Reputation: 427
I wrote a script, which on execution asks for credentials; it goes like this;
$cred = Get-Credential #Read credentials
$username = $cred.username
$password = $cred.GetNetworkCredential().password
$CurrentDomain = "LDAP://" + ([ADSI] "" ).distinguishedName
$domain = New-Object System.DirectoryServices.DirectoryEntry($CurrentDomain, $UserName, $Password)
if ($domain.name -eq $null)
{
[System.Reflection.Assembly]::LoadWithPartialName("System.Windows.Forms")
[System.Windows.Forms.MessageBox]::Show("Authentication failed - please verify your username and password.")
exit
}
else
{
[System.Reflection.Assembly]::LoadWithPartialName("System.Windows.Forms")
[System.Windows.Forms.MessageBox]::Show("Authentication Success")
$Groups = [System.Security.Principal.WindowsIdentity]::GetCurrent().Groups
-> I recognized my mistake later, the last line collects the groups of user who is logged into the windows machine.I need the groups of the person who authenticated via script; how to change this and obtain the groups for the person who authenticated into script rather the one using windows authentication?
Please do let me know of any questions or clarifications.
Upvotes: 0
Views: 8556
Reputation: 60986
You can try this:
[System.Reflection.Assembly]::LoadWithPartialName("System.Windows.Forms")$cred = Get-Credential #Read credentials
$username = $cred.username
$password = $cred.GetNetworkCredential().password
$CurrentDomain = "LDAP://" + ([ADSI] "" ).distinguishedName
$domain = New-Object System.DirectoryServices.DirectoryEntry($CurrentDomain, $UserName, $Password)
if ($domain.name -eq $null)
{
[System.Reflection.Assembly]::LoadWithPartialName("System.Windows.Forms")
[System.Windows.Forms.MessageBox]::Show("Authentication failed - please verify your username and password.")
exit
}
else
{
Add-Type -AssemblyName System.DirectoryServices.AccountManagement
[System.Reflection.Assembly]::LoadWithPartialName("System.Windows.Forms")
$cred = Get-Credential #Read credentials
$username = $cred.username
$password = $cred.GetNetworkCredential().password
$CurrentDomain = "LDAP://" + ([ADSI] "" ).distinguishedName
$domain = New-Object System.DirectoryServices.DirectoryEntry($CurrentDomain, $UserName, $Password)
if ($domain.name -eq $null)
{
[System.Windows.Forms.MessageBox]::Show("Authentication failed - please verify your username and password.")
exit
}
else
{
[System.Windows.Forms.MessageBox]::Show("Authentication Success")
$ct = [System.DirectoryServices.AccountManagement.ContextType]::Domain
$user = [System.DirectoryServices.AccountManagement.UserPrincipal]::FindByIdentity($ct, $username)
$groups = $user.GetGroups()
foreach($i in $groups){
$i.SamAccountName
}
}
}
Upvotes: 1
Reputation: 26180
if you're able to install quest activesrole it will be as simple as :
(get-qaduser $user).memberof
otherwise you can use invoke-command and provide the credentials:
$groups=Invoke-Command -ComputerName $env:COMPUTERNAME -Credential $cred -ScriptBlock {
[System.Security.Principal.WindowsIdentity]::GetCurrent().Groups
}
Upvotes: 0