How would you run AD Module PowerShell scripts in ICON?

Would love to get the data that the Get-ADUser commandlet gives you, but it is a trick to get the AD module installed these days.

How would you do that in ICON, to call the commandlet? Any ideas?

1 Like

I set up a CredSSP connection to a Windows Batch box and do any of my Integrated Auth commands via that. I found that .NET Core doesn’t do well with certain modules. I know CredSSP has its faults when not implemented correctly, so be really careful if implementing it and make sure you use explicit restrictions on where it can be used, but it is one of the best methods when you need to double hop.

I also do this for a system that requires TCL for it’s scripting language and for InsightConnect to automate that I use this PowerShell method to pull the credentials from our Password Vault then launch the CLI via PowerShell using those credentials.

One things I’ve found it that in all my PowerShell Steps the first line is
$ProgressPreference = 'SilentlyContinue'
I forget the exact rason (I think there is a dicussion about it here) but without this I would get errors even though the script was successful.

1 Like

This is a pain point for me too. Just use the LDAP plug-in against your AD domain. My solution is not preferred but it works. I would much rather be able to Import-Module without having to jump through so many troubleshooting hoops.

1 Like

I’ve been experimenting with the SSH plugin for this - install openssh on a windows server (add-windowscapability -online -name OpenSSH.Server~~~~, ensure the service is running, then ssh into the box. It’ll default to cmd.exe so just use

powershell -Command “get-adcomputer problemsolver|convertto-json”

it’ll return a json string which you can convert to an icon object with the string to object action of the type converter step.

I haven’t fully tested this out, it’s really just an idea to get around all the mucky problems with powershell remoting and it seems to work in my initial tests.