One of the things we need to do in our environment is to automate certain functions for user management. We have high turnover in one of our departments and I want to be able to run scheduled tasks that automate assignment of policies, etc. From what I've read, assignment of policies other than default need to be run any time there is a new user or change. I don't want to babysit the system in this way. So... On to Powershell!
If you've ever tried to use credentials in Powershell non-interactively, you know it is a pain. I've used a solution that I found on the interwebs that takes a password and converts it to a secure string, then uses an AES encryption key to store it in plain text in a file. The file and key can be called at a later date to be decrypted and passed into a script. Not entirely secure, but better than plain text in a file and I don't have to be present to do tasks. (seriously Microsoft?)
Trying to connect to O365 via Powershell works interactively for me. I can create a remote session, authenticate and do my admin thing. However, when I try to pass credentials with the code below, I receive the error that follows:
#Import normalized file system module.
import-module c:\scripts\o365\normalizepath.ps1
#Set User Name
$User = "Username@companyname.onmicrosoft. com"
# Set path for the Passowrd file and AES key.
$PWF = "\\123.123.123.123\FolderName\pass.txt"
$AESKey = "\\123.123.123.123\FolderName\aes.key"
# Parse the key file for the hash.
$key = get-content $AESKey
# Decrypt the contents.
$UC = new-object -type System.Management.Automation.PSCredential -argumentlist $User, (Get-Content $PWF | ConvertTo-SecureString -key $key)
$cred = new-object -typename system.management.automation.pscredential -argumentlist $UC
#Create the session details.
# Note: I've tried several paths from different posts, they all do the same thing.
# Link formated incorrectly to get past the forms posting restrictions.
$o365Session = New-PSSession -ConfigurationName Microsoft.Exchange -connectionURI ht tps ://ps.outlook. com/powershell/?targerServer=grxpr80mb030.lamprd80.prod.outlook. com -Credential $cred -Authentication Basic -AllowRedirection
#Import the session
Import-PSSession $o365Session
# Functional code would go beyond here along with a remove session command.
Then the whole thing falls apart:
WARNING: Your connection has been redirected to the following URI:
"ps.outlook. com/PowerShell-LiveID "
New-PSSession : [ps.outlook. com] Connecting to remote server ps.outlook. com failed with the following error message : [
ClientAccessServer=SN1PR0701CA0045,BackEndServer=cy1pr10mb0698.namprd10.prod. outlook. com,RequestId=481fe00a-ad5b-4d60-9
483-068b72eb451e,TimeStamp=9/3/2015 3:30:52 PM] Access Denied For more information, see the
about_Remote_Troubleshooting Help topic.
At C:\Scripts\O365\ConnectTest.ps1:23 char:16
+ $o365Session = New-PSSession -ConfigurationName Microsoft.Exchange -connectionUR ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OpenError: (System.Manageme....RemoteRunspace:RemoteRunspace) [New-PSSession], PSRemotin
gTransportException
+ FullyQualifiedErrorId : -2144108477,PSSessionOpenFailed
Import-PSSession : Cannot validate argument on parameter 'Session'. The argument is null. Provide a valid value for
the argument, and then try running the command again.
At C:\Scripts\O365\ConnectTest.ps1:24 char:18
+ Import-PSSession $o365Session
+ ~~~~~~~~~~~~
+ CategoryInfo : InvalidData: (:) [Import-PSSession], ParameterBindingValidationException
+ FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.PowerShell. Commands.ImportPSSessionCommand
The account I am using does have permission and I've been able to log in interactively with it, so I think the Access Denied message is a red herring.
Any thoughts?
Thanks!