Monday, October 23, 2023

Bulk RADIUS Client Additions on Multiple Servers

This PowerShell script is used to add RADIUS clients to multiple RADIUS servers. Below is a breakdown of the script's components:

  1. Synopsis: A brief description of the script's purpose.

 

  1. Description: An explanation of what the script does, including that it reads RADIUS client information from a CSV file and adds them to multiple RADIUS servers while logging the results.

 

  1. Notes: Includes metadata about the script, such as the file name, prerequisites, author, and date.

 

  1. Example: Shows how to use the script with example parameters.

The script defines a function called Add-RADIUSClients with three parameters:

  • $CsvPath: The path to the CSV file containing RADIUS client information.
  • $ServerListPath: The path to a text file containing a list of RADIUS server names.
  • $LogFilePath: The path to the log file where the script will log the results.

 

Within the function, it performs the following steps:

  1. Imports the RADIUS client information from the CSV file.

 

  1. Reads the list of RADIUS server names from the text file.

 

  1. Iterates through each server and each client to add RADIUS clients to the servers.

 

  1. Uses Invoke-Command to remotely execute the New-NpsRadiusClient cmdlet on each server, adding the RADIUS client.

 

  1. Logs the results to the specified log file, indicating success or any errors encountered.

The Try and Catch blocks are used to handle any errors that may occur during the process, logging the error messages to the log file.

The script concludes with an example usage section, where you can specify the paths to your CSV file, server list, and log file, and then call the Add-RADIUSClients function with these parameters.

Make sure to have PowerShell Remoting enabled on the target servers and the required modules imported for the script to work as expected.




<#

.SYNOPSIS

    Add-RADIUSClients - Add RADIUS clients to multiple servers.

 

.DESCRIPTION

    This script reads RADIUS client information from a CSV file and adds those clients

    to multiple RADIUS servers specified in a text file. It logs the results to a log file.

 

 

    Author: Navinya Ambre

    Date: 10/10/2023

 

.NOTES

    File Name      : Add-RADIUSClients.ps1

    Prerequisite   : PowerShell Remoting enabled on target servers, required modules imported.

 

.EXAMPLE

    .\Add-RADIUSClients.ps1 -CsvPath "C:\Path\To\radiusclient.csv" `

                            -ServerListPath "C:\Path\To\servers.txt" `

                            -LogFilePath "C:\Path\To\radiusclient.log"

 

#>


function Add-RADIUSClients {

    param (

        [string]$CsvPath,

        [string]$ServerListPath,

        [string]$LogFilePath

    )

 

    $ClientInfo = Import-Csv -Path $CsvPath

    $ServerNames = Get-Content -Path $ServerListPath

 

    foreach ($ServerName in $ServerNames) {

        ForEach ($Client in $ClientInfo) {

            Try {

                Invoke-Command -ComputerName $ServerName -ScriptBlock {

                    param ($Client)

                    New-NpsRadiusClient $Client.ClientName -Address $Client.Address -VendorName $Client.VendorName -AuthAttributeRequired $False -SharedSecret $Client.SharedSecret

                } -ArgumentList $Client -ErrorAction Stop

                Add-Content -Path $LogFilePath -Value "Added RADIUS client $($Client.ClientName) on $ServerName"

            } Catch {

                Add-Content -Path $LogFilePath -Value "Error adding RADIUS client $($Client.ClientName) on $ServerName : $_"

            }

        }

    }

}

# Example usage:

$CsvPath = "C:\Path\To\radiusclient.csv"

$ServerListPath = "C:\Path\To\servers.txt"

$LogFilePath = "C:\Path\To\radiusclient.log"

Add-RADIUSClients -CsvPath $CsvPath -ServerListPath $ServerListPath -LogFilePath $LogFilePath




Please consider this an open forum for sharing your thoughts, modifications, and suggestions regarding the script. Your input and feedback are highly encouraged and valued.


