我已将带有ConvertFrom-SecureString的SecureString保存到文件中,并拥有代码来提取加密字符串并将其转换回SecureString。但是,使用SecureString对DirectoryServices.DirectorySearcher进行身份验证和查询时,查询将失败并显示登录错误。
我知道加密的字符串已正确保存和检索,因为我可以将SecureString转换为计划文本并使用它来成功查询。我做错了什么,有没有更好的方法来完成这个查询?提前谢谢!
#Create file with encrypted string (outside of main script)
$key = (3,4,2,3,56,34,254,222,1,1,2,23,42,54,33,233,1,34,2,7,6,5,35,43)
read-host -assecurestring | convertfrom-securestring -key $key | out-file C:\temp\cred.txt
$computer = $env:computername
#Get encrypted string and convert to secure string
$password = get-content C:\Temp\cred1.txt | convertto-securestring -Key $key
$domain = New-Object DirectoryServices.DirectoryEntry("LDAP://you.domain.here","domain\username", $PASSWORD)
$search = New-Object DirectoryServices.DirectorySearcher($domain)
$search.filter = "(&(objectClass=computer)(name=$computer))"
$script:search.findall() | %{$_.GetDirectoryEntry() }
Write-Host $searchresult.distinguishedName
如果我将加密的字符串转换为纯文本,那么我就能成功查询我不是其成员的域名。
$computer = $env:computername
#Get encrypted string and convert to secure string
$password = get-content C:\Temp\cred1.txt | convertto-securestring -Key $key
#Convert to plain text string
$BSTR = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($password)
$PlainPassword = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($BSTR)
$domain = New-Object DirectoryServices.DirectoryEntry("LDAP://you.domain.here","domain\username", $PlainPASSWORD)
$search = New-Object DirectoryServices.DirectorySearcher($domain)
$search.filter = "(&(objectClass=computer)(name=$computer))"
$script:search.findall() | %{$_.GetDirectoryEntry() }