PowerShell - Off-boarding Script

wrx7m

@flaxking said in PowerShell - Off-boarding Script:

It wants a string and your giving it a SecureString

OK. How can you tell that?

flaxking

@wrx7m said in PowerShell - Off-boarding Script:

@flaxking said in PowerShell - Off-boarding Script:

It wants a string and your giving it a SecureString

OK. How can you tell that?

On your read-host you have -AsSecureString to convert it.

Set-ADAccountPassword documentation shows it takes a SecureString for the password

Set-MsolUserPassword documentation shows it takes just a string for the password

If you run GetType() on your variable it should tell you it is a secure string

wrx7m

@flaxking said in PowerShell - Off-boarding Script:

@wrx7m said in PowerShell - Off-boarding Script:

@flaxking said in PowerShell - Off-boarding Script:

It wants a string and your giving it a SecureString

OK. How can you tell that?

On your read-host you have -AsSecureString to convert it.

Set-ADAccountPassword documentation shows it takes a SecureString for the password

Set-MsolUserPassword documentation shows it takes just a string for the password

If you run GetType() on your variable it should tell you it is a secure string

Oh, I see. The error didn't say that, you had to do some digging.

wrx7m

https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.security/convertfrom-securestring?view=powershell-6

I wonder if I can convert it to a string. If not, I might have to start with the office side and convert it to a secure string for AD. hmm

dafyre

You can!

I forget where I found this tidbit, but it is helpful. I would suggest not storing the plain text of the password in a variable for any longer than you need it.

function ConvertFrom-SecureToPlain {
    param( [Parameter(Mandatory=$true)][System.Security.SecureString] $SecurePassword)
    
    # Create a "password pointer"
    $PasswordPointer = [Runtime.InteropServices.Marshal]::SecureStringToBSTR($SecurePassword)
    
    # Get the plain text version of the password
    $PlainTextPassword = [Runtime.InteropServices.Marshal]::PtrToStringAuto($PasswordPointer)
    
    # Free the pointer
    [Runtime.InteropServices.Marshal]::ZeroFreeBSTR($PasswordPointer)
    
    # Return the plain text password
    return $PlainTextPassword
}

write-host "Enter your new password:"
$SecurePW=read-host -AsSecureString


$plainText=ConvertFrom-SecureToPlain -SecurePassword $SecurePW

write-host "Plain Text Says: $plainText"

wrx7m

@dafyre I think I found where you got it - https://www.powershelladmin.com/wiki/Powershell_prompt_for_password_convert_securestring_to_plain_text

Anyway, I am not sure where, in my script, I should place that function.

Obsolesce

@wrx7m said in PowerShell - Off-boarding Script:

@dafyre I think I found where you got it - https://www.powershelladmin.com/wiki/Powershell_prompt_for_password_convert_securestring_to_plain_text

Anyway, I am not sure where, in my script, I should place that function.

You could dot source the function. You can define the function before you use it.

dafyre

@wrx7m said in PowerShell - Off-boarding Script:

@dafyre I think I found where you got it - https://www.powershelladmin.com/wiki/Powershell_prompt_for_password_convert_securestring_to_plain_text

Anyway, I am not sure where, in my script, I should place that function.

You'd put the actual function at the top of your script, and then just

$myPassword=convertFrom-SecureToPlain -securepassword $MySecurePassword

Wherever you need the password in plain text form.

wrx7m

@dafyre said in PowerShell - Off-boarding Script:

@wrx7m said in PowerShell - Off-boarding Script:

@dafyre I think I found where you got it - https://www.powershelladmin.com/wiki/Powershell_prompt_for_password_convert_securestring_to_plain_text

Anyway, I am not sure where, in my script, I should place that function.

You'd put the actual function at the top of your script, and then just

$myPassword=convertFrom-SecureToPlain -securepassword $MySecurePassword

Wherever you need the password in plain text form.

Thanks. It mostly works. The only problem is that it isn't actually using the password I specify at the top. It is somehow generating its own and then writing it at the end. I put in

write-host "Plain Text Says: $plainText"

and it shows the password that I typed in for the secure variable at the beginning, followed by the one that it generated.

Plain Text Says: $#@%4#@177
Jof91348

dafyre

@wrx7m said in PowerShell - Off-boarding Script:

@dafyre said in PowerShell - Off-boarding Script:

@wrx7m said in PowerShell - Off-boarding Script:

@dafyre I think I found where you got it - https://www.powershelladmin.com/wiki/Powershell_prompt_for_password_convert_securestring_to_plain_text

Anyway, I am not sure where, in my script, I should place that function.

You'd put the actual function at the top of your script, and then just

$myPassword=convertFrom-SecureToPlain -securepassword $MySecurePassword

Wherever you need the password in plain text form.

Thanks. It mostly works. The only problem is that it isn't actually using the password I specify at the top. It is somehow generating its own and then writing it at the end. I put in

write-host "Plain Text Says: $plainText"

and it shows the password that I typed in for the secure variable at the beginning, followed by the one that it generated.

Plain Text Says: $#@%4#@177
Jof91348

Works fine for me here.... Check and make sure you don't have an extra write-host or anything somewhere.