-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathsport.ps1
376 lines (280 loc) · 11.1 KB
/
sport.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
<#
.SYNOPSIS
Name: sport.ps1
The purpose of this script is to provide an immediate change
to a student AD account password.
.DESCRIPTION
This script will provide an interface to change a student's
Active Directory account password, while storing changes
meant to go back to the another source.
.PARAMETER BulkStage
An optional parameter. If provided the script will assume
the parameter to be a file path to a list of usernames
for which passwords need to be reset.
.NOTES
Version: 1.1.0
Updated: Sep 3, 2020 Added ability to import a bulk
list of users at initial run
to add immediately to stage list;
Started using more effective
and proper methods in the arraylist
class.
Release Date: Aug 31, 2020
Author:
Maximillian Schmidt - Server Admin
Clackamas Education Service District - Technology Services
#>
#region PRE-SCRIPT
Param
(
[Parameter (Mandatory = $false)][string] $BulkStage = "NONE"
)
# The path to the word list used in 3-12 password generation
$wordList = Get-Content -Path '.\five-letter-word-list.txt'
# The LDAP OU where all school OUs reside;
# the parent OU of all the OUs in which students reside in AD
$studentRootOU = ""
# Output password diff list location for temporary storage
$outputLocation = ""
# Output file location
$fileName = $outputLocation + "password-diffs.csv"
# If the directory doesn't exist
if (! (Test-Path -PathType Container -Path $outputLocation))
{
# Create the directory
New-Item -ItemType Directory -Path $outputLocation
}
# The list of staged objects to store for insertion
# into the list returning to the ESD
[System.Collections.ArrayList]$stagedPasswordList = @()
Clear-Host
Write-Host "### Student Password Okay Reset Tool ###`n`n" -ForegroundColor Cyan
Start-Sleep -Seconds 2
#endregion
#region FUNCTIONS
function Set-StagedPasswords()
{
if ($stagedPasswordList.Count -gt 0)
{
Write-Host "`nSetting all passwords in AD...`n"
$stagedPasswordList | ForEach-Object {
#Write-Host "Set password for $($_.username) to $($_.password)"
Set-ADAccountPassword -Identity $($_.username) -Reset -NewPassword (ConvertTo-SecureString -AsPlainText "$($_.password)" -Force)
}
Write-Host "`n DONE`n" -ForegroundColor Yellow
Write-Host "`nAppending users to the merge-request list...`n"
$stagedPasswordList | Export-Csv -Path $fileName -NoTypeInformation -Append
Write-Host " DONE`n" -ForegroundColor Yellow
}
else
{
Write-Host "INFO: No staged passwords to commit!" -ForegroundColor Yellow
}
}
function New-PasswordReset()
{
$ADUser = $null
Write-Host ""
$requestedUsername = Read-Host "+ Username "
Write-Host ""
$ADUser = Get-ADUser -Identity $requestedUsername -Properties Description,PasswordLastSet,CN
$CNCommaCount = (("$($ADUser.CN)".Split(',')).Count - 1)
# !NOTE! - Update with: $currentLocation = "$($ADStudent.DistinguishedName)" -replace "(CN=)(.*?)(?<!\\),OU","OU"
$currentLocation = "$($ADUser.DistinguishedName)".Split(",",$CNCommaCount + 2)[$CNCommaCount + 1]
$currentLocationParent = "$($ADUser.DistinguishedName)".Split(",",$CNCommaCount + 3)[$CNCommaCount + 2]
Write-Host " Name : $($ADUser.Name)"
Write-Host " Description : $($ADUser.Description)"
Write-Host " Path : $($currentLocation)"
Write-Host " PasswordLastSet : $($ADUser.PasswordLastSet)`n"
if ($currentLocationParent -ne $studentRootOU)
{
throw "Specified user exists in non-student OU"
}
Write-Host " Please double check the PassWordLastSet!`n" -ForegroundColor Yellow
$confirmation = Read-Host -Prompt "+ Are you sure you wish to change this account password? (Y/N)"
if (($confirmation -like "Y*") -or ($confirmation -like "y*"))
{
$gradeLevel = Read-Host "`n+ What grade is the student in? (K-12)"
if (([Int]$gradeLevel -lt 3) -or ($gradeLevel -eq "K") -or ($gradeLevel -eq "k"))
{
throw "Student not in grade level to receive new password"
}
else
{
$builtPassword = "$(Get-Random -InputObject $wordList)" # Select a random line from the input file
$builtPassword += "$((Get-Random) % 10)" # Append a random number between 0 and 9 (inclusive)
$builtPassword += "$((Get-Random) % 10)"
$builtPassword += "$((Get-Random) % 10)"
$builtPassword += "$((Get-Random) % 10)"
$user = [PSCustomObject]@{
username = $requestedUsername
password = $builtPassword
path = $currentLocation
givenName = $ADUser.givenName
surname = $ADUser.surname
description = $ADUser.Description
}
Clear-Host
Write-Host "`n ADDED: $requestedUsername`n TO LIST`n"
Write-Host " Password: " -NoNewline
Write-Host "$builtPassword`n" -ForegroundColor Cyan
