Connect to AD using a different user

This topic contains 0 replies, has 1 voice, and was last updated by Profile photo of Forums Archives Forums Archives 5 years, 5 months ago.

  • Author
    Posts
  • #6220

    by vandreytrindade at 2012-11-22 08:14:18

    Hi,

    It's my first post in the forum.

    I'm using PowerShell with the Microsoft Online Services module to administrate Office 365 and Exchange Online.
    When I open PowerShell I use a script to get my credentials and connect to those services.

    I'm creating an Active Directory script just to start... But my normal user logged on the machine right now don't have admin rights in the server.
    Ex.: Normal user: vandrey
    Admin user: vandrey$

    So, how can I connect to the AD using that user and not the logged on my machine?
    I have to start PowerShell using other credentials? Is this the only way?

    by vandreytrindade at 2012-11-23 05:22:51

    I manage to do it... somehow...

    I'v created two scripts:

    Change_password.ps1
    Change_password_code.ps1

    I've put them in a "C:\Active Directory" folder.

    The codes are:

    Change_password.ps1

    #####################################################################################
    Import-Module ActiveDirectory
    cd "\Active Directory"
    $ADcred = Get-Credential ("$env:USERDOMAIN\$env:USERNAME$")
    Start-Process powershell.exe -Credential $ADcred -ArgumentList "-File Change_password_code.ps1" -Wait
    exit
    #####################################################################################

    Change_password_code.ps1

    #####################################################################################
    Write-Host
    Write-Host "Which account you want to change the password?" -Foregroundcolor Yellow
    Write-Host
    $user = Read-Host

    Set-ADAccountPassword -Identity $user -Reset

    Write-Host
    Write-Host "Password changed successful" -Foregroundcolor Yellow
    Write-Host
    pause
    #####################################################################################

    Now, I'm trying to get those scripts working in any other directory...
    Tried the "get-location" but it always seems to start in the same directory "C:\".
    PS: In my PowerShell user profile, I've put that command: "Set-Location C:\" to always start in that directory.

    Is there a way to do it?
    I mean... I have the "Active Directory" folder... but if someone doesn't?
    What about if I had those two scripts in my "C:\Temp\TestingScripts\" folder?

    I want to create a script that runs no matter where they are in the computer... Any1?

    by coderaven at 2012-11-26 06:48:04

    Have you tried running something like this?

    Import-Module msonline
    $cred = Get-Credential
    Connect-MsolService -cred $cred
    Get-Command –Module msonline

    If you don't want to be prompted, use the PSCredential object just before the above code.

    $secpasswd = ConvertTo-SecureString "PlainTextPassword" -AsPlainText -Force
    $cred = New-Object System.Management.Automation.PSCredential ("username", $secpasswd)

    When running your AD Module commands you can use the -Credential switch with a PSCredential object as well in the same runspace no problem.

    by vandreytrindade at 2012-11-26 07:43:58

    Hi coderaven,

    I don't understand why you gave me the solution to connect to MSOL services...
    I've posted before you the solution I've made to connect to Active Directory using different credentials.
    That was the only way that I've found since I can't use something like "Connect-ActiveDiretoryservice -cred $cred"...
    Thanks for trying though =]

    But anyway...
    My second problem was to get the actual location of the script so it can run from any folder in the computer...

    The solution is:

    $ScriptDirectory = Split-Path $MyInvocation.MyCommand.Definition -Parent
    $actualdir = $ScriptDirectory.Remove(0,2)
    cd $actualdir
    dir

    viewtopic.php?f=5&t=804&p=3259#p3259

    Thanks \o/

    by coderaven at 2012-11-26 10:13:56

    What I was trying to say was that either way, you can use different credentials to connect to AD or Online Services no matter who you are running the session as even if the account is different for both. Active Directory commands each have a -Credential and there is no Connect-* for those commands. Run PowerShell as a standard user and create credentials using Get-Credential for both AD and Online Services. With Online services you are done after each connection, in AD you specify credentials on each command.

    by vandreytrindade at 2012-11-26 10:23:57

    Hmm.... now I understand what you've said =p

    In the way that I did it, the user needs to authenticate one time only =]
    I'm using it to build a menu with a lot of options to manage AD from PS.

You must be logged in to reply to this topic.