update

_NDGOV_WindowsTeam/ITD.Infra-ActiveDirectory.Object/Scripts_PSU/New-ITDADServiceAccountFromSCTask_script.ps1

@@ -0,0 +1,147 @@
+[CmdletBinding()]
+param (
+    [string]
+    $SCTaskNum,
+
+    [switch]
+    $Quiet
+)
+    
+begin {
+    $StartTime = Get-Date
+    New-ITDServiceNowSession -Environment Production -Credential $Secret:SNowVMCred
+}
+    
+process {
+    $SCTaskSearch = Get-ITDServiceNowRecord -ItemType 'Catalog Task' -Filter ('active=true^short_description=Active Directory Service Account Provisioning') -Verbose
+    switch ($PSBoundParameters.Keys) {
+        'SCTaskNum' {
+            $SCTaskSearch = $SCTaskSearch | Where-Object Number -EQ $SCTaskNum
+        }
+    }
+    
+    Switch (@($SCTaskSearch).count) {
+        { $_ -le 0 } {
+            Write-Verbose -Message "No Active Directory Service Account Provisioning tasks found." -Verbose
+        }
+        { $_ -ge 1 } {
+            Write-Verbose -Message ("Number of Active Directory Service Account Provisioning tasks found: " + @($SCTaskSearch).count) -Verbose
+        }
+    }
+
+    ForEach ($SCTask in $SCTaskSearch) {
+        Clear-Variable -Name RITM, obj, NewITDADServiceAccountParams -ErrorAction SilentlyContinue
+        Write-Verbose -Message ("Start " + $SCTask.Num)
+        $Ritm = Get-ITDServiceNowRecord -ItemType 'Request Item' -SysId $SCTask.request_item.value -IncludeCustomVariable
+        $RitmRequestedFor = Get-ITDServiceNowUser -SysId $Ritm.requested_for.value
+
+        $obj = ($Ritm.CustomVariable.additional_comments.Value -split "`n")[2] | ConvertFrom-Json
+
+        If ($Obj.ADDomain -ne 'nd.gov') {
+            Write-Error -Message "Only nd.gov is supported, create account manually" -ErrorAction Stop
+        }
+
+        $NewITDADServiceAccountParams = @{
+            SamAccountName     = $obj.SamAccountName;
+            Description        = $obj.Description;
+            PasswordstateList  = $obj.PasswordstateList;
+            PasswordstateTitle = $obj.PasswordstateTitle;
+            PasswordstateNotes = ("Requested via " + $RITM.number)
+            Credential         = $PrvCred; #$Secret:svcitdiaasauto;
+        }
+        try {
+            New-ITDADServiceAccount @NewITDADServiceAccountParams -Verbose -ErrorAction Stop
+            $Notes = "New Active Directory account created."
+            $AccountCreated = $true
+        }
+        catch [Microsoft.PowerShell.Commands.WriteErrorException] {
+            Write-Error -Message $error[0]
+            $AccountCreated = $false
+        }
+    
+    
+        $EndTime = Get-Date
+
+        If ($PSBoundParameters.ContainsKey('Quiet') -and $Quiet -eq $true) {
+            Write-Verbose -Message "Quiet mode enabled.  No ServiceNow interactions will be done." -Verbose
+        }
+        Else {
+            Write-Verbose -Message "Quiet mode disabled.  ServiceNow CHG will be generated." -Verbose
+            # create std chg and close it
+            switch ($AccountCreated) {
+                $true {
+                    Write-Verbose -Message "AccountCreated true" -Verbose
+                    Write-Verbose -Message "Generating SNow CHG" -Verbose
+                    
+                    #New-ITDServiceNowSession -Environment Test -Credential $Secret:SNowVMCred
+                    $NewITDServiceNowChangeRequestParams = @{
+                        TemplateName              = 'NDIT-SPS-Server Add/Chg/Del'
+                        RequestedByUsername       = $RitmRequestedFor.user_name;
+                        Category                  = 'Systems Platforms - Systems';
+                        Subcategory               = 'Windows';
+                        Impact                    = 3;
+                        ShortDescription          = "New nd.gov Active Directory service account created - $UAJobId, " + $RITM.number;
+                        Description               = "New nd.gov Active Directory service account created";
+                        Justification             = "New nd.gov Active Directory service account required for zero-trust policies, following guidelines found in KB0016867";
+                        Implementation            = "PSUniversal execution";
+                        RiskImpactAnalysis        = "Low";
+                        BackoutPlan               = "Delete the new user account"
+                        TestPlan                  = "n/a"
+                        WhoIsImpacted             = "Windows System Administrators";
+                        StartTime                 = $StartTime
+                        EndTime                   = $EndTime;
+                        AssignmentGroup           = 'NDIT-Computer Systems Windows';
+                        ChangeManagerUsername     = 'khellman';
+                        ChangeCoordinatorUsername = 'gpgolberg';
+                        AssignedToUsername        = $RitmRequestedFor.user_name;
+                    }
+        
+                    $CHG = New-ITDServiceNowChangeRequest @NewITDServiceNowChangeRequestParams -Verbose
+        
+                    Update-ITDServiceNowRecord -ItemType "Change Request" -Number $CHG.Number.Value -Values @{
+                        work_notes = $Notes;
+                    }
+
+                    Write-Verbose -Message ("Completing SNow " + $CHG.Number.value) -Verbose
+                    $CompleteITDServiceNowChangeRequestParams = @{
+                        Number = $CHG.Number.value
+                        CloseCode = "Successful"
+                        CloseNotes = ("New nd.gov Active Directory account " + $obj.ADDomain + "\" + $obj.SamAccountName + " created.")
+                    }
+                    Complete-ITDServiceNowChangeRequest @CompleteITDServiceNowChangeRequestParams -Verbose
+    
+                    New-ITDServiceNowSession -Environment Production -Credential $Secret:SNowVMCred
+                
+                    Write-Verbose -Message ("SCTASK " + $SCTask.Num + " success notes")
+                    Update-ITDServiceNowRecord -ItemType 'Catalog Task' -Number $SCTask.Number -Values @{
+                        work_notes = $Notes + "`n" + ($Chg.Number.value + " created for the work.");
+                        close_notes = $Notes;
+                        state = "Closed Complete";
+                    }
+                }
+                $false {
+                    Write-Verbose -Message "AccountCreated false" -Verbose
+                    Write-Verbose -Message ("SCTASK " + $SCTask.Num + " failure notes")
+                    $Message = "Error during account creation, requires human review.  PSU Job Id #$UAJobId"
+                    Write-Warning -Message $Message
+                    Write-Verbose -Message ("Update " + $SCTask.Number)
+                    Update-ITDServiceNowRecord -ItemType 'Catalog Task' -Number $SCtask.Number -Values @{
+                        work_notes        = $Message;
+                        short_description = $SCTask.short_description + " - HUMAN REVIEW"
+                    }
+                }
+                Default {
+                    Write-Verbose -Message "AccountCreated default" -Verbose
+                    Write-Error -Message "AccountCreated variable is somehow not true or false... not sure how that happened.  Great work!"
+                }
+            }
+        }
+        Write-Verbose -Message ("End   " + $SCTask.Num)
+    }
+    
+    
+}
+
+end {
+    
+}