return $user
}
}
}
function Import-BulkList()
{
if ($bulkStage -ne "NONE")
{
Write-Host " # Bulk stage file parameter provided! #`n" -ForegroundColor Yellow
Start-Sleep -Seconds 1
$usernames = Get-Content -Path "$bulkStage"
foreach ($account in $usernames)
{
$ADUser = Get-ADUser -Identity $account -Properties Description,PasswordLastSet,CN
if ($ADUser)
{
$CNCommaCount = (("$($ADUser.CN)".Split(',')).Count - 1)
# !NOTE! - Update with: $currentLocation = "$($ADStudent.DistinguishedName)" -replace "(CN=)(.*?)(?<!\\),OU","OU"
$currentLocation = "$($ADUser.DistinguishedName)".Split(",",$CNCommaCount + 2)[$CNCommaCount + 1]
$currentLocationParent = "$($ADUser.DistinguishedName)".Split(",",$CNCommaCount + 3)[$CNCommaCount + 2]
if ($currentLocationParent -ne $studentRootOU)
{
Write-Host "Specified user * $account * exists in non-student OU!`nCannot reset password for non-student account!" -ForegroundColor Red
continue
}
$builtPassword = "$(Get-Random -InputObject $wordList)" # Select a random line from the input file
$builtPassword += "$((Get-Random) % 10)" # Append a random number between 0 and 9 (inclusive)
$builtPassword += "$((Get-Random) % 10)"
$builtPassword += "$((Get-Random) % 10)"
$builtPassword += "$((Get-Random) % 10)"
$user = [PSCustomObject]@{
username = $account
password = $builtPassword
path = $currentLocation
givenName = $ADUser.givenName
surname = $ADUser.surname
description = $ADUser.Description
}
$stagedPasswordList.Add($user) | Out-Null
}
else
{
Write-Host "Username * $account * not found in AD!" -ForegroundColor Red
continue
}
}
}
}
function Get-Help()
{
Write-Host "`nUsage:"
Write-Host " SPORT ~ [: <COMMAND>`n"
Write-Host "Commands:"
Write-Host " commit : Commit all staged changes to the merge-request list (to be merged into Synergy)"
Write-Host " help|? : Display this help message"
Write-Host " list : Display password changes already committed (on the merge-request list)"
Write-Host " quit : Exit the Student Password Okay Reset Tool"
Write-Host " remove : Remove a staged password reset"
Write-Host " stage : Stage a password reset (mode indicated by an asterisk in the prompt)"
Write-Host " status : Display password changes not yet committed"
Write-Host ""
}
function Get-MergeRequestList()
{
if (Test-Path -PathType Leaf -Path $fileName)
{
$currentData = Import-Csv -Path $fileName
Write-Host "`n # Current Merge-Request List # `n" -ForegroundColor Magenta
Write-Host "username path`n-------- ----"
foreach ($user in $currentData)
{
Write-Host "$($user.username) " -NoNewline
Write-Host "$($user.path)"
}
Write-Host ""
}
else
{
Write-Host "`nINFO: No current merge-list detected`n"
}
}
function Get-StagedPasswords()
{
if ($stagedPasswordList.Count -gt 0)
{
Write-Host "`n # Usernames Staged for Password Reset # `n" -ForegroundColor Yellow
Write-Host "username path`n-------- ----"
foreach ($user in $stagedPasswordList)
{
Write-Host "$($user.username) " -NoNewline
Write-Host "$($user.path)"
}
Write-Host ""
}
else
{
Write-Host "`nINFO: No users staged for password resets`n"
}
}
function Remove-StagedPassword()
{
Write-Host ""
if ($stagedPasswordList.Count -gt 0)
{
$requestedUsername = Read-Host "- Username "
$userObject = $stagedPasswordList | Where-Object {$_.username -eq "$requestedUsername"}
if ($userObject)
{
$stagedPasswordList.Remove($userObject)
Write-Host "- Removed...`n" -ForegroundColor Cyan
}
else
{
Write-Host "- Username not found in the list of staged changes!" -ForegroundColor Red
}
}
else
{
Write-Host "INFO: Staged list is empty!`n" -ForegroundColor Yellow
}
}
#endregion
Get-MergeRequestList
#region OPTIONAL BULK IMPORT
Import-BulkList
if ($stagedPasswordList.Count -gt 0)
{
Write-Host " # Passwords generated from bulk stage #`n" -ForegroundColor Yellow
foreach ($entry in $stagedPasswordList)
{
Write-Host "$($entry.username) : " -NoNewline
Write-Host "$($entry.password)`n" -ForegroundColor Cyan
}
}
#endregion
#region MAIN WRAPPER
$response = "StartMeUp"
$continueLoop = $true
Write-Host ""
while ($continueLoop -eq $true)
{
$response = Read-Host -Prompt "SPORT ~ ["
$formatted = "$response".ToLower()
switch ($formatted)
{
commit {Set-StagedPasswords; $stagedPasswordList.Clear; break}
help {Get-Help; break}
"?" {Get-Help; break}
list {Get-MergeRequestList; break}
quit {$continueLoop = $false; break}
remove {Remove-StagedPassword; break}
stage {try {$stagedPasswordList += New-PasswordReset} catch { Write-Host "$($_)" -ForegroundColor Red }; break}
status {Get-StagedPasswords; break}
"" {break}
default {Write-Host "Unknown command..."; break}
}
}
Write-Host "`nComplete`n" -ForegroundColor Green
#endregion