Supplying Credentials within a PowerShell script

Kevin Brown
A free video tutorial from Kevin Brown
Windows, Azure, AWS, Cisco, Security Instructor & Author
4.5 instructor rating • 12 courses • 48,897 students

Learn more from the full course

PowerShell for Active Directory Administrators

Use PowerShell to manage Active Directory users, computer, groups, security settings and more on Windows Server

02:58:16 of on-demand video • Updated August 2020

  • Manager Active Directory users, computers and groups using PowerShell
  • Bulk import of accounts into Active Directory
  • Automate tasks using powershell
  • Deploy domain controllers using powershell
English [Auto] Power shall also gives us the ability to store credentials. The reason you may want to store credentials if you're going to run a command or script that's going to modify an object an Active Directory. Whoever runs that needs to have the rights to actually make that change instead of being prompted for credentials when a script runs or running the script as a certain user that has administrative rights. I can actually have the script itself call the credentials to complete a certain task to put a face to that I'm gonna create a folder on the root of my C drive someone to do it through power show I could just have easily went to the sea drive and created it. But since we're talking about power shell I'm going to do it here. I'm gonna run this command new dash item dash item type directory directory just means that we want to create a folder. The last command is path I'm gonna create a folder at the root of my C drive somebody you see colon slash cred as well I'm on a name that folder Well when I had f 8 it just executes that command that folder has now been created when we drop to the next line here. Line 2. Since I have the folder I can run this get dash credential command when you hit f 8 and run that command it prompts you for credentials. I don't want to enter my credentials right now but that's the command. Get credential. I'm actually gonna cancel this window. What I want to do before we run that get credentials. I'm going to create a variable someone type dollar cred equals get dash credentials. I'm going to click f 8 to run this selection. All that does is prompt me for credentials. I'm gonna enter my administrator and I want to enter my credentials. I'm going to click OK now dollar cred will reference those credentials I just applied to verify that worked on the next line. I'm just gonna type dollar cred and I'm gonna run that selection. You can see it says dollar cred username administrator system dot Security dot secure string password. No chance I could ever figure out what the password actually is right now that's just stored in memory. What I need to do is take it from memory and I could store it in an X email file so that I can run it whenever I want to. I'm going to run this command dollar cred pipe. Export not S.L. I excel so this takes our credentials the administrator credentials and it'll export them to an excel file and I'm going to specify a path secret slash admin cred dot ex email. To be clear on what this command is doing. The dollar crash just calls the credentials for the administrator pipe export bash CLIA AML says export these credentials in an X email format and write them to this file. So in this secret folder it's going to create a file name admin credit ex email if I've run this election it just writes to that file. To look at that I want to go to my C drive and I'm going to open that credit folder and admin credit. The file shows up in an accidental format. If we open that file I'll get a few pop ups here and Internet Explorer. You can see it says user name administrator password. Then we get this long hash of the password. If I just roll over you can to see how long that actually is. So there's no chance from that that I would ever know exactly what the password is. So security is not a concern of this somehow allowing credentials to be compromised what I would do to actually use these if I ran a command new ABC user Jay Jackson Someone To create a new user. Jay Jackson I'm going to use minimal parameters so I'm not going to specify First Name Last Name. I'm gonna to use minimal parameters since the goal here is just to look at the credentials dash credential dollar cred. When we run that dollar cred now it just supplies my administrator credentials if we run that selection our user was created using those credentials. So in my script I simply will reference this dollar credit my script and I have it just reference the administrator credentials and this always runs without a problem.