Location
mkdir $using:username
$myPath = "G:\home\"+$using:username
"MyPath is {0}" -f $myPath
New-SmbShare -Name $using:username -Path $myPath -ChangeAccess "NTGROUP\$using:username" -FullAccess "domain\Domain Admins"
}
I'm just going to post actual results...
cmdlet Get-Credential at command pipeline position 1
Supply values for the following parameters:
Process project G:\home for user johns.
Here is the current drive and folder.
Path PSComputerName
G:\home tiberius
PSPath : Microsoft.PowerShell.Core\FileSystem::G:\home\johns
PSParentPath : Microsoft.PowerShell.Core\FileSystem::G:\home
PSChildName : johns
PSDrive : G
PSProvider : Microsoft.PowerShell.Core\FileSystem
PSIsContainer : True
BaseName : johns
Mode : d----
PSComputerName : tiberius
RunspaceId : 9a930e31-b42c-4995-94e6-bda10cb5534e
Name : johns
FullName : G:\home\johns
Parent : home
Exists : True
Root : G:\
Extension :
CreationTime : 25/02/2021 9:56:28 AM
CreationTimeUtc : 25/02/2021 5:56:28 PM
LastAccessTime : 25/02/2021 9:56:28 AM
LastAccessTimeUtc : 25/02/2021 5:56:28 PM
LastWriteTime : 25/02/2021 9:56:28 AM
LastWriteTimeUtc : 25/02/2021 5:56:28 PM
Attributes : Directory
MyPath is G:\home\johns
No mapping between account names and security IDs was done.
Damn 1000 character limit....
What is NTGROUP? I was assuming that it was just a placeholder because you didn't want to post you actual machine and domain names.
Is the user a local user or Active Directory user? If it's AD then use
-ChangeAccess "YourDomainName\$using:username"
If it's local use:
-ChangeAccess ".\$using:username"
it is set to domainname\$using:username
Nevermind. I was an idiot and didn't change domain\ to the actual domain name. lol It's working. Thanks!
I do not have an AD environment where I can test. Let's see which account is causing the problem and if we can list off some group membership.
Replace the New-SmbShare line with these statements.
$mydomain = "TheNameOfYourDomain" # put the name of your domain in this variable.
New-SmbShare -Name $using:username -Path $myPath -FullAccess "$mydomain\Domain Admins"
remove-smbshare -Name $using:username -force
New-SmbShare -Name $using:username -Path $myPath -ChangeAccess "$mydomain\$using:username"
remove-smbshare -Name $using:username -force
New-SmbShare -Name $using:username -Path $myPath -ChangeAccess "$mydomain\$using:username" -FullAccess "$mydomain\Domain Admins"
"Just for fun, lets list off some groups to see if it can resolve AD user/groups."
"In case we have a double hop problem talking to domain controllers."
Get-LocalGroupmember -name administrators
Get-LocalGroupmember -name users