Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #--Lade AD Modul und Domänennamen--
- Try
- {Import-Module ActiveDirectory -ErrorAction Stop
- }
- Catch
- {
- Import-Module ServerManager
- Add-WindowsFeature RSAT-AD-Powershell
- Import-Module ActiveDirectory -ErrorAction Stop
- }
- $forest = Get-ADForest #Für die Registrierung der neuen Benutzer!
- foreach ($Domain in $forest.Domains)
- {
- $Domaene = "@$Domain"
- }
- #--Ende Laden--
- #--Anfang Config-- Ab hier änderbar!
- $chars = [Char[]] "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ!@$%&#*+-%~/\()=?ß1234567890"#Zeichen des zufälligen Passwortes
- #--Benutzer mit extra-Berechtigugnen--
- $task = "admin_task"
- $comlab = "admin_comlab" #Domänen-Admin der überprüft, und angelegt wird falls nicht vorhanden
- $backupuser = "admin_backup" #Domänen-Benutzer der für den Backup-Job vorgesehen ist. Bekommt die Gruppe DG_G_Backup
- $admin_not = "admin_not" #Domänen-Admin der in Notfällen eingesetzt wird
- $admin_bezeichnung = "Domänen-Admins" #Bezeichnung der Domänen-Admins (z.B. bei einer englischen Version anders)
- #--Protector--
- $mailgate = "mailgate" #Benutzer für den Protector
- $backupgroup = "DG_G_Backup" #Gruppe für den Backup-User
- $Protector_Whitelist = "protector_whitelist" #Selbsterklärend
- $Protector_Blacklist = "protector_blacklist" #Selbsterklärend
- #--Pfad--
- $path = Read-Host "Pfad zum Speichern der Kennwörter (z.B. C:\) ORDNER MUSS VORHANDEN SEIN!"
- #--Ende Config--
- #--| Achtung! ab hier bitte nichts mehr verändern! |--
- $passwordlist = $null
- if (!$path)
- {
- $path = $PSScriptRoot
- }
- else
- {
- }
- #--Benutzer in array $adminusers anlegen bzw. Kennwörter ändern--
- $adminusers = $task, $backupuser, $admin_not
- foreach($item in $adminusers)
- {
- if (Get-AdUser -Filter {SamAccountName -eq $item})
- {
- $password = ($chars | Get-Random -Count 16) -join ""
- $securepass = $password | ConvertTo-SecureString -AsPlainText -Force
- Set-ADAccountPassword $item -NewPassword $securepass
- $passwordlist += $item + ":" + $password
- }
- #Kontos anlegen
- else
- {
- $password = ($chars | Get-Random -Count 16) -join ""
- $securepass = $password | ConvertTo-SecureString -AsPlainText -Force
- New-ADUser -Name $item -UserPrincipalName $item$Domaene -AccountPassword $securepass -Enabled $True
- $passwordlist += $item + ":" + $password
- }
- }
- if (Get-ADGroup -Filter {Name -eq $backupgroup})
- {
- Add-AdGroupMember -Identity $backupgroup -Members $backupuser
- }
- else
- {
- New-ADGroup -Name DG_G_Backup -GroupScope Global
- Add-AdGroupMember -Identity $backupgroup -Members $backupuser
- }
- Write-Host "Kennwort für" $comlab "eingeben"
- $password = Read-Host
- $securepass = $password | ConvertTo-SecureString -AsPlainText -Force
- if (Get-AdUser -Filter {SamAccountName -eq $comlab})
- {
- Set-ADAccountPassword $comlab -NewPassword $securepass
- }
- else
- {
- New-ADUser -Name $comlab -UserPrincipalName "$comlab$Domaene" -AccountPassword $securepass -Enabled $True
- }
- $passwordlist += $comlab + ":" + $password
- Add-AdGroupMember -Identity $admin_bezeichnung -Members $comlab
- Add-AdGroupMember -Identity $admin_bezeichnung -Members $admin_not
- #--Popup mittels WinForms mit JA/NEIN bestätigen--
- [System.Reflection.Assembly]::LoadWithPartialName("System.Windows.Forms")
- $caption = "Protector!"
- $nachricht = "Protector im AD einrichten?"
- $yesNoButtons = 4
- $root = [adsi]"LDAP://rootdse"
- $un = $root.get("rootDomainNamingContext")
- if ([System.Windows.Forms.MessageBox]::Show($nachricht, $caption, $yesNoButtons) -eq "NO"){
- }
- else{
- #--Protectorgruppen & Benutzer (blacklist, whitelist, mailgate) einrichten--
- New-ADOrganizationalUnit -Name "Protector"
- New-AdGroup -Name $protector_whitelist -path "ou=Protector,$un" -GroupScope Global
- New-AdGroup -Name $protector_blacklist -path "ou=Protector,$un" -GroupScope Global
- $password = ($chars | Get-Random -Count 16) -join ""
- $securepass = $password | ConvertTo-SecureString -AsPlainText -Force
- if (Get-AdUser -Filter {SamAccountName -eq $mailgate})
- {
- Set-ADAccountPassword $mailgate -NewPassword $securepass
- }
- else
- {
- New-ADUser -Name $mailgate -UserPrincipalName "$mailgate$Domaene" -AccountPassword $securepass -Enabled $True
- }
- {
- if (Get-AdUser -Filter {SamAccountName -eq $mailgate})
- {
- Set-ADAccountPassword $mailgate -NewPassword $securepass
- }
- else
- {
- New-ADUser -Name $mailgate -UserPrincipalName "$mailgate$Domaene" -AccountPassword $securepass -Enabled $True
- }
- }
- #--Output nach Textdatei--
- $passwordlist += $mailgate + ":" + $password
- }
- $passwordlist | Out-File $path\Passwords.txt
- Read-Host
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement