Not sure if this is the best way to go about it even and I’d be happy to hear better suggestions but here is my end goal:
We have a manual process of using a web portal to do a SQL SELECT query of a database which exports the results to a csv file. I then have a script that uses that csv file to create an AD group and add members to the group. Though, the process of logging into the web portal and filling out all the information required to run the query is time consuming and monotonous. What we would like to do is create a service account that has read only access to the database and then use that account to run a Invoke-SqlCmd to run this query as part of the AD group creation script making it one fluid process.
Our problem is that multiple admins will be running this script. I’m looking for a way to store the service account’s password as a secure string (or other method if you have a better suggestion) but allow for any admin using the script to be able to decrypt the secure string without having to know or look up the service account’s password every time.