Using Powershell to remotely invoke commands in Azure

I'm writing a series of automation scripts that will allow our developers to stand up a simple development environment in Azure. This environment has 3 primary properties:

1. There is a client machine (Windows 10) where dev tools like their IDE and code will live.
2. There is a server machine (Windows Server 2016) where that their scripts will target.
3. Both of these machines live in the same domain, and 1 Domain Admin user is available for use.

I have steps 1 and 2 scripted out, but 3 is currently a mess. Since the script is designed to work from the Developer's local workstation, I need to have the script remote in to the Windows Server and run a few commands to set up the Domain Controller.

Here is my code currently:

Invoke-Command -ComputerName "$RGName-$VMPurpose" -ScriptBlock 
{
    $ADFeature = Install-WindowsFeature AD-Domain-Services
    If ($ADFeature.Success -eq $true)
    {
        Import-Module ADDSDeployment
        Install-ADDSForest -CreateDnsDelegation:$false -DatabasePath 
"C:\Windows\NTDS" -DomainMode "Win2016R2" -DomainName "$project.com" -
DomainNetbiosName "$project" -ForestMode "Win2016R2" -InstallDns:$true -
LogPath "C:\Windows\NTDS" -NoRebootOnCompletion $false -sysvolpath 
"C:\Windows\SYSVOL" -force $true
        $domUserPassword = ConvertTo-SecureString "Th1s is a bad password" -
AsPlainText -Force
        New-ADUser -Name "$VMPurpose-DomAdm" -AccountPassword 
$domUserPassword
        Add-ADGroupMember -Name "Administrators" -Member {Get-ADUser 
"$VMPurpose-DomAdm"}
    }
} -Credential $Cred

When I attempt to run this I get an error showing that WinRM cannot connect, specifically this error:

[Foo] Connecting to remote server Foo failed with the following error 
message : WinRM cannot process the request. The following error with 
errorcode 0x80090311
occurred while using Kerberos authentication: There are currently no logon 
servers available to service the logon request.
 Possible causes are:
  -The user name or password specified are invalid.
  -Kerberos is used when no authentication method and no user name are 
specified.
  -Kerberos accepts domain user names, but not local user names.
  -The Service Principal Name (SPN) for the remote computer name and port 
does not exist.
  -The client and remote computers are in different domains and there is no 
trust between the two domains.
 After checking for the above issues, try the following:
  -Check the Event Viewer for events related to authentication.
  -Change the authentication method; add the destination computer to the 
WinRM TrustedHosts configuration setting or use HTTPS transport.
 Note that computers in the TrustedHosts list might not be authenticated.
   -For more information about WinRM configuration, run the following 
command: winrm help config. For more information, see the 
about_Remote_Troubleshooting Help topic.
    + CategoryInfo          : OpenError: (Foo:String) [], 
PSRemotingTransportException
    + FullyQualifiedErrorId : AuthenticationFailed,PSSessionStateBroken

I added the target machine (Foo) to the TrustedHosts configuration setting in WinRM (I actually added the IP address to make sure that there wasn't any DNS problem happening), and then I get this error:

[Foo's IP] Connecting to remote server <Foo's IP> failed with the following 
error message : WinRM cannot complete the operation. Verify that the 
specified computer name is valid, that the
computer is accessible over the network, and that a firewall exception for 
the WinRM service is enabled and allows access from this computer. By 
default, the WinRM firewall exception for public
profiles limits access to remote computers within the same local subnet. For 
more information, see the about_Remote_Troubleshooting Help topic.
    + CategoryInfo          : OpenError: (Foo's Ip[:String) [], 
PSRemotingTransportException
    + FullyQualifiedErrorId : WinRMOperationTimeout,PSSessionStateBroken

Any thoughts here? Am what I trying simply not ever going to work via Powershell?

According to your error message, we can use this PowerShell script to invoke command to Azure:

$username = 'jason'
$pass = ConvertTo-SecureString -string 'password' -AsPlainText -Force
$cred = New-Object -typename System.Management.Automation.PSCredential -argumentlist $username, $pass
$s = New-PSSession -ConnectionUri 'http://23.99.82.2:5985' -Credential $cred -SessionOption (New-PSSessionOption -SkipCACheck -SkipCNCheck -SkipRevocationCheck)
Invoke-Command -Session $s -ScriptBlock {Get-Process PowerShell}

PowerShell result like this:

More information about invoke command, please refer to this answer.