Posted by at No comments:

Active Directory Group Membership Replication Tool

This PowerShell script is a GUI application for replicating group memberships between two Active Directory users. Here's a breakdown of the script:

  1. It starts with comments using <# and #> to provide a synopsis, description, author information, and examples of how to use the script.

 

  1. The Add-Type -AssemblyName System.Windows.Forms command is used to load the System.Windows.Forms assembly, which is necessary for creating the graphical user interface.

 

  1. The script then creates a Windows Form by instantiating a System.Windows.Forms.Form object. This form will serve as the graphical interface for the tool.

 

  1. Labels are added for "Source User" and "Target User" to indicate where users should enter the source and target usernames.

 

  1. Textboxes are created for users to input the source and target usernames.

 

  1. A "Replicate Group Membership" button is added to trigger the replication process. When clicked, it retrieves the source and target usernames from the textboxes and performs the following steps: a. It retrieves the Active Directory object of the source user using Get-ADUser and specifies that it needs the MemberOf property to fetch the group memberships. b. If the source user exists, it fetches the list of groups the source user is a member of. c. It then retrieves the Active Directory object of the target user. d. If the target user exists, it iterates through the source user's group memberships and adds each group to the target user using Add-ADGroupMember. e. If the process is successful, a success message is displayed using MessageBox. If the source or target user is not found, an appropriate error message is displayed.

 

  1. Finally, the script displays the Windows Form using $Form.ShowDialog().

This script simplifies the process of replicating group memberships from one user to another in Active Directory, making it user-friendly and suitable for administrators managing user access within an organization's network resources.



<#

.SYNOPSIS

    This script creates a Windows Forms application for replicating group memberships between two Active Directory users.

.DESCRIPTION

 

    Author: Navinya Ambre

    Date: 10/10/2023

 

    This PowerShell script provides a user-friendly interface to replicate group memberships between two Active Directory (AD) users. Group memberships are crucial in controlling access to resources within an organization's network. This script simplifies the process of transferring group memberships from one user to another, helping administrators efficiently manage user access.

 

    When executed, the script displays a graphical interface that includes:

    - Input fields for specifying the source and target users.

    - A "Replicate Group Membership" button to initiate the replication process.

 

    The replication process involves the following steps:

    1. Retrieving the source user's AD object, including their group memberships.

    2. Verifying the existence of the target user.

    3. Adding the source user's group memberships to the target user.

 

    If successful, the script notifies the user with a success message. If errors occur (e.g., user not found), appropriate error messages are displayed.

 

    This script is particularly useful for administrators who need to efficiently manage group memberships, ensuring that users have the appropriate access privileges within the organization's network resources.

 

.NOTES

    - PowerShell Version: 5.1 or later

    - Active Directory module is required for AD operations.

 

.EXAMPLE

    To replicate group memberships:

    1. Launch the script.

    2. Enter the source user's name in the "Source User" textbox.

    3. Enter the target user's name in the "Target User" textbox.

    4. Click the "Replicate Group Membership" button.

 

    The script will attempt to replicate group memberships from the source user to the target user and display a success or error message accordingly.

 

#>

 

 

Add-Type -AssemblyName System.Windows.Forms

 

# Create the form

$Form = New-Object Windows.Forms.Form

$Form.Text = "Group Membership Replication Tool"

$Form.Size = New-Object Drawing.Size(400, 200)

$Form.StartPosition = "CenterScreen"

$Form.FormBorderStyle = [Windows.Forms.FormBorderStyle]::FixedSingle

$Form.MaximizeBox = $false

 

# Labels

$sourceLabel = New-Object Windows.Forms.Label

$sourceLabel.Text = "Source User:"

$sourceLabel.Location = New-Object Drawing.Point(20, 20)

$Form.Controls.Add($sourceLabel)

 

$targetLabel = New-Object Windows.Forms.Label

$targetLabel.Text = "Target User:"

$targetLabel.Location = New-Object Drawing.Point(20, 50)

$Form.Controls.Add($targetLabel)

 

