Merge branch 'main' of github.com:JohnHammond/active_directory

main^2
John Hammond 2022-05-28 02:46:01 -04:00
commit 1ed059019f
2 changed files with 84 additions and 17 deletions

View File

@ -1,4 +1,7 @@
param( [Parameter(Mandatory=$true)] $JSONFile ) param(
[Parameter(Mandatory=$true)] $JSONFile,
[switch]$Undo
)
function CreateADGroup(){ function CreateADGroup(){
param( [Parameter(Mandatory=$true)] $groupObject ) param( [Parameter(Mandatory=$true)] $groupObject )
@ -42,25 +45,59 @@ function CreateADUser(){
Write-Warning "User $name NOT added to group $group_name because it does not exist" Write-Warning "User $name NOT added to group $group_name because it does not exist"
} }
} }
# Add to local admin as needed
if ( $userObject.local_admin -eq $True){
net localgroup administrators $Global:Domain\$username /add
}
}
function RemoveADUser(){
param( [Parameter(Mandatory=$true)] $userObject )
$name = $userObject.name
$firstname, $lastname = $name.Split(" ")
$username = ($firstname[0] + $lastname).ToLower()
$samAccountName = $username
Remove-ADUser -Identity $samAccountName -Confirm:$False
} }
function WeakenPasswordPolicy(){ function WeakenPasswordPolicy(){
secedit /export /cfg C:\Windows\Tasks\secpol.cfg secedit /export /cfg C:\Windows\Tasks\secpol.cfg
(Get-Content C:\Windows\Tasks\secpol.cfg).replace("PasswordComplexity = 1", "PasswordComplexity = 0") | Out-File C:\Windows\Tasks\secpol.cfg (Get-Content C:\Windows\Tasks\secpol.cfg).replace("PasswordComplexity = 1", "PasswordComplexity = 0").replace("MinimumPasswordLength = 7", "MinimumPasswordLength = 1") | Out-File C:\Windows\Tasks\secpol.cfg
secedit /configure /db c:\windows\security\local.sdb /cfg C:\Windows\Tasks\secpol.cfg /areas SECURITYPOLICY
rm -force C:\Windows\Tasks\secpol.cfg -confirm:$false
}
function StrengthenPasswordPolicy(){
secedit /export /cfg C:\Windows\Tasks\secpol.cfg
(Get-Content C:\Windows\Tasks\secpol.cfg).replace("PasswordComplexity = 0", "PasswordComplexity = 1").replace("MinimumPasswordLength = 1", "MinimumPasswordLength = 7") | Out-File C:\Windows\Tasks\secpol.cfg
secedit /configure /db c:\windows\security\local.sdb /cfg C:\Windows\Tasks\secpol.cfg /areas SECURITYPOLICY secedit /configure /db c:\windows\security\local.sdb /cfg C:\Windows\Tasks\secpol.cfg /areas SECURITYPOLICY
rm -force C:\Windows\Tasks\secpol.cfg -confirm:$false rm -force C:\Windows\Tasks\secpol.cfg -confirm:$false
} }
WeakenPasswordPolicy
$json = ( Get-Content $JSONFile | ConvertFrom-JSON) $json = ( Get-Content $JSONFile | ConvertFrom-JSON)
$Global:Domain = $json.domain $Global:Domain = $json.domain
foreach ( $group in $json.groups ){ if ( -not $Undo) {
CreateADGroup $group WeakenPasswordPolicy
}
foreach ( $user in $json.users ){ foreach ( $group in $json.groups ){
CreateADUser $user CreateADGroup $group
}
foreach ( $user in $json.users ){
CreateADUser $user
}
}else{
StrengthenPasswordPolicy
foreach ( $user in $json.users ){
RemoveADUser $user
}
foreach ( $group in $json.groups ){
RemoveADGroup $group
}
} }

View File

@ -1,4 +1,10 @@
param( [Parameter(Mandatory=$true)] $OutputJSONFile ) param(
[Parameter(Mandatory=$true)] $OutputJSONFile,
[int]$UserCount,
[int]$GroupCount,
[int]$LocalAdminCount
)
$group_names = [System.Collections.ArrayList](Get-Content "data/group_names.txt") $group_names = [System.Collections.ArrayList](Get-Content "data/group_names.txt")
$first_names = [System.Collections.ArrayList](Get-Content "data/first_names.txt") $first_names = [System.Collections.ArrayList](Get-Content "data/first_names.txt")
@ -8,16 +14,34 @@ $passwords = [System.Collections.ArrayList](Get-Content "data/passwords.txt")
$groups = @() $groups = @()
$users = @() $users = @()
$num_groups = 10 # Default UserCount set to 5 (if not set)
for ( $i = 0; $i -lt $num_groups; $i++ ){ if ( $UserCount -eq 0 ){
$UserCount = 5
}
# Default GroupCount set to 5 (if not set)
if ( $GroupCount -eq 0 ){
$GroupCount = 1
}
if ( $LocalAdminCount -ne 0){
$local_admin_indexes = @()
while (($local_admin_indexes | Measure-Object ).Count -lt $LocalAdminCount){
$random_index = (Get-Random -InputObject (1..($UserCount)) | Where-Object { $local_admin_indexes -notcontains $_ } )
$local_admin_indexes += @( $random_index )
echo "adding $random_index to local_admin_indexes $local_admin_indexes"
}
}
for ( $i = 1; $i -le $GroupCount; $i++ ){
$group_name = (Get-Random -InputObject $group_names) $group_name = (Get-Random -InputObject $group_names)
$group = @{ "name" = "$group_name" } $group = @{ "name" = "$group_name" }
$groups += $group $groups += $group
$group_names.Remove($group_name) $group_names.Remove($group_name)
} }
$num_users = 100 for ( $i = 1; $i -le $UserCount; $i++ ){
for ( $i = 0; $i -lt $num_users; $i++ ){
$first_name = (Get-Random -InputObject $first_names) $first_name = (Get-Random -InputObject $first_names)
$last_name = (Get-Random -InputObject $last_names) $last_name = (Get-Random -InputObject $last_names)
$password = (Get-Random -InputObject $passwords) $password = (Get-Random -InputObject $passwords)
@ -27,6 +51,12 @@ for ( $i = 0; $i -lt $num_users; $i++ ){
"password"="$password" "password"="$password"
"groups" = (Get-Random -InputObject $groups).name "groups" = (Get-Random -InputObject $groups).name
} }
if ( $local_admin_indexes | Where { $_ -eq $i } ){
echo "user $i is local admin"
$new_user["local_admin"] = $true
}
$users += $new_user $users += $new_user
$first_names.Remove($first_name) $first_names.Remove($first_name)