ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    PowerShell - Off-boarding Script

    Scheduled Pinned Locked Moved IT Discussion
    powershellwindows serveractive directoryadscriptscriptingoffice 365microsoftpasswordpassword reset
    12 Posts 4 Posters 3.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      flaxking
      last edited by

      It wants a string and your giving it a SecureString

      wrx7mW 1 Reply Last reply Reply Quote 0
      • wrx7mW
        wrx7m @flaxking
        last edited by

        @flaxking said in PowerShell - Off-boarding Script:

        It wants a string and your giving it a SecureString

        OK. How can you tell that?

        F 1 Reply Last reply Reply Quote 0
        • F
          flaxking @wrx7m
          last edited by

          @wrx7m said in PowerShell - Off-boarding Script:

          @flaxking said in PowerShell - Off-boarding Script:

          It wants a string and your giving it a SecureString

          OK. How can you tell that?

          On your read-host you have -AsSecureString to convert it.

          Set-ADAccountPassword documentation shows it takes a SecureString for the password

          Set-MsolUserPassword documentation shows it takes just a string for the password

          If you run GetType() on your variable it should tell you it is a secure string

          wrx7mW 1 Reply Last reply Reply Quote 1
          • wrx7mW
            wrx7m @flaxking
            last edited by

            @flaxking said in PowerShell - Off-boarding Script:

            @wrx7m said in PowerShell - Off-boarding Script:

            @flaxking said in PowerShell - Off-boarding Script:

            It wants a string and your giving it a SecureString

            OK. How can you tell that?

            On your read-host you have -AsSecureString to convert it.

            Set-ADAccountPassword documentation shows it takes a SecureString for the password

            Set-MsolUserPassword documentation shows it takes just a string for the password

            If you run GetType() on your variable it should tell you it is a secure string

            Oh, I see. The error didn't say that, you had to do some digging.

            1 Reply Last reply Reply Quote 0
            • wrx7mW
              wrx7m
              last edited by

              https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.security/convertfrom-securestring?view=powershell-6

              I wonder if I can convert it to a string. If not, I might have to start with the office side and convert it to a secure string for AD. hmm

              1 Reply Last reply Reply Quote 0
              • dafyreD
                dafyre
                last edited by dafyre

                You can! 😄

                I forget where I found this tidbit, but it is helpful. I would suggest not storing the plain text of the password in a variable for any longer than you need it.

                function ConvertFrom-SecureToPlain {
                    param( [Parameter(Mandatory=$true)][System.Security.SecureString] $SecurePassword)
                    
                    # Create a "password pointer"
                    $PasswordPointer = [Runtime.InteropServices.Marshal]::SecureStringToBSTR($SecurePassword)
                    
                    # Get the plain text version of the password
                    $PlainTextPassword = [Runtime.InteropServices.Marshal]::PtrToStringAuto($PasswordPointer)
                    
                    # Free the pointer
                    [Runtime.InteropServices.Marshal]::ZeroFreeBSTR($PasswordPointer)
                    
                    # Return the plain text password
                    return $PlainTextPassword
                }
                
                write-host "Enter your new password:"
                $SecurePW=read-host -AsSecureString
                
                
                $plainText=ConvertFrom-SecureToPlain -SecurePassword $SecurePW
                
                write-host "Plain Text Says: $plainText"
                
                wrx7mW 1 Reply Last reply Reply Quote 1
                • wrx7mW
                  wrx7m @dafyre
                  last edited by

                  @dafyre I think I found where you got it - https://www.powershelladmin.com/wiki/Powershell_prompt_for_password_convert_securestring_to_plain_text

                  Anyway, I am not sure where, in my script, I should place that function.

                  ObsolesceO dafyreD 2 Replies Last reply Reply Quote 0
                  • ObsolesceO
                    Obsolesce @wrx7m
                    last edited by Obsolesce

                    @wrx7m said in PowerShell - Off-boarding Script:

                    @dafyre I think I found where you got it - https://www.powershelladmin.com/wiki/Powershell_prompt_for_password_convert_securestring_to_plain_text

                    Anyway, I am not sure where, in my script, I should place that function.

                    You could dot source the function. You can define the function before you use it.

                    1 Reply Last reply Reply Quote 2
                    • dafyreD
                      dafyre @wrx7m
                      last edited by

                      @wrx7m said in PowerShell - Off-boarding Script:

                      @dafyre I think I found where you got it - https://www.powershelladmin.com/wiki/Powershell_prompt_for_password_convert_securestring_to_plain_text

                      Anyway, I am not sure where, in my script, I should place that function.

                      You'd put the actual function at the top of your script, and then just

                      $myPassword=convertFrom-SecureToPlain -securepassword $MySecurePassword

                      Wherever you need the password in plain text form.

                      wrx7mW 1 Reply Last reply Reply Quote 1
                      • wrx7mW
                        wrx7m @dafyre
                        last edited by wrx7m

                        @dafyre said in PowerShell - Off-boarding Script:

                        @wrx7m said in PowerShell - Off-boarding Script:

                        @dafyre I think I found where you got it - https://www.powershelladmin.com/wiki/Powershell_prompt_for_password_convert_securestring_to_plain_text

                        Anyway, I am not sure where, in my script, I should place that function.

                        You'd put the actual function at the top of your script, and then just

                        $myPassword=convertFrom-SecureToPlain -securepassword $MySecurePassword

                        Wherever you need the password in plain text form.

                        Thanks. It mostly works. The only problem is that it isn't actually using the password I specify at the top. It is somehow generating its own and then writing it at the end. I put in

                        
                        write-host "Plain Text Says: $plainText"
                        

                        and it shows the password that I typed in for the secure variable at the beginning, followed by the one that it generated.

                        Plain Text Says: $#@%4#@177
                        Jof91348
                        
                        dafyreD 1 Reply Last reply Reply Quote 0
                        • dafyreD
                          dafyre @wrx7m
                          last edited by

                          @wrx7m said in PowerShell - Off-boarding Script:

                          @dafyre said in PowerShell - Off-boarding Script:

                          @wrx7m said in PowerShell - Off-boarding Script:

                          @dafyre I think I found where you got it - https://www.powershelladmin.com/wiki/Powershell_prompt_for_password_convert_securestring_to_plain_text

                          Anyway, I am not sure where, in my script, I should place that function.

                          You'd put the actual function at the top of your script, and then just

                          $myPassword=convertFrom-SecureToPlain -securepassword $MySecurePassword

                          Wherever you need the password in plain text form.

                          Thanks. It mostly works. The only problem is that it isn't actually using the password I specify at the top. It is somehow generating its own and then writing it at the end. I put in

                          
                          write-host "Plain Text Says: $plainText"
                          

                          and it shows the password that I typed in for the secure variable at the beginning, followed by the one that it generated.

                          Plain Text Says: $#@%4#@177
                          Jof91348
                          

                          Works fine for me here.... Check and make sure you don't have an extra write-host or anything somewhere.

                          4a0db1d0-785c-4771-9ad2-9cec6cb0434a-image.png

                          1 Reply Last reply Reply Quote 0
                          • 1 / 1
                          • First post
                            Last post