Powershell script to provide a PS Credential object, saving password securely

Have you ever been in the situation where you need to execute a cmdlet like

Disable-ADAccount -Identity ‘Someone’ -Server ‘MyDomainController’ 

To disable a user account, but it fails because your account does not have permission to disable users?

You can use another account that have permissions to disable users by using the -Credential parameter of the Disable-ADAccount cmdlet as in

Disable-ADAccount -Identity ‘Someone’ -Server ‘MyDomainController’ -Credential (Get-Credential)

The Get-Credential cmdlet prompts for a user name and password, which is fine if you need to run it once or a few times. However, we often come across situations where we need to use several credentials to automate tasks in Active Directory, Exchange, SharePoint,… You will rarely have a single account that has permission to do all these tasks, or across multiple directories. In an automation script, the Get-SBCredntial function can make this easy.

Here’s an example:

$SourceADCred = Get-SBCredential 'domain1\MyADAdmin'
$TargetADCred = Get-SBCredential 'domain2\MyADAdmin'
$ExCred = Get-SBCredential 'domain1\MyExchangeAdmin'
Disable-ADAccount -Identity 'Someone' -Server 'MyDomainController1' -Credential $SourceADCred
Disable-ADAccount -Identity 'Sometwo' -Server 'MyDomainController2' -Credential $TargetADCred
Get-Mailbox -Identity 'someone@domain.com' -Credential $ExCred




Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.