Automating get-qaduser (pass credentials)

jat0369
jat0369 used Ask the Experts™
on
Hello Everyone.

I'm trying to script a fully automated script to query an OU from a machine not currently connected to a domain.  I've got the script fully working as long as I manually pass my credentials at the time the script runs.  I have a restricted service account setup for this purpose and I can't seem to figure out how to pass the username and password through the script.  I don't care if the username and password are exposed.

So far, I've created...

$secUN = convertto-securestring "xxx.com\Service-Account" -AsPlaintext -force
$secPW = convertto-securestring "password!" -AsPlaintext -force
$MyCreds = New-Object System.Management.Automation.PSCredential ($secUN, $secPW)
connect-qadservice xxx.com =credential $MyCreds -ConnectionPassword $MyCreds
get-qaduser -searchroot  'xxx.com/workstations/staging/' -sizelimit 0 | select-object name, description | export-csv c:\install\staging\staging.csv
disconnect-qadservice

Open in new window

What am I missing? How can I run get-qadcomputer and pass a username/password through it?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®

Commented:
Using the 'connect-qadservice' cmdlet, use either -ConnectionAccount & -ConnectionPassword OR the -Credential parameter, but not both.  Since you've already written your script to use the PSCredential object, stick with that.

connect-qadservice xxx.com -credential $MyCreds

Open in new window

Author

Commented:
Thanks KollenH.

I did as you said, but now I'm getting:
Connect-QADService : Index was outside the bounce of the array
at line: 1 char:19
+ connect-qadservice <<<< xxxx.com -credential $MyCreds
          + CategoryInfo                : NotSpecified: (:) [Connect-QADService], IndexOutOfRangeException
          +FullyQualifiedErrorID : System.IndexOutofRangeException, Quest.ActiveRoles.ArsPowerShellSnapin.Commands.ConnectCmdlet

Any idea how to correct this? So far my code is as follows:

$secUN = convertto-securestring "xxx.com\username" -AsPlaintext -force
$secPass = ConvertTo-SecureString "Password1!" -AsPlainText -force

$MyCreds = New-Object System.Management.Automation.PSCredential ($secUN, $secPass)
connect-qadservice xxx.com -credential $MyCreds
get-qadcomputer -searchroot 'xxx.com/workstations/stores/staging' -sizelimit 0 | select-object Name,description | export-csv c:\install\Staging.csv

Open in new window

Commented:
That looks like it's having a problem with the QAD cmdlet; did you make sure the QAD snapin is loaded?  I'd include a check in the script or load them explicitly each time.

Get-PSSnapin | ? {$_.name -eq 'Quest.ActiveRoles.ADManagement'}

Open in new window

Become a Microsoft Certified Solutions Expert

This course teaches how to install and configure Windows Server 2012 R2.  It is the first step on your path to becoming a Microsoft Certified Solutions Expert (MCSE).

Author

Commented:
QAD Snapin is loaded from my profile. Confirmed it just now.
Just ran it again and it's still erroring out with the same as before.
Commented:
Change
$secUN = convertto-securestring "xxx.com\username" -AsPlaintext -force

Open in new window

to be
$secUN = "xxx.com\username"

Open in new window

The PSCredential object expects the username to be a string value, not a SecureString.

Author

Commented:
Working great now. Thank you KollenH! I really appreciate all your help. I couldn't have done this without you.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial