Greetings everybody!
Sorry for the long delay. I was busy fishing and visiting family. Now that summer is over I have some great stuff to post regarding things I have learned with PowerShell.
Just last week I was asked to get a list of user information from one of our external domains. The easy path would have been to RDP to the remote domain controller and run a PS script. However, I try to make my scripts usable by other people who don't, necessarily, have the same permissions as myself.
For me, the easiest way is to use Invoke-Command...here is the script:
invoke-command -ComputerName <FQDN> -Credential <domain\username> -ScriptBlock { get-aduser -filter * -Properties * -SearchBase 'OU=People,DC=MyDomain,DC=Net' | Select-Object DisplayName,sAMAccountName,ObjectSid | FL }
The -ComputerName must use the fully qualified domain name (i.e., tstserver.mydomain.net).
The -Credential must be an account that has sufficient permissions to run the script on the remote server. For example, Mydomain\Administrator
You can narrow down your search by specifying the -SearchBase. This helps keep out any clutter from Active Directory.
The output will look like this:
DisplayName : Bob Johnson
sAMAccountName : bJohnson
ObjectSID: : S-1-1-11-11111111-1111111111111-11111111111-1111
Next week: I will show how to use encrypted variables so you don't have to enter in a password.
No comments:
Post a Comment