Solved

how can i pass through credentials in this powershell script

Posted on 2014-10-28
12
889 Views
Last Modified: 2014-11-01
can someone provide a way to pass through credentials in the following script? the target DNS server is in a workgroup:

$val1 = Read-host "Please Enter the hostname"
$val2 = Read-Host "Please enter the ip address"

$cmdval = "dnscmd 10.2.3.4 /recordadd mydomain.com $val1.mydomain.com. A $val2"
Invoke-Expression $cmdval  

Open in new window


thx in advance,

S.
0
Comment
Question by:siber1
12 Comments
 
LVL 28

Assisted Solution

by:becraig
becraig earned 167 total points
ID: 40409864
Try wrapping the last piece as an invoke-command instead of a invoke-expression.

You will also have to pass in the credentials.

$uid = whoami
$passwd = Read-Host -AsSecureString "Enter Your Password:"
$cred = New-Object System.Management.Automation.PSCredential ($uid, $passwd)
$val1 = Read-host "Please Enter the hostname"
$val2 = Read-Host "Please enter the ip address"

$cmdval = "dnscmd 10.2.3.4 /recordadd mydomain.com $val1.mydomain.com. A $val2"
Invoke-Command -Credential $cred-ScriptBlock { iex $cmdval }

Open in new window


EDIT:
You can  edit $uid to be a value the user puts in as well, for now we just read the logged in user's id.

$uid = Read-host "Please Enter username Domain\user"
0
 

Author Comment

by:siber1
ID: 40409900
hi becraig, when I run the script and enter the userID / password / host record and IP address, it then prompts again with a pop-up "windows powershell credential request" box with the username filled in of:
System.Management.Automation.PSCredential-ScriptBlock

pls advise... thx
0
 
LVL 28

Expert Comment

by:becraig
ID: 40409931
Seems there are some issues with the command syntax.

Try this:
$uid = Read-Host "Please Enter your username e.g. Domain\username"
$passwd = Read-Host -AsSecureString "Enter Your Password"
$Cred = New-Object System.Management.Automation.PSCredential -ArgumentList $uid, $passwd
$computer = hostname
Invoke-Command -Credential $cred -ComputerName $computer -ScriptBlock {
	$val1 = Read-host "Please Enter the hostname"
	$val2 = Read-Host "Please enter the ip address"
	$cmdval = "dnscmd 10.2.3.4 /recordadd mydomain.com $val1.mydomain.com. A $val2"
	iex $cmdval
}

Open in new window

0
 

Author Comment

by:siber1
ID: 40409940
q: what should I enter for this line:  $computer = hostname
would I enter the target DNS server name for "hostname" ?
0
 
LVL 28

Expert Comment

by:becraig
ID: 40409947
$computer = hostname

The variable is populated by the command "hostname"
So it just runs the command and populates the variable $computer with whatever value the hostname command returns.

This is just so invoke command knows the local computer we are running the script from.
0
 

Author Comment

by:siber1
ID: 40409948
looks like it doesn't like the remote authentication, here is the error:
[dnsserver01] Connecting to remote server failed with the following error message : WinRM cannot process the request.
 The following error occured while using Kerberos authentication: There are currently no logon servers available to ser
vice the logon request.
 Possible causes are:
  -The user name or password specified are invalid.
  -Kerberos is used when no authentication method and no user name are specified.
  -Kerberos accepts domain user names, but not local user names.
  -The Service Principal Name (SPN) for the remote computer name and port does not exist.
  -The client and remote computers are in different domains and there is no trust between the two domains.
 After checking for the above issues, try the following:
  -Check the Event Viewer for events related to authentication.
  -Change the authentication method; add the destination computer to the WinRM TrustedHosts configuration setting or us
e HTTPS transport.
 Note that computers in the TrustedHosts list might not be authenticated.
   -For more information about WinRM configuration, run the following command: winrm help config. For more information,
 see the about_Remote_Troubleshooting Help topic.
    + CategoryInfo          : OpenError: (:) [], PSRemotingTransportException
    + FullyQualifiedErrorId : PSSessionStateBroken

Open in new window

0
 
LVL 28

Expert Comment

by:becraig
ID: 40409957
Just so I have a clearly picture, what specifically is the reason for passing the credentials?

Are we trying to ensure the currently logged in user authenticates to the dns server ?
0
 

Author Comment

by:siber1
ID: 40409963
sure, we would like to add host A records to a remote DNS server, the target server is in a workgroup, in order for us to add the records with your script we need to authenticate to the workgroup DNS server, or we get access denied when trying to run the script.

running it locally on the DNS workgroup server works fine.

thx
0
 
LVL 28

Expert Comment

by:becraig
ID: 40409967
ok so you will have credentials you will provide that users will give that allows them to authenticate to the DNS servers ?


If so we can take a gamble on psexec

$uid = Read-Host "Please Enter your username e.g. Domain\username"
$passwd = Read-Host -AsSecureString "Enter Your Password"
$svcpwdr = [System.Runtime.InteropServices.Marshal]::SecureStringToCoTaskMemUnicode($passwd)
$svcpwd = [System.Runtime.InteropServices.Marshal]::PtrToStringUni($svcpwdr)

$val1 = Read-host "Please Enter the hostname"
$val2 = Read-Host "Please enter the ip address"
$cmdval = "dnscmd 10.2.3.4 /recordadd mydomain.com $val1.mydomain.com. A $val2"
iex psexec /accepteula -u $uid -p $svcpwd \\$val1 cmd /c $cmdval

Open in new window

0
 
LVL 10

Accepted Solution

by:
JoeKlimis earned 167 total points
ID: 40410263
Hi

I don't like using psexec , I create remote scheduled tasks instead ,  as many environments I work in don't allow uploads of EXE's to there servers.

A really good post that explains howto do this can be found HERE

Its slightly more complicated to set-up , but works like a dream. if you need help going in this direction let me know
Regards
Joe
0
 
LVL 11

Assisted Solution

by:stefor
stefor earned 166 total points
ID: 40410541
$Computername = "RemoteComputerName"
# Use one of them
$Credential = New-Object System.Management.Automation.PSCredential ($Username, $Password)
# $Credential = Get-Credential

$val1 = Read-host "Please Enter the hostname"
$val2 = Read-Host "Please enter the ip address"

Invoke-Command -Computername $Computername -Argumentlist $val1,$val2 -Credential $Credential -ScriptBlock {
	Param($val1,$val2)
	$cmdval = "dnscmd 10.2.3.4 /recordadd mydomain.com $val1.mydomain.com. A $val2"
	Invoke-Expression $cmdval
}

Open in new window

0
 

Author Closing Comment

by:siber1
ID: 40417519
thx much. both solutions get us what we need.

-S.
0

Join & Write a Comment

Suggested Solutions

This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
This video discusses moving either the default database or any database to a new volume.

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now