Fix DirectorySync.EntraConnect PSRemoting integration

[ntt-matthias-fleschuetz]

Description

The IdLE.Provider.DirectorySync.EntraConnect currently requires consumers to manually construct PSRemoting sessions and wrap them in custom objects with InvokeCommand methods before passing them through a broker. This is unnecessarily complex for a straightforward remote execution scenario.

Steps to Reproduce (Current Broken Workflow)

1. Create PSRemoting session externally:

   $adConnectSession = New-PSSession -ComputerName 'ad-sync1.corp.local' -Credential $syncCred

2. Wrap session in custom object with ScriptMethod:

   $authSessionWrapper = [pscustomobject]@{ PSTypeName = 'IdLE.AuthSession.PSRemoting'; Session = $adConnectSession }
   $authSessionWrapper | Add-Member -MemberType ScriptMethod -Name InvokeCommand -Value { ... }

3. Create broker and pass wrapper:

   $authSessions = New-IdleAuthSession -SessionMap @{
       @{ AuthSessionName = 'EntraConnect' } = @{ AuthSessionType = 'PSRemoting'; Credential = $authSessionWrapper }
   }

Problem: Broker validation fails with "The property 'Methods' cannot be found on this object" errors during execution. Workaround requires custom broker implementation.

Provider should:

• Accept ComputerName as direct parameter in Step.With
• Receive credentials via standard AuthSessionBroker (AuthSessionType='Credential')
• Build and manage PSRemoting session internally
• Simplify workflow config to flat structure

Proposed Consumer Setup:

$syncCred = Get-Credential -Message "ADSync Admin account"

$authSessions = New-IdleAuthSession `
    -DefaultAuthSession $syncCred `
    -AuthSessionType 'Credential'

$providers = @{
    DirectorySync = New-IdleEntraConnectDirectorySyncProvider
    AuthSessionBroker = $authSessions
}

$plan = New-IdlePlan -WorkflowPath $workflowFile -Request $request -Providers $providers
$result = Invoke-IdlePlan -Plan $plan

Proposed Workflow Config:

@{
    Name           = 'ADSync Trigger'
    LifecycleEvent = 'Operational'
    
    Steps = @(
        @{
            Name = 'ADSync'
            Type = 'IdLE.Step.TriggerDirectorySync'
            With = @{
                Provider        = 'DirectorySync'
                ComputerName    = 'ad-sync1.corp.local'
                AuthSessionName = 'EntraConnect'
                PolicyType      = 'Delta'
                Wait            = $true
                TimeoutSeconds  = 300
            }
        }
    )
}

Actual Behavior

Currently, the only way to get it working is to build a custom broker that bypasses validation:

$broker = [pscustomobject]@{ PSTypeName = 'IdLE.AuthSessionBroker'; Session = $authSessionWrapper }
$broker | Add-Member -MemberType ScriptMethod -Name AcquireAuthSession -Value {
    param([string] $Name, [hashtable] $Options)
    return $this.Session
} -Force

This is a workaround, not a supported pattern.

Environment

• PowerShell version: 7.4+
• IdLE version: main branch
• Provider: IdLE.Provider.DirectorySync.EntraConnect
• Step: IdLE.Steps.DirectorySync (Invoke-IdleStepTriggerDirectorySync)

Acceptance Criteria

• Provider accepts ComputerName parameter in Step.With
• Provider builds PSRemoting session internally with provided credential
• Session cleanup handled in finally block
• Works seamlessly with AuthSessionType='Credential' broker
• Existing tests updated to reflect new flow
• New provider contract tests added for ComputerName + Credential pattern
• Step documentation updated
• Example workflow(s) updated

Suggested Implementation

Provider changes:

1. Store ComputerName from Step.With context
2. In StartSyncCycle() and GetSyncCycleState(): build session from $AuthSession (Credential) + stored ComputerName
3. Execute commands on remote session
4. Clean up session in finally block

Step changes:

1. Accept and validate ComputerName in With parameters
2. Pass it to provider context

Testing:

1. Add contract test: Provider + Step with PSRemoting
2. Update existing mock tests to verify new pattern

Related Issues

Discovered while testing DirectorySync trigger with Entra Connect ADSync server (#xyz)

Additional Context

This is an improvement to provider autonomy and separation of concerns. Currently, network/session management leaks into IdLE.Core broker logic, which should be simpler and more generic.