Automating PowerShell scripts that require credentials

A few days ago a customer asked me about automating the CSV_Parser.ps1 script to create and manage mailboxes.  They wanted to run this script against an updating csv file containing student identity information on a scheduled basis.  Followers of this blog will know that when I demo PowerShell, I explicitly run through all of the steps required to get things motoring…manually entering in admin credentials and then whatever comes next.  This is fine… but you may have been wondering what to do if you want to hard-code your admin credentials so that you do not have to enter them manually.

I was interested in knowing how to do this as well… so I asked someone that had a clue, Richard Wakeman, for his input.  He recommended not making modifications to the CSV_Parser script, but instead create a short script to capture the credentials and then call the CSV_Parser script from within that.  An example of what this looks like is below:

# capture the admin LiveID username in a variable

$Username = "admin@yourdomain.edu"

# capture the admin LiveID password in a variable.  Note, that it is stored as a secure string

$Password = ConvertTo-SecureString ‘YourPassword’ -AsPlainText -Force

# populate the $Livecred PowerShell credential with $Username and $Password

$Livecred = New-Object System.Management.Automation.PSCredential $Username, $Password

# call the CSV_Parser.ps1 file in a new shell, feeding in the usual parameters

./CSV_Parser.PS1 –UsersFile “C:\Source\users.csv” -RemoteURL https://ps.exchangelabs.com/powershell -LiveCredential $Livecred -LogDirectory "C:\Logging\" -LogVerbose $true -ValidateAction $true

# Gracefully remove the runspace so as not to leave any orphaned connections

Get-PSSession | Remove-PSSession

So there you have it…happy automating!

Jonny

Advertisements

11 Responses to Automating PowerShell scripts that require credentials

  1. Frank says:

    Any ideas on how to get get-credential to use a machine certificate to administrate ExchangeLabs? I have one for SingleSignOn stuff already. I don\’t want my scripts to have my password out in the open for others to read.

  2. US LiveAtedu says:

    @Frank
    The scripts above should be run from a secure server that noone else in your institution has access to… aside from that, the communication with Powershell happens over SSL, so communication is 128-bit encrypted.
     
    Having said that, certificates/federation may also become a valid option in the future… if this changes, I will blog on it, and of course there will also be official documentation on this on Technet

  3. Luke says:

    A quick note to others that may automate with these techniques… if you call CSV_Parser from within another powershell script that uses looping (ie within the {} of a foreach-object process), you\’ll need to comment out the "break" within the logexit function.
     
    Example within CSV_Parser:
     
    function logExit{ Param($header,$exitMessage) log $header $exitMessage echo "$($header): $($exitMessage)" clearRS# Commented logExit break as calling applications would break# break}
     
    Great blog Jonny!

  4. Unknown says:

    Hi,I would like to know, how can we attached the CSV parser script in Scheduled Task Wizard? What i trying to do is, the automating the process every 1 hour.

  5. Unknown says:

    Jonny;I already create short script and named it as "main_csv_parser". I stored the "main_csv_parser.ps1" and "csv_parser.ps1" in drive C. Now, i need to know, how to create a batch file to call main_csv_parser.ps1. My intention is to scheduled this batch file to execute every 1 hour.Please assists.RegardsMuhammimi

  6. Richard says:

    You can use your SSO Certificate to "link" to an admin user account in your Exchange Labs organization. The current version of the PowerShell V2 CTP does not support using the certificate, but I understand that will change in the next release available with R3 of Exchange Labs. The PowerShell documentation will have instructions upon release. In the meantime, if you are curious, this is how you assign the certificate to a user account…Invoke-Command -Runspace $rs {Set-LinkedUser admin@mail.wakemanfamily.com CertificateSubject:"X509:<I>CN=Microsoft Secure Server Authority, DC=redmond, DC=corp, DC=microsoft, DC=com<S>E=ed-desk@hotmail.com, CN=sapipartner.com, O=Richard Wakeman, L=Lakeland, S=FL, C=US"}

  7. Brad says:

    Just ran into a minor issue with the code above. Since we are going to be using PowerShell V2 (CTP3) the Get-RunSpace cmdlet has been replaced with Get-PSSession. So the last line to remove the connections should be "Get-PSSession | Remove-PSSession".

  8. US LiveAtedu says:

    @Brad…Correct, this needs to be changed for customers that are on R3. I am in a bit of limbo about what to do about these old posts right now… prior to Feb, they all refer to R2/Exchange Labs.

  9. Joel says:

    Regarding Muhammimi\’s question (in case he never found out or someone else needs to know)To create a batch file to launch a Powershell script the syntax is like this:%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\powershell.exe -command "& c:\\script_path\\main_csv_parser.ps1 \’%1\’ \’%2\’"

  10. Rahim says:

    It seems that after the CSV_Parser is invoked from powershell, the rest of the powershell script is ignored, how do I get the script to return and continue? I put a Write-Host statement to check and it was ignored.

  11. Rahim says:

    Please ignore my comment the solution was posted below.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: