Please help… powershell noob and been on this for a week…
Scenario…
Want a user to come into work with their personal windows device and run a script/exe to connect their mapped drives and printers on our domain servers as if they were logged into their account in our domain.
After they punch in their credentials, I do some clever dns and reverse dns lookups to get their domain and dig out their home folder from ldap. All good so far.
However … the biggest problem is that I cannot see anyway of authenticating to our print server when trying to do the add-printer bit. It seem my auth to AD only stores the credentials to the LDAP server.
So I thought I would store a wildcard credential for the domain into the credential store. But for the life of me, I cannot get it to run the cmdkey program.
Yes… I can hear suggestion to use the free credential cmdlet from the powershell repository. But I was hoping to avoid that, as most of the devices coming in have minimal stuff on them. That would mean that it would bloat out the re-distribute-able I am trying to deploy. I am trying to go for the oldest version of PS too, for the same reason.
Anyway … I have tried ALL the ideas and things that a week of googling has suggested… A good learning curve anyway.
Dumping the code below… Notice a bit of stuff from attempting other methods…
TIA
Peter
$DNSServer = Get-DnsClientServerAddress | Select-Object –ExpandProperty ServerAddresses
$DNSServer = $DNSServer[0]
$BYOD.txtoutput.AppendText("DNS Server : " + $DNSserver + “
r
n”)
$FQDNServer = Resolve-DnsName $DNSServer -DnsOnly | select-object -ExpandProperty NameHost
$BYOD.txtoutput.AppendText("Server Hostname : " + $FQDNServer + “
r
n”)
$array= $FQDNServer.Split(“.”)
$Server = $array[0]
$BYODDomain = $array[1]
$BYOD.txtoutput.AppendText("Server Hostname : " + $Server + “
r
n”)
$BYOD.txtoutput.AppendText("Domain : " + $BYODDomain + “
r
n”)
$username = $BYOD.txtUsername.Text
$password = $BYOD.txtPassword.Text
# — stick the domain name on the front of the username
$BYOD.txtoutput.AppendText("Username : " + $username + “
r
n”)
$BYOD.txtoutput.AppendText("Password : " + $password + “
r
n”)
$domain_dn = “dc=”+$array[1] + “,dc=” + $array[2] + “,dc=” + $array[3]
$domain_dotted = $array[1] + “.” + $array[2] + “.” + $array[3]
# --now to create credentials and add domain to front of username
$sec_password = ConvertTo-SecureString $password -AsPlainText -Force
$domain_username = $BYODDomain + "" + $username
$BYOD.txtoutput.AppendText("Domain Username : " + $domain_username + “
r
n”)
$credential = New-Object System.Management.Automation.PSCredential ($domain_username, $sec_password)
# — store windows credentials we can ignore auth from here on
# cmdkey.exe /delete: + “*.” + $domain_dn
# D:\downloads\EchoArgs.exe “/add:*.”$domain_dotted " /user:“$domain_username " /pass:”$password | Write-Host
$params = “a”,“b”,“c”
$params[0] = “/add:*.” + $domain_dotted
$params[1] = “/user:” + $domain_username
$params[2] = “/pass:” + $password
$snot = “/add:*.” + $domain_dotted + " /user:" + $domain_username + " /pass:" + $password
# D:\downloads\EchoArgs.exe $snot | Write-Host
Invoke-Command cmdkey.exe -ArgumentList = $snot | Write-Host
# – let connect to ldap server
$domain = New-Object System.DirectoryServices.DirectoryEntry(“LDAP://$Server/$domain_dn”,$domain_username,$password)
$BYOD.txtoutput.AppendText(“DN” + $domain.distinguishedName + “
r
n”)
$Searcher = New-Object System.DirectoryServices.DirectorySearcher($domain)
$searcher.Filter = “(&(objectClass=user)(sAMAccountName=$username))”
$user=$searcher.FindOne()
$BYOD.txtoutput.AppendText("Home Dir : " + $user.Properties.homedirectory + “
r
n”)