How to run new-object command with different credentials?


I need to create an email in outlook. I use command New-Object -comObject Outlook.Application to call for outlook. Since I’m running powershell with admin credentials it starts outlook with admin outlook profile. How can I start outlook with normal creds instead of admin? The code looks like this:

$ol = New-Object -comObject Outlook.Application

$mail = $ol.CreateItem(0)

$mail.Subject = “”

$mail.Body = “”


Thank you in advance.

Maybe a silly question, but why couldn’t you run this same command in a non-admin Powershell console?

Unless you tell it otherwise, PS, will always use the current logged on / session startup creds, this is why the -RunAs switch exists.

Using a PowerShell script to run as a different user & elevate the process.

I gather info about user from AD then I need to create an email with that info. To get the info from AD I need admin credentials.

Understood, and that’s expected.

However, why do you need to do this with Outlook proper. Why not just use Send-MailMessage directly in your script to send the eMail and eliminate your current blocking issue?

You can use the cmdlet to send plain, text, html even attachments directly. No Outlook or other mail client required.

# get function / cmdlet details
(Get-Command -Name Send-MailMessage).Parameters
Get-help -Name Send-MailMessage -Examples
Get-help -Name Send-MailMessage -Full
Get-help -Name Send-MailMessage -Online
Using the PowerShell Send-MailMessage cmdlet

postanote, thanks for the reply. I have one unknown - sendto address. I’d like to verify that the info is correct and then manually enter To address. I figured a workaround to export info to a file then start powershell with dif creds to run another script file which imports the info and create an email. Though I wish it wasn’t that cumbersome.

For future reference, no, there’s no way to create an object that has different credentials. Credentials are assigned only to processes, and a new object instance is not a new process. The object you’re creating either needs to have the ability to deal with credentials, such as by setting a property of some kind, or you’re stuck with whatever credential the shell is running as.

Broadly, understand that the Office programming APIs are COM-based, with a .NET layer wrapped around them. They’re old, they’re deprecated, and they don’t always work flawlessly in PowerShell. Send-MailMessage would be a far better alternative. Alternately, grab some .NET framework library that supports low-level SMTP commands. That may let you connect to the server and validate an email address, if that’s your need.

As for this…

I have one unknown – sendto address. I'd like to verify that the info is correct and then manually enter To address.
… that is really not a reliable thing in almost any language, as if it were spammers could have a field day with it. I mean, if I can check if email is valid, then I can better target spam to legitimate address only and not waste cycles / resources on the dudes. Now, there is a PHP module on githib that proports to be able to do this...
… but I've never made any attempt to mess with it.

Outside of the above, here are some points to note about such an effort.

When you say SendTo, if it’s internal, that is easy to ask for via normal Exchange and ADDS lookups, external is the issue.

  1. You have to connect to the server, and issue a VRFY command. Very few servers support this command, but it is intended for exactly this. If the server responds with a 2.0.0 DSN, the user exists.

    VRFY user

  2. You can issue a RCPT, and see if the mail is rejected.


    RCPT TO:

  3. If the user doesn’t exist, you’ll get a 5.1.1 DSN. However, just because the email is not rejected, does not mean the user exists. Some server will silently discard requests like this to prevent enumeration of their users. Other servers cannot verify the user, and have to accept the message regardless.
Your last option, it to just use telnet as documented to validate relay. See this article for what this would look like.
Note that the author, is an avid PS guy for years.

Again, most public email servers, will simply reject this sort of thing, or show success as a false positive on direct request like this.