Committer: root <root@fruw.org>
This commit is contained in:
root
9
powershell/active-directory/LICENSE
Normal file
9
powershell/active-directory/LICENSE
Normal file
@ -0,0 +1,9 @@
|
||||
MIT License
|
||||
|
||||
Copyright (c) <year> <copyright holders>
|
||||
|
||||
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
|
||||
|
||||
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
|
||||
|
||||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
||||
3
powershell/active-directory/README.md
Normal file
3
powershell/active-directory/README.md
Normal file
@ -0,0 +1,3 @@
|
||||
# active-directory
|
||||
|
||||
Автоматизированные создание и ввод пользователей в домен.
|
||||
156
powershell/active-directory/active-directory.ps1
Normal file
156
powershell/active-directory/active-directory.ps1
Normal file
@ -0,0 +1,156 @@
|
||||
# Разрешаем запуск скрипта и запускаем его
|
||||
# Set-ExecutionPolicy Unrestricted -force ; cd ~\Desktop\ ; .\ad-users.ps1
|
||||
|
||||
Import-Module ActiveDirectory
|
||||
|
||||
# Указываем директорию
|
||||
$dir = "$(pwd)\Users"
|
||||
new-item -path "$dir" -ItemType Directory -force >$null
|
||||
|
||||
# Переменные DC
|
||||
$dc_first = "demo"
|
||||
$dc_second = "lab"
|
||||
|
||||
# Переменные OU
|
||||
$ou_main = "DemoOffice"
|
||||
$ou_users = "Users"
|
||||
$ou_computers = "Computers"
|
||||
|
||||
# Переменные для настройки сети
|
||||
$mask = "255.255.255.0"
|
||||
$gw = '192.168.10.1'
|
||||
$dns = '192.168.10.100'
|
||||
$eth = 'Ethernet0'
|
||||
|
||||
# Переменные PATH
|
||||
$dc_path = "DC=$dc_first,DC=$dc_second"
|
||||
$main_path = "OU=$ou_main,DC=$dc_first,DC=$dc_second"
|
||||
$users_path = "OU=$ou_users,OU=$ou_main,DC=$dc_first,DC=$dc_second"
|
||||
$computers_path = "OU=$ou_computers,OU=$ou_main,DC=$dc_first,DC=$dc_second"
|
||||
|
||||
# Проверка OU
|
||||
try
|
||||
{
|
||||
Get-ADOrganizationalUnit -SearchBase "$main_path" -Filter * >$null
|
||||
Get-ADOrganizationalUnit -SearchBase "$users_path" -Filter * >$null
|
||||
Get-ADOrganizationalUnit -SearchBase "$computers_path" -Filter * >$null
|
||||
}
|
||||
catch
|
||||
{
|
||||
New-ADOrganizationalUnit -Name "$ou_main" -Path $dc_path
|
||||
New-ADOrganizationalUnit -Name "$ou_users" -Path $main_path
|
||||
New-ADOrganizationalUnit -Name "$ou_computers" -Path $main_path
|
||||
}
|
||||
|
||||
# Вводим переменные
|
||||
if ("$args[0]" -eq "[0]"){
|
||||
$numb = "1"
|
||||
} else {
|
||||
$numb = $args[0]
|
||||
}
|
||||
$count=1..$numb
|
||||
$users = @()
|
||||
|
||||
Foreach ($i in $count)
|
||||
{
|
||||
$Row = "" | Select Username,Admin,IP,PC
|
||||
$Row.Username = Read-Host "Введите имя пользователя номер $i"
|
||||
$Row.Admin = Read-Host "Должен ли пользователь $i иметь права администратора? (Y - да, N - нет)"
|
||||
if ($Row.Admin -eq "y")
|
||||
{$Row.Admin = "Yes"}
|
||||
else {$Row.Admin = "No"}
|
||||
$Row.PC = Read-Host "Введите имя компьютера номер $i"
|
||||
$Row.IP = Read-Host "Введите IP адрес для пользователя номер $i"
|
||||
$Users += $Row
|
||||
}
|
||||
$pass = Read-Host 'Enter the password'
|
||||
|
||||
# Цикл с пользователями
|
||||
foreach ($user in $users) {
|
||||
$name = $user.Username
|
||||
$ip = $user.ip
|
||||
$pc = $user.pc
|
||||
$Username = @{
|
||||
Name = "$name"
|
||||
GivenName = "$name"
|
||||
UserPrincipalName = "$name@$dc_first.$dc_second"
|
||||
Path = $users_path
