Powershell script to provide a PS Credential object, saving password securely
Have you ever been in the situation where you need to execute a cmdlet like
Disable-ADAccount -Identity ‘Someone’ -Server ‘MyDomainController’
To disable a user account, but it fails because your account does not have permission to disable users?
You can use another account that have permissions to disable users by using the -Credential parameter of the Disable-ADAccount cmdlet as in
Disable-ADAccount -Identity ‘Someone’ -Server ‘MyDomainController’ -Credential (Get-Credential)
The Get-Credential cmdlet prompts for a user name and password, which is fine if you need to run it once or a few times. However, we often come across situations where we need to use several credentials to automate tasks in Active Directory, Exchange, SharePoint,… You will rarely have a single account that has permission to do all these tasks, or across multiple directories. In an automation script, the Get-SBCredntial function can make this easy.
Here’s an example:
$SourceADCred = Get-SBCredential 'domain1\MyADAdmin' $TargetADCred = Get-SBCredential 'domain2\MyADAdmin' $ExCred = Get-SBCredential 'domain1\MyExchangeAdmin' Disable-ADAccount -Identity 'Someone' -Server 'MyDomainController1' -Credential $SourceADCred Disable-ADAccount -Identity 'Sometwo' -Server 'MyDomainController2' -Credential $TargetADCred Get-Mailbox -Identity 'firstname.lastname@example.org' -Credential $ExCred