How to check user credentials in Powershell, to find out if they belong to certain group?
I am trying to implement Taskpads (MMC's) for remote admins. Since I dont want to keep them on their workstations I am keeping them on a file server and sharing them there. On the client side (i.e on remote admin's workstation), what I have is a Powershell script(exe) which accepts the users credentials, checks/verifies and after that it opens the remote MMC which is residing on the file server (on which the client only has a read permission).
My question is - since I don't want to make a script each for every admin, is there a way I could give them access to their task pads on the fly depending on the credentials they provided with a single script? For example if "admin_atlanta" logs in, then he will be provided access to "Taskpad_atlanta" and so on. All the admins belong their respective groups , such as admin_atlanta belongs to "admins_atlanta".
Sorry if the question is redundant and long but please feel free to shoot any questions/clarifications regarding my problem.
Answer
You could do something like that (if you have verified the user credentials already):
$user = get-adobject -ldapfilter "(samaccountname=$username)" -properties memberof
Now you can use $user.memberof to iterate through all groupmemberships.
$user.memberof | % { if ($_ -match "admin_" ) { write-host "Found Admin Group"; /* DO MORE STUFF */ } }
For the user input we use this:
# Input - Read User Credentials
$credentials = Get-Credential
# Split username & password
$username = $cred.username
$password = $cred.GetNetworkCredential().password
# Get your Domain
$Root = "LDAP://" + ([ADSI]"").distinguishedName
$domain = New-Object System.DirectoryServices.DirectoryEntry($Root,$UserName,$Password)
if ($domain.name -ne $null)
{
write-host "Authenticated"
}else{
write-host "Not authenticated"
}
Hope that helps