I have several domains and one admin account in each one. It is a great pain to log into each domain to change password every month..
I have therefore written a script that will connect to all domains and check to see if I have already changed the password or if I am still using the old one.
If I am using the old one the script should update it.
I connect to the domains (sequentially) with
$oldPassword = Read-Host "Enter old password" -AsSecureString
$newPassword = Read-Host "Enter new password" -AsSecureString
$oldCredentials = new-object -typename System.Management.Automation.PSCredential -argumentlist "$domain\$adminusername",$oldPassword
Connect-QADService -Service $domain -Credential $oldCredentials
and if I get a successfull connection with $oldcredentials I try to change pwd with
GET-QADUSER $adminusername | SET-QADUSER -UserPassword $newPassword
I am guessing that I am not passing the secure string correctly to SET-QADUSER but I've found no documentation on another way to do it.
Please advice:)
SET-QADUSER -UserPassword accept [string] type not [System.Security.SecureString].
Try to pass just a string as password.
Related
I'd like to have a script that creates a local user based on choices from the user.
I currently do it by putting the command in a variable then I invoke it.
$pw = Read-Host "Enter password" -AsSecureString
$command = "New-LocalUser -Name $name -Password $pw $accountparam $accexpiredate $passwordparam $pwexpiredate $canchangepwparam"
iex $command
Everything is working fine except the password, the command fails with the following error :
Unable to convert the "System.Security.SecureString" value from the "System.String" type to the "System.Security.SecureString" type
If I remove the password parameter and let PowerShell automatically ask it then it works, but I'd like to manually ask it.
Can someone help me ?
Well I fixed it, here is the solution in case someone is asking himself the same question and finds this
$command = "New-LocalUser -Name $name -Password (ConvertTo-SecureString '$pw' -AsPlainText -Force) $accountparam $accexpiredate $passwordparam $pwexpiredate $canchangepwparam"
I triyng to reset a password using this code:
Set-ADAccountPassword -Identity <username> -Reset -NewPassword (ConvertTo-SecureString -AsPlainText 'N3WP#SS' -Force)
But it uses the credentials of the logged user to execute this action. How do I specify other user to perform this action using
-Credential?
If you are trying to specify other user :
PSCredential Specifies the user account credentials to use to perform this task. The default credentials are the credentials of the currently logged on user unless the cmdlet is run from an Active Directory module for Windows PowerShell provider drive. If the cmdlet is run from such a provider drive, the account associated with the drive is the default.
To specify this parameter, you can type a user name, such as User1 or Domain01\User01 or you can specify a PSCredential object. If you specify a user name for this parameter, the cmdlet prompts for a password.
You can also create a PSCredential object by using a script or by using the Get-Credential cmdlet. You can then set the Credential parameter to the PSCredential object.
Prompt a specified user to change their password.
Use this command below :
Set-ADAccountPassword -Identity TestName
Please enter the current password for 'CN=Evan Narvaez,CN=Users,DC=Fabrikam,DC=com'
Password:**********
Please enter the desired password for 'CN=Evan Narvaez,CN=Users,DC=Fabrikam,DC=com'
Password:***********
Repeat Password:***********
Set a password for a user account using a distinguished name :
Set-ADAccountPassword -Identity 'CN=Elisa
Daugherty,OU=Accounts,DC=Fabrikam,DC=com' -Reset -NewPassword
(ConvertTo-SecureString -AsPlainText "p#ssw0rd" -Force)
Please take a look at this doc for more reference : Ser-ADAccountPassword
I am bit of a lazy guy, so I have created a script that opens many applications for me. Works fine as ISE opened with Administrator credentials, also opens apps with admin creds, however some of them need a different credentials.
Is it possible, to make powershell remember typed in password each time I log in and open it? (I know that variables are stored only till ps is opened)
Thing is - I cannot store a visible password in profile/text file or in a script, as this is a jump server used by many people. Is it somehow possible to type a password once, make PS encrypt it and each time I will open PS, it will decrypt it and use? or any workaround possible around this?
edit with code:
It's the only part I would like to change
$currentPW = "some password"
$credentials = New-Object System.Management.Automation.PSCredential ("domain\username",$CurrentPW)
start "c:\application.exe" -credential $credentials
It kinda works but it would require me, to input the password everytime I log in to device, so I could go for option like:
$currentPW = read-host "Provide your password"
$credentials = New-Object System.Management.Automation.PSCredential ("domain\username",$CurrentPW)
start "c:\application.exe" -credential $credentials
but this would require me to input the password each time I log in to system and open PS as it does not remember variables after restart.
So...is it even possible to make this work?^^
You can use ConvertTo-SecureString to encrypt the password using the users account key, then save this secure string to a file to load at a later time.
