Skip to content

Commit

Permalink
Other section added
Browse files Browse the repository at this point in the history
  • Loading branch information
Robert Przybylski committed Sep 23, 2021
1 parent 071b53b commit 7824d5b
Show file tree
Hide file tree
Showing 3 changed files with 80 additions and 1 deletion.
61 changes: 61 additions & 0 deletions Other/Other_steps.ps1
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,61 @@
Throw "This is not a robust file"
$domain = $env:USERDNSDOMAIN
$dNC = (Get-ADRootDSE).defaultNamingContext


#region redir
$usrDN = '"' + "OU=Enabled Users,OU=User Accounts," + $dNc + '"'
redirusr $usrDN
$cmpDN = '"' + "OU=Quarantine," + $dNc + '"'
redircmp
#endregion

#region Sites
Import-Module ActiveDirectory
Get-ADObject -SearchBase (Get-ADRootDSE).ConfigurationNamingContext `
-filter "objectclass -eq 'site'" | `
where-object { $_.Name -eq 'Default-First-Site-Name' } | `
Rename-ADObject -NewName "HQ"
$subnet = Read-Host "Please provide subnet details"
New-ADReplicationSubnet -Name $subnet -Site "HQ"
#endrgion

#region KDS Root Key
add-kdsrootkey
#add-kdsrootkey �effectivetime ((get-date).addhours(-10))
#endregion

#password policies
$TemplatePSO = New-Object Microsoft.ActiveDirectory.Management.ADFineGrainedPasswordPolicy
$TemplatePSO.PasswordHistoryCount = 24
$TemplatePSO.MinPasswordAge = [TimeSpan]::Parse("0.01:00:00")
$TemplatePSO.ComplexityEnabled = $true
$TemplatePSO.ReversibleEncryptionEnabled = $false
$TemplatePSO.LockoutDuration = "-10675199.02:48:05.4775808"
$TemplatePSO.LockoutObservationWindow = [TimeSpan]::Parse("0.01:00:00")
$TemplatePSO.LockoutThreshold = 4
$name = "AdminsPSO"
New-ADFineGrainedPasswordPolicy -Instance $TemplatePSO -Name $name -Precedence 50 -Description "The Tiered users Password Policy" -DisplayName "Tiered Users PSO" -MaxPasswordAge "180.00:00:00" -MinPasswordLength 10
Add-ADFineGrainedPasswordPolicySubject -Identity $name -Subjects `
"Domain Admins", Tier1ServerMaintenance, tier1admins, Tier1PAWUsers, Tier2ServiceDeskOperators, tier2admins, Tier2WorkstationMaintenance
#endregion

#AD Resycle
Enable-ADOptionalFeature 'Recycle Bin Feature' -Scope ForestOrConfigurationSet -Target $domain -Confirm:$false
#endregion

#region DNS registration
$networkConfig = Get-WmiObject Win32_NetworkAdapterConfiguration -filter "ipenabled = 'true'"
$networkConfig.SetDnsDomain("$domain")
$networkConfig.SetDynamicDNSRegistration($true, $true)
ipconfig /registerdns
#endregion

#gmsa for MDI
$name = 'svc_MDIReadOnly'
$dcList = Get-ADGroupMember -Identity 'Domain Controllers'
New-ADServiceAccount -Name $name -DNSHostName "$($name).$domain" -PrincipalsAllowedToRetrieveManagedPassword $dcList
Test-ADServiceAccount -Identity $name
Get-ADServiceAccount -Identity $name -Properties MemberOf

