stackoom
  简体   繁体   中英

How to use obtained credentials in powershell to find groups of the Authenticated user?

 原文  2013-02-08 16:09:11       powershell/ authentication/ active-directory/ credentials/ active-directory-group

Question

I wrote a script, which on execution asks for credentials; it goes like this; 

$cred = Get-Credential #Read credentials
$username = $cred.username
$password = $cred.GetNetworkCredential().password
$CurrentDomain = "LDAP://" + ([ADSI] "" ).distinguishedName
$domain = New-Object System.DirectoryServices.DirectoryEntry($CurrentDomain,    $UserName, $Password)

if ($domain.name -eq $null)
{
    [System.Reflection.Assembly]::LoadWithPartialName("System.Windows.Forms")
    [System.Windows.Forms.MessageBox]::Show("Authentication failed - please verify your username and password.")
    exit
}
else
{
    [System.Reflection.Assembly]::LoadWithPartialName("System.Windows.Forms")
    [System.Windows.Forms.MessageBox]::Show("Authentication Success")

    $Groups = [System.Security.Principal.WindowsIdentity]::GetCurrent().Groups

-> I recognized my mistake later, the last line collects the groups of user who is logged into the windows machine.I need the groups of the person who authenticated via script; how to change this and obtain the groups for the person who authenticated into script rather the one using windows authentication?

Please do let me know of any questions or clarifications.

2 answers

solution1
 1 ACCPTED  2013-02-08 22:00:02

You can try this: 

[System.Reflection.Assembly]::LoadWithPartialName("System.Windows.Forms")$cred = Get-Credential #Read credentials
$username = $cred.username
$password = $cred.GetNetworkCredential().password
$CurrentDomain = "LDAP://" + ([ADSI] "" ).distinguishedName
$domain = New-Object System.DirectoryServices.DirectoryEntry($CurrentDomain,    $UserName, $Password)

if ($domain.name -eq $null)
{
  [System.Reflection.Assembly]::LoadWithPartialName("System.Windows.Forms")
  [System.Windows.Forms.MessageBox]::Show("Authentication failed - please verify your username and password.")
  exit
}
else
{
  Add-Type -AssemblyName System.DirectoryServices.AccountManagement
  [System.Reflection.Assembly]::LoadWithPartialName("System.Windows.Forms")

  $cred = Get-Credential #Read credentials
  $username = $cred.username
  $password = $cred.GetNetworkCredential().password
  $CurrentDomain = "LDAP://" + ([ADSI] "" ).distinguishedName
  $domain = New-Object System.DirectoryServices.DirectoryEntry($CurrentDomain,    $UserName, $Password)

  if ($domain.name -eq $null)
  {
    [System.Windows.Forms.MessageBox]::Show("Authentication failed - please verify your username and password.")
    exit
  }
  else
  {
    [System.Windows.Forms.MessageBox]::Show("Authentication Success")

    $ct = [System.DirectoryServices.AccountManagement.ContextType]::Domain
    $user = [System.DirectoryServices.AccountManagement.UserPrincipal]::FindByIdentity($ct, $username)

    $groups = $user.GetGroups()
    foreach($i in $groups){
      $i.SamAccountName
    }
  }
}

solution2
 0  2013-02-08 17:32:01

if you're able to install quest activesrole it will be as simple as : 

(get-qaduser $user).memberof

otherwise you can use invoke-command and provide the credentials: 

$groups=Invoke-Command -ComputerName $env:COMPUTERNAME -Credential $cred -ScriptBlock {
    [System.Security.Principal.WindowsIdentity]::GetCurrent().Groups
}

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to check user credentials in Powershell, to find out if they belong to certain group? How to use powershell to return all exchange distribution groups for a user How to save credentials of technical user in PowerShell How to use Powershell to find group memebership to include members of nested groups and to include the name of the parent group How to Use Powershell to find files that do not include a specific user in the ACL How to use use default session credentials bitstransfer proxy in powershell Powershell securely logging in with user credentials How to run Powershell script on local computer but with credentials of a domain user How to encrypt using credentials of the current Windows user in powershell for KeePass? How to run Start-Process in Powershell using user credentials?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM