using System; using System.Collections.Generic; using System.Linq; using System.Text; using System.Management.Automation; using System.Management.Automation.Provider; using System.Management.Automation.Runspaces; using System.Security.Principal; using System.DirectoryServices; namespace Intel.Management.PSModule.Amt { [Cmdlet(VerbsData.ConvertTo, "Sid", SupportsShouldProcess = true)] public class ConvertToSid : PSCmdlet { [Parameter(Mandatory = true, Position = 0, ValueFromPipeline = true, HelpMessage = "Domain User Name")] public string User { get { return _userName; } set { _userName = value; } } protected override void ProcessRecord() { if (_userName.ToUpper().StartsWith("LDAP://")) { DirectoryEntry entry = new DirectoryEntry(_userName); byte[] sidData = (byte[])entry.Properties["objectSid"].Value; SecurityIdentifier sec = new SecurityIdentifier(sidData.ToArray(), 0); WriteObject(sec); } else { NTAccount account = new NTAccount(_userName); SecurityIdentifier sec = (SecurityIdentifier)account.Translate(typeof(SecurityIdentifier)); WriteObject(sec); } } private string _userName; } public enum UserDisplayFormat { Domain, Ldap, } [Cmdlet(VerbsData.ConvertFrom, "Sid", SupportsShouldProcess = true)] public class ConvertFromSid : PSCmdlet { public ConvertFromSid() { _format = UserDisplayFormat.Domain; } [Parameter(Mandatory = true, Position = 0, ValueFromPipeline = true, HelpMessage = "Security Identifier in SDDL form")] public string Sid { get { return _sddl; } set { _sddl = value; } } [Parameter(Mandatory = false, Position = 0, ValueFromPipeline = true, HelpMessage = "User Display Format")] public UserDisplayFormat Format { get { return _format; } set { _format = value; } } protected override void ProcessRecord() { SecurityIdentifier sec = new SecurityIdentifier(_sddl); switch (_format) { case UserDisplayFormat.Domain: NTAccount account = (NTAccount)sec.Translate(typeof(NTAccount)); WriteObject(account); break; case UserDisplayFormat.Ldap: DirectorySearcher s = new DirectorySearcher("(objectSid=" + sec.Value + ")"); SearchResult sc = s.FindOne(); WriteObject(sc.Path); break; default: throw new PSArgumentException(); } } private string _sddl;//Security descriptor definition form private UserDisplayFormat _format; } public class AmtObject { DirectoryEntry _entry; public AmtObject(DirectoryEntry entry) { } public string Realm { get { char[] splits ={'\\'}; string[] names = _entry.Properties["canonicalName"].ToString().Split(splits,StringSplitOptions.RemoveEmptyEntries); return names[0]; } } public string[] ServicePrinciple { get { return new string[0]; } } public string MasterKey { get { return ""; } } } [Cmdlet(VerbsCommon.Remove, "MeObject", SupportsShouldProcess = true)] public class RemoveObjectCmd : PSCmdlet { [Parameter(Mandatory = true, Position = 0, ValueFromPipeline = true, HelpMessage = "Service Principal Name")] public string SPN { get { return _spn; } set { _spn = value; } } [Parameter(Mandatory = false, Position = 1, ValueFromPipeline = true, HelpMessage = "Directory Container")] public string Container { get { return _container; } set { _container = value; } } protected override void ProcessRecord() { DirectorySearcher searcher =null; DirectoryEntry ouEntry =null; if (_container !=null) { ouEntry = new DirectoryEntry(_container); } if (ouEntry != null) { searcher = new DirectorySearcher(ouEntry,"(servicePrincipalName=" + _spn + ")"); } else { searcher = new DirectorySearcher("(servicePrincipalName=" + _spn +")"); } foreach (SearchResult result in searcher.FindAll()) { DirectoryEntry entry = new DirectoryEntry(result.Path); DirectoryEntry parentEntry = entry.Parent; parentEntry.Children.Remove(entry); parentEntry.CommitChanges(); } } string _spn; string _container; } [Cmdlet(VerbsCommon.New, "MeObject", SupportsShouldProcess = true)] public class CreateObjectCmd : PSCmdlet { [Parameter(Mandatory = true, Position = 0, ValueFromPipeline = true, HelpMessage = "hostName")] public string ComputerName { get { return _host; } set { _host = value; } } [Parameter(Mandatory = true, Position = 1, ValueFromPipeline = true, HelpMessage = "Directory Container")] public string Container { get { return _container; } set { _container = value; } } [Parameter(Mandatory = false, Position = 2, ValueFromPipeline = true, HelpMessage = "Password")] public string Passw0rd { get { return _password; } set { _password = value; } } protected override void ProcessRecord() { if (_container.IndexOf("=") < 0) _container = "OU=" + _container; if (!_container.ToUpper().StartsWith("LDAP://")) _container = "LDAP://" + _container; DirectoryEntry ouEntry = new DirectoryEntry(_container); char[] splits = { '.' }; string[] hosts = _host.Split(splits,StringSplitOptions.RemoveEmptyEntries); if (hosts.Length == 1) { int pos = ouEntry.Path.IndexOf(",DC="); if (pos >= 0) { string domain = ouEntry.Path.Substring(pos); domain = domain.Replace(",DC=", "."); _host = _host + domain; hosts = _host.Split(splits, StringSplitOptions.RemoveEmptyEntries); } } DirectoryEntry newEntry = ouEntry.Children.Add("CN="+hosts[0], "Computer"); //makesure the object exsists ouEntry.CommitChanges(); newEntry.CommitChanges(); object[] param = new object[1]; newEntry.AuthenticationType = AuthenticationTypes.Secure; param[0] = _password; newEntry.Invoke("SetPassword", param); param[0] = 66172; //512 newEntry.InvokeSet("userAccountControl", param); param[0] = hosts[0]+"$iME"; newEntry.InvokeSet("samAccountName", param); object[] spns = new object[4]; spns[0] = "HTTP/" + _host + ":16992"; spns[1] = "HTTP/" + _host + ":16993"; spns[2] = "HTTP/" + _host + ":16994"; spns[3] = "HTTP/" + _host + ":16995"; param[0] = spns; newEntry.InvokeSet("servicePrincipalName", param); param[0] = false; newEntry.InvokeSet("AccountDisabled", param); newEntry.CommitChanges(); } private string _container; private string _host; private string _password; } }