zmeier/Backup
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

update

Browse Source
This commit is contained in:
Zack Meier
2026-04-15 15:45:50 -05:00
commit 1d304511b8
613 changed files with 140998 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
_NDGOV_WindowsTeam/ITD.Infra-ActiveDirectory.Object/Build/azure-pipelines.yml
+49
View File
@@ -0,0 +1,49 @@
trigger:
- main
name: 'ITD.Infra-ActiveDirectory.Object'
variables:
major: 0
minor: 1
patch: $(Build.BuildID)
buildVer: $(major).$(minor).$(Build.BuildID)
pool: itdwinautop1
stages:
- stage: Build
jobs:
- job: Build
steps:
- task: PowerShell@2
inputs:
filePath: '$(System.DefaultWorkingDirectory)/Build/build.ps1'
- task: NuGetCommand@2
inputs:
command: 'pack'
packagesToPack: '$(System.DefaultWorkingDirectory)/ITD.Infra-ActiveDirectory.Object.nuspec'
versioningScheme: byEnvVar
versionEnvVar: buildVer
buildProperties: 'VERSIONHERE=$(buildVer)'
- task: PublishBuildArtifacts@1
inputs:
PathtoPublish: '$(Build.ArtifactStagingDirectory)'
ArtifactName: 'NuGetPackage'
publishLocation: 'Container'
- stage: Deploy
jobs:
- job: Deploy
steps:
- task: DownloadPipelineArtifact@2
inputs:
buildType: 'current'
artifactName: 'NuGetPackage'
itemPattern: '**'
targetPath: '$(Pipeline.Workspace)'
- task: NuGetCommand@2
inputs:
command: 'push'
packagesToPush: '$(Pipeline.Workspace)/ITD.Infra-ActiveDirectory.Object.$(major).$(minor).$(Build.BuildID).nupkg'
nuGetFeedType: external
publishFeedCredentials: 'ITD_PwshGallery'
_NDGOV_WindowsTeam/ITD.Infra-ActiveDirectory.Object/Build/build.ps1
+17
View File
@@ -0,0 +1,17 @@
$buildVersion = $env:BUILDVER
$moduleName = 'ITD.Infra-ActiveDirectory.Object'
$manifestPath = Join-Path -Path $env:SYSTEM_DEFAULTWORKINGDIRECTORY -ChildPath "$moduleName.psd1"
$modulePath = Join-Path -Path $env:SYSTEM_DEFAULTWORKINGDIRECTORY -ChildPath "$moduleName.psm1"
## Update build version in manifest
$manifestContent = Get-Content -Path $manifestPath -Raw
$manifestContent = $manifestContent -replace '<ModuleVersion>', $buildVersion
## Update functions to export in manifest
Import-Module $modulePath
$funcStrings = (Get-Module ITD.Infra-ActiveDirectory.Object).ExportedCommands.Values.Name
$funcStrings = "'$($funcStrings -join "','")'"
$manifestContent = $manifestContent -replace "<FunctionsToExport>", $funcStrings
$manifestContent | Set-Content -Path $manifestPath
_NDGOV_WindowsTeam/ITD.Infra-ActiveDirectory.Object/ITD.Infra-ActiveDirectory.Object.nuspec
+12
View File
@@ -0,0 +1,12 @@
<?xml version="1.0"?>
<package>
<metadata>
<id>ITD.Infra-ActiveDirectory.Object</id>
<version>$VERSIONHERE$</version>
<authors>Zack Meier</authors>
<description>Functions for Windows Server Active Directory User, Group, and Computer tasks</description>
</metadata>
<files>
<file src="**" exclude="**\.git\**;**\Build\**" />
</files>
</package>
_NDGOV_WindowsTeam/ITD.Infra-ActiveDirectory.Object/ITD.Infra-ActiveDirectory.Object.psd1
+132
View File
@@ -0,0 +1,132 @@
#
# Module manifest for module 'ITD.Windows'
#
# Generated by: zmeier
#
# Generated on: 6/14/2022
#
@{
# Script module or binary module file associated with this manifest.
RootModule = 'ITD.Infra-ActiveDirectory.Object.psm1'
# Version number of this module.
ModuleVersion = '<ModuleVersion>'
# Supported PSEditions
# CompatiblePSEditions = @()
# ID used to uniquely identify this module
GUID = 'bfe6483c-14b2-42e9-8d98-62482eb4569c'
# Author of this module
Author = 'zmeier'
# Company or vendor of this module
CompanyName = 'State of North Dakota'
# Copyright statement for this module
Copyright = '(c) zmeier. All rights reserved.'
# Description of the functionality provided by this module
Description = 'Functions for Active Directory object (users and computers) administration'
# Minimum version of the PowerShell engine required by this module
# PowerShellVersion = ''
# Name of the PowerShell host required by this module
# PowerShellHostName = ''
# Minimum version of the PowerShell host required by this module
# PowerShellHostVersion = ''
# Minimum version of Microsoft .NET Framework required by this module. This prerequisite is valid for the PowerShell Desktop edition only.
# DotNetFrameworkVersion = ''
# Minimum version of the common language runtime (CLR) required by this module. This prerequisite is valid for the PowerShell Desktop edition only.
# ClrVersion = ''
# Processor architecture (None, X86, Amd64) required by this module
# ProcessorArchitecture = ''
# Modules that must be imported into the global environment prior to importing this module
# RequiredModules = @()
# Assemblies that must be loaded prior to importing this module
# RequiredAssemblies = @()
# Script files (.ps1) that are run in the caller's environment prior to importing this module.
# ScriptsToProcess = @()
# Type files (.ps1xml) to be loaded when importing this module
# TypesToProcess = @()
# Format files (.ps1xml) to be loaded when importing this module
# FormatsToProcess = @()
# Modules to import as nested modules of the module specified in RootModule/ModuleToProcess
# NestedModules = @()
# Functions to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no functions to export.
FunctionsToExport = @(<FunctionsToExport>)
# Cmdlets to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no cmdlets to export.
CmdletsToExport = @()
# Variables to export from this module
VariablesToExport = '*'
# Aliases to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no aliases to export.
AliasesToExport = @()
# DSC resources to export from this module
# DscResourcesToExport = @()
# List of all modules packaged with this module
# ModuleList = @()
# List of all files packaged with this module
# FileList = @()
# Private data to pass to the module specified in RootModule/ModuleToProcess. This may also contain a PSData hashtable with additional module metadata used by PowerShell.
PrivateData = @{
PSData = @{
# Tags applied to this module. These help with module discovery in online galleries.
# Tags = @()
# A URL to the license for this module.
# LicenseUri = ''
# A URL to the main website for this project.
# ProjectUri = ''
# A URL to an icon representing this module.
# IconUri = ''
# ReleaseNotes of this module
# ReleaseNotes = ''
# Prerelease string of this module
# Prerelease = ''
# Flag to indicate whether the module requires explicit user acceptance for install/update/save
# RequireLicenseAcceptance = $false
# External dependent modules of this module
# ExternalModuleDependencies = @()
} # End of PSData hashtable
} # End of PrivateData hashtable
# HelpInfo URI of this module
# HelpInfoURI = ''
# Default prefix for commands exported from this module. Override the default prefix using Import-Module -Prefix.
# DefaultCommandPrefix = ''
}
_NDGOV_WindowsTeam/ITD.Infra-ActiveDirectory.Object/ITD.Infra-ActiveDirectory.Object.psm1
+23
View File
@@ -0,0 +1,23 @@
#Get public and private function definition files.
$Public = @( Get-ChildItem -Path $PSScriptRoot\Public\*.ps1 -ErrorAction SilentlyContinue )
$Private = @( Get-ChildItem -Path $PSScriptRoot\Private\*.ps1 -ErrorAction SilentlyContinue )
#Dot source the files
Foreach($import in @($Public + $Private))
{
Try
{
. $import.fullname
}
Catch
{
Write-Error -Message "Failed to import function $($import.fullname): $_"
}
}
# Here I might...
# Read in or create an initial config file and variable
# Export Public functions ($Public.BaseName) for WIP modules
# Set variables visible to the module and its functions only
Export-ModuleMember -Function $Public.Basename
_NDGOV_WindowsTeam/ITD.Infra-ActiveDirectory.Object/Public/Disable-ITDADUser.ps1
+49
View File
@@ -0,0 +1,49 @@
function Disable-ITDADUser
{
[CmdletBinding()]
Param
(
[string]
$Identity,
[PSCredential]
$Credential
)
Begin
{
Write-Verbose "Validate credentials, stop script if invalid."
If($Credential -eq "" -or $Credential -eq $null)
{
$Credential = Get-Credential -Message "Enter domain/OU administrator credentials. User name must be entered as a SAMAccountName (DOMAIN\username) or as a User Principal Name (username@domain.com)" -UserName $Credential
If($Credential -eq "" -or $Credential -eq $null)
{
Write-Warning "credentials missing - stopping script"
break
}
If((Test-ADCredential -Credential $Credential -ErrorAction Stop) -eq $false)
{
Write-Warning "Invalid credentials or locked account."
break
}
}
Import-Module ActiveDirectory
}
Process
{
$OUdestination = "OU=DisabledAccounts,OU=USERS,OU=ITD,DC=ND,DC=GOV"
ForEach($username in $Identity)
{
Write-Verbose "[$Username]:Processing"
$object = Get-ADUser -Identity $username
Write-Verbose "[$Username]:Disabling Object"
$object | Set-ADuser -Enabled $false -Credential $Credential
Write-Verbose "[$Username]:Moving Object"
$object | Move-ADObject -TargetPath $OUdestination -Credential $Credential
}
}
End
{
}
}
_NDGOV_WindowsTeam/ITD.Infra-ActiveDirectory.Object/Public/Get-ITDADActiveServer.ps1
+27
View File
@@ -0,0 +1,27 @@
function Get-ITDADActiveServer
{
[CmdletBinding()]
Param
(
[int]
$ExpireAgeDays = 30
)
Begin
{
Import-Module ActiveDirectory
$OUsource = "OU=ITD,DC=ND,DC=GOV"
$ExpireDate = (Get-Date).AddDays((-$ExpireAgeDays))
}
Process
{
Get-ADComputer -SearchBase $OUsource -Filter * -Properties Name,CanonicalName,operatingSystem,operatingSystemServicePack,LastLogonDate,Enabled | `
Where-Object operatingSystem -Like "*Server*" | `
Where-Object LastLogonDate -GT $ExpireDate | `
Where-Object Enabled -EQ $true | `
Select-Object Name,operatingSystem,operatingSystemServicePack,LastLogonDate,CanonicalName
}
End
{
}
}
_NDGOV_WindowsTeam/ITD.Infra-ActiveDirectory.Object/Public/Get-ITDADGroupMember.ps1
+30
View File
@@ -0,0 +1,30 @@
<#
.Synopsis
Short description
.DESCRIPTION
Long description
.EXAMPLE
Example of how to use this cmdlet
.EXAMPLE
Another example of how to use this cmdlet
#>
function Get-ITDADGroupMember
{
[CmdletBinding()]
Param
(
[string]
$Identity
)
Begin
{
}
Process
{
return (Get-ADUser -Identity $Identity -Properties MemberOf).MemberOf
}
End
{
}
}
_NDGOV_WindowsTeam/ITD.Infra-ActiveDirectory.Object/Public/New-ITDADComputerServer.ps1
+68
View File
@@ -0,0 +1,68 @@
<#
.Synopsis
Creates AD Computer object in ITD OUs
.DESCRIPTION
Long description
.EXAMPLE
Example of how to use this cmdlet
.EXAMPLE
Another example of how to use this cmdlet
#>
function New-ITDADComputerServer
{
[CmdletBinding()]
Param
(
[string[]]
$ComputerName,
#[string]
#$AppName,
[PSCredential]
$Credential
)
Begin
{
Write-Verbose "Validate credentials, stop script if invalid."
