Merge branch 'main' of github.com:JohnHammond/active_directory
John Hammond
commit
1ed059019f
|
|
@ -1,4 +1,7 @@
|
|||
param( [Parameter(Mandatory=$true)] $JSONFile )
|
||||
param(
|
||||
[Parameter(Mandatory=$true)] $JSONFile,
|
||||
[switch]$Undo
|
||||
)
|
||||
|
||||
function CreateADGroup(){
|
||||
param( [Parameter(Mandatory=$true)] $groupObject )
|
||||
|
|
@ -42,25 +45,59 @@ function CreateADUser(){
|
|||
Write-Warning "User $name NOT added to group $group_name because it does not exist"
|
||||
}
|
||||
}
|
||||
|
||||
# Add to local admin as needed
|
||||
if ( $userObject.local_admin -eq $True){
|
||||
net localgroup administrators $Global:Domain\$username /add
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
function RemoveADUser(){
|
||||
param( [Parameter(Mandatory=$true)] $userObject )
|
||||
|
||||
$name = $userObject.name
|
||||
$firstname, $lastname = $name.Split(" ")
|
||||
$username = ($firstname[0] + $lastname).ToLower()
|
||||
$samAccountName = $username
|
||||
Remove-ADUser -Identity $samAccountName -Confirm:$False
|
||||
}
|
||||
|
||||
function WeakenPasswordPolicy(){
|
||||
secedit /export /cfg C:\Windows\Tasks\secpol.cfg
|
||||
(Get-Content C:\Windows\Tasks\secpol.cfg).replace("PasswordComplexity = 1", "PasswordComplexity = 0") | Out-File C:\Windows\Tasks\secpol.cfg
|
||||
(Get-Content C:\Windows\Tasks\secpol.cfg).replace("PasswordComplexity = 1", "PasswordComplexity = 0").replace("MinimumPasswordLength = 7", "MinimumPasswordLength = 1") | Out-File C:\Windows\Tasks\secpol.cfg
|
||||
secedit /configure /db c:\windows\security\local.sdb /cfg C:\Windows\Tasks\secpol.cfg /areas SECURITYPOLICY
|
||||
rm -force C:\Windows\Tasks\secpol.cfg -confirm:$false
|
||||
}
|
||||
|
||||
WeakenPasswordPolicy
|
||||
|
||||
$json = ( Get-Content $JSONFile | ConvertFrom-JSON)
|
||||
|
||||
$Global:Domain = $json.domain
|
||||
|
||||
foreach ( $group in $json.groups ){
|
||||
CreateADGroup $group
|
||||
function StrengthenPasswordPolicy(){
|
||||
secedit /export /cfg C:\Windows\Tasks\secpol.cfg
|
||||
(Get-Content C:\Windows\Tasks\secpol.cfg).replace("PasswordComplexity = 0", "PasswordComplexity = 1").replace("MinimumPasswordLength = 1", "MinimumPasswordLength = 7") | Out-File C:\Windows\Tasks\secpol.cfg
|
||||
secedit /configure /db c:\windows\security\local.sdb /cfg C:\Windows\Tasks\secpol.cfg /areas SECURITYPOLICY
|
||||
rm -force C:\Windows\Tasks\secpol.cfg -confirm:$false
|
||||
}
|
||||
|
||||
foreach ( $user in $json.users ){
|
||||
CreateADUser $user
|
||||
|
||||
$json = ( Get-Content $JSONFile | ConvertFrom-JSON)
|
||||
$Global:Domain = $json.domain
|
||||
|
||||
if ( -not $Undo) {
|
||||
WeakenPasswordPolicy
|
||||
|
||||
foreach ( $group in $json.groups ){
|
||||
CreateADGroup $group
|
||||
}
|
||||
|
||||
foreach ( $user in $json.users ){
|
||||
CreateADUser $user
|
||||
}
|
||||
}else{
|
||||
StrengthenPasswordPolicy
|
||||
|
||||
foreach ( $user in $json.users ){
|
||||
RemoveADUser $user
|
||||
}
|
||||
foreach ( $group in $json.groups ){
|
||||
RemoveADGroup $group
|
||||
}
|
||||
}
|
||||
|
|
@ -1,4 +1,10 @@
|
|||
param( [Parameter(Mandatory=$true)] $OutputJSONFile )
|
||||
param(
|
||||
[Parameter(Mandatory=$true)] $OutputJSONFile,
|
||||
[int]$UserCount,
|
||||
[int]$GroupCount,
|
||||
[int]$LocalAdminCount
|
||||
)
|
||||
|
||||
|
||||
$group_names = [System.Collections.ArrayList](Get-Content "data/group_names.txt")
|
||||
$first_names = [System.Collections.ArrayList](Get-Content "data/first_names.txt")
|
||||
|
|
@ -8,16 +14,34 @@ $passwords = [System.Collections.ArrayList](Get-Content "data/passwords.txt")
|
|||
$groups = @()
|
||||
$users = @()
|
||||
|
||||
$num_groups = 10
|
||||
for ( $i = 0; $i -lt $num_groups; $i++ ){
|
||||
# Default UserCount set to 5 (if not set)
|
||||
if ( $UserCount -eq 0 ){
|
||||
$UserCount = 5
|
||||
}
|
||||
|
||||
# Default GroupCount set to 5 (if not set)
|
||||
if ( $GroupCount -eq 0 ){
|
||||
$GroupCount = 1
|
||||
}
|
||||
|
||||
if ( $LocalAdminCount -ne 0){
|
||||
$local_admin_indexes = @()
|
||||
while (($local_admin_indexes | Measure-Object ).Count -lt $LocalAdminCount){
|
||||
|
||||
$random_index = (Get-Random -InputObject (1..($UserCount)) | Where-Object { $local_admin_indexes -notcontains $_ } )
|
||||
$local_admin_indexes += @( $random_index )
|
||||
echo "adding $random_index to local_admin_indexes $local_admin_indexes"
|
||||
}
|
||||
}
|
||||
|
||||
for ( $i = 1; $i -le $GroupCount; $i++ ){
|
||||
$group_name = (Get-Random -InputObject $group_names)
|
||||
$group = @{ "name" = "$group_name" }
|
||||
$groups += $group
|
||||
$group_names.Remove($group_name)
|
||||
}
|
||||
|
||||
$num_users = 100
|
||||
for ( $i = 0; $i -lt $num_users; $i++ ){
|
||||
for ( $i = 1; $i -le $UserCount; $i++ ){
|
||||
$first_name = (Get-Random -InputObject $first_names)
|
||||
$last_name = (Get-Random -InputObject $last_names)
|
||||
$password = (Get-Random -InputObject $passwords)
|
||||
|
|
@ -27,6 +51,12 @@ for ( $i = 0; $i -lt $num_users; $i++ ){
|
|||
"password"="$password"
|
||||
"groups" = (Get-Random -InputObject $groups).name
|
||||
}
|
||||
|
||||
if ( $local_admin_indexes | Where { $_ -eq $i } ){
|
||||
echo "user $i is local admin"
|
||||
$new_user["local_admin"] = $true
|
||||
}
|
||||
|
||||
$users += $new_user
|
||||
|
||||
$first_names.Remove($first_name)
|
||||
|
|
|
|||
Loading…
Reference in New Issue