Author Posts

October 26, 2015 at 2:05 pm

I have a script that connects to exchange online ps, exchange on-prem ps and AD. I store the credentials for exchange online and exchange on-prem via password encrypted in an xml file.

What I would like to be able to do is connect to AD in a similar fashion (i.e. import-pssesson $exchonprem) in the script rather than relying on the credentials the scheduled task is running as.

Any input on how I might accomplish this would be appreciated.
Here's a sample of my script:
https://stackoftech.wordpress.com/2015/08/03/update-office-365-user-license-based-on-ad-attribute-powershell/

October 26, 2015 at 5:39 pm

most, if not all, AD cmdlets support the -credential parameter, you would just load your credential in a variable and then pass it to the cmdlet.

October 26, 2015 at 6:51 pm

Thank you Curtis. Is it necessary to then specify the credential parameter each time I call an AD cmdlet? I was hoping to do it similar to my exchange ps sessions where I only have to send the credentials once.

October 26, 2015 at 9:15 pm

Another option is to use the $PSDefaultParameterValues automatic variable to force every *-AD* cmdlet to use credentials where the credential parameter is available.

$creds = Get-Credential
$PSDefaultParameterValues = @{"*-AD*:Credential"=$creds}

You could stick that into the beginning of your scripts, or in your powershell profile if you like. This will ensure that every AD cmdlet is run with the correct credentials.

October 26, 2015 at 9:55 pm

That's a brilliant solution. Thank you Peter.

October 26, 2015 at 10:47 pm

You can absolutely use a technique called Implicit Remoting to connect to your domain controller by PSSession with alternate credentials and import your cmdlets. Something like that would be:

$cred = Get-Credential "domain\username"
$DC = New-PSSession -ComputerName DC01 -Credential $creds
#Invoke-Command here in case the DC is running earlier than PSv3
Invoke-Command -Session $DC -ScriptBlock {Import-Module ActiveDirectory}
Import-PSSession $DC -Module ActiveDirectory

This will import the AD cmdlets into your current session. The only caveat with implicit remoting is that your commands and data returned are serialized and deserialized when they are sent/retrieved, which causes issues with usability of the commands. For instance:

Get-ADGroup 'Group' | Get-ADGroupMember

This works fine with locally installed RSAT and AD cmdlets, however you will get an error if you try to run this with cmdlets that were imported through implicit remoting. To work around this, you will have to use a lot of ForEach-Object:

Get-ADGroup 'Group' | ForEach{Get-ADGroupMember -Identity $_.distinguishedname}

In some cases as well I've found that this can cause odd issues where not "every" item is processed in the foreach loop. I've not encountered this for a while personally so I can't say for sure but previously when I was using implicit remoting over installing RSAT I certainly encountered this issue numerous times.

October 27, 2015 at 1:42 am

Thanks for the suggestion. I'm familiar with the implicit remoting but option but for precisely the reasons you listed I was looking for an alternative.

I think your suggestion to use PSDefaultParameterValues is the ticket for me 🙂

January 19, 2017 at 7:56 am

Hi All,

I need same information from Active directory via remote. Please find below query which i have used. But its not working. Kindly help to solve this.

ps = """ $cred = Get-Credential "my credential"
$DC = New-PSSession -ComputerName mycomputername -Credential $cred
Invoke-Command -Session $DC -ScriptBlock {Import-Module ActiveDirectory}
Import-PSSession $DC -Module ActiveDirectory
Get-ADDomain """

Thanks,
venu

January 19, 2017 at 3:20 pm

Peter Jurgens,

Hi! I was using this to avoid using the "-Credential" parameter in every command or to workaround commands that don't have that option:

Start PowerShell -Credential $ADcred -ArgumentList "-File .\script.ps1" -Wait

January 19, 2017 at 3:21 pm

You can also use PSDrives to access AD. It's particularly helpful if you need to connect to different domains.

new-psdrive -name AD1 -psprovider activedirectory -server ad1.com -root "" -Cred $a1
new-psdrive -name AD2 -psprovider activedirectory -server ad2.com -root "" -Cred $a2

Now just "cd" to the domain you want to work with.

cd AD1:
get-aduser blah...

January 20, 2017 at 6:51 am

Hi Vandrey and Ron,

Thanks for your update. I have used your opinion. But its not working. I need to remote login to process this task using python. Script is ok but powershell command is not working. I am not expert in powershell. so i need help from you. Please find my below scripts for your reference. Kindly provide exact powershell command to retrieve data from AD.

Python Script:

#!/opt/bin/python2.7
import winrm
import requests
import settings

serv_ip = "My IP"
serv_user = "My UserName"
pwd = "My Password"

ps = """ $cred = Get-Credential "my credential"
$DC = New-PSSession -ComputerName "mycomputername" -Cred $cred
Invoke-Command -Session $DC -ScriptBlock {Import-Module ActiveDirectory}
Import-PSSession $DC -Module ActiveDirectory
Get-ADDomain """

def ad_info():

try:
winrmsession = winrm.Session('%s'%settings.serv_ip,auth=('%s'%settings.serv_user,'%s'%settings.pwd),transport = 'ntlm',server_cert_validation='ignore')
output = winrmsession.run_ps(ps)
print output.std_out
except (requests.exceptions.ConnectionError,winrm.exceptions.InvalidCredentialsError),e:
print e

if __name__ == "__main__":

ad_info()

Thanks,
Gopal.

January 20, 2017 at 9:43 am

Venu,

Sorry, I don't know anything about Python... =/

January 20, 2017 at 9:53 am

Hi Vandrey,

ok fine. But i need only powershell command using via remote.

Thanks,
Venu.