0

I would like to run some forms under domain admin credentials and I need the whole thing within the script itself.

I have found some tricks around the Web but nothing very handy or expected. I don't want to use any .bat file or such. For your information I have it all scripted with Powershell Studio.

Have any of you guys a solution to gather domain admin credentials, check these, and finally run the script using these creds?

Charlypop
  • 156
  • 2
  • 4
  • 18
  • 1
    wouldn't `Get-Credential` do the getting part? then test it by accessing something that requires it. – Lee_Dailey May 08 '19 at 14:10
  • As @Lee_Dailey says, `Get-Credential` is the way to go if you need to prompt for the credentials at runtime, but if you want to store them securely for your script to pick up, have a look at a [previous answer of mine](https://stackoverflow.com/questions/50917375/what-is-the-best-way-to-store-account-credentials-especially-password-for-an-a/50918111#50918111). – boxdog May 08 '19 at 14:33
  • Are you the only one going to run these scripts? Do you need to store the domain admin credentials? Do you want the person running the script to have to enter the domain admin everytime? Do you need it so that none domain admins can run it but not see the username and password? I need more information... – ArcSet May 08 '19 at 14:39
  • @ArcSet, I am not the only who is going to use it and I do not need to store these creds. As a result I need the user to enter his/her domain admin creds to get the script working. Finally any process run by these forms will need users to be logged in as domain admin. – Charlypop May 08 '19 at 15:11

1 Answers1

0

You can check domain credentials using LDAP:

# Load the required assembly
Add-Type -AssemblyName 'System.DirectoryServices.Protocols'

# Specify credential details
$domain = 'example.com'
$userName = 'Username'
$password = 'Password'

try {
    # Create a credential object
    $netCred = New-Object -TypeName System.Net.NetworkCredential -ArgumentList $userName, $password

    # Create an LdapConnection object
    $connection = New-Object -TypeName  System.DirectoryServices.Protocols.LdapConnection -Argumentlist $domain
    $connection.Credential = $netCred

    # Attempt to connect
    # Will raise an exception if credentials are wrong, DC is unavailable, etc
    $connection.Bind()

    # Do something with the valid credentials
    Write-Output -InputObject "Credentials are good!"
}
catch [System.DirectoryServices.Protocols.LdapException] {
    # Failed to connect, so give the user a friendly error message
    Write-Output -InputObject "Error connecting to the '$domain' as '$userName': $($_.Exception.Message)"
}
finally {
    # Dispose of the connection
    $connection.Dispose()
}
boxdog
  • 7,894
  • 2
  • 18
  • 27
  • thank you for that snippet. However your script does test domain credential. My point is to be able to run a Powershell script as another user. I don't want to run it using a batch file or any simultaneous file. I was thinking about creating a function that calls a credential object as a parameter so I could run that script as another user. Is that conceivable? – Charlypop May 08 '19 at 17:38