Solved

how can i pass through credentials in this powershell script

Posted on 2014-10-28
12
929 Views
Last Modified: 2014-11-01
can someone provide a way to pass through credentials in the following script? the target DNS server is in a workgroup:

$val1 = Read-host "Please Enter the hostname"
$val2 = Read-Host "Please enter the ip address"

$cmdval = "dnscmd 10.2.3.4 /recordadd mydomain.com $val1.mydomain.com. A $val2"
Invoke-Expression $cmdval  

Open in new window


thx in advance,

S.
0
Comment
Question by:siber1
12 Comments
 
LVL 29

Assisted Solution

by:becraig
becraig earned 167 total points
ID: 40409864
Try wrapping the last piece as an invoke-command instead of a invoke-expression.

You will also have to pass in the credentials.

$uid = whoami
$passwd = Read-Host -AsSecureString "Enter Your Password:"
$cred = New-Object System.Management.Automation.PSCredential ($uid, $passwd)
$val1 = Read-host "Please Enter the hostname"
$val2 = Read-Host "Please enter the ip address"

$cmdval = "dnscmd 10.2.3.4 /recordadd mydomain.com $val1.mydomain.com. A $val2"
Invoke-Command -Credential $cred-ScriptBlock { iex $cmdval }

Open in new window


EDIT:
You can  edit $uid to be a value the user puts in as well, for now we just read the logged in user's id.

$uid = Read-host "Please Enter username Domain\user"
0
 

Author Comment

by:siber1
ID: 40409900
hi becraig, when I run the script and enter the userID / password / host record and IP address, it then prompts again with a pop-up "windows powershell credential request" box with the username filled in of:
System.Management.Automation.PSCredential-ScriptBlock

pls advise... thx
0
 
LVL 29

Expert Comment

by:becraig
ID: 40409931
Seems there are some issues with the command syntax.

Try this:
$uid = Read-Host "Please Enter your username e.g. Domain\username"
$passwd = Read-Host -AsSecureString "Enter Your Password"
$Cred = New-Object System.Management.Automation.PSCredential -ArgumentList $uid, $passwd
$computer = hostname
Invoke-Command -Credential $cred -ComputerName $computer -ScriptBlock {
	$val1 = Read-host "Please Enter the hostname"
	$val2 = Read-Host "Please enter the ip address"
	$cmdval = "dnscmd 10.2.3.4 /recordadd mydomain.com $val1.mydomain.com. A $val2"
	iex $cmdval
}

Open in new window

0
 

Author Comment

by:siber1
ID: 40409940
q: what should I enter for this line:  $computer = hostname
would I enter the target DNS server name for "hostname" ?
0
 
LVL 29

Expert Comment

by:becraig
ID: 40409947
$computer = hostname

The variable is populated by the command "hostname"
So it just runs the command and populates the variable $computer with whatever value the hostname command returns.

This is just so invoke command knows the local computer we are running the script from.
0
 

Author Comment

by:siber1
ID: 40409948
looks like it doesn't like the remote authentication, here is the error:
[dnsserver01] Connecting to remote server failed with the following error message : WinRM cannot process the request.
 The following error occured while using Kerberos authentication: There are currently no logon servers available to ser
vice the logon request.
 Possible causes are:
  -The user name or password specified are invalid.
  -Kerberos is used when no authentication method and no user name are specified.
  -Kerberos accepts domain user names, but not local user names.
  -The Service Principal Name (SPN) for the remote computer name and port does not exist.
  -The client and remote computers are in different domains and there is no trust between the two domains.
 After checking for the above issues, try the following:
  -Check the Event Viewer for events related to authentication.
  -Change the authentication method; add the destination computer to the WinRM TrustedHosts configuration setting or us
e HTTPS transport.
 Note that computers in the TrustedHosts list might not be authenticated.
   -For more information about WinRM configuration, run the following command: winrm help config. For more information,
 see the about_Remote_Troubleshooting Help topic.
    + CategoryInfo          : OpenError: (:) [], PSRemotingTransportException
    + FullyQualifiedErrorId : PSSessionStateBroken

Open in new window

0
Are your end users making ugly email signatures?

Have you left it up to your end users to create their own email signatures? Are they forgetting to add the company logo or using garish font colors? Take control and ensure all users have the same email signature.

 
LVL 29

Expert Comment

by:becraig
ID: 40409957
Just so I have a clearly picture, what specifically is the reason for passing the credentials?

Are we trying to ensure the currently logged in user authenticates to the dns server ?
0
 

Author Comment

by:siber1
ID: 40409963
sure, we would like to add host A records to a remote DNS server, the target server is in a workgroup, in order for us to add the records with your script we need to authenticate to the workgroup DNS server, or we get access denied when trying to run the script.

running it locally on the DNS workgroup server works fine.

thx
0
 
LVL 29

Expert Comment

by:becraig
ID: 40409967
ok so you will have credentials you will provide that users will give that allows them to authenticate to the DNS servers ?


If so we can take a gamble on psexec

$uid = Read-Host "Please Enter your username e.g. Domain\username"
$passwd = Read-Host -AsSecureString "Enter Your Password"
$svcpwdr = [System.Runtime.InteropServices.Marshal]::SecureStringToCoTaskMemUnicode($passwd)
$svcpwd = [System.Runtime.InteropServices.Marshal]::PtrToStringUni($svcpwdr)

$val1 = Read-host "Please Enter the hostname"
$val2 = Read-Host "Please enter the ip address"
$cmdval = "dnscmd 10.2.3.4 /recordadd mydomain.com $val1.mydomain.com. A $val2"
iex psexec /accepteula -u $uid -p $svcpwd \\$val1 cmd /c $cmdval

Open in new window

0
 
LVL 10

Accepted Solution

by:
JoeKlimis earned 167 total points
ID: 40410263
Hi

I don't like using psexec , I create remote scheduled tasks instead ,  as many environments I work in don't allow uploads of EXE's to there servers.

A really good post that explains howto do this can be found HERE

Its slightly more complicated to set-up , but works like a dream. if you need help going in this direction let me know
Regards
Joe
0
 
LVL 11

Assisted Solution

by:stefor
stefor earned 166 total points
ID: 40410541
$Computername = "RemoteComputerName"
# Use one of them
$Credential = New-Object System.Management.Automation.PSCredential ($Username, $Password)
# $Credential = Get-Credential

$val1 = Read-host "Please Enter the hostname"
$val2 = Read-Host "Please enter the ip address"

Invoke-Command -Computername $Computername -Argumentlist $val1,$val2 -Credential $Credential -ScriptBlock {
	Param($val1,$val2)
	$cmdval = "dnscmd 10.2.3.4 /recordadd mydomain.com $val1.mydomain.com. A $val2"
	Invoke-Expression $cmdval
}

Open in new window

0
 

Author Closing Comment

by:siber1
ID: 40417519
thx much. both solutions get us what we need.

-S.
0

Featured Post

Will my email signature work in Office 365?

You've built an email signature using raw HTML code in Office 365, but you can't review how it looks with Transport Rules. So you have to test it over and over again before it can be used. Isn't this a bit of a waste of your time? Wouldn't a WYSIWYG editor make it a lot easier?

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

930 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now