If($Credential -eq "" -or $Credential -eq $null)
{
$Credential = Get-Credential -Message "Enter domain/OU administrator credentials. User name must be entered as a SAMAccountName (DOMAIN\username) or as a User Principal Name (username@domain.com)" -UserName $Credential
If($Credential -eq "" -or $Credential -eq $null)
{
Write-Warning "credentials missing - stopping script"
break
}
If((Test-ADCredential -Credential $Credential -ErrorAction Stop) -eq $false)
{
Write-Warning "Invalid credentials or locked account."
break
}
}
Import-Module ActiveDirectory
$OUdefault = "OU=Prod,OU=All-General,OU=Windows,OU=SERVERS,OU=COMPUTERS,OU=ITD,DC=ND,DC=GOV"
}
Process
{
ForEach($c in $ComputerName)
{
$Hostname=($c.split(".")[0]).ToUpper()
#If($AppName)
#{
#}
#Else
#{
$OUdestination = $OUdefault
#}
New-ADComputer -Name $Hostname -Path $OUdestination -Credential $Credential
}
}
End
{
}
}
_NDGOV_WindowsTeam/ITD.Infra-ActiveDirectory.Object/Public/New-ITDADGroup.ps1
+93
View File
@@ -0,0 +1,93 @@
<#
.Synopsis
Create AD group within ITD GROUPS OU
.DESCRIPTION
Create Active Directory group within the ITD\ITD GROUPS OU, ability to add group members if needed
.EXAMPLE
New-ITDADGroup -SamAccountName ITD-GROUP-1 -Description "Sales group"
.EXAMPLE
New-ITDADGroup -SamAccountName ITD-GROUP-1 -Description "Sales group" -Members username1,username2,username3
#>
function New-ITDADGroup
{
[CmdletBinding()]
Param
(
[Parameter(Mandatory=$true)]
[string]
$SamAccountName,
[Parameter(Mandatory=$true)]
[string]
$Description,
[string[]]
$Members,
[PSCredential]
$Credential
)
Begin
{
Write-Verbose "Validate credentials, stop script if invalid."
If($Credential -eq "" -or $Credential -eq $null)
{
$Credential = Get-Credential -Message "Enter domain/OU administrator credentials. User name must be entered as a SAMAccountName (DOMAIN\username) or as a User Principal Name (username@domain.com)" -UserName $Credential
If($Credential -eq "" -or $Credential -eq $null)
{
Write-Warning "credentials missing - stopping script"
break
}
If((Test-ADCredential -Credential $Credential -ErrorAction Stop) -eq $false)
{
Write-Warning "Invalid credentials or locked account."
break
}
}
Import-Module ActiveDirectory
}
Process
{
Write-Verbose "verify group object does not already exist, if it does, stop script"
$groupexists = Get-ADGroup -Filter {sAMAccountName -eq $SamAccountName}
If($groupexists)
{
Write-Warning "$SamAccountName already exists"
break
}
Write-Verbose "fix description if needed"
If($Description -like "*1120*")
{
Write-Verbose "no change to description"
}
Else
{
Write-Verbose "adding '1120 - ' to description"
$Description = "1120 - " + $Description
}
$OUdestination = "OU=ITDGROUPS,OU=GROUPS,OU=ITD,DC=ND,DC=GOV"
Write-Verbose "create group in AD"
New-ADGroup -Name $SamAccountName `
-SamAccountName $SamAccountName `
-Description $Description `
-DisplayName $SamAccountName `
-GroupScope Global `
-GroupCategory Security `
-Path $OUdestination `
-Credential $Credential
Write-Verbose "Adding group members if applicable"
If($Members)
{
Add-ADGroupMember -Identity $SamAccountName -Members $Members -Credential $Credential
}
}
End
{
}
}
_NDGOV_WindowsTeam/ITD.Infra-ActiveDirectory.Object/Public/New-ITDADServiceAccount.ps1
+123
View File
@@ -0,0 +1,123 @@
<#
.SYNOPSIS
A short one-line action-based description, e.g. 'Tests if a function is valid'
.DESCRIPTION
A longer description of the function, its purpose, common use cases, etc.
.NOTES
Information or caveats about the function e.g. 'This function is not supported in Linux'
.LINK
Specify a URI to a help page, this will show when Get-Help -Online is used.
.EXAMPLE
Test-MyTestFunction
Explanation of the function or its result. You can include multiple examples with additional .EXAMPLE lines
#>
function New-ITDADServiceAccount {
[CmdletBinding()]
param (
[string]
$SamAccountName,
[Parameter(Mandatory = $true)]
[string]
$Description,
[Parameter(Mandatory = $true)]
[ValidateSet('Office365', 'VMware_Systems', 'CSRC', 'Shared Linux Password List', 'Peoplesoft Share PW', 'Cohesity', 'VDI')]
[string]
$PasswordstateList,
[Parameter(Mandatory = $true)]
[string]
$PasswordstateTitle,
[string]
$PasswordstateNotes,
[pscredential]
$Credential
)
begin {
}
process {
Write-Verbose -Message "Verify if user object already exists in Active Directory"
try {
If (Get-ADUser -Identity $SamAccountName) {
$ADUserExists = $true
}
}
catch [Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException] {
Write-Verbose -Message "Active Directory user object not found"
$ADUserExists = $false
}
catch {
Write-Error -Message "Unable to validate if samaccountname $SamAccountName is available" -ErrorAction $Stop
}
Write-Verbose -Message "ADUser exists $ADUserExists"
switch ($ADUserExists) {
Default {
Write-Error -Message "Unable to validate if samaccountname $SamAccountName is available"
}
$true {
Write-Error -Message "AD user object with $SamAccountName SamAccountName already exists."
}
$false {
Write-Verbose -Message "Create Passwordstate record"
$NewITDPasswordParams = @{
PasswordList = $PasswordstateList;
Title = $PasswordstateTitle;
Description = $Description;
UserName = ("ndgov\$SamAccountName");
Credential = $Credential;
}
switch ($PSBoundParameters.Keys) {
PasswordStateNotes {
$NewITDPasswordParams.Notes = $PasswordstateNotes
}
}
$NewITDPasswordResult = New-ITDPassword @NewITDPasswordParams -ErrorAction Stop
If ($NewITDPasswordResult) {
Write-Verbose -Message "Create AD account"
$OuDestination = "OU=ITD SERVICE,OU=USERS,OU=ITD,DC=ND,DC=GOV"
$DCtoUse = Get-ADDomainController -DomainName nd.gov -Discover -Site "Default-First-Site-Name"
$NewADUserParams = @{
Name = $SamAccountName;
SamAccountName = $SamAccountName;
UserPrincipalName = "$SamAccountName@nd.gov";
Description = "1120 - $Description";
Surname = "$SamAccountName";
DisplayName = "$SamAccountName";
Path = $OuDestination;
AccountPassword = $NewITDPasswordResult.Password;
PasswordNeverExpires = $true;
Enabled = $true;
Credential = $Credential;
Server = $DCtoUse;
}
#try {
Write-Verbose -Message "Attempt New-ADUser"
New-ADUser @NewADUserParams
#}
#catch {
#Write-Error $error[0]
#}
}
}
}
}
end {
}
}
_NDGOV_WindowsTeam/ITD.Infra-ActiveDirectory.Object/Public/New-ITDADServiceAccountOLD.ps1
+118
View File
@@ -0,0 +1,118 @@
<#
.Synopsis
Create new account with random password, save in Passwordstate
.DESCRIPTION
Create new Active Directory user account in the "ITD SERVICE" OU, randomly generate a password, and save it in Passwordstate
.EXAMPLE
New-ITDADServiceAccount -SamAccountName !itdtest01 -Description "app/sql db account" -ComputerName itdtest01.nd.gov -PasswordStateList CSRC -Credential <PSCredential>
#>
function New-ITDADServiceAccountOLD
{
[CmdletBinding()]
Param
(
[Parameter(Mandatory=$true)]
[string]
$SamAccountName,
[Parameter(Mandatory=$true)]
[string]
$Description,
[Parameter(Mandatory=$true)]
[string]
$ComputerName,
[Parameter(Mandatory=$true)]
[ValidateSet("CSRC","CND","Linux","Office365","VMware","ZTEST")]
[string]
$PasswordstateList,
[PSCredential]
$Credential
)
Begin
{
Write-Verbose "Validate credentials, stop script if invalid."
If($Credential -eq "" -or $Credential -eq $null)
{
$Credential = Get-Credential -Message "Enter domain/OU administrator credentials. User name must be entered as a SAMAccountName (DOMAIN\username) or as a User Principal Name (username@domain.com)" -UserName $Credential
If($Credential -eq "" -or $Credential -eq $null)
{
Write-Warning "credentials missing - stopping script"
break
}
If((Test-ADCredential -Credential $Credential -ErrorAction Stop) -eq $false)
{
Write-Warning "Invalid credentials or locked account."
