PowerShell: Perform DISM Restore Health on Remote Servers

# This script will use a Windows ISO image to Repair Remote Computers

$isoPath="\\FILESHERVER007\F$\Windows_Server_2016_Datacenter_EVAL_en-us_14393_refresh.ISO"
$remoteComputers="TESTKOMPUTER","TESTKOMPUTER2"

function restoreServerHealth($iso){
	# Mount Image and Record Its Path:
	$isoMount=Mount-DiskImage $iso -PassThru
	$driveLetter=($isoMount | get-volume).DriveLetter
	$wimPath="$driveLetter`:\sources\install.wim:1"
	$logPath="C:\Temp\dism-repair-windows.log"

	# Restore Windows Health using provided ISO:
	dism /online /cleanup-image /restorehealth /source:WIM:$wimPath /limitaccess # non-native PowerShell command
	# Repair-WindowsImage -Online -RestoreHealth -Source $wimPath -LimitAccess -LogPath $logPath

	# Unmount ISO when done
	Dismount-DiskImage -ImagePath $iso
}

function repairServer($server,$isoImage){  
  Invoke-Command -computername $server -credential $cred -ScriptBlock { 
      param( $x, $importedFunc)
      "Executing script on $($ENV:computername)..."
      # Import the function from the variable inside parameters
      [ScriptBlock]::Create($importedFunc).Invoke($x)
  } -ArgumentList $isoImage, ${function:installApp}
}

# Check whether a given username matches the list of Domain Admins
function validateDomainAdmin{
    param (
        [string]$username
    )
    $matchedAdmin=$username -in $domainAdmins
    if($matchedAdmin){
        Write-Host "$username is a Domain Admin";
        return $True;
        }else{
       Write-Host "$username not a Domain Admin.";
       return $False;
       }
}

function testCredential{
  param (
      [string]$username,
      [string]$password
  )
  $plaintextPassword = (New-Object System.Management.Automation.PSCredential 'N/A',$providedPassword).GetNetworkCredential().Password
  $domainBindTest = (New-Object System.DirectoryServices.DirectoryEntry($domainObject,$username,$plaintextPassword)).DistinguishedName
  if ($domainBindTest){return $True;} else{Return $False;}
}

function obtainDomainAdminCred{
	$domainAdmins=(Get-ADGroupMember -Identity "Domain Admins" -Recursive | %{Get-ADUser -Identity $_.distinguishedName} | Where-Object {$_.Enabled -eq $True}).SamAccountName
  $global:cred=$False
  do {
    $providedID=Read-Host -Prompt 'Input a domain admin username'
    if (validateDomainAdmin $providedID){
      $providedPassword = Read-Host -assecurestring "Please enter the password"
      #$providedPassword = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto([System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($password))
      #$providedCredential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $providedID,$providedPassword
      $goodCredential=testCredential -username $providedID -password $providedPassword
      if($goodCredential){
        "Domain Admin Credential validated!";
        $global:cred=New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $providedID,$providedPassword;
         #return $True;
         }
         else{   
         "Password doesn't match.";
         $global:cred=$False;
         #return $False;
         }
    }else{
    "Try again..."
    #return $False;
    }
  } until ($cred) 
}

obtainDomainAdminCred;
$remoteComputers| %{repairServer [string]$_ $isoPath;}