-
Notifications
You must be signed in to change notification settings - Fork 34
Expand file tree
/
Copy pathConnect-ActiveDirectory.ps1
More file actions
165 lines (154 loc) · 6.61 KB
/
Connect-ActiveDirectory.ps1
File metadata and controls
165 lines (154 loc) · 6.61 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
function Connect-ActiveDirectory {
<#
.EXAMPLE
$cred = Get-Credential
$a = Connect-ActiveDirectory -ADContextType:DirectoryEntry -Creds $cred -ComputerName 10.10.10.10
$a.Path = 'LDAP://10.10.10.10/RootDSE'
$a.namingContexts
Description
-----------
Using alternate credentials connect to 10.10.10.10 then browse to the RootDSE and use it to list all the available AD partitions
.EXAMPLE
$cred = Get-Credential
$a = Connect-ActiveDirectory -ADContextType:DirectoryEntry -Creds $cred -ComputerName 10.10.10.10
$a.Path = 'LDAP://10.10.10.10/RootDSE'
$Domains = Connect-ActiveDirectory -ADContextType:Domain -Creds $cred -Computer 10.10.10.10
$DCs = $Domains.DomainControllers
ForEach($partition in ($a.namingContexts)) {
Write-Host -ForegroundColor:Magenta "Partition: $($partition)"
Foreach ($DC in $DCs) {
$domainControllerMetadata = $DC.GetReplicationMetadata($partition)
$dsaSignature = $domainControllerMetadata.Item("dsaSignature")
Write-Host -ForegroundColor:DarkMagenta " Server = $($DC) --- Backed up $($dsaSignature.LastOriginatingChangeTime.DateTime)`n"
}
}
Description
-----------
Using alternate credentials connect to 10.10.10.10 then enumerate the partitions in the domain as well as the DCs. Then generate a report of the last backup
time being reported on each DC for each partition.
#>
[CmdletBinding()]
param (
[Parameter(ParameterSetName='Credential')]
[Parameter(ParameterSetName='CredentialObject')]
[Parameter(ParameterSetName='Default')]
[string]$ComputerName,
[Parameter(ParameterSetName='Credential')]
[string]$DomainName,
[Parameter(ParameterSetName='Credential', Mandatory=$true)]
[string]$UserName,
[Parameter(ParameterSetName='Credential', HelpMessage='Password for Username in remote domain.', Mandatory=$true)]
[string]$Password,
[parameter(ParameterSetName='CredentialObject',HelpMessage='Full credential object',Mandatory=$True)]
[System.Management.Automation.PSCredential]$Creds,
[Parameter(HelpMessage='Context to return, forest, domain, or DirectoryEntry.')]
[ValidateSet('Domain','Forest','DirectoryEntry','ADContext')]
[string]$ADContextType = 'ADContext'
)
$UsingAltCred = $false
# If the username was passed in domain\<username> or username@domain then gank the domain name for later use
if (($UserName -split "\\").Count -gt 1) {
$DomainName = ($UserName -split "\\")[0]
$UserName = ($UserName -split "\\")[1]
}
if (($UserName -split "\@").Count -gt 1) {
$DomainName = ($UserName -split "\@")[1]
$UserName = ($UserName -split "\@")[0]
}
switch ($PSCmdlet.ParameterSetName) {
'CredentialObject' {
if ($Creds.GetNetworkCredential().Domain -ne '') {
$UserName= $Creds.GetNetworkCredential().UserName
$Password = $Creds.GetNetworkCredential().Password
$DomainName = $Creds.GetNetworkCredential().Domain
$UsingAltCred = $true
}
else {
throw 'The credential object must include a defined domain.'
}
}
'Credential' {
if (-not $DomainName) {
Write-Error 'Username must be in @domainname.com or <domainname>\<username> format or the domain name must be manually passed in the DomainName parameter'
return $null
}
else {
$UserName = $DomainName + '\' + $UserName
$UsingAltCred = $true
}
}
}
$ADServer = ''
# If a computer name was specified then we will attempt to perform a remote connection
if ($ComputerName) {
# If a computername was specified then we are connecting remotely
$ADServer = "LDAP://$($ComputerName)"
$ContextType = [System.DirectoryServices.ActiveDirectory.DirectoryContextType]::DirectoryServer
if ($UsingAltCred) {
$ADContext = New-Object System.DirectoryServices.ActiveDirectory.DirectoryContext $ContextType, $ComputerName, $UserName, $Password
}
else {
if ($ComputerName) {
$ADContext = New-Object System.DirectoryServices.ActiveDirectory.DirectoryContext $ContextType, $ComputerName
}
else {
$ADContext = New-Object System.DirectoryServices.ActiveDirectory.DirectoryContext $ContextType
}
}
try {
switch ($ADContextType) {
'ADContext' {
return $ADContext
}
'DirectoryEntry' {
if ($UsingAltCred) {
return New-Object System.DirectoryServices.DirectoryEntry($ADServer ,$UserName, $Password)
}
else {
return New-Object -TypeName System.DirectoryServices.DirectoryEntry $ADServer
}
}
'Forest' {
return [System.DirectoryServices.ActiveDirectory.Forest]::GetForest($ADContext)
}
'Domain' {
return [System.DirectoryServices.ActiveDirectory.Domain]::GetDomain($ADContext)
}
}
}
catch {
throw
}
}
# If using just an alternate credential without specifying a remote computer (dc) to connect they
# try connecting to the locally joined domain with the credentials.
if ($UsingAltCred) {
# *** FINISH ME ***
}
# We have not specified another computer or credential so connect to the local domain if possible.
try {
$ContextType = [System.DirectoryServices.ActiveDirectory.DirectoryContextType]::Domain
}
catch {
throw 'Unable to connect to a default domain. Is this a domain joined account?'
}
try {
switch ($ADContextType) {
'ADContext' {
return New-Object System.DirectoryServices.ActiveDirectory.DirectoryContext $ContextType
}
'DirectoryEntry' {
return [System.DirectoryServices.DirectoryEntry]''
}
'Forest' {
return [System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest()
}
'Domain' {
return [System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()
}
}
}
catch {
throw
}
}