Run Powershell Credentials
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎01-07-2016 01:40 AM
Hi All
I have a powershell script on MID Server, it does work, it adds AD Group to a user. See Below script.
However what I have been trying to do is use credentials and credential_tag in workflow, so we do not have to hold an encrypted password on the MID Server. I have tried numerous things, lots of searching on the community and using other scripts people have used, just cannot get to work.
Does anyone have any ideas on how to get this working.
Host is IP Address of MID Server
import-module "$executingScriptDirectory\AD\ActiveDirectory"
$Env:ADPS_LoadDefaultDrive = 0
$User = "XXXXXXXXXX"
$PasswordFile = "XXXXXXXXXX.txt"
$KeyFile = "XXXXXXXXXX.key"
$key = Get-Content $KeyFile
$cred = New-Object -TypeName System.Management.Automation.PSCredential `
-ArgumentList $User, (Get-Content $PasswordFile | ConvertTo-SecureString -Key $key)
Add-ADGroupMember -identity "testgroup" -member "SNTest1" -server xx.xxx.xx.xx -confirm:$false -credential $cred
- Labels:
-
Integrations
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎01-07-2016 04:15 AM
In addition to this, we have to create a seperate user per domain, we cannot have 1 user that will have access to all the domains in the forrest.
How have other companies with multiple domains Added Users to AD Groups.
Would it be recommended to have 1 MID Server per domain, give the MID Server Service account the ability to add/update Active Directory.
Just after some ideas on how best to achieve running Powershell Script in workflow.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎01-08-2016 04:38 AM
Slowly getting there using Credentials now.
Though the account that works above, does not work with the windows credentials, I get the following, would anyone know what I'm missing?
Authentication failure(s) with available Windows credentials from the instance. Credentials tried: XXXXXXXXX\service-snportal
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎02-11-2016 04:43 AM
Hi,
The most simple option if you want to make changes to active directory is to create a windows account with admin privileges to Active Directory. go to services.msc on the MID server and run the mid server service as this AD account. this way any power shell that is run by the MID server will run in the context of this user so you need not pass nor store ANY credentials username or password to the script or ServiceNow .
Regards,
Ben
