Hello, i would like to run the script with a special user, which have permissions in our Active Directory to create SEC Groups. Normal, the toolkit is running in system account.
If you are running your script using SCCM/ConfigMgr you can run the script as the current user by changing the targeting to a user collection instead of a device collection. You would also need to change the ToolKitRequireAdmin setting in the AppDeployToolkitConfig.xml file to False.
Thanks for the answer, but i need to change that the script is running under an special account. When i assign the package to an user, this will not solve my problem with rights in AD.
Is it not possible to set which user should run the script?
Can you describe your scenario in more detail?
Why do you need to create an AD group while installing an application? Or are you repurposing PSADT for a different task?
You could possibly achieve it using something like this: start-process $PathToRun -Verb RunAs
I have a script running on new installed server. Change some settings, working fine.
But with the AD part i have problems running with System account:
Steps are:
→ Create AD Groups for administrator and RDP (on local DC)
→ Add AD Group to Administrator and RDP Group (local)
Therefore i would like, that the script is runnin with an account, which have local rights and also permissions in AD (already present).
I’m pretty certain PSADT is not the tool for this and neither are the deployment tools you are using.
Deployment tools such as Intune or SCCM will (in general) run the install as SYSTEM (if you want the application to install with administrative rights) or as the logged on User (If no special rights are required)
What you are trying to do is not what the intended purposes of these tools are for.
You can game it, by deploying a script to run as a specific user, but I’d strongly advise against this as you would inevitably need to pass a user name / password combination to run this - probably leaving a Cyber Security risk in your wake.
As both @JFP and I have suggested, what you are doing should be done using the proper tools / method for this - including Group Policy
You are unlikely to find an exact solution to your problem here