break
}
}
Write-Verbose "Confirm Passwordstate connection"
If((Test-NetConnection -ComputerName itdpv.nd.gov).PingSucceeded)
{
}
Else
{
Write-Warning "Passwordstate unavailable"
break
}
Import-Module ActiveDirectory
}
Process
{
Write-Verbose "verify user account does not already exist, if it does, stop script"
$userexists = Get-ADUser -Filter {sAMAccountName -eq $SamAccountName}
If($userexists)
{
Write-Warning "$SamAccountName already exists"
break
}
Write-Verbose "fix description if needed"
If($Description -like "*1120*")
{
Write-Warning "Do not enter '1120' into the description, this will be done for you"
Break
}
Write-Verbose "set OU, get passwordstate passwordlist information, set ADDescription"
$OUdestination = "OU=ITD SERVICE,OU=USERS,OU=ITD,DC=ND,DC=GOV"
$PStateList = Get-ITDPasswordstatePasswordList -Name $PasswordstateList
$ADDescription = "1120 - " + $Description
<# removed 20181228
Write-Verbose "Generate new password"
$PasswordGenerated = New-ITDRandomPassword
$PasswordSecured = $PasswordGenerated | ConvertTo-SecureString -AsPlainText -Force
Write-Verbose "add to passwordstate"
$Date = Get-Date -UFormat "%Y/%m/%d @ %H:%M:%S"
$Notes = "Automatically generated by $env:USERNAME on $Date"
New-PasswordstateRecord -ListID $PStateList.ID -Title $ComputerName -Username "nd.gov\$SamAccountName" -APIkey $PStateList.APIkey -Password $PasswordGenerated -Description $Description -Notes $Notes
#>
New-ITDPasswordstateRecord -Title $ComputerName -Description $ADDescription -PSList $PasswordstateList -Username $SamAccountName -GeneratePassword
Write-Verbose "create account in AD"
New-ADUser -Name $SamAccountName `
-SamAccountName $SamAccountName `
-UserPrincipalName "$SamAccountName@nd.gov" `
-Description $ADDescription `
-DisplayName "$SamAccountName" `
-Path $OUdestination `
-AccountPassword $PasswordSecured `
-PasswordNeverExpires $true `
-Enabled $true `
-Credential $Credential
}
End
{
}
}
_NDGOV_WindowsTeam/ITD.Infra-ActiveDirectory.Object/Public/New-ITDADServiceAccountRitm.ps1
+88
View File
@@ -0,0 +1,88 @@
<#
.SYNOPSIS
A short one-line action-based description, e.g. 'Tests if a function is valid'
.DESCRIPTION
Function will submit a ServiceNow Catalog Request of Application Server type with relevant information required for automated AD Service Account creation.
.NOTES
Information or caveats about the function e.g. 'This function is not supported in Linux'
.LINK
Specify a URI to a help page, this will show when Get-Help -Online is used.
.EXAMPLE
Test-MyTestFunction -Verbose
Explanation of the function or its result. You can include multiple examples with additional .EXAMPLE lines
#>
function New-ITDADServiceAccountRitm {
[CmdletBinding()]
param (
[Parameter(Mandatory = $true)]
[string]
$RequestedForEmail,
[Parameter(Mandatory = $true)]
[string]
$SamAccountName,
[Parameter(Mandatory = $true)]
[ValidateSet('nd.gov')]
[string]
$ADDomain,
[Parameter(Mandatory = $true)]
[string]
$Description,
[Parameter(Mandatory = $true)]
#[ValidateSet('Office365', 'VMware_Systems', 'CSRC', 'Shared Linux Password List', 'Peoplesoft Share PW', 'Cohesity', 'VDI')]
[string]
$PasswordstateList,
[Parameter(Mandatory = $true)]
[string]
$PasswordstateTitle
)
begin {
}
process {
# create Application Server RITM with json
$AdditionalComments = "Please create a new $ADDomain Active Directory service account with the following details, following guidelines found in KB0016867.`n`n"
$obj = [PSCustomObject]@{
RequestedForEmail = $RequestedForEmail
SamAccountName = $SamAccountName;
ADDomain = $ADDomain;
PasswordstateTitle = $PasswordstateTitle;
PasswordstateList = $PasswordstateList;
Description = $Description;
}
$AdditionalComments += ($obj | ConvertTo-Json -Compress)
$NewITDServiceNowServiceCatalogRequest = @{
CategoryItemName = 'Application Server';
RequestedForEmail = $RequestedForEmail;
Values = @{
additional_comments = $AdditionalComments;
request_type = "New";
application_name = "Infra-ActiveDirectory.Object";
environment = "Production";
require_hosting_quote = 'No';
add_change_disaster_recovery = 'No'; #>
vm_work_needed = 'No';
}
}
$ReqResult = New-ITDServiceNowServiceCatalogRequest @NewITDServiceNowServiceCatalogRequest
}
end {
Write-Output $ReqResult
}
}
_NDGOV_WindowsTeam/ITD.Infra-ActiveDirectory.Object/Public/Unlock-ITDADAccount.ps1
+80
View File
@@ -0,0 +1,80 @@
<#
.Synopsis
Unlock any Active Directory Account
.DESCRIPTION
Unlock any Active Directory Account, verify information
.EXAMPLE
Unlock-ITDADAccount -Identity username1
.EXAMPLE
Unlock-ITDADAccount -Identity username1, username2, username3
.EXAMPLE
Unlock-ITDADAccount -Identity username1 -Credential $PSCredential
.INPUTS
Inputs to this cmdlet (if any)
.OUTPUTS
Output from this cmdlet (if any)
.NOTES
General notes
.COMPONENT
The component this cmdlet belongs to
.ROLE
The role this cmdlet belongs to
.FUNCTIONALITY
The functionality that best describes this cmdlet
#>
function Unlock-ITDADAccount
{
[CmdletBinding()]
Param
(
[Parameter(Mandatory=$true)]
[string[]]
$Identity,
[PSCredential]
$Credential
)
Begin
{
Write-Verbose "Validate credentials, stop script if invalid."
