I have a series of scripts that automate some tasks that my team and I used to perform manually at my job. I have these scripts set up to run via scheduled tasks (whether the user is logged into the server or not) on a dedicated server every few hours (or whatever the requirement may be). I’m running these in an Enterprise Active Directory environment with my team’s generic account (we’re basically a NOC and it’s a shared account). My challenge is this: The password to this account expires every 90 days which causes the scheduled tasks to fail if I’m not around to update them in time. My security team won’t allow me to use a generic account with the same access and a password that doesn’t expire. So I need a way easily update the password for these scheduled tasks. Is it possible to automate this process:
- Detect when a password has been updated
- Prompt a user for creds (my team is there 24/7)
- After authenticating against AD to ensure password is correct, update the server’s scheduled tasks with the new password.
2 & 3 I’m fairly certain I could handle. I’m assuming it would just be a matter of making a script that runs Get-Credential and Set-Scheduled task? As for the first one, detecting when the password has been updated…I was going to take the route of querying the account via Get-ADUser on timed intervals, but that seems so inefficient. Please don’t tell me that’s the only way to go lol.
Not sure if this makes things easier or not but the account that’s used to run the scheduled tasks is also always logged into about 6 PC’s (our NOC workstations). Therefore, as soon as the password expires we would know because we’d start getting prompts for different things such as Outlook and our proxy through IE.
Any advice here would be appreciated.