_NDGOV_WindowsTeam/ITD.Infra-ActiveDirectory.Object/Scripts_PSU/New-ITDADServiceAccountRITM_script.ps1

@@ -0,0 +1,40 @@
+[CmdletBinding()]
+param (
+    [Parameter(Mandatory = $true)]
+    [string]
+    $RequestedForEmail,
+
+    [Parameter(Mandatory = $true)]
+    [string]
+    $SamAccountName,
+
+    [Parameter(Mandatory = $true)]
+    [ValidateSet('nd.gov')]
+    [string]
+    $ADDomain,
+
+    [Parameter(Mandatory = $true)]
+    [string]
+    $Description,
+
+    [Parameter(Mandatory = $true)]
+    [ValidateSet('Office365', 'VMware_Systems', 'CSRC', 'Shared Linux Password List', 'Peoplesoft Share PW', 'Cohesity', 'VDI')]
+    [string]
+    $PasswordstateList,
+
+    [Parameter(Mandatory = $true)]
+    [string]
+    $PasswordstateTitle
+)
+
+$NewITDADServiceAccountParams = @{
+    RequestedForEmail = $RequestedForEmail;
+    SamAccountName = $SamAccountName;
+    ADDomain = $ADDomain;
+    Description = $Description;
+    PasswordstateList = $PasswordstateList;
+    PasswordstateTitle = $PasswordstateTitle;
+}
+
+New-ITDServiceNowSession -Environment Production -Credential $Secret:SNowVMCred -Verbose
+New-ITDADServiceAccountRitm @NewITDADServiceAccountParams -Verbose

