0

Thanks for taking your time to read about my problem, so lets get straight into it.

My ultimate (end) goal is to be able to have a web base PHP app which lets users modify active directory for users inside a network.

I have found out commands that need to be ran via Powershell to change user passwords inside an active directory.

Now here is my current setup:

  • There is one main server where IIS is installed and the web application sits at.
  • There will be several computers connected to the network which navigate to the website and execute these commands

I have tried adding the code:

$query = shell_exec('Import-Module ActiveDirectory');
$query = shell_exec('$newpwd = ConvertTo-SecureString -String "'.$safe_password.'" -AsPlainText –Force');
$query = shell_exec('Set-ADAccountPassword "'.$safe_username.'" -NewPassword $newpwd –Reset');

Now here are my questions:

1) Once a computer runs that page and has those commands executed, are the commands going to be executed in the main server? where powershell is installed and permissions are granted. If not, my whole app wont work, are there any other solutions?

2) those commands are all powershell commands not cmd.exe commands. So does shell_exec() even run those commands in powershell, or just in cmd.exe. If it only runs in cmd then this wont work, how can i make it run via powershell?

I would appreciate if you could answer and help me out here, thanks alot.

user3714214
  • 27
  • 1
  • 9
  • Yes, the commands will be executed on the server. No, they will not work with `shell_exec`, I'd suggest writing a PowerShell script and passing arguments to it, then calling `powershell.exe -File script.ps1 ..` from the `shell_exec`. TBH, I'm sure there are php libraries that do this, not sure you're taking the best approach here. – arco444 Aug 08 '14 at 12:28
  • @arco444 How would i pass arguments into the powershell script? because the username/passwords will be different each time. – user3714214 Aug 08 '14 at 13:17
  • That's exactly why you'd _use_ arguments... You have a script that contains the logic of handling password resets and pass the variables as arguments. I'd suggest you do some reading about powershell scripting. See [here](http://stackoverflow.com/questions/16426688/passing-a-variable-to-a-powershell-script-via-command-line) – arco444 Aug 08 '14 at 13:23
  • @arco444 I know.. Im asking you HOW i would pass arguments from php into the script? – user3714214 Aug 08 '14 at 13:26
  • @arco444 I have. So just to come back into MY scenario, how would I lay things out? Im thinking have one basic powershell script which changes the password. Now how would i pass the content into that script with php? The link doesnt explain that. – user3714214 Aug 08 '14 at 13:30
  • 1
    I explained that in my first comment. You'd need to extend it with `-username "abc" -password "123"` params etc... Obviously your "abc" and "123" would be `$safe_username` and `$safe_password` in your scenario – arco444 Aug 08 '14 at 13:34

1 Answers1

0

Setup the Parameters in your PowerShell like this:

Param([string]$username, [string]$password)

Then call your script like this:

shell_exec("powershell.exe " . $psscriptpath . " -username \"" . $username . "\" -password \"" . $password . "\"");
Roderick Bant
  • 1,534
  • 1
  • 9
  • 17