Running powershell to connect to Office 365

bennyphipps
Giga Expert

‎04-05-2016 04:37 AM

Hello,

I want to use powershell to manage some Office 365 items.   the powershell is being run on the local MID server.   To connect to Office 365 (after pre req PS Cmdlet installs completed) The first thing you have tio do is run the Connect-MsolService function.

This function requires credentials of which are the office 365 credentials mr.admin@somecompany.onmicrosoft.com (or whatever) with associated password (of course).

Initially I setup a credentials record for the O365 account and tagged it.   In my custom PowerShell activity I have put the same tag and set the host to the local MID Server. The PS Script run on the MID server locally cannot be run as mr.admin@somecompany.onmicrosoft.com because that is not a valid user on the local domain (I presume) which is why it always runs as the account associated to the local MID Server Windows Service.   If I set the hostname to a random IP address (my laptop for example) it also fails as it doesn't have any connection to it but I can see it tries to use the tagged credentials...

So...

What I'd like to know is whether it's possible to run the PSScript locally on the MID server but somehow pass in the credentials stored in the credentials table.

e.g.

Connect-MsolService -Credential $O365Cred

There are other options re potentially storing the username/password as secure strings locally then decrypting them but I want to see if I can use the ServiceNow functionality first.

Kind regards,

Ben

Labels:
  • 3,335 Views
3 REPLIES 3

ndt13
Giga Expert

‎05-31-2017 01:59 PM

Did you ever figure this out?



Thanks


0 Helpfuls

bennyphipps
Giga Expert
In response to ndt13

‎06-02-2017 03:51 AM

Hi Yes I did...



The approach allows you to basically have a password as a variable in a script.     However this password is sent to a text file on the MID Server encrypted and can only be read on the machine it was created on and by the Windows user who created that file.



Our security guys have approved this approach (you could do the same for any variable you want to be secret I suppose)



This is the PS code to create the file where you specify filename and password



Function update-creds


{


[CmdletBinding(SupportsShouldProcess=$True)]


Param (


[Parameter(Mandatory=$TRUE,Position=1)]


[String]$secure,


[Parameter(Mandatory=$TRUE,Position=2)]


[String]$file)


$secure | ConvertTo-SecureString -AsPlainText -force | ConvertFrom-SecureString | Out-File "C:\Office365\$($file).txt"


}



You can store   this on the MID server by logging in as the account you're running your MID Server service with OR run it as a activity from ServiceNow itself (although that password will be in clear text in the ecc queue for info).



Basically I created some MID Server script file.   A powershell module and some ps1 files.



The module has all the function in it and also a function that connects to Exchange that is called when required...   this then downloads the powershell commands which are available to any other functions in the module (Get-mailbox for example)



function Create-O356ExchangeSession {


$User = "{YOURUSERNAMEHERE}@{YOURDOMAIN}.onmicrosoft.com"


$File = "C:\Office365\Office365cred.txt"


$credential=New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $User, (Get-Content $File | ConvertTo-SecureString)



$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $credential -Authentication Basic -AllowRedirection


####ADDED TO ALLOW USE FROM MODULE####


Export-PSSession -Session $Session -OutputModule "$env:TEMP\ExchModule" -Force | Out-Null


Import-PSSession -session $Session


####ADDED TO ALLOW USE FROM MODULE####


}


Kevin Moore
Tera Contributor
In response to bennyphipps

‎10-27-2022 12:32 PM

Just wondering if your admin account also requires multi factor authentication and if so is there a way to make that work?

 

0 Helpfuls