powershell Set-Aduser Credentials - how to automate?

Question

for automation purpose - running a migration from one AD to another - I want to authenticate my script actions towards the AD servers which I am connecting to to carry out the action.

creating a user for example via powershell is quite simple:

PS C:\Users\myuser> Get-ADUser -Server "domain1.net" -Identity username-1 | Set-ADUser -Server \
"domain1.net" -SamAccountName usernam-1-mig -DisplayName usernam-1-mig -Surname usernam-1-mig \
-UserPrincipalName usernam-1-mig -GivenName usernam-1-mig -Credential AD\admin-user

Since every time a user gets renamed a login is required, and since i am not using only powershell but rather python (yes because the migration is not only related to AD move but many more actions), I wanted to provide to each powershell command its username and password for the domain authentication.

I tried a couple of approaches from other websites but couldn't make it work. PSCredentials I looked at but couldn't figure it out either.

From python i am calling the powershell command like this

migration = subprocess.Popen(["powershell.exe", ps_rename_cmd ], stdout=subprocess.PIPE)
migration.wait()

ps_rename_cmd is a simple text variable with similar content from the first code snippet

Thanks a lot in advance for your help

Answer 1

OK, after digging down into the documentation and thanks to a great page ,. I was able to figure it out...

From the powershell i learned that this works fine:

New-ADUser -Server "domain.net" -AccountPassword (ConvertTo-SecureString user_password \
-AsPlainText -Force) -EmailAddress "user1@domain.net" -Name "user1" -DisplayName "user1" \
-GivenName "user1" -Surname "user1" -UserPrincipalName "user1" -path \
"OU=COMPANY,OU=Applications,OU=Users,OU=DEPARTMENT,OU=Global,DC=department,DC=domain,\
DC=net" -PasswordNeverExpires $true -Confirm:$false -Credential (New-Object \
System.Management.Automation.PSCredential ("DOMAIN\admin-user",(ConvertTo-SecureString \
"password" -AsPlainText -Force)))

Important was to have the text inside the variables well formatted!

1. created the string for the Credential part

ps_credentials = (f' (New-Object System.Management.Automation.PSCredential ("DOMAIN1\{auth_user}",(ConvertTo-SecureString "{auth_pw}" -AsPlainText -Force)))')

2. the command as a string itself, well formatted! The ps_credentials var is used in brakets ()

ps_create_cmd = (f'New-ADUser -Server \"{domain_name}\" -Path \"{ou_destination}\" -AccountPassword ({sec_pw}) -EmailAddress {username}@domain.net -Name {username} -SamAccountName {username} -DisplayName {username} -Surname {username} -UserPrincipalName {username} -GivenName {username} -PasswordNeverExpires $true -Confirm:$false -Credential {ps_credentials}')

3. Running the powershell command like this

create_user = subprocess.run(["powershell.exe", (f'{ps_create_cmd}')], capture_output=True, text=True)

The credential window, which was hindering me to automate all this, doesn't pop up anymore and the admin user gets authenticated towards the AD server to create the new account. Ofc this can be altered to work with any -Credential requiring command.

Big Thanks to the Author of the website duffney. Really well done I hope someone else will find this useful in the future. Looking forward for productive discussions:)