How to run a powershell script as a domain Administrator

Vagrant
1

I have a Windows Domain with 2019 provisioned with Packer and Vagrant. It works fine, I have managed to create a SQL Server and join the domain.

When I try to provision an Exchange Server I need to run the Setup as administrator, not the vagrant user.

I have a powershell script to perform the installation. If I run it manually from the VM from the console as Administrator It manages to install it.

I am struggling of how to run that script. I have tried different approaches, using the Start-Process command within the powershell script, run Start-Process inline but the script gets launched but it doesn´t finish. Apart is not echoing any error.

How can I do that?

2

I add my scripts in case it helps:

Vagrantfile:

-------------------------------------------------------------

Exchange Server - waterfalls

-------------------------------------------------------------

config.vm.define “waterfalls” do |exch|
exch.vm.hostname = “waterfalls”
exch.vm.network “private_network”,
ip: “10.1.0.6”,
netmask: “255.255.255.0”,
virtualbox__intnet: “intnet-target”,
auto_config: false
#exch.winrm.username = “Administrator”
#exch.winrm.password = “vagrant”

exch.vm.provider "virtualbox" do |vb|
  vb.name = "waterfalls"
  vb.memory = 8192
  vb.cpus = 4
  vb.linked_clone = false
  vb.customize ["modifyvm", :id, "--vram", "128"]
  vb.customize ["modifyvm", :id, "--clipboard", "bidirectional"]
  vb.customize ["modifyvm", :id, "--audio", "none"]
  vb.customize ["storageattach", :id, "--storagectl", "IDE Controller", "--port", "1", "--device", "0", "--type", "dvddrive", "--medium", "isos/ExchangeServer2019-x64-CU11.ISO"]
end

exch.vm.provision "shell", path: "scripts/provision-waterfalls-join-domain.ps1", privileged: true

exch.vm.provision "reload"

exch.vm.provision "shell", path: "scripts/provision-waterfalls-prerequisites-exchange.ps1", privileged: true

exch.vm.provision "reload"
 
exch.vm.provision "administrator-configuration", type: "shell", path: "scripts/provision-waterfalls-administrator-configuration.ps1", privileged: true

exch.vm.provision "reload"

#exch.vm.provision "shell", path: "scripts/provision-waterfalls-exchange.ps1", privileged: true



exch.vm.provision "file", source: "scripts/provision-waterfalls-exchange.ps1", destination: "C:\\tmp\\provision-waterfalls-exchange.ps1"

#exch.vm.provision "install-exchange", type: "shell", privileged: "true", powershell_elevated_interactive: "true", path: "scripts/provision-waterfalls-exchange.ps1"

#exch.vm.provision "install-exchange", type: "shell", privileged: "true", inline: <<-'POWERSHELL'

  #$DomainAdmin = "BOOMBOX\Administrator"
  #$DomainPassword = "vagrant"
  #$secpasswd = ConvertTo-SecureString $DomainPassword -AsPlainText -Force
  
  # 3. Create a PSCredential object
  #$cred = New-Object System.Management.Automation.PSCredential($DomainAdmin, $secpasswd) 

  #Start-Process -Wait Powershell.exe -ArgumentList "-NoExit -File .\provision-waterfalls-exchange.ps1" -Verb RunAs
  
  #Start-Process -NoNewWindow -Wait Powershell.exe -PassThru -Credential $cred -ArgumentList "-NoExit -File .\provision-waterfalls-exchange.ps1" 
   
#POWERSHELL

exch.vm.provision "install-exchange", type: "shell", privileged: true, inline: <<-'POWERSHELL'
 
    $DomainAdmin = "Administrator@boombox.com"
    $DomainPassword = "vagrant"
    
    $secpasswd = ConvertTo-SecureString $DomainPassword -AsPlainText -Force
    $cred = New-Object System.Management.Automation.PSCredential($DomainAdmin, $secpasswd)
    
    # Path to the provisioning script on the VM
    $scriptToRun = "C:\\tmp\\provision-waterfalls-exchange.ps1"
    
    Write-Host "Executing Exchange installation script via Invoke-Command using Domain Admin credentials..." -ForegroundColor Green
    
    # Invoke-Command runs the script block in a new session on the local machine
    # using the provided credentials, ensuring the necessary domain admin rights.
    $result = Invoke-Command -ComputerName "localhost" -Credential $cred -ScriptBlock {
        param($ScriptPath)
        # Execute the Exchange provisioning script
        & $ScriptPath
    } -ArgumentList $scriptToRun -ErrorAction Stop
    
    Write-Ouput $result
    
    Write-Host "Exchange provisioning script execution finished." -ForegroundColor Green
    
    
POWERSHELL


exch.vm.provision "reload"

end

provision-waterfalls-exchange.ps1:

$ErrorActionPreference = "Continue"

Write-Host "=====================================" -ForegroundColor Green
Write-Host "Provisioning Exchange Server: waterfalls" -ForegroundColor Green
Write-Host "=====================================" -ForegroundColor Green

$DomainName = "boombox.com"
$DCAddress = "10.1.0.4"
$ExchIPAddress = "10.1.0.6"
$DomainAdmin = "BOOMBOX\Administrator"
$DomainPassword = "vagrant"


Write-Host "`n=====================================" -ForegroundColor Green
Write-Host "`nTo install Exchange 2019:" -ForegroundColor Yellow
Write-Host "=====================================" -ForegroundColor Green

$ErrorActionPreference = "Stop"


Write-Host "Starting automated Exchange 2019 installation..." -ForegroundColor Green