This assumes you are the only one with access to the logon account (not an account with shared credentials), as anyone who can logon as the account can decrypt the file.
$username = "domain\username"
$passwordFile = "C:\folder\EncryptedPassword.txt"
#if password file exists: populate $securePwd from file contents
If (Test-Path $passwordFile) {
$pwdTxt = Get-Content $passwordFile
$securePwd = $pwdTxt | ConvertTo-SecureString
}
#if no file: prompt for password, create file and populate $securePwd
Else {
$password = Read-Host "Provide your password"
$securePwd = $password | ConvertTo-SecureString -AsPlainText -Force
$securePwd | ConvertFrom-SecureString | Set-Content $passwordFile
}
$credentials = New-Object System.Management.Automation.PSCredential -ArgumentList $username, $securePwd
Start-Process "c:\application.exe" -Credential $credentials
If you have PowerShell 3.0 or newer, you can also combine Get-Credential with Export-CliXml to export a PSCredential object as an XML file. Example:
Get-Credential | Export-CliXml "C:\XML Files\credential.xml"
You can then import the credentials using Import-CliXml. Example:
$credential = Import-CliXml "C:\Xml Files\credential.xml"
Note that the password is encrypted using DPAPI, so you can only import the credentials using Import-CliXml on the same computer using the same user account that was used to export the credentials using Export-CliXml.
Currently, have two domains in which our users will have machines existing in either or. I am writing a powershell script in which I collect the user name and machine name. I think perform a test-connection to determine which domain the machine resides by pinging $computer.domain.com then if fails ping $computer.otherdomain.com.
Once I determine the domain I then take the username and place "domain\" + $username to prefill the domain name. I do the same with the provided and stored $machinename by performing this: $machinename + ".domain.com".
I don't want to store user's passwords
I've been trying to use cmdkey to associate the username with the machine and call mstsc (see example below):
cmdkey /generic:TERMSRV/$computername /user:"username"
mstsc /v:$computername
however when i run this, I get a logon attempt failure which isn't ideal.
I thought about trying to use the /prompt field after mstsc /v:$computername so:
mstsc /v:$computername /prompt
but this won't use the stored username, it will instead use the user profile i am currently running the command under.
I simply want my script to take the user's username and machine name, test and confirm which domain the machine resides in the back round, then have prefilled the username with the domain and just prompting the user to enter their password to continue.
Any advice on this would be greatly appreciated!
Here is the code i am working on below: ******
#Storing the provided username within variable $Username
$UserName = $UsernameTextbox.Text
Write-host "Username entered =" $UserName
#Storing the user's provided comuter name into $Machinename
$MachineName = $HostnameTextbox.Text
Write-host "Machinename entered =" $MachineName
#Deletes any previously stored cmdkeys that may interfere with the
cmdkey /list | ForEach-Object{if($_ -like "*Target:*"){cmdkey /del:($_ -
replace " ","" -replace "Target:","")}}
if (Test-Connection -ComputerName "$MachineName.domain.com" -Quiet ) {
$User = "domain\" + $UserName
$MachineName = $MachineName + ".domain.com"
Write-Host "Computer responded in domain"
}
else {
$User = "domain2\" + $UserName
$MachineName = $MachineName + ".domain2.com"
Write-Host "Computer is most likely in domain2"
}
cmdkey /add:$MachineName /user:$user
Write-host "Username with discovered domain name =" $User
Write-host "machine name after domain check =" $MachineName
$argumentslist = "/v:$MachineName " #took out /prompt
Start-Process -FilePath C:\Windows\System32\mstsc.exe -ArgumentList
"$argumentslist"
I'm trying to make a script, or just find a way, to use a .txt file that has a list of servers, and go through the list connected to each, or try to connect to each to see which servers belong to me. If I can connect, they're mine, if not then I need to send that server name to a file. There are 600+ servers so I can't enter credentials and have been trying to find a way using New-SSHSession that doesn't ask for -Username or -Password. What I have so far is below, I've just started PowerShell so my knowledge is limited, what you see is what I've been trying to get working before finally coming here.
#$pass = Get-Content C:\securestring.txt | ConvertTo-SecureString
$pass = Read-Host -AsSecureString "Enter Password"
$pass2 = [Runtime.InteropServices.Marshal]::PtrToStringAuto(
[Runtime.InteropServices.Marshal]::SecureStringToBSTR($pass))
ForEach ($cname in Get-Content "C:\testingconnections\testconnect.txt")
{
New-SshSession -ComputerName $cname -Username $env:USERNAME -Password $pass2 *>> 'C:\testingconnections\error.txt'
Remove-SshSession $cname
}