# Textboxes

$sourceTextBox = New-Object Windows.Forms.TextBox

$sourceTextBox.Location = New-Object Drawing.Point(120, 20)

$Form.Controls.Add($sourceTextBox)

 

$targetTextBox = New-Object Windows.Forms.TextBox

$targetTextBox.Location = New-Object Drawing.Point(120, 50)

$Form.Controls.Add($targetTextBox)

 

# Button

$replicateButton = New-Object Windows.Forms.Button

$replicateButton.Text = "Replicate Group Membership"

$replicateButton.Location = New-Object Drawing.Point(120, 90)

$replicateButton.Add_Click({

    $sourceUser = $sourceTextBox.Text

    $targetUser = $targetTextBox.Text

 

    # Retrieve the source user object

    $sourceUserObj = Get-ADUser -Identity $sourceUser -Properties MemberOf

 

    if ($sourceUserObj) {

        # Get the list of groups the source user is a member of

        $sourceGroups = $sourceUserObj.MemberOf

 

        # Retrieve the target user object

        $targetUserObj = Get-ADUser -Identity $targetUser

 

        if ($targetUserObj) {

            # Add the source user's group membership to the target user

            $sourceGroups | ForEach-Object {

                Add-ADGroupMember -Identity $_ -Members $targetUserObj

            }

 

            [System.Windows.Forms.MessageBox]::Show("Group membership replicated successfully.", "Success", [System.Windows.Forms.MessageBoxButtons]::OK, [System.Windows.Forms.MessageBoxIcon]::Information)

        } else {

            [System.Windows.Forms.MessageBox]::Show("Target user not found.", "Error", [System.Windows.Forms.MessageBoxButtons]::OK, [System.Windows.Forms.MessageBoxIcon]::Error)

        }

    } else {

        [System.Windows.Forms.MessageBox]::Show("Source user not found.", "Error", [System.Windows.Forms.MessageBoxButtons]::OK, [System.Windows.Forms.MessageBoxIcon]::Error)

    }

})

$Form.Controls.Add($replicateButton)

 

# Display the form

$Form.ShowDialog()



Please consider this an open forum for sharing your thoughts, modifications, and suggestions regarding the script. Your input and feedback are highly encouraged and valued.

Posted by at No comments:

Know when users are disabled in AD

This PowerShell script is designed to retrieve and analyze changes in the "userAccountControl" attribute for disabled users in Active Directory.

This way you can find when the user is disabled.

Below, I'll provide a breakdown of the script with explanations for each section:

  1. Script Header:
    • The script starts with a script header that includes a description of its purpose, author, creation date, and some notes.
  2. Output Path for Disabled Users:
    • It defines the output file path for the list of disabled users in the $OutputPath variable, which is set to "C:\temp\DisabledUsers.txt."
  3. Retrieve Disabled Users:
    • It retrieves a list of disabled users from Active Directory using the Get-ADUser cmdlet with a filter for users whose "Enabled" property is equal to $false. The selected property is "SamAccountName," which is stored in the $disabledUsers variable.
  4. Export Disabled Users to a Text File:
    • The list of disabled users is then exported to a text file at the path specified in $OutputPath.
  5. Display Export Message:
    • It displays a message indicating that the export of disabled users has been completed.
  6. Additional Definitions:
    • It defines the fully qualified domain name (FQDN) of the primary domain controller (PDC), the input users (read from the "DisabledUsers.txt" file), and a new output path for the change information.
  7. Initialize an Array for Change Information:
    • An empty array $allChanges is initialized to store change information for all disabled users.
  8. Loop through Disabled Users:
    • It iterates through the list of disabled users obtained from the "DisabledUsers.txt" file.
    • For each user, it retrieves additional information, including the user's description.
    • It then enters a nested loop to analyze changes to the "userAccountControl" attribute.
  9. Get Replication Attribute Metadata:
    • It uses the Get-ADReplicationAttributeMetadata cmdlet to retrieve replication attribute metadata for the "userAccountControl" attribute.
    • This information includes details about when the attribute was last changed.
  10. Filter Metadata Entries with Changes:
    • It filters the metadata entries to include only those with a "Version" greater than 0, indicating changes to the attribute.
  11. Create Custom Objects:
    • For each change, a custom object is created to store the user's SamAccountName, description, the changed attribute's object, and the last originating change time.
  12. Append Change Information:
    • The change information for each user is added to the $allChanges array.
    • It then attempts to export this information to a CSV file with the -Append flag. Note that exporting within the loop may not be the best approach; consider exporting the entire array after the loop to avoid potential issues.
  13. Export All Changes to a CSV File:
    • Finally, all changes collected in the $allChanges array are exported to a CSV file specified in the $OutputPath variable. Again, consider moving this export outside of the loop for a more efficient operation.

