diff options
| author | Kevin Robertson <robertsonk@gmail.com> | 2018-05-02 22:53:15 -0400 |
|---|---|---|
| committer | Kevin Robertson <robertsonk@gmail.com> | 2018-05-02 22:53:15 -0400 |
| commit | 4934f19aae7f860498e11731fc512aa663e1b159 (patch) | |
| tree | cc444240a1f3d4146e04cdd23e705ee98baa4102 /Get-MachineAccountAttribute.ps1 | |
| parent | f256cec3905f70689fbad89c2a0883b80d06dd03 (diff) | |
| download | Powermad-dev.tar.gz Powermad-dev.zip | |
Added credential parameter to machine account toolsdev
Added the ability to accept creds for all of the machine account
scripts. Also syncing Invoke-DNSUpdate with version that is currently in
the Inveigh dev branch.
Diffstat (limited to 'Get-MachineAccountAttribute.ps1')
| -rw-r--r-- | Get-MachineAccountAttribute.ps1 | 70 |
1 files changed, 55 insertions, 15 deletions
diff --git a/Get-MachineAccountAttribute.ps1 b/Get-MachineAccountAttribute.ps1 index fa58cd0..96c10f9 100644 --- a/Get-MachineAccountAttribute.ps1 +++ b/Get-MachineAccountAttribute.ps1 @@ -10,11 +10,18 @@ function Get-MachineAccountAttribute Author: Kevin Robertson (@kevin_robertson) License: BSD 3-Clause + .PARAMETER Credential + Credentials for LDAP. + .PARAMETER DistinguishedName Distinguished name for the computers OU. .PARAMETER Domain - The targeted domain. + The targeted domain. This parameter is mandatory on a non-domain attached system. Note this parameter + requires a DNS domain name and not a NetBIOS version. + + .PARAMETER DomainController + Domain controller to target. This parameter is mandatory on a non-domain attached system. .PARAMETER MachineAccount The username of the machine account that will be modified. @@ -22,9 +29,6 @@ function Get-MachineAccountAttribute .PARAMETER Attribute The machine account attribute. - .PARAMETER Value - The machine account attribute value. - .EXAMPLE Get-MachineAccountAttribute -MachineAccount payroll -Attribute description @@ -37,10 +41,44 @@ function Get-MachineAccountAttribute ( [parameter(Mandatory=$false)][String]$DistinguishedName, [parameter(Mandatory=$false)][String]$Domain, + [parameter(Mandatory=$false)][String]$DomainController, [parameter(Mandatory=$true)][String]$MachineAccount, - [parameter(Mandatory=$true)][String]$Attribute + [parameter(Mandatory=$true)][String]$Attribute, + [parameter(Mandatory=$false)][System.Management.Automation.PSCredential]$Credential ) + if(!$DomainController) + { + + try + { + $DomainController = [System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain().DomainControllers[0].Name + } + catch + { + Write-Output "[-] domain controller not located" + throw + } + + } + + if(!$Domain) + { + + try + { + $Domain = [System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain().Name + } + catch + { + $error_message = $_.Exception.Message + $error_message = $error_message -replace "`n","" + Write-Output "[-] $error_message" + throw + } + + } + if($MachineAccount.EndsWith('$')) { $machine_account = $MachineAccount.SubString(0,$MachineAccount.Length - 1) @@ -50,19 +88,12 @@ function Get-MachineAccountAttribute $machine_account = $MachineAccount } - if(!$Domain) - { - $domain = [System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain().Name - } - if(!$DistinguishedName) { - $distinguished_name = "CN=$machine_account,CN=Computers" + $DC_array = $Domain.Split(".") - $DCArray = $Domain.Split(".") - - ForEach($DC in $DCArray) + ForEach($DC in $DC_array) { $distinguished_name += ",DC=$DC" } @@ -73,7 +104,16 @@ function Get-MachineAccountAttribute $distinguished_name = "$DistinguishedName" } - $account = New-Object System.DirectoryServices.DirectoryEntry "LDAP://$distinguished_name" + Write-Verbose "[+] Distinguished Name=$distinguished_name" + + if($Credential) + { + $account = New-Object System.DirectoryServices.DirectoryEntry("LDAP://$DomainController/$distinguished_name",$Credential.UserName,$credential.GetNetworkCredential().Password) + } + else + { + $account = New-Object System.DirectoryServices.DirectoryEntry "LDAP://$DomainController/$distinguished_name" + } try { |