_NDGOV_WindowsTeam/ITD.Infra-ActiveDirectory.Object/Scripts_PSU/New-ITDADServiceAccount_script.ps1

@@ -0,0 +1,78 @@
+[CmdletBinding()]
+param (
+    [string]
+    $SamAccountName,
+
+    [Parameter(Mandatory = $true)]
+    [string]
+    $Description,
+
+    [Parameter(Mandatory = $true)]
+    [ValidateSet('VMware_Systems', 'CSRC', 'Shared Linux Password List', 'Peoplesoft Share PW', 'Cohesity', 'VDI', 'Office365')]
+    [string]
+    $PasswordstateList,
+
+    [Parameter(Mandatory = $true)]
+    [string]
+    $PasswordstateTitle,
+
+    [switch]
+    $Quiet
+)
+
+$StartTime = Get-Date
+
+$NewITDADServiceAccountParams = @{
+    SamAccountName     = $SamAccountName;
+    Description        = $Description;
+    PasswordstateList  = $PasswordstateList;
+    PasswordstateTitle = $PasswordstateTitle;
+    Credential         = $Secret:svcitdiaasauto;
+}
+try {
+    New-ITDADServiceAccount @NewITDADServiceAccountParams -Verbose
+}
+catch {
+    Write-Error -Message $error[0] -ErrorAction Stop
+}
+
+
+$EndTime = Get-Date
+If ($PSBoundParameters.ContainsKey('Quiet') -and $Quiet -eq $true) {
+    Write-Verbose -Message "Quiet mode enabled.  No ServiceNow interactions will be done." -Verbose
+}
+Else {
+    Write-Verbose -Message "Quiet mode disabled.  ServiceNow CHG will be generated." -Verbose
+    # create std chg and close it
+    New-ITDServiceNowSession Test -Credential $Secret:SNowVMCred
+    $NewITDServiceNowChangeRequestParams = @{
+        TemplateName              = 'NDIT-SPS-Server Add/Chg/Del'
+        RequestedByUsername       = 'zmeier';
+        Category                  = 'Systems Platforms - Systems';
+        Subcategory               = 'Windows';
+        Impact                    = 3;
+        ShortDescription          = "New nd.gov Active Directory service account created - $UAJobId";
+        Description               = "New nd.gov Active Directory service account created";
+        Justification             = "New nd.gov Active Directory service account required for zero-trust policies";
+        Implementation            = "PSUniversal execution";
+        RiskImpactAnalysis        = "Low";
+        BackoutPlan               = "Delete the new user account"
+        TestPlan                  = "n/a"
+        WhoIsImpacted             = "Windows System Administrators";
+        StartTime                 = $StartTime
+        EndTime                   = $EndTime;
+        AssignmentGroup           = 'NDIT-Computer Systems Windows';
+        ChangeManagerUsername     = 'khellman';
+        ChangeCoordinatorUsername = 'gpgolberg';
+        AssignedToUsername        = 'zmeier';
+    }
+
+    $CHG = New-ITDServiceNowChangeRequest @NewITDServiceNowChangeRequestParams -Verbose
+
+    Update-ITDServiceNowRecord -ItemType "Change Request" -Number $CHG.Number.Value -Values @{
+        work_notes = $Notes;
+    }
+
+    Complete-ITDServiceNowChangeRequest -Number $CHG.Number.value -CloseCode "Successful" -CloseNotes "New nd.gov Active Directory account ndgov\$SamAccountName created." -Verbose
+}
+