Merge branch 'main' of github.com:JohnHammond/active_directory
commit
1ed059019f
|
@ -1,4 +1,7 @@
|
||||||
param( [Parameter(Mandatory=$true)] $JSONFile )
|
param(
|
||||||
|
[Parameter(Mandatory=$true)] $JSONFile,
|
||||||
|
[switch]$Undo
|
||||||
|
)
|
||||||
|
|
||||||
function CreateADGroup(){
|
function CreateADGroup(){
|
||||||
param( [Parameter(Mandatory=$true)] $groupObject )
|
param( [Parameter(Mandatory=$true)] $groupObject )
|
||||||
|
@ -42,25 +45,59 @@ function CreateADUser(){
|
||||||
Write-Warning "User $name NOT added to group $group_name because it does not exist"
|
Write-Warning "User $name NOT added to group $group_name because it does not exist"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# Add to local admin as needed
|
||||||
|
if ( $userObject.local_admin -eq $True){
|
||||||
|
net localgroup administrators $Global:Domain\$username /add
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
function RemoveADUser(){
|
||||||
|
param( [Parameter(Mandatory=$true)] $userObject )
|
||||||
|
|
||||||
|
$name = $userObject.name
|
||||||
|
$firstname, $lastname = $name.Split(" ")
|
||||||
|
$username = ($firstname[0] + $lastname).ToLower()
|
||||||
|
$samAccountName = $username
|
||||||
|
Remove-ADUser -Identity $samAccountName -Confirm:$False
|
||||||
}
|
}
|
||||||
|
|
||||||
function WeakenPasswordPolicy(){
|
function WeakenPasswordPolicy(){
|
||||||
secedit /export /cfg C:\Windows\Tasks\secpol.cfg
|
secedit /export /cfg C:\Windows\Tasks\secpol.cfg
|
||||||
(Get-Content C:\Windows\Tasks\secpol.cfg).replace("PasswordComplexity = 1", "PasswordComplexity = 0") | Out-File C:\Windows\Tasks\secpol.cfg
|
(Get-Content C:\Windows\Tasks\secpol.cfg).replace("PasswordComplexity = 1", "PasswordComplexity = 0").replace("MinimumPasswordLength = 7", "MinimumPasswordLength = 1") | Out-File C:\Windows\Tasks\secpol.cfg
|
||||||
|
secedit /configure /db c:\windows\security\local.sdb /cfg C:\Windows\Tasks\secpol.cfg /areas SECURITYPOLICY
|
||||||
|
rm -force C:\Windows\Tasks\secpol.cfg -confirm:$false
|
||||||
|
}
|
||||||
|
|
||||||
|
function StrengthenPasswordPolicy(){
|
||||||
|
secedit /export /cfg C:\Windows\Tasks\secpol.cfg
|
||||||
|
(Get-Content C:\Windows\Tasks\secpol.cfg).replace("PasswordComplexity = 0", "PasswordComplexity = 1").replace("MinimumPasswordLength = 1", "MinimumPasswordLength = 7") | Out-File C:\Windows\Tasks\secpol.cfg
|
||||||
secedit /configure /db c:\windows\security\local.sdb /cfg C:\Windows\Tasks\secpol.cfg /areas SECURITYPOLICY
|
secedit /configure /db c:\windows\security\local.sdb /cfg C:\Windows\Tasks\secpol.cfg /areas SECURITYPOLICY
|
||||||
rm -force C:\Windows\Tasks\secpol.cfg -confirm:$false
|
rm -force C:\Windows\Tasks\secpol.cfg -confirm:$false
|
||||||
}
|
}
|
||||||
|
|
||||||
WeakenPasswordPolicy
|
|
||||||
|
|
||||||
$json = ( Get-Content $JSONFile | ConvertFrom-JSON)
|
$json = ( Get-Content $JSONFile | ConvertFrom-JSON)
|
||||||
|
|
||||||
$Global:Domain = $json.domain
|
$Global:Domain = $json.domain
|
||||||
|
|
||||||
foreach ( $group in $json.groups ){
|
if ( -not $Undo) {
|
||||||
CreateADGroup $group
|
WeakenPasswordPolicy
|
||||||
}
|
|
||||||
|
|
||||||
foreach ( $user in $json.users ){
|
foreach ( $group in $json.groups ){
|
||||||
CreateADUser $user
|
CreateADGroup $group
|
||||||
|
}
|
||||||
|
|
||||||
|
foreach ( $user in $json.users ){
|
||||||
|
CreateADUser $user
|
||||||
|
}
