« PowerShell Dinner @ TechEd
PowerShell webcast from TechEd »

Alternate credentials for AD cmdlets

Published June 4, 2007 Active Directory , AD , AD cmdlets , cmdlets , Examples , one-liner , oneliner , PowerShell Comments

By default, AD cmdlets use your current credentials. This is great and handy (I can just run Get-QADUser as the new command and it will work) but quite often you might want to specify another username/password. For example, when what you are planning to do requires a privileged account and the default account with which you logged in is just a Domain User.

Well, as usual, Connect-QADService is here to help. There are two ways you can specify the credentials. As a username/password pair:

$pw = read-host "Enter password" -AsSecureString
connect-QADService -service 'server.company.com'-ConnectionAccount 'company\administrator'-ConnectionPassword $pw

Or use the Get-Credential cmdlets which will display the familiar dialog box:

Connect-QADService -service 'server.company.com' -Credential ( Get-Credential )

Once you’ve run any of those all your subsequent AD cmdlets run under this new account until you run Disconnect-QADService which removes the connection and brings you back to the defaults:

Connect-QADService -service 'server.company.com' -Credential ( Get-Credential )

# now we are using the specified credentials

Get-QADUser

Disconnect-QADService

# now we are back to the current account

Tags: , , , , , , ,

4 Responses to “Alternate credentials for AD cmdlets”

Feed for this Entry Trackback Address
  1. 1 Rick September 10, 2007 at 11:09 am

    And it looks so easy. I’ve tried to connect to a different domain with this cmdlet. I can connect, but as soon I try to list all machines in a certain OU with get-qadcomputer , it tells me the domain does not exist. Listing *all* computers in the domain does work, however…

    Reply
  2. 2 dmitrysotnikov September 10, 2007 at 12:52 pm

    Rick,

    This looks very similar to the issue discussed in this forum thread: http://powergui.org/thread.jspa?threadID=4286&tstart=0

    So it looks like there is some kind of issue. If you could post to the forum with the specific commands you are using and some description of your configuration, the guys there should be able to reproduce the bug and fix it as well as hopefully suggesting workaround so you are not stuck until you get the fix.

    Dmitry

    Reply
  3. 3 Anonymous August 15, 2011 at 10:31 pm

    Hi
    I know this is an old thread but is there a way to run a script under the context of a different user without having to answer the prompts. IE: I have an app that is running under local admin and i need it to run a script to query ad to see if a computer is there and just return its standard output?
    it will run a = (get-qadcomputer computername).type
    is this possible?

    Reply

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Cancel

Connecting to %s

« PowerShell Dinner @ TechEd
PowerShell webcast from TechEd »

 Subscribe in a reader

Subscribe by email

My Recent Tweets

Legal

The posts on this blog are provided “as is” with no warranties and confer no rights. The opinions expressed on this site are mine and mine alone, and do not necessarily represent those of my employer - WSO2 or anyone else for that matter. All trademarks acknowledged.

© 2007-2014 Dmitry Sotnikov

June 2007
M T W T F S S
« May   Jul »
 123
45678910
11121314151617
18192021222324
252627282930  
%d bloggers like this: