Quantcast
Channel: TechCenter
Viewing all articles
Browse latest Browse all 2350

Set edsaPassword with PowerShell and SecureString -- no clear text

$
0
0
Revision 1 posted to Active Roles Wiki by Russell M on 3/4/2014 8:44:52 AM

# I hope I'm placing this in the correct forum/format. I searched (in vain) all over the communities for a way to do this.

# There were lots of others looking also (with no answers), so I wanted to share now that I finally have it working

# The following PS preCreate sript will set user object password utilizing a secure string.

# This is useful if multiple user objects will be created with the same password, but the password should not be visible in clear text.

function onPreCreate($Request)
{
if ($Request.Class -ne "user") { return }

$pwd = Get-Content \\ServerName\ShareName\pwd.txt #pwd.txt contains a secure string, not clear text
$pwdSecureString = ConvertTo-SecureString -string $pwd
$BTSRPass = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($pwdSecureString)

$Request.Put("edsaPassword", [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($BTSRPass))

}

# IMPORTANT: The ConvertTo-SecureString cmdlet encrypts data using the Windows standard Data Protection API. This ensures that only the

# user account which creates a scure string can properly decrypt its contents. For our purposes, this means one must create pwd.txt

# using the ActiveRoles Server service account. If one does not have the service account password, a workaround is to use a preCreate

# script to create pwd.txt. This only needs to be done once. Pwd.txt for use going forward and the script cotnaining clear text password erased.

# Example:

$pwd = "P@ssw0rd1!" | ConvertTo-SecureString -AsPlainText -Force
$pwd | ConvertFrom-SecureString | Out-File \\ServerName\ShareName\pwd.txt


Viewing all articles
Browse latest Browse all 2350

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>