The CreatorCon Call for Content is officially open! Get started here.

Credentials for use with PowerShell

David Pichard
Mega Guru

‎07-25-2017 02:42 PM

Hi all, gotta question for you. It's not clear what credentials I need to use and how to use them in the following scenario:

SN > MidServer > PowerShell > Active Directory > Create New User.

I have a credential that I can use locally on the Mid Server to add new users to AD via PowerShell. It's encrypted and lives in the script in the MidServer > Scripts directory. Do I also need to have a windows credential in my credentials table that can log on to the mid server host and should the mid server service also run under this account?

The error message I'm getting is: "Credentials cannot be used for local connections"

Thanks in advance,

David

Labels:
0 Helpfuls
  • 2,552 Views
6 REPLIES 6

alexlwm
Giga Expert

‎07-25-2017 11:54 PM

Are you using the same credentials on the Mid server service?


0 Helpfuls

David Pichard
Mega Guru
In response to alexlwm

‎07-26-2017 01:36 PM

I guess to clarify my question some: The account I store in the SN credentials table for use with the mid server, does it have to be able to log into the host machine (rdp permissions) or does it simply have to match the account the mid server service is running as?



Part B of this question is: The account the mid server service runs as, what juice does it need in order to execute powershell scripts (what is best practice for the group this account should be added to)?


windowsgroupoptions.png


Preview file
18 KB
0 Helpfuls

Shannon Burns
Kilo Sage
In response to David Pichard

‎08-04-2017 01:38 PM

I'm having similar issues/questions about these accounts.   Did you get an answer, David?



Thanks,


Shannon


0 Helpfuls

David Pichard
Mega Guru
In response to Shannon Burns

‎08-04-2017 02:10 PM

Hi Shannon, this is what I ended up doing. I have a windows credential which functions as a service account. It has permissions to manage Active Directory within a specific OU. I am running the mid-server (service) as this account. I have also added that credential into the credentials table of my SN instance with the username being in the format "domain\account" and the type being "Windows." All well and good so far.



The caveat with running powershell scripts I learned the hard way is that you can't run the powershell scripts against the same machine the mid server is running on. So in the powershell activity where you specify target host, make sure the host machine is not the same machine as the mid-server from which you are running the powershell script.



Hope this helps!