Please review the script and make necessary adjustments for efficiency and any specific requirements you may have for tracking changes in the "userAccountControl" attribute for disabled users in your Active Directory environment.




<#

.SYNOPSIS

    Script to retrieve and analyze changes in userAccountControl attribute for disabled users in Active Directory.

 

.DESCRIPTION

    This script retrieves a list of disabled users from Active Directory and tracks changes to the "userAccountControl" attribute for each user.

    It exports the change information to a CSV file.

 

  Author:          Navinya Ambre

  Creation Date:   12/10/2023

 

.NOTES

    - Make sure you have the necessary permissions to access Active Directory.

    - Ensure that the required Active Directory modules are loaded.

    - Verify that the specified file paths exist.

 

# Define the output file path for disabled users

$OutputPath = "C:\temp\DisabledUsers.txt"

 

# ... (rest of your script)

 

# Export all changes to a CSV file

$allChanges | Export-Csv -Path $OutputPath -NoTypeInformation -Append

#>

 

# Define the output file path for disabled users

$OutputPath = "C:\temp\DisabledUsers.txt"

 

# Get all disabled users from Active Directory

$disabledUsers = Get-ADUser -Filter {Enabled -eq $false} | Select-Object SamAccountName

 

# Export the list of disabled users to a text file

$disabledUsers | Out-File -FilePath $OutputPath -Encoding UTF8

 

# Display a message indicating the export is complete

Write-Host "Disabled users have been exported to $OutputPath."

 

# Define variables for Primary DC and output file

$PDC_FQDN = "PDC Name"

$inputusers = Get-Content -Path "C:\Temp\DisabledUsers.txt"

$OutputPath = "C:\Temp\AllDisabledUsersChanges1.csv"

 

# Initialize an empty array to store change information for all disabled users

$allChanges = @()

 

# Get all disabled users

foreach ($inputuser in $inputusers) {

    $disabledUsers = Get-ADUser -Identity $inputuser -Properties Description

 

    # Iterate through each disabled user

    foreach ($user in $disabledUsers) {

        # Get replication attribute metadata for the userAccountControl attribute

        $replicationMetadata = Get-ADReplicationAttributeMetadata -Object $user.DistinguishedName -Server $PDC_FQDN -Properties userAccountControl

 

        # Filter metadata entries with changes (version increase)

        $changes = $replicationMetadata | Where-Object { $_.Version -gt 0 }

 

        # Create an object containing user information, change information, and user description

        foreach ($change in $changes) {

            $changeInfo = [PSCustomObject]@{

                SamAccountName = $user.SamAccountName

                Description = $user.Description

                Object = $change.Object

                LastOriginatingChangeTime = $change.LastOriginatingChangeTime

            }

            $allChanges += $changeInfo | Export-Csv -Path $OutputPath -NoTypeInformation -Append

        }

    }

}

# Export all changes to a CSV file

$allChanges | Export-Csv -Path $OutputPath -NoTypeInformation -Append




Please consider this an open forum for sharing your thoughts, modifications, and suggestions regarding the script. Your input and feedback are highly encouraged and valued.

Posted by at No comments:
Subscribe to: Posts (Atom)