If($Credential -eq "" -or $Credential -eq $null)
{
$Credential = Get-Credential -Message "Enter domain/OU administrator credentials. User name must be entered as a SAMAccountName (DOMAIN\username) or as a User Principal Name (username@domain.com)" -UserName $Credential
If($Credential -eq "" -or $Credential -eq $null)
{
Write-Warning "credentials missing - stopping script"
break
}
If((Test-ADCredential -Credential $Credential -ErrorAction Stop) -eq $false)
{
Write-Warning "Invalid credentials or locked account."
break
}
}
.3
Import-Module ActiveDirectory
}
Process
{
ForEach ($i in $Identity)
{
$before = Get-ADUser -Identity $i -Properties SamAccountName,PasswordLastSet,lastLogonDate,Enabled,LockedOut | Select-Object SamAccountName,PasswordLastSet,lastLogonDate,Enabled,LockedOut
$SamAccountName = $before.SamAccountName
If($before.LockedOut -eq $false)
{
Write-Warning "[$SamAccountName]:Before:$before"
}
Else
{
Unlock-ADAccount -Identity $i -Credential $Credential
$after = Get-ADUser -Identity $i -Properties SamAccountName,PasswordLastSet,lastLogonDate,Enabled,LockedOut | Select-Object SamAccountName,PasswordLastSet,lastLogonDate,Enabled,LockedOut
Write-Warning "[$SamAccountName]:After:$after"
}
}
}
End
{
}
}
_NDGOV_WindowsTeam/ITD.Infra-ActiveDirectory.Object/README.md
+20
View File
@@ -0,0 +1,20 @@
# Introduction
TODO: Give a short introduction of your project. Let this section explain the objectives or the motivation behind this project.
# Getting Started
TODO: Guide users through getting your code up and running on their own system. In this section you can talk about:
1. Installation process
2. Software dependencies
3. Latest releases
4. API references
# Build and Test
TODO: Describe and show how to build your code and run the tests.
# Contribute
TODO: Explain how other users and developers can contribute to make your code better.
If you want to learn more about creating good readme files then refer the following [guidelines](https://docs.microsoft.com/en-us/azure/devops/repos/git/create-a-readme?view=azure-devops). You can also seek inspiration from the below readme files:
- [ASP.NET Core](https://github.com/aspnet/Home)
- [Visual Studio Code](https://github.com/Microsoft/vscode)
- [Chakra Core](https://github.com/Microsoft/ChakraCore)
_NDGOV_WindowsTeam/ITD.Infra-ActiveDirectory.Object/Scripts_PSU/New-ITDADServiceAccountFromSCTask_script.ps1
+147
View File
@@ -0,0 +1,147 @@
[CmdletBinding()]
param (
[string]
$SCTaskNum,
[switch]
$Quiet
)
begin {
$StartTime = Get-Date
New-ITDServiceNowSession -Environment Production -Credential $Secret:SNowVMCred
}
process {
$SCTaskSearch = Get-ITDServiceNowRecord -ItemType 'Catalog Task' -Filter ('active=true^short_description=Active Directory Service Account Provisioning') -Verbose
switch ($PSBoundParameters.Keys) {
'SCTaskNum' {
$SCTaskSearch = $SCTaskSearch | Where-Object Number -EQ $SCTaskNum
}
}
Switch (@($SCTaskSearch).count) {
{ $_ -le 0 } {
Write-Verbose -Message "No Active Directory Service Account Provisioning tasks found." -Verbose
}
{ $_ -ge 1 } {
Write-Verbose -Message ("Number of Active Directory Service Account Provisioning tasks found: " + @($SCTaskSearch).count) -Verbose
}
}
ForEach ($SCTask in $SCTaskSearch) {
Clear-Variable -Name RITM, obj, NewITDADServiceAccountParams -ErrorAction SilentlyContinue
Write-Verbose -Message ("Start " + $SCTask.Num)
$Ritm = Get-ITDServiceNowRecord -ItemType 'Request Item' -SysId $SCTask.request_item.value -IncludeCustomVariable
$RitmRequestedFor = Get-ITDServiceNowUser -SysId $Ritm.requested_for.value
$obj = ($Ritm.CustomVariable.additional_comments.Value -split "`n")[2] | ConvertFrom-Json
If ($Obj.ADDomain -ne 'nd.gov') {
Write-Error -Message "Only nd.gov is supported, create account manually" -ErrorAction Stop
}
$NewITDADServiceAccountParams = @{
SamAccountName = $obj.SamAccountName;
Description = $obj.Description;
PasswordstateList = $obj.PasswordstateList;
PasswordstateTitle = $obj.PasswordstateTitle;
PasswordstateNotes = ("Requested via " + $RITM.number)
Credential = $PrvCred; #$Secret:svcitdiaasauto;
}
try {
New-ITDADServiceAccount @NewITDADServiceAccountParams -Verbose -ErrorAction Stop
$Notes = "New Active Directory account created."
$AccountCreated = $true
}
catch [Microsoft.PowerShell.Commands.WriteErrorException] {
Write-Error -Message $error[0]
$AccountCreated = $false
}
$EndTime = Get-Date
If ($PSBoundParameters.ContainsKey('Quiet') -and $Quiet -eq $true) {
Write-Verbose -Message "Quiet mode enabled. No ServiceNow interactions will be done." -Verbose
}
Else {
Write-Verbose -Message "Quiet mode disabled. ServiceNow CHG will be generated." -Verbose
# create std chg and close it
switch ($AccountCreated) {
$true {
Write-Verbose -Message "AccountCreated true" -Verbose
Write-Verbose -Message "Generating SNow CHG" -Verbose
#New-ITDServiceNowSession -Environment Test -Credential $Secret:SNowVMCred
$NewITDServiceNowChangeRequestParams = @{
TemplateName = 'NDIT-SPS-Server Add/Chg/Del'
RequestedByUsername = $RitmRequestedFor.user_name;
Category = 'Systems Platforms - Systems';
Subcategory = 'Windows';
Impact = 3;
ShortDescription = "New nd.gov Active Directory service account created - $UAJobId, " + $RITM.number;
Description = "New nd.gov Active Directory service account created";
Justification = "New nd.gov Active Directory service account required for zero-trust policies, following guidelines found in KB0016867";
Implementation = "PSUniversal execution";
RiskImpactAnalysis = "Low";
BackoutPlan = "Delete the new user account"
TestPlan = "n/a"
WhoIsImpacted = "Windows System Administrators";
StartTime = $StartTime
EndTime = $EndTime;
AssignmentGroup = 'NDIT-Computer Systems Windows';
ChangeManagerUsername = 'khellman';
ChangeCoordinatorUsername = 'gpgolberg';
AssignedToUsername = $RitmRequestedFor.user_name;
}
$CHG = New-ITDServiceNowChangeRequest @NewITDServiceNowChangeRequestParams -Verbose
Update-ITDServiceNowRecord -ItemType "Change Request" -Number $CHG.Number.Value -Values @{
work_notes = $Notes;
}
Write-Verbose -Message ("Completing SNow " + $CHG.Number.value) -Verbose
$CompleteITDServiceNowChangeRequestParams = @{
Number = $CHG.Number.value
CloseCode = "Successful"
CloseNotes = ("New nd.gov Active Directory account " + $obj.ADDomain + "\" + $obj.SamAccountName + " created.")
}
Complete-ITDServiceNowChangeRequest @CompleteITDServiceNowChangeRequestParams -Verbose
New-ITDServiceNowSession -Environment Production -Credential $Secret:SNowVMCred
Write-Verbose -Message ("SCTASK " + $SCTask.Num + " success notes")
Update-ITDServiceNowRecord -ItemType 'Catalog Task' -Number $SCTask.Number -Values @{
work_notes = $Notes + "`n" + ($Chg.Number.value + " created for the work.");
close_notes = $Notes;
state = "Closed Complete";
}
}
$false {
Write-Verbose -Message "AccountCreated false" -Verbose
Write-Verbose -Message ("SCTASK " + $SCTask.Num + " failure notes")
$Message = "Error during account creation, requires human review. PSU Job Id #$UAJobId"
Write-Warning -Message $Message
Write-Verbose -Message ("Update " + $SCTask.Number)
Update-ITDServiceNowRecord -ItemType 'Catalog Task' -Number $SCtask.Number -Values @{
work_notes = $Message;
short_description = $SCTask.short_description + " - HUMAN REVIEW"
}
}
Default {
Write-Verbose -Message "AccountCreated default" -Verbose
Write-Error -Message "AccountCreated variable is somehow not true or false... not sure how that happened. Great work!"
}
}
}
Write-Verbose -Message ("End " + $SCTask.Num)
}
}
end {
}
_NDGOV_WindowsTeam/ITD.Infra-ActiveDirectory.Object/Scripts_PSU/New-ITDADServiceAccountRITM_script.ps1
+40
View File
@@ -0,0 +1,40 @@
[CmdletBinding()]
param (
[Parameter(Mandatory = $true)]
[string]
$RequestedForEmail,
[Parameter(Mandatory = $true)]
[string]
$SamAccountName,
[Parameter(Mandatory = $true)]
[ValidateSet('nd.gov')]
[string]
$ADDomain,
[Parameter(Mandatory = $true)]
[string]
$Description,
[Parameter(Mandatory = $true)]
[ValidateSet('Office365', 'VMware_Systems', 'CSRC', 'Shared Linux Password List', 'Peoplesoft Share PW', 'Cohesity', 'VDI')]
[string]
$PasswordstateList,
[Parameter(Mandatory = $true)]
[string]
$PasswordstateTitle
)
$NewITDADServiceAccountParams = @{
RequestedForEmail = $RequestedForEmail;
SamAccountName = $SamAccountName;
ADDomain = $ADDomain;
Description = $Description;
PasswordstateList = $PasswordstateList;
PasswordstateTitle = $PasswordstateTitle;
}
New-ITDServiceNowSession -Environment Production -Credential $Secret:SNowVMCred -Verbose
New-ITDADServiceAccountRitm @NewITDADServiceAccountParams -Verbose
_NDGOV_WindowsTeam/ITD.Infra-ActiveDirectory.Object/Scripts_PSU/New-ITDADServiceAccount_script.ps1
+78
View File
@@ -0,0 +1,78 @@
[CmdletBinding()]
param (
[string]
$SamAccountName,
[Parameter(Mandatory = $true)]
[string]
$Description,
[Parameter(Mandatory = $true)]
[ValidateSet('VMware_Systems', 'CSRC', 'Shared Linux Password List', 'Peoplesoft Share PW', 'Cohesity', 'VDI', 'Office365')]
