我已经将带有 ConvertFrom-SecureString 的 SecureString 保存到文件中,并且有代码可以提取加密字符串并将其转换回 SecureString。但是,当使用 SecureString 通过 DirectoryServices.DirectorySearcher 对域进行身份验证和查询时,查询会失败并出现登录错误。
我知道加密字符串已正确保存和检索,因为我可以将 SecureString 转换为计划文本并使用它来成功查询。我做错了什么,有没有更好的方法来完成这个查询?提前致谢!
#Create file with encrypted string (outside of main script)
$key = (3,4,2,3,56,34,254,222,1,1,2,23,42,54,33,233,1,34,2,7,6,5,35,43)
read-host -assecurestring | convertfrom-securestring -key $key | out-file C:\temp\cred.txt
$computer = $env:computername
#Get encrypted string and convert to secure string
$password = get-content C:\Temp\cred1.txt | convertto-securestring -Key $key
$domain = New-Object DirectoryServices.DirectoryEntry("LDAP://you.domain.here","domain\username", $PASSWORD)
$search = New-Object DirectoryServices.DirectorySearcher($domain)
$search.filter = "(&(objectClass=computer)(name=$computer))"
$script:search.findall() | %{$_.GetDirectoryEntry() }
Write-Host $searchresult.distinguishedName
如果我将加密字符串转换为纯文本,那么我可以成功查询我不是其成员的域。
$computer = $env:computername
#Get encrypted string and convert to secure string
$password = get-content C:\Temp\cred1.txt | convertto-securestring -Key $key
#Convert to plain text string
$BSTR = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($password)
$PlainPassword = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($BSTR)
$domain = New-Object DirectoryServices.DirectoryEntry("LDAP://you.domain.here","domain\username", $PlainPASSWORD)
$search = New-Object DirectoryServices.DirectorySearcher($domain)
$search.filter = "(&(objectClass=computer)(name=$computer))"
$script:search.findall() | %{$_.GetDirectoryEntry() }