From bd1737e2e4a5b99442a96c5423a9396699a1e215 Mon Sep 17 00:00:00 2001 From: Robert Przybylski Date: Mon, 22 Jan 2024 11:15:56 +0100 Subject: [PATCH] ADSEcurity: minor changes --- Tiering/Scripts/Create-Group.ps1 | 14 ++++++++++---- Tiering/Scripts/Create-OU.ps1 | 8 +++++--- Tiering/Scripts/Set-OUComputerPermissions.ps1 | 8 +++++--- Tiering/Scripts/Set-OUGPOPermissions.ps1 | 8 +++++--- Tiering/Scripts/Set-OUGroupPermissions.ps1 | 8 +++++--- Tiering/Scripts/Set-OUReplicationPermissions.ps1 | 8 +++++--- Tiering/Scripts/Set-OUUserPermissions.ps1 | 8 +++++--- Tiering/Scripts/Set-OUWorkstationPermissions.ps1 | 8 +++++--- Tiering/Tiering_steps.ps1 | 2 +- 9 files changed, 46 insertions(+), 26 deletions(-) diff --git a/Tiering/Scripts/Create-Group.ps1 b/Tiering/Scripts/Create-Group.ps1 index 791f4ab..38e3d89 100644 --- a/Tiering/Scripts/Create-Group.ps1 +++ b/Tiering/Scripts/Create-Group.ps1 @@ -1,10 +1,10 @@ <# .Example $csv = Read-Host -Prompt "Please provide full path to Groups csv file" - .\Create-Group.ps1 -CSVfile $csv -Verbose + .\Create-Group.ps1 List $csv -Verbose PS C:\Tools> $csv = Read-Host -Prompt "Please provide full path to Groups csv file" Please provide full path to Groups csv file: c:\tools\groups.csv - PS C:\Tools> .\Create-Group.ps1 -CSVfile $csv -Verbose + PS C:\Tools> .\Create-Group.ps1 List $csv -Verbose VERBOSE: Creating new Group 'Tier0ReplicationMaintenance' under 'OU=Groups,OU=Tier0,OU=Admin,DC=azureblog,DC=pl' VERBOSE: Creating new Group 'Tier1ServerMaintenance' under 'OU=Groups,OU=Tier1,OU=Admin,DC=azureblog,DC=pl' VERBOSE: Creating new Group 'ServiceDeskOperators' under 'OU=Groups,OU=Tier2,OU=Admin,DC=azureblog,DC=pl' @@ -15,10 +15,16 @@ [CmdletBinding()] param( - [parameter(Mandatory = $true)][string] $CSVfile + [parameter(Mandatory = $true)][PSOBject] $List ) $dNC = (Get-ADRootDSE).defaultNamingContext -$groups = Import-Csv $CSVfile +if ($List -like "*csv*") { + if (Test-Path -Path $List){ + Write-Host "Working with CSV File '$List'" -ForegroundColor Green + $groups = Import-CSV -Path $List + } +} + foreach ($group in $groups) { $groupName = $group.Name $groupOUPrefix = $group.OU diff --git a/Tiering/Scripts/Create-OU.ps1 b/Tiering/Scripts/Create-OU.ps1 index e2ee39b..0efe157 100644 --- a/Tiering/Scripts/Create-OU.ps1 +++ b/Tiering/Scripts/Create-OU.ps1 @@ -34,9 +34,11 @@ param( [parameter(Mandatory = $true)][PSObject] $OUs ) $dNC = (Get-ADRootDSE).defaultNamingContext -if (test-Path -Path $OUs) { - Write-Host "Working with CSV File '$OUs'" -ForegroundColor Green - $OUs = Import-CSV -Path $OUs +if ($OUs -like "*csv*") { + if (Test-Path -Path $OUs){ + Write-Host "Working with CSV File '$OUs'" -ForegroundColor Green + $OUs = Import-CSV -Path $OUs + } } $OUs | ForEach-Object { diff --git a/Tiering/Scripts/Set-OUComputerPermissions.ps1 b/Tiering/Scripts/Set-OUComputerPermissions.ps1 index 3159dc5..09b4a73 100644 --- a/Tiering/Scripts/Set-OUComputerPermissions.ps1 +++ b/Tiering/Scripts/Set-OUComputerPermissions.ps1 @@ -21,9 +21,11 @@ $domain = Get-ADDomain $guidmap = @{ } Get-ADObject -SearchBase ($rootdse.SchemaNamingContext) -LDAPFilter "(schemaidguid=*)" -Properties lDAPDisplayName, schemaIDGUID | ForEach-Object { $guidmap[$_.lDAPDisplayName] = [System.GUID]$_.schemaIDGUID } -if (test-Path -Path $List) { - Write-Host "Working with CSV File '$List'" -ForegroundColor Green - $List = Import-CSV -Path $List +if ($List -like "*csv*") { + if (Test-Path -Path $List){ + Write-Host "Working with CSV File '$List'" -ForegroundColor Green + $List = Import-CSV -Path $List + } } $List | ForEach-Object { diff --git a/Tiering/Scripts/Set-OUGPOPermissions.ps1 b/Tiering/Scripts/Set-OUGPOPermissions.ps1 index bc9d261..e616c7d 100644 --- a/Tiering/Scripts/Set-OUGPOPermissions.ps1 +++ b/Tiering/Scripts/Set-OUGPOPermissions.ps1 @@ -21,9 +21,11 @@ Get-ADObject -SearchBase ($rootdse.SchemaNamingContext) -LDAPFilter "(schemaidgu $extendedrightsmap = @{ } Get-ADObject -SearchBase ($rootdse.ConfigurationNamingContext) -LDAPFilter "(&(objectclass=controlAccessRight)(rightsguid=*))" -Properties displayName, rightsGuid | ForEach-Object { $extendedrightsmap[$_.displayName] = [System.GUID]$_.rightsGuid } -if (test-Path -Path $List) { - Write-Host "Working with CSV File '$List'" -ForegroundColor Green - $List = Import-CSV -Path $List +if ($List -like "*csv*") { + if (Test-Path -Path $List){ + Write-Host "Working with CSV File '$List'" -ForegroundColor Green + $List = Import-CSV -Path $List + } } $List | ForEach-Object { diff --git a/Tiering/Scripts/Set-OUGroupPermissions.ps1 b/Tiering/Scripts/Set-OUGroupPermissions.ps1 index 7e3edcd..b8c2daf 100644 --- a/Tiering/Scripts/Set-OUGroupPermissions.ps1 +++ b/Tiering/Scripts/Set-OUGroupPermissions.ps1 @@ -20,9 +20,11 @@ Get-ADObject -SearchBase ($rootdse.SchemaNamingContext) -LDAPFilter "(schemaidgu $extendedrightsmap = @{ } Get-ADObject -SearchBase ($rootdse.ConfigurationNamingContext) -LDAPFilter "(&(objectclass=controlAccessRight)(rightsguid=*))" -Properties displayName, rightsGuid | ForEach-Object { $extendedrightsmap[$_.displayName] = [System.GUID]$_.rightsGuid } -if (test-Path -Path $List) { - Write-Host "Working with CSV File '$List'" -ForegroundColor Green - $List = Import-CSV -Path $List +if ($List -like "*csv*") { + if (Test-Path -Path $List){ + Write-Host "Working with CSV File '$List'" -ForegroundColor Green + $List = Import-CSV -Path $List + } } $List | ForEach-Object { diff --git a/Tiering/Scripts/Set-OUReplicationPermissions.ps1 b/Tiering/Scripts/Set-OUReplicationPermissions.ps1 index 2ea53df..8dc5232 100644 --- a/Tiering/Scripts/Set-OUReplicationPermissions.ps1 +++ b/Tiering/Scripts/Set-OUReplicationPermissions.ps1 @@ -28,9 +28,11 @@ $forestDnsZonesDN = "DC=ForestDnsZones," + $rootdse.RootDomainNamingContext $sitesDN = "CN=Sites," + $configCN $config = @($configCN, $schemaNC, $forestDnsZonesDN, $sitesDN) -if (test-Path -Path $List) { - Write-Host "Working with CSV File '$List'" -ForegroundColor Green - $List = Import-CSV -Path $List +if ($List -like "*csv*") { + if (Test-Path -Path $List){ + Write-Host "Working with CSV File '$List'" -ForegroundColor Green + $List = Import-CSV -Path $List + } } $List | ForEach-Object { diff --git a/Tiering/Scripts/Set-OUUserPermissions.ps1 b/Tiering/Scripts/Set-OUUserPermissions.ps1 index 1ef6686..988bb02 100644 --- a/Tiering/Scripts/Set-OUUserPermissions.ps1 +++ b/Tiering/Scripts/Set-OUUserPermissions.ps1 @@ -20,9 +20,11 @@ Get-ADObject -SearchBase ($rootdse.SchemaNamingContext) -LDAPFilter "(schemaidgu $extendedrightsmap = @{ } Get-ADObject -SearchBase ($rootdse.ConfigurationNamingContext) -LDAPFilter "(&(objectclass=controlAccessRight)(rightsguid=*))" -Properties displayName, rightsGuid | ForEach-Object { $extendedrightsmap[$_.displayName] = [System.GUID]$_.rightsGuid } -if (test-Path -Path $List) { - Write-Host "Working with CSV File '$List'" -ForegroundColor Green - $List = Import-CSV -Path $List +if ($List -like "*csv*") { + if (Test-Path -Path $List){ + Write-Host "Working with CSV File '$List'" -ForegroundColor Green + $List = Import-CSV -Path $List + } } $List | ForEach-Object { diff --git a/Tiering/Scripts/Set-OUWorkstationPermissions.ps1 b/Tiering/Scripts/Set-OUWorkstationPermissions.ps1 index b6711cb..db190d6 100644 --- a/Tiering/Scripts/Set-OUWorkstationPermissions.ps1 +++ b/Tiering/Scripts/Set-OUWorkstationPermissions.ps1 @@ -16,9 +16,11 @@ $domain = Get-ADDomain $guidmap = @{ } Get-ADObject -SearchBase ($rootdse.SchemaNamingContext) -LDAPFilter "(schemaidguid=*)" -Properties lDAPDisplayName, schemaIDGUID | ForEach-Object { $guidmap[$_.lDAPDisplayName] = [System.GUID]$_.schemaIDGUID } -if (test-Path -Path $List) { - Write-Host "Working with CSV File '$List'" -ForegroundColor Green - $List = Import-CSV -Path $List +if ($List -like "*csv*") { + if (Test-Path -Path $List){ + Write-Host "Working with CSV File '$List'" -ForegroundColor Green + $List = Import-CSV -Path $List + } } $List | ForEach-Object { diff --git a/Tiering/Tiering_steps.ps1 b/Tiering/Tiering_steps.ps1 index 76bd8b6..7faf66f 100644 --- a/Tiering/Tiering_steps.ps1 +++ b/Tiering/Tiering_steps.ps1 @@ -71,7 +71,7 @@ $OUs = @( #endRegion #region create Tiering OUs v2 -$domainOUSCsv = Import-Csv -Path "$ScriptsLocation\DomainOUs.csv" +$domainOUSCsv = "$ScriptsLocation\DomainOUs.csv" .$ScriptsLocation\Scripts\Create-OU.ps1 -OUs $domainOUSCsv #endregion