Custom PSCredential object to log into o365 powershell

This topic contains 4 replies, has 2 voices, and was last updated by  Juan 1 month ago.

  • Author
    Posts
  • #82297

    Jon
    Participant

    A little background...we have a PAM (privileged access management) solution called Cyberark that rotates our admin credentials and provides a secure portal for RDP, SSH etc. I am programmatically trying to check out the password through the rest request and pass those creds into the custom PS object so I can log into O365.

    $url = "https://cyberark/vault/mycredslocation"
    $response = Invoke-RestMethod -uri $url
    
    $password = ConvertTo-SecureString $response.content -AsPlainText -Force
    
    $cred = New-Object System.Management.Automation.PSCredential($response.UserName + "@domain.com", $password)
    
    Set-ExecutionPolicy RemoteSigned
    
    $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/?proxymethod=rps -Credential $cred -Authentication Basic -AllowRedirection
    Import-PSSession $Session -AllowClobber
    

    Error message is:
    New-PSSession : The WinRM client cannot process the request. Requests must include user name and password when Basic or Digest authentication mechanism is used. Add the user name and password or change the
    authentication mechanism and try the request again.
    At C:\Scripts\users\aim2.ps1:13 char:12
    + $Session = New-PSSession -ConfigurationName Microsoft.Exchange -Conne ...
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : InvalidArgument: (https://outlook...proxymethod=rps:Uri) [New-PSSession], PSInvalidOperationException
    + FullyQualifiedErrorId : CreateRemoteRunspaceFailed,Microsoft.PowerShell.Commands.NewPSSessionCommand

    Import-PSSession : Cannot validate argument on parameter 'Session'. The argument is null. Provide a valid value for the argument, and then try running the command again.
    At C:\Scripts\users\aim2.ps1:14 char:18
    + Import-PSSession $Session -AllowClobber
    + ~~~~~~~~
    + CategoryInfo : InvalidData: (:) [Import-PSSession], ParameterBindingValidationException
    + FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.PowerShell.Commands.ImportPSSessionCommand

    I have tried the different types of authentication mechanisms and still get various errors. I have verified the proper username and password are being checked out. I have also used this code to connect to other servers and it works fine.

  • #82300

    Jon
    Participant

    I tried the other various O365 services (connect-msol, and skype) and got this error with Skype:
    You must specify a user principal name in the format of User@Domain.Com.

    So this might be an issue with the way I am appending the domain name to the username

    • #82306

      Juan
      Participant

      I think you're right in regards to the username build. I would check the value of your "$cred" variable to confirm what is actually being passed through. Additionally, it may help to separate the build:

      $url = "https://cyberark/vault/mycredslocation"
      $response = Invoke-RestMethod -uri $url
      
      $password = ConvertTo-SecureString $response.content -AsPlainText -Force
      $username = "$($response.username)@domain.com"
      
      $cred = New-Object System.Management.Automation.PSCredential($username, $password)
      
  • #82336

    Jon
    Participant

    That worked!

    Can you explain to me what the $ in front of "$($response.username)@domain.com" is?

    • #82339

      Juan
      Participant

      In this case, the first "$" is being used as part of a sub-expression operator that allows us to define the expanded string that is '$response.username'+ '@domain'. I like to think of it like defining a new variable made up of multiple parts. Here is some more info about it:

You must be logged in to reply to this topic.