Forum Discussion
Creating an on premise Active Directory Security group
Hello, This is only for on premise Active Directory. I would like to do the following: Get user credentials Identify the domain where the security is to be created Get the name of the user...
- How are you getting the user credentials ?!
- Connecting to Domain namespace instead of the domain controller depend on DNS Name resolving. so if its working correct, you should be able to connect to the destination domain as at the end it will point to a DC, but again depend on the configuration.
- For the Error message, you might need to post the full error so we can read it, it might be a protocol authentication issues, rather than username and/or password incorrect.
- To test the username and password try the following post
https://itpro-tips.com/2019/test-ad-authentication-via-powershell/
How does one connect to domain with domain namespace? Could you please provide an example with powershell code?
I use the command:
$credentials = Get-Credential
PS C:\temp> $credentials
UserName Password
-------- --------
my-lab.net\mbtest System.Security.SecureString
PS C:\temp> New-ADGroup -Name $ADSecurityGroup -SamAccountName $ADSecurityGroup -GroupCategory Security -GroupScope Global -DisplayName $ADSecurityGroup -Path $orgUnit -Credential $Credentials
Error:
New-ADGroup : Access is denied
At line:1 char:1
+ New-ADGroup -Name $ADSecurityGroup -SamAccountName $ADSecurityGroup - ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : PermissionDenied: (CN=etest,OU=CRA...=cldsvcs,DC=net:String) [New-ADGroup], UnauthorizedAccessException
+ FullyQualifiedErrorId : ActiveDirectoryCmdlet:System.UnauthorizedAccessException,Microsoft.ActiveDirectory.Management.Commands.NewADGroup
I use the command:
$credentials = Get-Credential
PS C:\temp> $credentials
UserName Password
-------- --------
my-lab.net\mbtest System.Security.SecureString
PS C:\temp> New-ADGroup -Name $ADSecurityGroup -SamAccountName $ADSecurityGroup -GroupCategory Security -GroupScope Global -DisplayName $ADSecurityGroup -Path $orgUnit -Credential $Credentials
Error:
New-ADGroup : Access is denied
At line:1 char:1
+ New-ADGroup -Name $ADSecurityGroup -SamAccountName $ADSecurityGroup - ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : PermissionDenied: (CN=etest,OU=CRA...=cldsvcs,DC=net:String) [New-ADGroup], UnauthorizedAccessException
+ FullyQualifiedErrorId : ActiveDirectoryCmdlet:System.UnauthorizedAccessException,Microsoft.ActiveDirectory.Management.Commands.NewADGroup
Multiple factor can be the cause, but try this
New-ADGroup -Name "TestGroup" -SamAccountName "TestGroup" -GroupCategory Security -GroupScope Global - DisplayName "TestGroup" -Credential $cred -Server 10.6.10.10 -AuthType Negotiate