1 files changed, 55 insertions, 15 deletions
diff --git a/Get-MachineAccountAttribute.ps1 b/Get-MachineAccountAttribute.ps1
index fa58cd0..96c10f9 100644
--- a/Get-MachineAccountAttribute.ps1
+++ b/Get-MachineAccountAttribute.ps1
@@ -10,11 +10,18 @@ function Get-MachineAccountAttribute
     Author: Kevin Robertson (@kevin_robertson)  
     License: BSD 3-Clause 
 
+    .PARAMETER Credential
+    Credentials for LDAP.
+
     .PARAMETER DistinguishedName
     Distinguished name for the computers OU.
 
     .PARAMETER Domain
-    The targeted domain.
+    The targeted domain. This parameter is mandatory on a non-domain attached system. Note this parameter
+    requires a DNS domain name and not a NetBIOS version.
+
+    .PARAMETER DomainController
+    Domain controller to target. This parameter is mandatory on a non-domain attached system.
 
     .PARAMETER MachineAccount
     The username of the machine account that will be modified.
@@ -22,9 +29,6 @@ function Get-MachineAccountAttribute
     .PARAMETER Attribute
     The machine account attribute.
 
-    .PARAMETER Value
-    The machine account attribute value.
-
     .EXAMPLE
     Get-MachineAccountAttribute -MachineAccount payroll -Attribute description
 
@@ -37,10 +41,44 @@ function Get-MachineAccountAttribute
     (
         [parameter(Mandatory=$false)][String]$DistinguishedName,
         [parameter(Mandatory=$false)][String]$Domain,
+        [parameter(Mandatory=$false)][String]$DomainController,
         [parameter(Mandatory=$true)][String]$MachineAccount,
-        [parameter(Mandatory=$true)][String]$Attribute
+        [parameter(Mandatory=$true)][String]$Attribute,
+        [parameter(Mandatory=$false)][System.Management.Automation.PSCredential]$Credential
     )
 
+    if(!$DomainController)
+    {
+
+        try
+        {
+            $DomainController = [System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain().DomainControllers[0].Name
+        }
+        catch
+        {
+            Write-Output "[-] domain controller not located"
+            throw
+        }
+
+    }
+
+    if(!$Domain)
+    {
+
+        try
+        {
+            $Domain = [System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain().Name
+        }
+        catch
+        {
+            $error_message = $_.Exception.Message
+            $error_message = $error_message -replace "`n",""
+            Write-Output "[-] $error_message"
+            throw
+        }
+
+    }
+
     if($MachineAccount.EndsWith('$'))
     {
         $machine_account = $MachineAccount.SubString(0,$MachineAccount.Length - 1)
@@ -50,19 +88,12 @@ function Get-MachineAccountAttribute
         $machine_account = $MachineAccount  
     }
 
-    if(!$Domain)
-    {
-        $domain = [System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain().Name
-    }
-
     if(!$DistinguishedName)
     {
-
         $distinguished_name = "CN=$machine_account,CN=Computers"
+        $DC_array = $Domain.Split(".")
 
-        $DCArray = $Domain.Split(".")
-
-        ForEach($DC in $DCArray)
+        ForEach($DC in $DC_array)
         {
             $distinguished_name += ",DC=$DC"
         }
@@ -73,7 +104,16 @@ function Get-MachineAccountAttribute
         $distinguished_name = "$DistinguishedName"
     }
 
-    $account = New-Object System.DirectoryServices.DirectoryEntry "LDAP://$distinguished_name"
+    Write-Verbose "[+] Distinguished Name=$distinguished_name"
+
+    if($Credential)
+    {
+        $account = New-Object System.DirectoryServices.DirectoryEntry("LDAP://$DomainController/$distinguished_name",$Credential.UserName,$credential.GetNetworkCredential().Password)
+    }
+    else
+    {
+        $account = New-Object System.DirectoryServices.DirectoryEntry "LDAP://$DomainController/$distinguished_name"
+    }
 
     try
     {