API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jun 18th, 2019
110
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 3.13 KB | None | 0 0
raw download clone embed print report
  1.  
  2. Param
  3. (
  4. )
  5.  
  6. Write-Verbose "Get current Active Directory domain... "
  7. $ADForestInfo = [System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest()
  8. $ADForestInfoRootDomain = $ADForestInfo.RootDomain
  9. $ADForestInfoRootDomainDN = "DC=" + $ADForestInfoRootDomain -Replace("\.",',DC=')
  10.  
  11. $ADDomainInfoLGCDN = 'GC://' + $ADForestInfoRootDomainDN
  12.  
  13. Write-Verbose "Discovering service account SPNs in the AD Forest $ADForestInfoRootDomainDN "
  14. $root = [ADSI]$ADDomainInfoLGCDN
  15. $ADSearcher = new-Object System.DirectoryServices.DirectorySearcher($root,"(serviceprincipalname=kadmin/changepw)")
  16. $ADSearcher.PageSize = 5000
  17. $AllADKRBTGTAccountSPNs = $ADSearcher.FindAll()
  18.  
  19. $AllADKRBTGTAccountSPNsCount = $AllADKRBTGTAccountSPNs.Count
  20.  
  21. Write-Output "Processing $AllADKRBTGTAccountSPNsCount service accounts (user accounts) with SPNs discovered in AD Forest $ADForestInfoRootDomainDN `r "
  22.  
  23. $AllKRBTGTAccountReport = $Null
  24. ForEach ($AllADKRBTGTAccountSPNsItem in $AllADKRBTGTAccountSPNs)
  25. {
  26. $KRBTGTAccountsItemDomain = $Null
  27. [array]$AllADKRBTGTAccountSPNsItemDNArray = ($AllADKRBTGTAccountSPNsItem.Properties.distinguishedname) -Split(",DC=")
  28. [int]$DomainNameFECount = 0
  29. ForEach ($AllADKRBTGTAccountSPNsItemDNArrayItem in $AllADKRBTGTAccountSPNsItemDNArray)
  30. {
  31. IF ($DomainNameFECount -gt 0)
  32. { [string]$KRBTGTAccountsItemDomain += $AllADKRBTGTAccountSPNsItemDNArrayItem + "." }
  33. $DomainNameFECount++
  34. }
  35. $KRBTGTAccountsItemDomain = $KRBTGTAccountsItemDomain.Substring(0,$KRBTGTAccountsItemDomain.Length-1)
  36.  
  37. [string]$KRBTGTAccountsItemSAMAccountName = $AllADKRBTGTAccountSPNsItem.properties.samaccountname
  38. [string]$KRBTGTAccountsItemdescription = $AllADKRBTGTAccountSPNsItem.properties.description
  39. [string]$KRBTGTAccountsItempwdlastset = $AllADKRBTGTAccountSPNsItem.properties.pwdlastset
  40. [string]$KRBTGTAccountsItemPasswordLastSetDate = [datetime]::FromFileTimeUTC($KRBTGTAccountsItempwdlastset)
  41. [string]$KRBTGTAccountsItemlastlogon = $AllADKRBTGTAccountSPNsItem.properties.lastlogon
  42. [string]$KRBTGTAccountsItemLastLogonDate = [datetime]::FromFileTimeUTC($KRBTGTAccountsItemlastlogon)
  43.  
  44. $KRBTGTAccountReport = New-Object -TypeName System.Object
  45. $KRBTGTAccountReport | Add-Member -MemberType NoteProperty -Name Domain -Value $KRBTGTAccountsItemDomain
  46. $KRBTGTAccountReport | Add-Member -MemberType NoteProperty -Name UserID -Value $KRBTGTAccountsItemSAMAccountName
  47. $KRBTGTAccountReport | Add-Member -MemberType NoteProperty -Name Description -Value $KRBTGTAccountsItemdescription
  48. $KRBTGTAccountReport | Add-Member -MemberType NoteProperty -Name PasswordLastSet -Value $KRBTGTAccountsItemPasswordLastSetDate
  49. $KRBTGTAccountReport | Add-Member -MemberType NoteProperty -Name LastLogon -Value $KRBTGTAccountsItemLastLogonDate
  50.  
  51. [array]$AllKRBTGTAccountReport += $KRBTGTAccountReport
  52.  
  53. }
  54.  
  55.  
  56. # $AllKRBTGTAccountReport | sort PasswordLastSet
  57.  
  58. return $AllKRBTGTAccountReport
  59. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!