diff options
Diffstat (limited to 'AD-powershell-tools')
| -rw-r--r-- | AD-powershell-tools/README.md | 2 | ||||
| -rw-r--r-- | AD-powershell-tools/ad-bulk-reset.ps1 | 27 | ||||
| -rw-r--r-- | AD-powershell-tools/ad-user-report.ps1 | 18 | ||||
| -rw-r--r-- | AD-powershell-tools/bulk-disable.ps1 | 10 | ||||
| -rw-r--r-- | AD-powershell-tools/bulk-reactivate.ps1 | 9 | ||||
| -rw-r--r-- | AD-powershell-tools/bulk-reset.ps1 | 24 | ||||
| -rw-r--r-- | AD-powershell-tools/test-ad-credentials.ps1 | 47 |
7 files changed, 109 insertions, 28 deletions
diff --git a/AD-powershell-tools/README.md b/AD-powershell-tools/README.md index 2b65598..97f35cd 100644 --- a/AD-powershell-tools/README.md +++ b/AD-powershell-tools/README.md @@ -1 +1 @@ -Some useful AD scripts I use +Some AD convenience scripts diff --git a/AD-powershell-tools/ad-bulk-reset.ps1 b/AD-powershell-tools/ad-bulk-reset.ps1 deleted file mode 100644 index aa16515..0000000 --- a/AD-powershell-tools/ad-bulk-reset.ps1 +++ /dev/null @@ -1,27 +0,0 @@ -# Usage: ad-bulk-reset.ps1 <user-list-file>
-Import-Module ActiveDirectory
-
-function Gen-Random-Password {
- $str = ""
- for ($i = 0; $i -lt 24 ; $i++) {
- $rand = Get-Random -Minimum 32 -Maximum 127
- $str += [char]$rand
- }
- $newpwd = ConvertTo-SecureString -String [String]$str -AsPlainText -Force
- return $newpwd
-}
-
-# Import users from CSV
-$csv = Get-Content $args[0]
-
-ForEach ($user in $csv) {
- $newPassword = Gen-Random-Password
-
- # Reset user password.
- Set-ADAccountPassword -Identity $user -NewPassword $newPassword -Reset
-
- # Force user to reset password at next logon.
- # Remove this line if not needed for you
- #Set-AdUser -Identity $user -ChangePasswordAtLogon $true
- Write-Host $user"'s password has been reset"
-}
diff --git a/AD-powershell-tools/ad-user-report.ps1 b/AD-powershell-tools/ad-user-report.ps1 new file mode 100644 index 0000000..954a34a --- /dev/null +++ b/AD-powershell-tools/ad-user-report.ps1 @@ -0,0 +1,18 @@ +# Simple user report script
+param (
+ [switch]$report
+ )
+
+Import-Module ActiveDirectory
+
+$today=(get-date -Format "yyyy-MM-dd")
+$users = Get-ADUser -filter * | Sort-Object name
+
+if($report) {
+ $fn = "users-$today.csv"
+ $users | export-csv .\$fn
+ [Console]::Error.WriteLine("Saved result list to $fn")
+} else {
+ [Console]::Error.WriteLine("Writing device list to stdout")
+ write-output $users
+}
diff --git a/AD-powershell-tools/bulk-disable.ps1 b/AD-powershell-tools/bulk-disable.ps1 new file mode 100644 index 0000000..e1fd180 --- /dev/null +++ b/AD-powershell-tools/bulk-disable.ps1 @@ -0,0 +1,10 @@ +# Import users from CSV and disable them
+
+Import-Module ActiveDirectory
+
+$csv = Get-Content $args[0]
+
+ForEach ($user in $csv) {
+ Disable-ADAccount -Identity $user
+ Write-Host $user"'s account has been fully disabled"
+}
diff --git a/AD-powershell-tools/bulk-reactivate.ps1 b/AD-powershell-tools/bulk-reactivate.ps1 new file mode 100644 index 0000000..e287aea --- /dev/null +++ b/AD-powershell-tools/bulk-reactivate.ps1 @@ -0,0 +1,9 @@ +Import-Module ActiveDirectory
+
+$csv = Get-Content $args[0]
+
+ForEach ($user in $csv) {
+ Enable-ADAccount -Identity $user
+
+ Write-Host $user"'s account has been re-enabled"
+}
diff --git a/AD-powershell-tools/bulk-reset.ps1 b/AD-powershell-tools/bulk-reset.ps1 new file mode 100644 index 0000000..e66aad6 --- /dev/null +++ b/AD-powershell-tools/bulk-reset.ps1 @@ -0,0 +1,24 @@ +Import-Module ActiveDirectory
+
+function Gen-Random-Password {
+ $str = ""
+ for ($i = 0; $i -lt 24 ; $i++) {
+ $rand = Get-Random -Minimum 32 -Maximum 127
+ $str += [char]$rand
+ }
+ $newpwd = ConvertTo-SecureString -String [String]$str -AsPlainText -Force
+ return $newpwd
+}
+
+# Import users from CSV
+$csv = Get-Content $args[0]
+
+ForEach ($user in $csv) {
+ $newPassword = Gen-Random-Password
+
+ # Reset user password.
+ Set-ADAccountPassword -Identity $user -NewPassword $newPassword -Reset
+
+ Write-Host $user"'s password has been reset"
+ Write-Host $newPassword
+}
diff --git a/AD-powershell-tools/test-ad-credentials.ps1 b/AD-powershell-tools/test-ad-credentials.ps1 new file mode 100644 index 0000000..bd0ba84 --- /dev/null +++ b/AD-powershell-tools/test-ad-credentials.ps1 @@ -0,0 +1,47 @@ +# Adapted from: https://itpro-tips.com/test-ad-authentication-with-powershell/
+# The interesting bit about this one is that it doesn't seem to get logged by AD,
+# so you won't end up with false positives from testing creds
+
+function Test-ADAuthentication {
+ Param(
+ [Parameter(Mandatory)]
+ [string]$User,
+ [Parameter(Mandatory)]
+ $Password,
+ [Parameter(Mandatory = $false)]
+ $Server,
+ [Parameter(Mandatory = $false)]
+ [string]$Domain = $env:USERDOMAIN
+ )
+
+ Add-Type -AssemblyName System.DirectoryServices.AccountManagement
+
+ $contextType = [System.DirectoryServices.AccountManagement.ContextType]::Domain
+
+ $argumentList = New-Object -TypeName "System.Collections.ArrayList"
+ $null = $argumentList.Add($contextType)
+ $null = $argumentList.Add($Domain)
+
+ if($null -ne $Server){
+ $argumentList.Add($Server)
+ }
+
+ $principalContext = New-Object System.DirectoryServices.AccountManagement.PrincipalContext -ArgumentList $argumentList -ErrorAction SilentlyContinue
+
+ if ($null -eq $principalContext) {
+ Write-Warning "$Domain\$User - AD Authentication failed"
+ }
+
+ if ($principalContext.ValidateCredentials($User, $Password)) {
+ Write-Output "$Domain\$User - AD Authentication OK"
+ }
+ else {
+ Write-Warning "$Domain\$User - AD Authentication failed"
+ }
+}
+
+$csv = Import-Csv $args[0]
+ForEach ($userpass in $csv) {
+ Test-ADAuthentication -User $userpass.user -Password $userpass.password
+}
+
|