#endregion
12 changes: 11 additions & 1 deletion Tiering/AdminGroups.csv
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
<<<<<<< HEAD
Name,samAccountName,GroupCategory,GroupScope,DisplayName,OU,Description,Membership
Tier 0 Replication Maintenance,Tier0ReplicationMaintenance,Security,Global,Tier 0 Replication Maintenance,"OU=Groups,OU=Tier0,OU=Admin",Members of this group are Tier 0 Replication Maintenance,
Tier 1 Server Maintenance,Tier1ServerMaintenance,Security,Global,Tier 1 Server Maintenance,"OU=Groups,OU=Tier1,OU=Admin",Members of this group perform Tier 1 Server Maintenance,
Expand All @@ -13,4 +14,13 @@ Tier 1 Servers,Tier1Servers,Security,Global,Tier1 Servers,"OU=Groups,OU=Tier1,OU
Tier 0 Servers,Tier0Servers,Security,Global,Tier0 Servers,"OU=Groups,OU=Tier0,OU=Admin",Group that contain all Tier 0 servers,
Tier 0 Sync Servers,Tier0SyncServers,Security,Global,Tier0 Sync Servers,"OU=Groups,OU=Tier0,OU=Admin",Group that contain all Tier 0 synchronisation servers,
Tier 0 Physical Access,Tier0PhysicalAccess,Security,Global,Tier0PhysicalAccess,"OU=Groups,OU=Tier0,OU=Admin",,
Tier 0 Physical DC,Tier0PhysicalDC,Security,Global,Tier0PhysicalDC,"OU=Groups,OU=Tier0,OU=Admin",,
Tier 0 Physical DC,Tier0PhysicalDC,Security,Global,Tier0PhysicalDC,"OU=Groups,OU=Tier0,OU=Admin",,
=======
Name,samAccountName,GroupCategory,GroupScope,DisplayName,OU,Description,Membership
Tier 0 Replication Maintenance,Tier0ReplicationMaintenance,Security,Global,Tier 0 Replication Maintenance,"OU=Groups,OU=Tier0,OU=Admin",Members of this group are Tier 0 Replication Maintenance,
Tier 1 Server Maintenance,Tier1ServerMaintenance,Security,Global,Tier 1 Server Maintenance,"OU=Groups,OU=Tier1,OU=Admin",Members of this group perform Tier 1 Server Maintenance,
Service Desk Operators,ServiceDeskOperators,Security,Global,Service Desk Operators,"OU=Groups,OU=Tier2,OU=Admin",Members of this group are Service Desk Operators,
Workstation Maintenance,WorkstationMaintenance,Security,Global,Workstation Maintenance,"OU=Groups,OU=Tier2,OU=Admin",Members of this group perform Workstation Maintenance,
Tier 1 Admins,tier1admins,Security,Global,Tier 1 Admins,"OU=Groups,OU=Tier1,OU=Admin",Members of this group are Tier 1 Administrators,
Tier 2 Admins,tier2admins,Security,Global,Tier 2 Admins,"OU=Groups,OU=Tier2,OU=Admin",Members of this group are Tier 2 Administrators,
>>>>>>> 07c1c14 (Other section added)
8 changes: 8 additions & 0 deletions Tiering/StandardGroups.csv
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,13 @@
<<<<<<< HEAD
Name,samAccountName,GroupCategory,GroupScope,DisplayName,OU,Description,Membership
Test Group 1,testgroup1,Security,Global,Test Group 1,"ou=Security Groups,OU=Groups",Group with random members,
Test Group 2,testgroup2,Security,Global,Test Group 2,"ou=Security Groups,OU=Groups",Group with random members,
Test Group 3,testgroup3,Security,Global,Test Group 3,"ou=Security Groups,OU=Groups",Group with random members,
Test Group 4,testgroup4,Security,Global,Test Group 4,"ou=Security Groups,OU=Groups",Group with random members,
=======
Name,samAccountName,GroupCategory,GroupScope,DisplayName,OU,Description,Membership
Test Group 1, testgroup1,Security,Global,Group 1,"ou=Security Group,OU=Groups",Group with members of the first 10 users
Test Group 2, testgroup1,Security,Global,Group 1,"ou=Security Group,OU=Groups",Group with members of the first 10-20 users
Test Group 3, testgroup1,Security,Global,Group 1,"ou=Security Group,OU=Groups",Group with members of the first 20-30 users
Test Group 4, testgroup1,Security,Global,Group 1,"ou=Security Group,OU=Groups",Group with members of the first 30-40 users
>>>>>>> 07c1c14 (Other section added)

0 comments on commit 7824d5b

Please sign in to comment.