1

I need to run a Powershell script to create AD user via a batch file. The thing is I need to run this PS script with elevated privileges (domain admin account). I have tried to script a '.bat' file which encloses all this information but I have been unsuccessful so far. Here is the script :

echo off
cls
echo Sign in with your ADM ID
set /p username=

powershell -noprofile -command "&{ start-process powershell -ArgumentList '-
noprofile -file C:\Users\...\Desktop\Powershell_scripts\New-ADuser\New-
Aduser_test.ps1' -verb RunAs}"

I have tried with line /netonly /user:adm@domain but It won't work.

Do you guys have any idea?

Thanks in advance.

Improve this question
5
  • Post more details.. does it error? Does it fail silently? How are you running it - ordinary desktop or scheduled task or other script environment? Commented Feb 23, 2018 at 10:23
  • If you are asking if you can run as administrator without provoking a UAC prompt, the answer is "no." If that's not your question, you need to clarify what you really want to do. Commented Feb 23, 2018 at 15:54
  • Why do you need a batch file? Commented Feb 23, 2018 at 19:09
  • @Charlypop, as you said in your last comment, there are many things involved. An excel form that calls a bat file that calls a powershell script. Saying it doesn't work is not the kind of information nedded to see where the error is. You should, at least, post the form's bat caller code, the bat file code, and the powershell script (or at least the relevant details). Also, you may post some other details ie, computer OS, is it running into a domain or not, is the powershell code running on local or remote computer, is user admin or not... Please clarify these points. There are some workarounds Commented Feb 24, 2018 at 10:43
  • Ok. The Excel form generates a CSV file which contains all the needed information to run the PS script which is a New-ADuser script. These form and script are to be run from domain. To be able to create a new AD user the script has to be executed with a domain admin account. The process is like : fill in the Excel form with all the user's details, add all these in the CSV sheet via a button, and then click on a final button which executes the PS script. BTW computer OS => Windows 7, 10 ; code running on local computer or shared drive ; admin users exclusively. Commented Feb 24, 2018 at 14:51

2 Answers 2

Reset to default
2

I have finally ended up with this :

runas.exe /netonly /noprofile /user:domainadm@domain "powershell.exe -
noprofile -File "C:\Users\...\Desktop\Powershell_scripts\New-
ADuser\.ps1" -verb RunAs"

It works like a charm now!

Hope it will help anyone in need. ;)

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Better way: stackoverflow.com/questions/48838760/…
-1

you can start powershell with another credentials

@echo off
cls
echo Sign in with your ADM ID  
set/P user="*     user: "
rem set/P pass="* password: "
set "psCmd=powershell -Command "$pwd = read-host '* password' -AsSecureString; $BSTR=[System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($pwd); [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($BSTR)""
for /F "usebackq delims=" %%P in (`%psCmd%`) do set "pass=%%P"

powershell -executionpolicy bypass -Command "$p='%pass%'|convertto-securestring -asplaintext -force;$c=new-object -typename system.management.automation.pscredential('%user%',$p);start-process 'powershell' '-Command "C:\Users\...\Desktop\Powershell_scripts\New-ADuser\New-Aduser_test.ps1"' -credential $c -passthru -wait; read-host;"
exit/B

or simply

@echo off
cls

powershell -executionpolicy bypass -Command "start-process 'powershell' '-Command "C:\Users\...\Desktop\Powershell_scripts\New-ADuser\New-Aduser_test.ps1"' -credential $c -passthru -wait; read-host;"
exit/B

that will prompt for credentials

Improve this answer

7 Comments

Your script does not work. I get the error username or password incorrect. I actually need to execute that script with domain admin account. I don't know why it does not work.
I did but it did not work either. It errors (in French originally) : user cannot open that type of opening on that computer.
Very bad idea to use cmd.exe's set /p command to get a password as it is visible when typed.
Why spawn PowerShell from cmd.exe when you can just write a PowerShell script and run it directly in PowerShell?
@Bill_Stewart, please see the OP question
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.