Add AD group member Credential

Hello - I am trying to add devices to the AD group using different credentials other than logged on.

$devName = “Device01”
$myUser = “contoso_serviceA”
$userPassword = ConvertTo-SecureString “Password1” -AsPlainText -Force
$mycred = New-Object -TypeName System.Management.Automation.PsCredential -ArgumentList “$myUser”, “$userPassword”
Add-ADGroupMember -Identity “PLB” -Members $devName -Server “ABCD.contoso.com” -Credential $mycred -ErrorAction Stop

Failed to add Device01$ to the group due to error Cannot process argument transformation on parameter ‘Credential’. Access is denied

Verified the user contoso_serviceA has write permission to the group to add members.

Anything else?

Hi, welcome back :wave:

Firstly, when posting code in the forum, please can you use the preformatted text </> button. It really helps us with readability, and copying and pasting your code (we don’t have to faff about replacing curly quote marks to get things working).

How to format code on PowerShell.org

Now, talking of quote marks, when you put them around $userPassword you’re passing that parameter as a String to the constructor instead of the SecureString that it’s expecting:

PS E:\Temp> "$pass".GetType().Name
String
PS E:\Temp> $pass.GetType().Name
SecureString

To resolve this, you guessed it, don’t wrap it in quote marks. In fact, you can drop them from $myuser as well:

$mycred = New-Object -TypeName System.Management.Automation.PsCredential -ArgumentList $myUser, $userPassword

In fact, you don’t even need the -ArgumentList parameter:

$mycred = New-Object -TypeName System.Management.Automation.PsCredential ($myUser, $userPassword)
1 Like