diff options
Diffstat (limited to 'ansible/scripts/populate-ad.ps1')
| -rw-r--r-- | ansible/scripts/populate-ad.ps1 | 40 |
1 files changed, 25 insertions, 15 deletions
diff --git a/ansible/scripts/populate-ad.ps1 b/ansible/scripts/populate-ad.ps1 index 0b57c77..3d8917a 100644 --- a/ansible/scripts/populate-ad.ps1 +++ b/ansible/scripts/populate-ad.ps1 @@ -65,7 +65,7 @@ Function SetAclExtended($for, $to, $right, $extendedRightGUID, $inheritance) Set-ADObject $to -Description "$($for | Select-Object -ExpandProperty Name) has $right, $extendedRightGUID on this object" } -Write-Host "[INFO] Setting weak NTLM compatibility level" +Write-Host "[inf] Setting weak NTLM compatibility level" Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Lsa" -Name "LmCompatibilityLevel" -Value 1 -Force If (-Not (Get-ADOrganizationalUnit -SearchBase "$DomainNameDN" -Filter "Name -like '$DomainOU'")) { @@ -98,14 +98,14 @@ ForEach ($user in $users) { -PasswordNeverExpires $true $created_users += $user } catch { - Write-Host "[ERR] Failed to create user $user" + Write-Host "[err] Failed to create user $user" } } Get-RandomObject -User | % { Add-ADGroupMember -Identity "Domain Admins" -Members $_; Set-ADUser -Identity $_ -Description "domain admin" } Get-RandomObject -User | % { Add-ADGroupMember -Identity "Domain Admins" -Members $_; Set-ADUser -Identity $_ -Description "domain admin" } -Write-Host "[INFO] Created users: $($created_users -Join ', ')" +Write-Host "[inf] Created users: $($created_users -Join ', ')" $created_computers = @() 1..20 | % { @@ -115,16 +115,17 @@ $created_computers = @() New-ADComputer -SamAccountName "$server$_" -Name "$server$_" -DNSHostName "$server$_.$DomainName" -Path "OU=$ComputersOU,OU=$DomainOU,$DomainNameDN" $created_computers += $server } catch { - Write-Host "[ERR] Failed to create server $server$_" + Write-Host "[err] Failed to create server $server$_" } } } -Write-Host "[INFO] Created computers: $($created_computers -Join ', ')" +Write-Host "[inf] Created computers: $($created_computers -Join ', ')" $svc_users = @{ "svc_mssql01" = @{"type" = "spn"; "value" = "MSSQLSVC"} "svc_mssql02" = @{"type" = "spn"; "value" = "MSSQLSVC"} + "svc_websql01" = @{"type" = "spn"; "value" = @("MSSQLSVC", "HTTP")} "svc_cifs01" = @{"type" = "spn"; "value" = "CIFS"} "svc_cifs02" = @{"type" = "spn"; "value" = "CIFS"} "svc_iis01" = @{"type" = "spn"; "value" = "HTTP"} @@ -161,12 +162,21 @@ ForEach ($user in $svc_users.keys) { -Enabled $true ` -PasswordNeverExpires $true ` -PassThru - Set-ADUser -Identity "$u" -ServicePrincipalNames @{Add="$value/$comp"} - Set-ADObject $u -Description "SPN on $value/$comp" - $created_svc_users += "$user ($value/$comp)" + $spns = @() + if ($value -is [string]) { + $spns += "$value/$comp" + } else { + foreach ($v in $value) { + $spns += "$v/$comp" + } + } + + Set-ADUser -Identity "$u" -ServicePrincipalNames @{Add=$spns} + Set-ADObject $u -Description ("SPNs: " + ($spns -join ", ")) + $created_svc_users += "$user ($($spns -join ', '))" } catch { - Write-Host "[ERR] Failed to create $value/$comp for $user" + Write-Host "[err] Failed to create SPNs for $user" } } "group" { @@ -183,13 +193,13 @@ ForEach ($user in $svc_users.keys) { $created_svc_users += "$user ($value)" } catch { - Write-Host "[ERR] Failed to add $user to $value" + Write-Host "[err] Failed to add $user to $value" } } } } -Write-Host "[INFO] Created svc users: $($created_svc_users -Join ', ')" +Write-Host "[inf] Created svc users: $($created_svc_users -Join ', ')" $dcsync_user = Get-RandomObject -User $acl = Get-Acl -Path "AD:$DomainNameDN" @@ -210,19 +220,19 @@ $acl.AddAccessRule((New-Object System.DirectoryServices.ActiveDirectoryAccessRul Set-Acl -Path "AD:$adminsdholder" -AclObject $acl Set-ADObject $adminsdholder_user -Description "GenericAll on AdminSDHolder" -Write-Host "[INFO] Configuring anonymous LDAP binding via dsHeuristics for contoso.com" +Write-Host "[inf] Configuring anonymous LDAP binding via dsHeuristics for contoso.com" $rootDSE = Get-ADRootDSE $configNC = $rootDSE.ConfigurationNamingContext $directoryServicePath = "CN=Directory Service,CN=Windows NT,CN=Services,$configNC" $directoryService = Get-ADObject -Identity $directoryServicePath -Properties dsHeuristics $currentHeuristics = $directoryService.dsHeuristics $newHeuristics = "0000002" -Write-Host "[INFO] Overwriting dsHeuristics with '0000002'" +Write-Host "[inf] Overwriting dsHeuristics with '0000002'" Set-ADObject -Identity $directoryServicePath ` -Replace @{"dsHeuristics" = $newHeuristics} ` -Description "Anonymous LDAP enabled for contoso.com" ` -ErrorAction Stop -Write-Host "[INFO] Successfully set dsHeuristics to '$newHeuristics'" +Write-Host "[inf] Successfully set dsHeuristics to '$newHeuristics'" Set-ADDomain -Identity $DomainName -Replace @{"ms-DS-MachineAccountQuota"=50} @@ -301,7 +311,7 @@ Set-ADObject -Identity $constrained_delegation_comp1 -Add @{'msDS-AllowedToDeleg Set-ADAccountControl -Identity $constrained_delegation_comp1 -TrustedForDelegation $false -TrustedToAuthForDelegation $true Set-ADObject $constrained_delegation_comp1 -Description "msDS-AllowedToDelegateTo to $($constrained_delegation_comp2 | Select-Object -ExpandProperty Name)" -Write-Host "[INFO] Created vulnerable ACLs, delegation, and Kerberos configurations" +Write-Host "[inf] Created vulnerable ACLs, delegation, and Kerberos configurations" @" Domain content |