$exchangeIso = "D:"
$setupPath = "$exchangeIso\Setup.exe"

if (-not (Test-Path $setupPath)) {
    Write-Host "ERROR: Exchange setup not found at $setupPath" -ForegroundColor Red
    Write-Host "Please ensure Exchange 2019 ISO is mounted" -ForegroundColor Red
    exit 1
}

# Wait for DC to be available
Write-Host "Waiting for Domain Controller at $DCAddress..." -ForegroundColor Cyan
$maxAttempts = 60
$attempt = 0
do {
    Start-Sleep -Seconds 5
    $dcReachable = Test-Connection -ComputerName $DCAddress -Count 1 -Quiet
    $attempt++
    if ($attempt % 10 -eq 0) {
        Write-Host "Still waiting... (attempt $attempt/$maxAttempts)" -ForegroundColor Yellow
    }
} while (-not $dcReachable -and $attempt -lt $maxAttempts)

if (-not $dcReachable) {
    Write-Host "ERROR: Cannot reach Domain Controller at $DCAddress" -ForegroundColor Red
    exit 1
}

# Check if already domain joined
$computerSystem = Get-WmiObject -Class Win32_ComputerSystem
if ($computerSystem.PartOfDomain -and $computerSystem.Domain -eq $DomainName) {
    Write-Host "Already joined to domain: $DomainName" -ForegroundColor Green
} else {
    # Join domain
    Write-Host "Joining domain: $DomainName..." -ForegroundColor Cyan
    $securePassword = ConvertTo-SecureString $DomainPassword -AsPlainText -Force
    $credential = New-Object System.Management.Automation.PSCredential ($DomainAdmin, $securePassword)
    
    try {
        Add-Computer -DomainName $DomainName -Credential $credential -Force -ErrorAction Stop
        Write-Host "Successfully joined domain. Rebooting..." -ForegroundColor Green
        Restart-Computer -Force
        exit 0
    } catch {
        Write-Host "Error joining domain: $_" -ForegroundColor Red
        exit 1
    }
}

# We run as Administrator

# 2. Convert the plain text password to a SecureString object
$secpasswd = ConvertTo-SecureString $DomainPassword -AsPlainText -Force

# 3. Create a PSCredential object
$cred = New-Object System.Management.Automation.PSCredential($DomainAdmin, $secpasswd)

Write-Host "Current user:" $([System.Security.Principal.WindowsIdentity]::GetCurrent().Name)

# Prepare Schema
Write-Host "Preparing Active Directory Schema..." -ForegroundColor Cyan
& $setupPath /IAcceptExchangeServerLicenseTerms_DiagnosticDataON /PrepareSchema
#Start-Process $setupPath -NoNewWindow -Wait -PassThru -Credential $cred -ArgumentList ("/IAcceptExchangeServerLicenseTerms_DiagnosticDataON /PrepareSchema")
#Start-Process $setupPath -Wait -PassThru -Credential $cred -ArgumentList ("/IAcceptExchangeServerLicenseTerms_DiagnosticDataON /PrepareSchema")

# Prepare AD
Write-Host "Preparing Active Directory..." -ForegroundColor Cyan
& $setupPath /IAcceptExchangeServerLicenseTerms_DiagnosticDataON /PrepareAD /OrganizationName:"Boombox"
#Start-Process  $setupPath -NoNewWindow -Wait -PassThru -Credential $cred -ArgumentList ("/IAcceptExchangeServerLicenseTerms_DiagnosticDataON /PrepareAD /OrganizationName:\""Boombox\""")
#Start-Process  $setupPath -Wait -PassThru -Credential $cred -ArgumentList ("/IAcceptExchangeServerLicenseTerms_DiagnosticDataON /PrepareAD /OrganizationName:\""Boombox\""")

# Install Exchange
Write-Host "Installing Exchange 2019 Mailbox Role..." -ForegroundColor Cyan
& $setupPath /m:install /roles:m /IAcceptExchangeServerLicenseTerms_DiagnosticDataOFF /InstallWindowsComponents 
#Start-Process $setupPath -NoNewWindow -Wait -PassThru -Credential $cred -ArgumentList ("/m:install /roles:m /IAcceptExchangeServerLicenseTerms_DiagnosticDataOFF /InstallWindowsComponents")
#Start-Process $setupPath -Wait -PassThru -Credential $cred -ArgumentList ("/m:install /roles:m /IAcceptExchangeServerLicenseTerms_DiagnosticDataOFF /InstallWindowsComponents")

Write-Host "Exchange 2019 installation complete!" -ForegroundColor Green

Write-Host "Enabling gosta mailbox..." -ForegroundColor Cyan


# 4. Define the Exchange server connection URI
# Replace "your_exchange_server" with the actual FQDN or IP of your Exchange server
#$SessionUri = "http://$ExchIPAddress/powershell"
$SessionUri = "http://waterfalls/powershell"  

#$SessionUri = "http://$((Get-ADComputer -Identity (Get-ADObject -SearchBase "CN=Configuration,$((Get-ADDomain).DistinguishedName)" -LDAPFilter "(objectCategory=msExchExchangeServer)").Name).DNSHostName)/PowerShell"


# 5. Create a new PSSession with the specified credentials and configuration
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri $SessionUri -Credential $cred -Authentication Kerberos 

# 6. Import the cmdlets from the remote session into your local PowerShell session
Import-PSSession $Session -DisableNameChecking

# 7. Now you can run Enable-Mailbox
# Replace "username" with the identity of the user you want to enable a mailbox for
Enable-Mailbox -Identity "gosta@boombox.com" 

# 8. (Optional) When finished, close the session
Remove-PSSession $Session
Powershell provisioner: Does it support calling another powershell script?