stackoom
  简体   繁体   中英

PowerShell - Error when querying AD if user enters credentials

 原文  2022-07-15 04:30:58       .net/ windows/ powershell/ active-directory/ directoryservices

Question

Trying to create a basic script for my IT helpdesk team that queries our AD to see if a computer's hostname is already on the domain. I want this to not require any modules so it can run on any Windows computer without additional software (because of this I am using DirectoryServices ).

Also company coding policy prevents me from predefining credentials, so I want to make it user-defined. However, it seems that the script will run successfully only if they are predefined. Getting the below error if credentials are user-defined.

Exception calling "FindAll" with "0" argument(s): "The user name or password is incorrect."

Below is a redacted version of what I have.

$username = read-host 'Enter username' 
$password = read-host 'Enter password' -AsSecureString
$hostname = hostname

Write-Host "Checking if $hostname is on the domain..."
$filter = "(&(ObjectCategory=computer)(Name=$hostname))"
$de = New-Object DirectoryServices.DirectoryEntry("LDAP://contoso.com/DC=contoso,DC=onmicrosoft,DC=com",$username,$password)
$ds = New-Object DirectoryServices.DirectorySearcher $de
$ds.filter = $filter
$ds.findall() |
ForEach-Object -Begin {} -Process{$_.properties.item(“Name”)} -End { [string]$ds.FindAll().Count } | Out-Null
  if ($ds.FindAll().Count)
    {
        Write-Host "true"
    }
  else
    {
        Write-Host "false"
    }

Is it possible for the credentials to be user-defined or does it have to be predefined?

1 answers

solution1
 2 ACCPTED  2022-07-15 04:45:58

The DirectoryEntry constructor you're using requires the password argument to be a string instead of a secure string .

Read-Host when used with the -AsSecureString outputs a System.Security.SecureString object. Converting it back to string and passing it as argument for the constructor should solve the problem:

$secpassw = Read-Host 'Enter password' -AsSecureString
$password = [System.Net.NetworkCredential]::new('', $secpassw).Password

It's also worth noting that since you're asking for Username and Password, Get-Credential might be a more elegant way for asking it and the same technique using NetworkCredential to transform the secure string will work:

$cred  = Get-Credential
$passw = [System.Net.NetworkCredential]::new('', $cred.Password).Password

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to check AD user credentials when the user password is expired or “user must change password at next logon” Passing logged in user credentials to Powershell cmdlet Querying AD for finding all groups of a user - Missing one group Validate user credentials from Azure AD using PrincipalContext How to encrypt using credentials of the current Windows user in powershell for KeePass? Error parsing connection string with AAD user credentials Connect to Active Directory for Login (in my product) using Service Account and User Account Credentials of AD There was an internal error when querying iis 7.0 for profiling MVC3 .NET - How to add additional information when user enters personal details Powershell Ad Reset Utility
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM