How to check user credentials in Powershell, to find out if they belong to certain group?

StackOverflow https://stackoverflow.com/questions/13456434

Pregunta

I am trying to implement Taskpads (MMC's) for remote admins. Since I dont want to keep them on their workstations I am keeping them on a file server and sharing them there. On the client side (i.e on remote admin's workstation), what I have is a Powershell script(exe) which accepts the users credentials, checks/verifies and after that it opens the remote MMC which is residing on the file server (on which the client only has a read permission).

My question is - since I don't want to make a script each for every admin, is there a way I could give them access to their task pads on the fly depending on the credentials they provided with a single script? For example if "admin_atlanta" logs in, then he will be provided access to "Taskpad_atlanta" and so on. All the admins belong their respective groups , such as admin_atlanta belongs to "admins_atlanta".

Sorry if the question is redundant and long but please feel free to shoot any questions/clarifications regarding my problem.

¿Fue útil?

Solución

You could do something like that (if you have verified the user credentials already):

$user = get-adobject -ldapfilter "(samaccountname=$username)" -properties memberof

Now you can use $user.memberof to iterate through all groupmemberships.

$user.memberof | % { if ($_ -match "admin_" ) { write-host "Found Admin Group"; /* DO MORE STUFF */ } }

For the user input we use this:

# Input - Read User Credentials
$credentials = Get-Credential

# Split username & password
$username = $cred.username
$password = $cred.GetNetworkCredential().password

 # Get your Domain
 $Root = "LDAP://" + ([ADSI]"").distinguishedName
 $domain = New-Object System.DirectoryServices.DirectoryEntry($Root,$UserName,$Password)

if ($domain.name -ne $null)
{
    write-host "Authenticated"
}else{
    write-host "Not authenticated"
}

Hope that helps

Otros consejos

not sure what you want exacty. If all you users are in the same format, you can extract part of their name using split for example :

says $c is your get-credential result you can do :

$name=$c.Username.split("admin_")[1] # will outupt atlanta for the user admin_atlanta

then do whaterver you want like "mmc Taskpad_$name.msc"

The PowerShell Community Extensions module has a command to help with this called Test-UserGroupMembership e.g:

C:\PS> Test-UserGroupMembership -GroupName Administrators -Identity joe
False
Licenciado bajo: CC-BY-SA con atribución
No afiliado a StackOverflow
scroll top