¿Active Directory Integration for PowerShell Universal?

Product: PowerShell Universal
Version: 1.4.6

Hi!

I’m interested in showing my boss how useful PowerShell Universal really is in the context of our needs, and I’d like to use the trial to accomplish the following:

  1. A user of our Active Directory (On Premises) enters a dashboard that loads their personal data without having to enter their credentials. The dashboard must recognize the user who is logged in with its Active Directory user on your computer.
  2. That the user can modify him personal data (run impersonated powershell scripts instead of running them with the service user?) and personal photo.

Is this possible? For it to be useful to us, our users must have a fluid experience, and that is why we want to prevent him from having to indicate their credentials to enter this or other dashboards, and from being able to access their Active Directory data just by being logged into him computer. With the same idea, a user should be able to access objects he have permissions on (e.g. AD groups they manage, shared mailboxes they manage, etc.) in order to update members.

I hope this can be resolved in some simple way, and thank you very much in advance!

1 Like

I believe what you are looking for is the licensed version which would do just that. If you are using the free version then you only got local logins. So you would have to prompt for password. Or implement another method of using the credentials via a job or something. You can do anything with this software only your imagination holds you back. But what your asking to be linked to AD you need a licensed version or a trial period to integrate the solution

1 Like

Thank for your response! I think that trial has all features for a short period of time!

But, for licensed version, I have this question: It is possible that scripts run as user being logged? We want to let user update contact information by running a simple powershell line, like next one:
Set-ADUser -Identity UserIdLogged -MobilePhone “+54 (911) 12345678”

I do not believe user impersonation is possible with PSU at the moment (but I think it’s been requested as a feature a few times before).

However you do have access to the identity (if set up properly) so you can definitely achieve the same result, you’ll just need to use a service account to do the actual updating.

I wonder if it would be possible to prompt for credentials, safely store it in a session variable, and pass it to the -credential parameter on the AD cmdlets.

Requires a bit of manual signing in, though.