Hello - I am trying to add devices to the AD group using different credentials other than logged on.
$devName = “Device01”
$myUser = “contoso_serviceA”
$userPassword = ConvertTo-SecureString “Password1” -AsPlainText -Force
$mycred = New-Object -TypeName System.Management.Automation.PsCredential -ArgumentList “$myUser”, “$userPassword”
Add-ADGroupMember -Identity “PLB” -Members $devName -Server “ABCD.contoso.com” -Credential $mycred -ErrorAction Stop
Failed to add Device01$ to the group due to error Cannot process argument transformation on parameter ‘Credential’. Access is denied
Verified the user contoso_serviceA has write permission to the group to add members.
Anything else?
Hi, welcome back
Firstly, when posting code in the forum, please can you use the preformatted text </> button. It really helps us with readability, and copying and pasting your code (we don’t have to faff about replacing curly quote marks to get things working).
How to format code on PowerShell.org
Now, talking of quote marks, when you put them around $userPassword
you’re passing that parameter as a String
to the constructor instead of the SecureString
that it’s expecting:
PS E:\Temp> "$pass".GetType().Name
String
PS E:\Temp> $pass.GetType().Name
SecureString
To resolve this, you guessed it, don’t wrap it in quote marks. In fact, you can drop them from $myuser
as well:
$mycred = New-Object -TypeName System.Management.Automation.PsCredential -ArgumentList $myUser, $userPassword
In fact, you don’t even need the -ArgumentList
parameter:
$mycred = New-Object -TypeName System.Management.Automation.PsCredential ($myUser, $userPassword)
1 Like