Invoke-UAScript Not Working

PowerShell Universal
1

I am trying to create a page that uses Invoke-UAScript to perform a task. I have another already working page that I lifted the Invoke-UAScript logic from, but it’s not working on this new page. Any other things to check beyond the below information?

I validated the user I am logged in with has the Execute role:

2021-07-20_11-53-27
2021-07-20_11-53-27782×54 18 KB

This is the dashboard configuration from the dashboards.ps1 file:

New-PSUDashboard -Name "Name" -FilePath "Name.ps1" -BaseUrl "/Name" -Framework "UniversalDashboard:Latest" -Environment "7.1.3" -Authenticated -Role @('Role1', 'Role2') -GrantAppToken -SessionTimeout 0

The page code is:

New-UDPage -Name 'Local Admin Elevation' -Content {
    $Hash = @{}
    Import-Csv "D:\User-Device-Relationship-For-Admins.csv" | ForEach-Object {$Hash.Add($_.UserPrincipalName,$_.Computer)}
    
    New-UDTypography -Text "Click this button to elevate '$User' to local admin on '$($Hash[$User])' for 30 mins."
    New-UDButton -Id 'UserName' -Text $User -Variant 'contained' -OnClick {
        Show-UDToast -Message "Adding '$User' to local admin on [$($Hash[$User])]" -Position center
        $Credential = Get-UAVariable -Name 'Svc-AccountName'
        $Script = Get-UAScript -Name 'AddLocalAdminScriptName.ps1'
        $InvokeParams = @{
            Script = $Script
            User = $User
            ComputerName = $Hash[$User]
            Credential = $Credential
        }
        Invoke-UAScript @InvokeParams | Tee-Object -Variable job | Wait-UAJob
        $Data = Get-UAJobPipelineOutput -Job $Job
        If($Data.Result -match "Success"){
            $ToastParams = @{
                Message = "Success! Added '$User' to local admin on [$($Hash[$User])]. Membership expires on [$($Data.Expiration)]"
                Duration = "5000"
                Position = 'center'
            }
            Show-UDToast @ToastParams
        } Elseif ($Data.Result -match "Failed"){
            $ToastParams = @{
                Message = "Failed to add [$User] to [$($Hash[$User])].
                Duration = '5000'
                Position = 'center'
                MessageColor = 'Red'
            }
            Show-UDToast @ToastParams -CloseOnClick
        } Elseif ($Data.Result -match "GroupNotFound") {
            Show-UDToast -Message "Local Admin group not found for computer object [$($Hash[$User])]"
        }
    }
} -NavigationLayout permanent -Navigation $NavGroup -Url '/localadminelevation' -Role $All

The “$All” role just encompasses a bunch of separate role definitions. I’ve removed it, but whether -Role is defined or not, I am able to visit the page, click the New-UDButton, and get the Toast notification that runs before Invoke-UAScript. Yet, I’m not seeing any new job run entry in the script’s Jobs section. If I run the script from the Scripts admin area it works without issue. In case it matters, this is all the script does (but note it’s not even logging a new job has started, so something isn’t even submitting the job):

# Add Local Admin Script File
Param (
    [String]$User,
    [String]$ComputerName,
    [String]$Duration = '30'
)

$ResultsObj = [PSCustomObject]@{ # Create object to output results back to webpage
    Result = $null
    Expiration = $null
}

# Search for group
$GroupName = "GroupPrefix_$ComputerName"
$GroupExists = [bool]([adsisearcher]"samaccountname=$GroupName").FindOne() #Returns True/False result

If($GroupExists){
    $UserAcct = Get-ADUser -Filter "UserPrincipalName -eq '$User'"
    If($UserAcct){
        Try{
            $Date = (Get-Date).AddMinutes($Duration)
            Add-ADGroupMember -Identity $GroupName -Members $UserAcct -MemberTimeToLive (New-TimeSpan -Minutes $Duration) -ErrorAction Stop
            $ResultsObj.Result = 'Success'
            $ResultsObj.Expiration = $Date
        } Catch {
            $ResultsObj.Result = 'Failed'
        }
    } Else {
        $ResultObj.Result = 'Failed'
    }
} Else {
    $ResultsObj.Result = 'GroupNotFound'
}

Return $ResultsObj

Forgot to include this from the \PowerShellUniversal\log-.txt file:

2021-07-20_12-12-03
2021-07-20_12-12-03988×342 74.8 KB 

Product: PowerShell Universal
Version: 1.5.19
2

You won’t be able to retrieve a UA variable encrypted value via Get-UAVariable. It may be failing. Can you check the dashboard log on the dashboard page?

Can you try this? This variable should be stored automatically and you just need to retrieve it locally.

     $Credential = Get-Variable -Name 'svc-accountname' -ValueOnly
     Connect-PSUServer -ComputerName $Hash[$User] -Credential $Credential
        $Script = Get-UAScript -Name 'AddLocalAdminScriptName.ps1'
        $InvokeParams = @{
            Script = $Script
            User = $User
        }
3

@adam, Okay, I actually got this working, but I’m wondering if not using Connect-PSUServer is a bad design.

The actual problem is I defined one of the parameters in my “Add Local Admin” script as $ComputerName, which I think collided with the -ComputerName variable Invoke-UAScript uses. I was looking in the dashboard logs and saw the URL was "http://<$ComputerNameParameterValue>/api… instead of the URL defined in our appsettings.json config file. I modified the parameter in my script to “ComputerHostName” and now everything is working.

However, to your point, is the way I am calling these scripts not good long term? Or perhaps since I had “ComputerName” in there, you thought I was trying to call the other server URL? To be clear, the Get-UAVariable and Invoke-UAScript cmdlets are being run from the PowerShell Universal server itself, not from the user’s local endpoint. Should I still move towards the Connect-PSUServer example you shared?