Running powershell to connect to Office 365
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-05-2016 04:37 AM
Hello,
I want to use powershell to manage some Office 365 items. the powershell is being run on the local MID server. To connect to Office 365 (after pre req PS Cmdlet installs completed) The first thing you have tio do is run the Connect-MsolService function.
This function requires credentials of which are the office 365 credentials mr.admin@somecompany.onmicrosoft.com (or whatever) with associated password (of course).
Initially I setup a credentials record for the O365 account and tagged it. In my custom PowerShell activity I have put the same tag and set the host to the local MID Server. The PS Script run on the MID server locally cannot be run as mr.admin@somecompany.onmicrosoft.com because that is not a valid user on the local domain (I presume) which is why it always runs as the account associated to the local MID Server Windows Service. If I set the hostname to a random IP address (my laptop for example) it also fails as it doesn't have any connection to it but I can see it tries to use the tagged credentials...
So...
What I'd like to know is whether it's possible to run the PSScript locally on the MID server but somehow pass in the credentials stored in the credentials table.
e.g.
Connect-MsolService -Credential $O365Cred
There are other options re potentially storing the username/password as secure strings locally then decrypting them but I want to see if I can use the ServiceNow functionality first.
Kind regards,
Ben
- Labels:
-
Service Mapping
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-31-2017 01:59 PM
Did you ever figure this out?
Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-02-2017 03:51 AM
Hi Yes I did...
The approach allows you to basically have a password as a variable in a script. However this password is sent to a text file on the MID Server encrypted and can only be read on the machine it was created on and by the Windows user who created that file.
Our security guys have approved this approach (you could do the same for any variable you want to be secret I suppose)
This is the PS code to create the file where you specify filename and password
Function update-creds
{
[CmdletBinding(SupportsShouldProcess=$True)]
Param (
[Parameter(Mandatory=$TRUE,Position=1)]
[String]$secure,
[Parameter(Mandatory=$TRUE,Position=2)]
[String]$file)
$secure | ConvertTo-SecureString -AsPlainText -force | ConvertFrom-SecureString | Out-File "C:\Office365\$($file).txt"
}
You can store this on the MID server by logging in as the account you're running your MID Server service with OR run it as a activity from ServiceNow itself (although that password will be in clear text in the ecc queue for info).
Basically I created some MID Server script file. A powershell module and some ps1 files.
The module has all the function in it and also a function that connects to Exchange that is called when required... this then downloads the powershell commands which are available to any other functions in the module (Get-mailbox for example)
function Create-O356ExchangeSession {
$User = "{YOURUSERNAMEHERE}@{YOURDOMAIN}.onmicrosoft.com"
$File = "C:\Office365\Office365cred.txt"
$credential=New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $User, (Get-Content $File | ConvertTo-SecureString)
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $credential -Authentication Basic -AllowRedirection
####ADDED TO ALLOW USE FROM MODULE####
Export-PSSession -Session $Session -OutputModule "$env:TEMP\ExchModule" -Force | Out-Null
Import-PSSession -session $Session
####ADDED TO ALLOW USE FROM MODULE####
}
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-27-2022 12:32 PM
Just wondering if your admin account also requires multi factor authentication and if so is there a way to make that work?