Windows Prompt Box

Hi Folks,

Because our domain name is so long, when the “Windows Powershell Credential Request” box appears; the User Name field is already filled and the user gets confused where to add his/her username.

Any way to save the domain name in my script so when prompted for credentials; the User Name field is empty and the user will only need to enter his/her AD username? This will then be combined with the domain to be password on for credential check?

My script:

$host.UI.RawUI.WindowTitle = "Active Directory Users and Computers"

while ($true) 
{
try {
Start-Process powershell -Credential (Get-Credential "$env:USERDNSDOMAIN\") -ArgumentList "$Env:WinDir\System32\dsa.msc" -ErrorAction Stop
break
}
catch {
Write-Output "Missing/Invalid Credentials"
Write-Output "Please ensure you AD account is not locked"
Write-Host "";
Write-Output "Enter Credentials again? [Yes/No]"
if ((Read-Host) -ne "Yes") { break }

}
}

I hope I was clear, if not, please ask!

Thanks in advance :slight_smile:

What about

Get-Credential -Username “$ENV:UserDomain$ENV:UserName” -Message ‘Enter your password’

This should only require a PW.

Not sure what parts of the credential object get used. The username property is a Read-Only. Using GetNetworkCredential() seems to be entirely different set of properties, which can be set. You can set the Domain, but setting that or the UserName does not change the value of the direct Username property. Worst case, your can basically tear the PSCredential apart and rebuild it with the domain:

PS C:\Users\rasim> 
$pwd = ConvertTo-SecureString 'Password123' -AsPlainText -Force
$creds =  New-Object -TypeName PSCredential -ArgumentList 'Myuser', $pwd

PS C:\Users\rasim> $creds.GetNetworkCredential().Domain = 'MyDomain'


PS C:\Users\rasim> $creds.UserName
Myuser

PS C:\Users\rasim> $creds.UserName = 'NewVal'
'UserName' is a ReadOnly property.
At line:1 char:1
+ $creds.UserName = 'NewVal'
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (:) [], RuntimeException
    + FullyQualifiedErrorId : PropertyAssignmentException

PS C:\Users\rasim> $creds.GetNetworkCredential().Username
Myuser

PS C:\Users\rasim> $creds.GetNetworkCredential().Password
Password123

PS C:\Users\rasim> $creds.GetNetworkCredential().Domain
MyDomain

PS C:\Users\rasim> 
$pwd = ConvertTo-SecureString $creds.GetNetworkCredential().Password -AsPlainText -Force
$newCreds =  New-Object -TypeName PSCredential -ArgumentList ("MyDomain\{0}" -f $creds.UserName), $pwd


PS C:\Users\rasim> $newCreds

UserName                            Password
--------                            --------
MyDomain\Myuser System.Security.SecureString


PS C:\Users\rasim> $newCreds.GetNetworkCredential().Domain
MyDomain

My apologies,

The usernames are different from the user’s current logged in usernames. So users will need to enter their admin username separately.

OK, you say:

My apologies,

The usernames are different from the user’s current logged in usernames. So users will need to enter their admin username separately.

That being the case, and going back to your original script, if they must enter two fields, prompt them for the username, then use that in get cred, they then enter the PW. Either way, they have two fields to enter.

$UserName = Read-Host 'Enter your ADMIN User Name'

Get-Credential -Username “$ENV:UserDomain$UserName” -Message ‘Enter your password’

Am I missing something here? My apology.

Out of curiosity, why is your sign in domain so long? Can you add a UPN and assign the admin accounts to it?

Get-AdForest | Set-ADForest -UPNSuffixes @{Add="short.upn"}
Set-ADUser -UserPrincipalName adminaccount@short.upn -Identity adminaccount

I, personally, like things simple, if special things need to be done to accommodate something arbitrary, like the number of keys that need to be pressed in order to log in, I like to try to reduce the monotony enforced on the users of the systems, and a UPN suffix is an easy fix for a long logon domain.

This works!

Only one point to make this work better - When I do the following steps; I get an extra credentials prompt:

  1. Run .ps1
  2. Prompted to enter AD username > entered
  3. Prompted to enter password > clicked Cancel
  4. I get another Windows Powershell credential request but all fields empty. It would be great if this window can be eliminated all together and have the script move on (this only happens if I click cancel again)
My updated script:
$host.UI.RawUI.WindowTitle = "Active Directory and Computers Management"
$UserName = Read-Host 'Please enter your AD Username'

while ($true)
{
try {
Start-Process powershell -Credential (Get-Credential -Username “$ENV:UserDomain$UserName” -Message ‘Enter your password’) -ArgumentList “$Env:WinDir\System32\dsa.msc” -ErrorAction Stop
{ break }
}
catch {
Write-Output “Missing/Invalid Credentials”
Write-Output “Please ensure you AD account is not locked”
Write-Host “”;
Write-Output “Enter Credentials again? [Y/N]”
if ((Read-Host) -ne “Y”) { break }

}
}


Otherwise, I will mark this as the answer shortly.

Thanks for your help!

The double creds may have to do with your while logic, maybe try this:

While($TryAgain) {

if (($TryAgain = Read-Host) -ne "Y") { break }
}

 

 

You are really over complicating this effort.

Why are you doing this, and all this console stuff at all…

Start-Process powershell -Credential (Get-Credential -Username “$ENV:UserDomain$UserName” -Message ‘Enter your password’) -ArgumentList “$Env:WinDir\System32\dsa.msc” -ErrorAction Stop

… Just ask for the user name, pass in the domain with that and move on.

For example, why not just do:

# this…
$UserName = Read-Host ‘Please enter your AD Username’
Start-Process powershell -Credential “$ENV:UserDomain$UserName” -ArgumentList “$Env:WinDir\System32\dsa.msc”

# …Or use dialogs for both and stay out of the console altogether
[void][Reflection.Assembly]::LoadWithPartialName(‘Microsoft.VisualBasic’)
$Title = ‘User information’
$Msg = ‘Enter your username:’
$Username = [Microsoft.VisualBasic.Interaction]::InputBox($msg, $Title)
Start-Process powershell -Credential “$ENV:UserDomain$UserName” -ArgumentList “$Env:WinDir\System32\dsa.msc”