|
||||||
|
}else{
|
||||||
|
StrengthenPasswordPolicy
|
||||||
|
|
||||||
|
foreach ( $user in $json.users ){
|
||||||
|
RemoveADUser $user
|
||||||
|
}
|
||||||
|
foreach ( $group in $json.groups ){
|
||||||
|
RemoveADGroup $group
|
||||||
|
}
|
||||||
}
|
}
|
|
@ -1,4 +1,10 @@
|
||||||
param( [Parameter(Mandatory=$true)] $OutputJSONFile )
|
param(
|
||||||
|
[Parameter(Mandatory=$true)] $OutputJSONFile,
|
||||||
|
[int]$UserCount,
|
||||||
|
[int]$GroupCount,
|
||||||
|
[int]$LocalAdminCount
|
||||||
|
)
|
||||||
|
|
||||||
|
|
||||||
$group_names = [System.Collections.ArrayList](Get-Content "data/group_names.txt")
|
$group_names = [System.Collections.ArrayList](Get-Content "data/group_names.txt")
|
||||||
$first_names = [System.Collections.ArrayList](Get-Content "data/first_names.txt")
|
$first_names = [System.Collections.ArrayList](Get-Content "data/first_names.txt")
|
||||||
|
@ -8,16 +14,34 @@ $passwords = [System.Collections.ArrayList](Get-Content "data/passwords.txt")
|
||||||
$groups = @()
|
$groups = @()
|
||||||
$users = @()
|
$users = @()
|
||||||
|
|
||||||
$num_groups = 10
|
# Default UserCount set to 5 (if not set)
|
||||||
for ( $i = 0; $i -lt $num_groups; $i++ ){
|
if ( $UserCount -eq 0 ){
|
||||||
|
$UserCount = 5
|
||||||
|
}
|
||||||
|
|
||||||
|
# Default GroupCount set to 5 (if not set)
|
||||||
|
if ( $GroupCount -eq 0 ){
|
||||||
|
$GroupCount = 1
|
||||||
|
}
|
||||||
|
|
||||||
|
if ( $LocalAdminCount -ne 0){
|
||||||
|
$local_admin_indexes = @()
|
||||||
|
while (($local_admin_indexes | Measure-Object ).Count -lt $LocalAdminCount){
|
||||||
|
|
||||||
|
$random_index = (Get-Random -InputObject (1..($UserCount)) | Where-Object { $local_admin_indexes -notcontains $_ } )
|
||||||
|
$local_admin_indexes += @( $random_index )
|
||||||
|
echo "adding $random_index to local_admin_indexes $local_admin_indexes"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
for ( $i = 1; $i -le $GroupCount; $i++ ){
|
||||||
$group_name = (Get-Random -InputObject $group_names)
|
$group_name = (Get-Random -InputObject $group_names)
|
||||||
$group = @{ "name" = "$group_name" }
|
$group = @{ "name" = "$group_name" }
|
||||||
$groups += $group
|
$groups += $group
|
||||||
$group_names.Remove($group_name)
|
$group_names.Remove($group_name)
|
||||||
}
|
}
|
||||||
|
|
||||||
$num_users = 100
|
for ( $i = 1; $i -le $UserCount; $i++ ){
|
||||||
for ( $i = 0; $i -lt $num_users; $i++ ){
|
|
||||||
$first_name = (Get-Random -InputObject $first_names)
|
$first_name = (Get-Random -InputObject $first_names)
|
||||||
$last_name = (Get-Random -InputObject $last_names)
|
$last_name = (Get-Random -InputObject $last_names)
|
||||||
$password = (Get-Random -InputObject $passwords)
|
$password = (Get-Random -InputObject $passwords)
|
||||||
|
@ -27,6 +51,12 @@ for ( $i = 0; $i -lt $num_users; $i++ ){
|
||||||
"password"="$password"
|
"password"="$password"
|
||||||
"groups" = (Get-Random -InputObject $groups).name
|
"groups" = (Get-Random -InputObject $groups).name
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if ( $local_admin_indexes | Where { $_ -eq $i } ){
|
||||||
|
echo "user $i is local admin"
|
||||||
|
$new_user["local_admin"] = $true
|
||||||
|
}
|
||||||
|
|
||||||
$users += $new_user
|
$users += $new_user
|
||||||
|
|
||||||
$first_names.Remove($first_name)
|
$first_names.Remove($first_name)
|
||||||
|
|
Loading…
Reference in New Issue