Solved

how can i pass through credentials in this powershell script

Posted on 2014-10-28
12
996 Views
Last Modified: 2014-11-01
can someone provide a way to pass through credentials in the following script? the target DNS server is in a workgroup:

$val1 = Read-host "Please Enter the hostname"
$val2 = Read-Host "Please enter the ip address"

$cmdval = "dnscmd 10.2.3.4 /recordadd mydomain.com $val1.mydomain.com. A $val2"
Invoke-Expression $cmdval  

Open in new window


thx in advance,

S.
0
Comment
Question by:siber1
12 Comments
 
LVL 29

Assisted Solution

by:becraig
becraig earned 167 total points
ID: 40409864
Try wrapping the last piece as an invoke-command instead of a invoke-expression.

You will also have to pass in the credentials.

$uid = whoami
$passwd = Read-Host -AsSecureString "Enter Your Password:"
$cred = New-Object System.Management.Automation.PSCredential ($uid, $passwd)
$val1 = Read-host "Please Enter the hostname"
$val2 = Read-Host "Please enter the ip address"

$cmdval = "dnscmd 10.2.3.4 /recordadd mydomain.com $val1.mydomain.com. A $val2"
Invoke-Command -Credential $cred-ScriptBlock { iex $cmdval }

Open in new window


EDIT:
You can  edit $uid to be a value the user puts in as well, for now we just read the logged in user's id.

$uid = Read-host "Please Enter username Domain\user"
0
 

Author Comment

by:siber1
ID: 40409900
hi becraig, when I run the script and enter the userID / password / host record and IP address, it then prompts again with a pop-up "windows powershell credential request" box with the username filled in of:
System.Management.Automation.PSCredential-ScriptBlock

pls advise... thx
0
 
LVL 29

Expert Comment

by:becraig
ID: 40409931
Seems there are some issues with the command syntax.

Try this:
$uid = Read-Host "Please Enter your username e.g. Domain\username"
$passwd = Read-Host -AsSecureString "Enter Your Password"
$Cred = New-Object System.Management.Automation.PSCredential -ArgumentList $uid, $passwd
$computer = hostname
Invoke-Command -Credential $cred -ComputerName $computer -ScriptBlock {
	$val1 = Read-host "Please Enter the hostname"
	$val2 = Read-Host "Please enter the ip address"
	$cmdval = "dnscmd 10.2.3.4 /recordadd mydomain.com $val1.mydomain.com. A $val2"
	iex $cmdval
}

Open in new window

0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:siber1
ID: 40409940
q: what should I enter for this line:  $computer = hostname
would I enter the target DNS server name for "hostname" ?
0
 
LVL 29

Expert Comment

by:becraig
ID: 40409947
$computer = hostname

The variable is populated by the command "hostname"
So it just runs the command and populates the variable $computer with whatever value the hostname command returns.

This is just so invoke command knows the local computer we are running the script from.
0
 

Author Comment

by:siber1
ID: 40409948
looks like it doesn't like the remote authentication, here is the error:
[dnsserver01] Connecting to remote server failed with the following error message : WinRM cannot process the request.
 The following error occured while using Kerberos authentication: There are currently no logon servers available to ser
vice the logon request.
 Possible causes are:
  -The user name or password specified are invalid.
  -Kerberos is used when no authentication method and no user name are specified.
  -Kerberos accepts domain user names, but not local user names.
  -The Service Principal Name (SPN) for the remote computer name and port does not exist.
  -The client and remote computers are in different domains and there is no trust between the two domains.
 After checking for the above issues, try the following:
  -Check the Event Viewer for events related to authentication.
  -Change the authentication method; add the destination computer to the WinRM TrustedHosts configuration setting or us
e HTTPS transport.
 Note that computers in the TrustedHosts list might not be authenticated.
   -For more information about WinRM configuration, run the following command: winrm help config. For more information,
 see the about_Remote_Troubleshooting Help topic.
    + CategoryInfo          : OpenError: (:) [], PSRemotingTransportException
    + FullyQualifiedErrorId : PSSessionStateBroken

Open in new window

0
 
LVL 29

Expert Comment

by:becraig
ID: 40409957
Just so I have a clearly picture, what specifically is the reason for passing the credentials?

Are we trying to ensure the currently logged in user authenticates to the dns server ?
0
 

Author Comment

by:siber1
ID: 40409963
sure, we would like to add host A records to a remote DNS server, the target server is in a workgroup, in order for us to add the records with your script we need to authenticate to the workgroup DNS server, or we get access denied when trying to run the script.

running it locally on the DNS workgroup server works fine.

thx
0
 
LVL 29

Expert Comment

by:becraig
ID: 40409967
ok so you will have credentials you will provide that users will give that allows them to authenticate to the DNS servers ?


If so we can take a gamble on psexec

$uid = Read-Host "Please Enter your username e.g. Domain\username"
$passwd = Read-Host -AsSecureString "Enter Your Password"
$svcpwdr = [System.Runtime.InteropServices.Marshal]::SecureStringToCoTaskMemUnicode($passwd)
$svcpwd = [System.Runtime.InteropServices.Marshal]::PtrToStringUni($svcpwdr)

$val1 = Read-host "Please Enter the hostname"
$val2 = Read-Host "Please enter the ip address"
$cmdval = "dnscmd 10.2.3.4 /recordadd mydomain.com $val1.mydomain.com. A $val2"
iex psexec /accepteula -u $uid -p $svcpwd \\$val1 cmd /c $cmdval

Open in new window

0
 
LVL 10

Accepted Solution

by:
JoeKlimis earned 167 total points
ID: 40410263
Hi

I don't like using psexec , I create remote scheduled tasks instead ,  as many environments I work in don't allow uploads of EXE's to there servers.

A really good post that explains howto do this can be found HERE

Its slightly more complicated to set-up , but works like a dream. if you need help going in this direction let me know
Regards
Joe
0
 
LVL 11

Assisted Solution

by:stefor
stefor earned 166 total points
ID: 40410541
$Computername = "RemoteComputerName"
# Use one of them
$Credential = New-Object System.Management.Automation.PSCredential ($Username, $Password)
# $Credential = Get-Credential

$val1 = Read-host "Please Enter the hostname"
$val2 = Read-Host "Please enter the ip address"

Invoke-Command -Computername $Computername -Argumentlist $val1,$val2 -Credential $Credential -ScriptBlock {
	Param($val1,$val2)
	$cmdval = "dnscmd 10.2.3.4 /recordadd mydomain.com $val1.mydomain.com. A $val2"
	Invoke-Expression $cmdval
}

Open in new window

0
 

Author Closing Comment

by:siber1
ID: 40417519
thx much. both solutions get us what we need.

-S.
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
Last week, our Skyport webinar on “How to secure your Active Directory” (https://www.experts-exchange.com/videos/5810/Webinar-Is-Your-Active-Directory-as-Secure-as-You-Think.html) provided 218 attendees with a step-by-step guide for identifying Acti…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question