Pre-staging computer account in AD - PowerShellCommunity.org - Windows PowerShell Discussion Forums - Using PowerShell

Pre-staging computer account in AD

Last Post 19 Apr 2011 09:59 AM by mhashemi. 2 Replies.

Sort:

	Prev Next
You are not authorized to post a reply.

Author

Messages

mhashemi

New Member
Posts:3
Avatar

19 Apr 2011 08:59 AM
I'm trying to create a computer account in AD from a non-domain joined computer (there is a reason for this). I'm certain I need to pass credentials, but I'm not exactly sure how to do it. The portion of my script I'm working on now is below: </div> <div>$OU="ou=machines,dc=domainName,dc=com"</div> <div>$newName = "testName"</div> <div>$credential = get-credential</div> <div>$computerOU = [ADSI] "LDAP://$OU"</div> <div>$newComputer = $computerOU.Create("computer","cn=$newName")</div> <div> How do I pass the credentials I gathered on line three to line five to use securely? I found the following bit of code that might be useful, but I'm loathe to send credentials over the wire in plain text. So, as a secondary question, how do I make the following secure? </div> <div>$dcIP = ((ipconfig /all \| findstr [0-9].\.)[4]).Split()[-1]</div> <div>$ldap = "/$ou"</div> <div>$cred = Get-Credential</div> <div>$pwd = [Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToBSTR($cred.Password))</div> <div>$users = New-Object DirectoryServices.DirectoryEntry("LDAP://$dcIP$ldap",$cred.UserName, $pwd)</div> <div>

halr9000

PowerShell MVP, Site Admin

Advanced Member
Posts:565
Avatar

19 Apr 2011 09:33 AM
Have you played with the Quest AD cmdlets (http://www.quest.com/powershell/act...rver.aspx) yet? To do this with their stuff you would use two cmdlets: Connect-QAdService (and you can specify alternate creds), and the New-QAdComputer to create the account. Here is a snippet from the help file: NAME New-QADComputer SYNOPSIS Create a new computer object in Active Directory Domain Services. This cmdlet is part of the Quest ActiveRoles Server product. Use Get-QARSProductInfo to view information about ActiveRoles Server. SYNTAX New-QADComputer [-Name] -ParentContainer [-Connection ] [-ConnectionAccount ] [-ConnectionPassword ] [-Control ] [-Credential ] [-Description ] [-DeserializeValues] [-DisplayName ] [-ExcludedProperties ] [-IncludedProperties ] [-Location ] [-ManagedBy ] [-ObjectAttributes ] [-Password ] [-Proxy] [-SamAccountName ] [-SecondaryOwner ] [-Service ] [-TrustForDelegation] [-UseDefaultExcludedProperties ] [-UseGlobalCatalog] [-Confirm] [-WhatIf] [] DESCRIPTION Use this cmdlet to create a new Active Directory computer object. You can use this cmdlet to provision a computer account before the computer is added to the domain. Note that this cmdlet does not join a computer to a domain.

Community Director, PowerShellCommunity.org Co-host, PowerScripting Podcast Author, TechProsaic

mhashemi

New Member
Posts:3
Avatar

19 Apr 2011 09:59 AM
I have used the Quest AD cmdlets, but I'm trying to accomplish this with no additional software.

You are not authorized to post a reply.

Active Forums 4.3