diff options
| -rw-r--r-- | AD-powershell-tools/README.md | 1 | ||||
| -rw-r--r-- | AD-powershell-tools/ad-bulk-reset.ps1 | 27 | ||||
| -rw-r--r-- | AD-powershell-tools/inactive-ad-device-report.ps1 | 57 | ||||
| -rw-r--r-- | bitwarden-tools/README.md | 2 | ||||
| -rw-r--r-- | bitwarden-tools/bit2pass.py | 45 |
5 files changed, 132 insertions, 0 deletions
diff --git a/AD-powershell-tools/README.md b/AD-powershell-tools/README.md new file mode 100644 index 0000000..2b65598 --- /dev/null +++ b/AD-powershell-tools/README.md @@ -0,0 +1 @@ +Some useful AD scripts I use diff --git a/AD-powershell-tools/ad-bulk-reset.ps1 b/AD-powershell-tools/ad-bulk-reset.ps1 new file mode 100644 index 0000000..aa16515 --- /dev/null +++ b/AD-powershell-tools/ad-bulk-reset.ps1 @@ -0,0 +1,27 @@ +# Usage: ad-bulk-reset.ps1 <user-list-file>
+Import-Module ActiveDirectory
+
+function Gen-Random-Password {
+ $str = ""
+ for ($i = 0; $i -lt 24 ; $i++) {
+ $rand = Get-Random -Minimum 32 -Maximum 127
+ $str += [char]$rand
+ }
+ $newpwd = ConvertTo-SecureString -String [String]$str -AsPlainText -Force
+ return $newpwd
+}
+
+# Import users from CSV
+$csv = Get-Content $args[0]
+
+ForEach ($user in $csv) {
+ $newPassword = Gen-Random-Password
+
+ # Reset user password.
+ Set-ADAccountPassword -Identity $user -NewPassword $newPassword -Reset
+
+ # Force user to reset password at next logon.
+ # Remove this line if not needed for you
+ #Set-AdUser -Identity $user -ChangePasswordAtLogon $true
+ Write-Host $user"'s password has been reset"
+}
diff --git a/AD-powershell-tools/inactive-ad-device-report.ps1 b/AD-powershell-tools/inactive-ad-device-report.ps1 new file mode 100644 index 0000000..560a534 --- /dev/null +++ b/AD-powershell-tools/inactive-ad-device-report.ps1 @@ -0,0 +1,57 @@ +# PLEASE READ SCRIPT BEFORE RUNNING
+
+# Based largely on https://activedirectorypro.com/find-remove-old-computer-accounts-active-directory/
+# but changed his brack/object syntax to a string query
+
+# Usage
+# \inactive-ad-device-report.ps1 "OU=Workstations,DC=example,DC=com" "dd/MM/yyyy" [-report] [-disable]
+
+# Report and disable are optional switches to print the results to a CSV
+# and disable the computer accounts, respectively
+
+# A cutoff date and a search base, must be provided.
+
+# All computers with Login times before
+# the cutoff date are included in the results of the report
+
+# The search base is an LDAP filter that must (at a minimum) specify
+# your domain controller. And probably an OU you want to search, like:
+#
+# "OU=Workstations,DC=example,DC=com"
+
+# See here for an example: https://docs.microsoft.com/en-us/powershell/module/activedirectory/get-adcomputer?view=windowsserver2022-ps#example-4--get-computer-accounts-in-a-specific-location-using-an-ldapfilter
+param (
+ [Parameter(Mandatory)][string]$searchbase,
+ [Parameter(Mandatory)][string]$cutoff,
+ [switch]$report,
+ [switch]$disable
+)
+Import-Module ActiveDirectory
+$today=(get-date -Format "yyyy-MM-dd")
+try {
+ $filter = "(LastLogonDate -lt `"$cutoff`") -and (Enabled -eq `"$true`")"
+ $devices = Get-ADcomputer -filter $filter -properties LastLogonDate,Enabled,DistinguishedName `
+ -SearchBase $searchbase `
+ | select name, LastLogonDate, DistinguishedName
+ | sort LastLogonDate
+}
+catch {
+ write-error "Bad input. Usage: '.\inactive-ad-device-report.ps1 `"ldap-filter`" `"dd/MM/yyyy`" [-report] [-disable]'"
+}
+
+if ($disable) {
+ ForEach ($device in $devices) {
+ Set-ADComputer -Identity $device.Name -Enabled $false -Verbose -WhatIf
+ }
+
+ [Console]::Error.WriteLine("All devices disabled")
+}
+
+if($report) {
+ $fn = "old-computers-$today.csv"
+ $devices | export-csv .\$fn
+ [Console]::Error.WriteLine("Saved result list to $fn")
+} else {
+ [Console]::Error.WriteLine("Writing device list to stdout")
+ write-output $devices
+}
diff --git a/bitwarden-tools/README.md b/bitwarden-tools/README.md new file mode 100644 index 0000000..9cb9ded --- /dev/null +++ b/bitwarden-tools/README.md @@ -0,0 +1,2 @@ +(for now) just one script to handle importing Bitwarden data to UNIX +pass diff --git a/bitwarden-tools/bit2pass.py b/bitwarden-tools/bit2pass.py new file mode 100644 index 0000000..47a64b0 --- /dev/null +++ b/bitwarden-tools/bit2pass.py @@ -0,0 +1,45 @@ +#!/usr/bin/python3 +""" +bit2pass.py - grabs the bare minimum info from a bitwarden JSON export +(unencrypted) to populate a UNIX pass datastore. This assumes you named +your entry and gave it a password, otherwise, this script will yell at +you. + +This does NOT grab notes or usernames. I find that in pass to be kind of +useless since I rarely need to copy them. I use it purely for easy (and +secure) copying of passwords. If a really need the notes, it's probably +not something I'm going to be copying much. I also exclude anything +that's not a login because, well that's what bitwarden's good for... +Don't limit yourself to one tool + + +Usage: +0) (before running) Initialize a pass database: + pass init +1) python bit2pass.py <your-file> +""" +import sys +import subprocess +import json +with open(sys.argv[1]) as f: + data = json.load(f) + +folders = { x['id'] : x['name'] for x in data['folders'] } +passwords = { + folders[x['folderId']] + '/' + x['name'] : + x['login']['password'] + for x in data['items'] + if x['type'] == 1 + } +print(passwords) + +for p in passwords: + echo = subprocess.run(["echo", passwords[p]], + check=True, + capture_output=True + ) + pass2pass = subprocess.run(["pass", "insert", "-e", p], + input=echo.stdout, + capture_output=True + ) + print(pass2pass.stdout) |