Zack Meier
96 lines
3.8 KiB
PowerShell
96 lines
3.8 KiB
PowerShell
<#
|
|
.SYNOPSIS
|
|
Add Service Principal Name to a ITD AD Service Account
|
|
.DESCRIPTION
|
|
Add Service Principal Name to a ITD AD Service Account
|
|
.NOTES
|
|
example using setspn:
|
|
setspn.exe -s MSSQLSvc/test.nd.gov:1433 ndgov\svctest
|
|
setspn.exe -s MSSQLSvc/test:1433 ndgov\svctest
|
|
setspn.exe -s MSSQLSvc/test.nd.gov ndgov\svctest
|
|
setspn.exe -s MSSQLSvc/test ndgov\svctest
|
|
|
|
setspn.exe -s MSSQLSvc/test.nd.gov ndgov\svctest
|
|
.LINK
|
|
|
|
#>
|
|
|
|
[CmdletBinding()]
|
|
Param(
|
|
[string]
|
|
$SamAccountName,
|
|
|
|
[Parameter(HelpMessage = "Multiple entries can be submitted if the field loses focus, and you go back to it. For example, after each entry hit Tab, then Shift-Tab back.")]
|
|
[string[]]
|
|
$ServicePrincipalName = $null
|
|
)
|
|
|
|
Write-Verbose -Message "Prep Variables and Connections"
|
|
switch ($UAJob.ComputerName) {
|
|
"ITDWINAUTOT1" {
|
|
$ServiceNowEnvironment = 'Test'
|
|
}
|
|
"ITDWINAUTOP1" {
|
|
$ServiceNowEnvironment = 'Production'
|
|
}
|
|
}
|
|
$RequestedBy = $UAJob.Identity.Name # user that started the job
|
|
$PSUJobId = $UAJob.Id
|
|
$StartDateTime = Get-Date
|
|
|
|
Write-Verbose -Message "Find AD User" -Verbose
|
|
$ADUser = Get-ADUser -Identity $SamAccountName -ErrorAction Stop
|
|
|
|
Write-Verbose -Message "Add SPN(s)" -Verbose
|
|
try {
|
|
$ServicePrincipalName | ForEach-Object {
|
|
Write-Verbose -Message ("Attempt to add SPN value " + $_) -Verbose
|
|
$ADUser | Set-ADUser -ServicePrincipalNames @{Add=$_}
|
|
}
|
|
}
|
|
catch {
|
|
Write-Error $Error[0]
|
|
}
|
|
|
|
Start-Sleep -Seconds 2
|
|
|
|
Write-Verbose -Message "No errors when adding the SPNs, listing the SPNs here for human validation" -Verbose
|
|
$ValidateUser = Get-ADUser -Identity $SamAccountName -Properties ServicePrincipalNames | Select-Object SamAccountName, ServicePrincipalNames
|
|
$ValidateUser.ServicePrincipalNames
|
|
|
|
Write-Verbose -Message "Generate ServiceNow CHG" -Verbose
|
|
Write-Verbose -Message ("UAJob.ComputerName = " + $UAJob.ComputerName) -Verbose
|
|
|
|
New-ITDServiceNowSession -Environment $ServiceNowEnvironment -Credential $Secret:snow_vmcred -Verbose
|
|
$NewITDServiceNowChangeRequestParams = @{
|
|
TemplateName = 'NDIT-SPS-Server Add/Chg/Del'
|
|
RequestedByUsername = $RequestedBy.split('@')[0] -replace 'prv';
|
|
Category = 'Systems Platforms - Systems';
|
|
Subcategory = 'Windows';
|
|
Impact = 3;
|
|
ShortDescription = "ServicePrincipalName added to ndgov\$SamAccountName - PSU Job Id $PSUJobId";
|
|
Description = "ServicePrincipalName added to ndgov\$SamAccountName - PSU Job Id $PSUJobId, see notes for details";
|
|
Justification = "ServicePrincipalName is required to be added to Active Directory Service Accounts by some applications";
|
|
Implementation = "PSUniversal execution";
|
|
RiskImpactAnalysis = "Low";
|
|
BackoutPlan = "Remove the new service principal name from the serviceprincipalname attribute."
|
|
TestPlan = "n/a"
|
|
WhoIsImpacted = "Windows System Administrators";
|
|
StartTime = $StartDateTime
|
|
EndTime = $StartDateTime.AddMinutes(1);
|
|
AssignmentGroup = 'NDIT-Computer Systems Windows';
|
|
ChangeManagerUsername = 'khellman';
|
|
ChangeCoordinatorUsername = 'gpgolberg';
|
|
AssignedToUsername = $RequestedBy.split('@')[0] -replace 'prv';
|
|
}
|
|
|
|
$CHG = New-ITDServiceNowChangeRequest @NewITDServiceNowChangeRequestParams -Verbose
|
|
$CHGNum = $CHG.Number.value
|
|
|
|
Write-Verbose -Message ("Completing SNow " + $CHG.Number.value) -Verbose
|
|
$CompleteITDServiceNowChangeRequestParams = @{
|
|
Number = $CHG.Number.value
|
|
CloseCode = "Successful"
|
|
CloseNotes = "ServicePrincipalNames added to ndgov\$SamAccountName - PSU Job Id $PSUJobId`n" + ($ServicePrincipalName | ForEach-Object {$_})
|
|
}
|
|
Complete-ITDServiceNowChangeRequest @CompleteITDServiceNowChangeRequestParams -Verbose |