|
||||
ChangePasswordAtLogon = $true
|
||||
AccountPassword = "$pass" | ConvertTo-SecureString -AsPlainText -Force
|
||||
Enabled = $true
|
||||
}
|
||||
|
||||
# Создание пользователей
|
||||
New-ADUser @Username
|
||||
Set-ADUser $name -PasswordNeverExpires:$True
|
||||
if ($user.Admin -eq "Yes")
|
||||
{Add-ADGroupMember "Domain admins" $name}
|
||||
|
||||
# Создание скрпитов для компьютеров "локально"
|
||||
$securepassword = '$pass' + " | ConvertTo-SecureString -AsPlainText -Force"
|
||||
$credential = "New-Object System.Management.Automation.PSCredential -ArgumentList" + ' $name, $securepassword'
|
||||
|
||||
$out = '# Разрешаем запуск скрипта и запускаем его
|
||||
# Set-ExecutionPolicy Unrestricted -force ; cd ~\Desktop\ ;' + " .\$name.ps1" + '
|
||||
$name = "' + "$name" + '"
|
||||
' + '$pass = "' + "$pass" + '"
|
||||
' + '$securepassword = ' + "$securepassword
|
||||
" + '$credential = ' + "$credential
|
||||
Disable-NetAdapterBinding -Name '*' -ComponentID ms_tcpip6
|
||||
netsh interface ip set address name=$eth static $ip $mask $gw
|
||||
netsh interface ip set dns $eth static $dns " + '>$null' + "
|
||||
Timeout /T 5
|
||||
Add-Computer -DomainName $dc_first.$dc_second -NewName $pc -OUPath " + '"' + "$computers_path" + '"' + " -Credential" + ' $credential
|
||||
$ans = Read-Host "Перезагрузить ПК?"
|
||||
if ($ans -eq "y")
|
||||
{Restart-Computer -Force}'
|
||||
|
||||
$con="Проводное соединение 1"
|
||||
|
||||
$outl = '#!/usr/bin/env bash
|
||||
if [[ $(whoami) == "root" ]]; then
|
||||
' + '
|
||||
ip=' + '"' + $ip + '"' + '
|
||||
mask=' + '"' + 24 + '"' + '
|
||||
gw=' + '"' + $gw + '"' + '
|
||||
dns=' + '"' + $dns + '"' + '
|
||||
pc=' + '"' + $pc + '"' + '
|
||||
dc_first=' + '"' + $dc_first + '"' + '
|
||||
dc_second=' + '"' + $dc_second + '"' + '
|
||||
con=' + '"' + $con + '"' + '
|
||||
name=' + '"' + $name + '"' + '
|
||||
#Установка пакетов
|
||||
apt install astra-ad-sssd-client -y
|
||||
#Вводим краткое доменное имя
|
||||
hostnamectl set-hostname "$pc"
|
||||
# Задаем адрес шлюза
|
||||
nmcli con mod "$con" ip4 $ip/$mask gw4 $gw
|
||||
# Задаем адреса DNS
|
||||
nmcli con mod "$con" ipv4.dns "$dns"
|
||||
# Отключаем DHCP, переводим в "ручной" режим настройки
|
||||
nmcli con mod "$con" ipv4.method manual
|
||||
nmcli con mod "$con" ipv6.method ignore
|
||||
nmcli -p con show "$con" | grep ipv4
|
||||
# Перезапускаем соединение для применения новых настроек
|
||||
nmcli con down "$con" ; nmcli con up "$con"
|
||||
#Вход в домен Active Directory
|
||||
astra-ad-sssd-client -d demo.lab -u Administrator -p ' + "$pass" + ' -y
|
||||
# sudo
|
||||
echo "$name ALL=(ALL:ALL) ALL" | sudo EDITOR="tee -a" visudo
|
||||
#Перезагрузка
|
||||
read -p "Перезагрузить ПК? " in
|
||||
if [[ "$in" == "y" ]]; then
|
||||
sudo reboot
|
||||
fi
|
||||
#Выполнено не от рута
|
||||
else
|
||||
echo "Запусти скрипт через sudo!"
|
||||
fi'
|
||||
|
||||
# Указываем директорию и записываем данные пользователя
|
||||
write-output $out | out-file -append -encoding utf8 "$dir\$name.ps1"
|
||||
|
||||
# Указываем директорию и записываем данные пользователя
|
||||
write-output $outl | out-file -append -encoding utf8 "$dir\$name.sh"
|
||||
((Get-Content "$dir\$name.sh") -join "`n") + "`n" | Set-Content -NoNewline -encoding utf8 "$dir\$name.sh"
|
||||
}
|
||||
Reference in New Issue
Block a user