[string]
$PasswordstateList,
[Parameter(Mandatory = $true)]
[string]
$PasswordstateTitle,
[switch]
$Quiet
)
$StartTime = Get-Date
$NewITDADServiceAccountParams = @{
SamAccountName = $SamAccountName;
Description = $Description;
PasswordstateList = $PasswordstateList;
PasswordstateTitle = $PasswordstateTitle;
Credential = $Secret:svcitdiaasauto;
}
try {
New-ITDADServiceAccount @NewITDADServiceAccountParams -Verbose
}
catch {
Write-Error -Message $error[0] -ErrorAction Stop
}
$EndTime = Get-Date
If ($PSBoundParameters.ContainsKey('Quiet') -and $Quiet -eq $true) {
Write-Verbose -Message "Quiet mode enabled. No ServiceNow interactions will be done." -Verbose
}
Else {
Write-Verbose -Message "Quiet mode disabled. ServiceNow CHG will be generated." -Verbose
# create std chg and close it
New-ITDServiceNowSession Test -Credential $Secret:SNowVMCred
$NewITDServiceNowChangeRequestParams = @{
TemplateName = 'NDIT-SPS-Server Add/Chg/Del'
RequestedByUsername = 'zmeier';
Category = 'Systems Platforms - Systems';
Subcategory = 'Windows';
Impact = 3;
ShortDescription = "New nd.gov Active Directory service account created - $UAJobId";
Description = "New nd.gov Active Directory service account created";
Justification = "New nd.gov Active Directory service account required for zero-trust policies";
Implementation = "PSUniversal execution";
RiskImpactAnalysis = "Low";
BackoutPlan = "Delete the new user account"
TestPlan = "n/a"
WhoIsImpacted = "Windows System Administrators";
StartTime = $StartTime
EndTime = $EndTime;
AssignmentGroup = 'NDIT-Computer Systems Windows';
ChangeManagerUsername = 'khellman';
ChangeCoordinatorUsername = 'gpgolberg';
AssignedToUsername = 'zmeier';
}
$CHG = New-ITDServiceNowChangeRequest @NewITDServiceNowChangeRequestParams -Verbose
Update-ITDServiceNowRecord -ItemType "Change Request" -Number $CHG.Number.Value -Values @{
work_notes = $Notes;
}
Complete-ITDServiceNowChangeRequest -Number $CHG.Number.value -CloseCode "Successful" -CloseNotes "New nd.gov Active Directory account ndgov\$SamAccountName created." -Verbose
}
_NDGOV_WindowsTeam/ITD.Infra-ActiveDirectory.Object/UD_PSU/NewITDADServiceAccountRequest.ps1
+49
View File
@@ -0,0 +1,49 @@
New-UDApp -Title 'SyncVMwareVMtoSharePoint' -Pages @(
New-UDPage -Name "Home" -Content {
New-UDForm -Content {
New-UDTypography -Text 'Enter the information below (all fields required) and click the Submit button'
New-UDRow -Columns {
New-UDColumn -SmallSize 6 -LargeSize 6 -Content {
New-UDTextbox -Label 'RequestedForEmail' -Id RequestedForEmail
New-UDTextbox -Label 'ADDomain' -Id ADDomain
New-UDTextbox -Label 'SamAccountName' -Id SamAccountName
New-UDTextbox -Label 'Description' -Id Description
New-UDTextbox -Label 'PasswordstateList' -Id PasswordstateList
New-UDTextbox -Label 'PasswordstateTitle' -Id PasswordstateTitle
}
}
} -OnValidate {
$FormContent = $EventData
if ($EventData.RequestedForEmail -eq $null -or $EventData.RequestedForEmail -eq '' -or $EventData.ADDomain -eq $null -or $EventData.ADDomain -eq '' -or $EventData.SamAccountName -eq $null -or $EventData.SamAccountName -eq '' -or $EventData.Description -eq $null -or $EventData.Description -eq '' -or $EventData.PasswordstateList -eq $null -or $EventData.PasswordstateList -eq '' -or $EventData.PasswordstateTitle -eq $null -or $EventData.PasswordstateTitle -eq '') {
# ('Office365', 'VMware_Systems', 'CSRC', 'Shared Linux Password List', 'Peoplesoft Share PW', 'Cohesity', 'VDI')
New-UDFormValidationResult -ValidationError "All fields are required."
}
else {
if ($FormContent.ADDomain -ne 'nd.gov') {
New-UDFormValidationResult -ValidationError "Only nd.gov ADDomain is supported at this time."
}
else {
If (@('Office365', 'VMware_Systems', 'CSRC', 'Shared Linux Password List', 'Peoplesoft Share PW', 'Cohesity', 'VDI') -notcontains $EventData.PasswordstateList) {
New-UDFormValidationResult -ValidationError "PasswordstateList must match one of the following: VMware_Systems, Cohesity, VDI, Office365, CSRC, Shared Linux Password List, Peoplesoft Share PW"
}
}
New-UDFormValidationResult -Valid
}
} -OnSubmit {
$InvokePSUScriptParams = @{
Script = 'New-ITDADServiceAccountRitm_script.ps1';
RequestedForEmail = $EventData.RequestedForEmail
ADDomain = $EventData.ADDomain
SamAccountName = $EventData.SamAccountName
Description = $EventData.Description
PasswordstateList = $EventData.PasswordstateList
PasswordstateTitle = $EventData.PasswordstateTitle
}
$InvokePSUScriptResult = Invoke-PSUScript @InvokePSUScriptParams -Wait
Show-UDToast -Message ("ServiceNow Request " + $InvokePSUScriptResult.number + " created on behalf of $User" ) -Duration 100000
}
}
)