This topic contains 3 replies, has 2 voices, and was last updated by
January 23, 2018 at 12:49 am #92015ParticipantPoints: 15Rank: Member
$CurrentUser = ([System.Diagnostics.Process]::GetCurrentProcess().GetOwner().User
Is there any way to feed $CurrentUser in place of 'GetCurrent() on the script below?
$thisUser = [System.Security.Principal.WindowsIdentity]::GetCurrent()
$WinPrincipal = New-Object System.Security.Principal.WindowsPrincipal($thisUser)
return ($WinPrincipal.IsInRole("Domain Admins"))
I just simply wanted to check if a given user is a domain admin or not without using AD PowerShell module.
January 23, 2018 at 10:23 am #92024ParticipantPoints: 780Rank: Major Contributor
Your second code block already does what you state your goal is. There is little reason for the current user part of this as that second block is only for the current user.
You actually don't even need all this code. You can simply use whoami
whoami of course only works for the currently logged on user and shows all the associated local and domain groups the user belongs to.
(whoami /ALL /FO CSV | ConvertFrom-CSV) | Select 'User Name' | Where 'User Name' -like '*Domain Admins*'
Are you are asking that, a user is not logged on with an account that is not a domain admin, and then they do a RunAS elevation or New-PSSession, Enter-PSSession and passing in a domain admin credential?
If so, then the whoami use case still applies in the PoSH remote session.
So, why are you trying to skip the AD cmdlets use case?
You don't have to install any AD cmdlets to use the AD cmdlets. You can use implicit PSRemoting and proxy those to any system, and they are never physically on the system, and the disappear when you close the remote session or the console or ISE window.
January 23, 2018 at 12:53 pm #92038ParticipantPoints: 15Rank: Member
Thanks, postanote. It works like a charm! The idea was to log in to a machine (with no RSAT) with standard user account but run the powershell session with a domain admin account then run lots of wmi/ciminstance queries to the domain computers/servers.
GetCurrent() only picks up the logged in user account. So, even if you run the PowerShell with Domain admin account. it still returns $false. Thanks again. Naw
January 23, 2018 at 8:40 pm #92074ParticipantPoints: 780Rank: Major Contributor
The topic ‘Check if the current PowerShell session user is a Domain Admin’ is closed to new replies.