Update to the “Use PowerShell to open Active Directory as an administrator account” post
Icolan added a good tip on my last post:
Icolan Says:
Why not call mmc.exe with the start-process command, then you won’t have a cmd window left open.Start-Process “C:\Windows\System32\mmc.exe” -workingdirectory $PSHOME -Credential -ArgumentList “dsa.msc”
Why not indeed? 🙂
Simply adding that to the original script though, gave me the error:
“The requested operation requires elevation”
After some research, I found out that the script was starting PowerShell as my administrator account, but that account was not elevated (the elevation does not pass through from my normal logged-in account). The info and solution I found here.
The solution is fairly simple: create a second script to get the administrator credentials, and then call the original script using -Verb runas instead of -Credential.
My desktop shortcut now looks like this:
%SystemRoot%\system32\WindowsPowerShell\v1.0\
powershell.exe&’C:\PowerShell_scripts\DSACopyCall.ps1′
Which is running DSACopyCall.ps1:
Start-Process powershell -Credential <domain\administrator account> -ArgumentList “C:\PowerShell_scripts\DSACopy.ps1”
Which in turn is running DSACopy.ps1 as the elevated administrator:
Start-Process -file $env:windir\System32\mmc.exe -workingdirectory $PSHOME -ArgumentList $env:windir\system32\dsa.msc -verb runas
Works like a charm! Thank you to the technet posters linked above, and extra special thanks to Icolan!
November 2nd, 2012 at 12:44 am
Here is a one-liner version that seems to work:
Start-Process powershell -Credential $ID -ArgumentList “Start-Process -FilePath $env:SystemRoot\System32\mmc.exe -WorkingDirectory $PSHOME -ArgumentList $env:SystemRoot\System32\dsa.msc -Verb RunAs”
This avoids the need to have 2 files. In any case, thanks for the post – my forehead was getting sore.