bonjour
j'ai fait un truc qui stocke un mot de passe admin dans un XML crypté
#create key for secure
$KeyFile = "$ConfigPath\Migration.key"
$Key = New-Object Byte[] 16 # You can use 16, 24, or 32 for AES
[Security.Cryptography.RNGCryptoServiceProvider]::Create().GetBytes($Key)
$Key | out-file $KeyFile
Write-Log -Message ("[INFO] New Key Secure created") -severity 4
#load key
$Key = get-content $KeyFile
#connection to domain source
Write-Host "Getting Credential on Source Domain:" $content.Config.DomainSource.Name
#write password crypted by key
$PassFile = "$ConfigPath\Password.txt"
$message="Enter the password for this admin : "+$content.Config.Admin.name
$password = Read-Host $message | ConvertTo-SecureString -AsPlainText -Force
$password | ConvertFrom-SecureString -key $Key | Out-File $PassFile
#verify access source domain via psdrive
#kill psdrive before logon
"before remove PSDRIVE"
"---------------------"
Get-PSDrive
$drivedomain=$null
$drivedomain=Get-PSDrive | where {$_.Name -eq $content.Config.DomainSource.Name}
if($drivedomain -ne $null){
#drive already exist = must logof
$error.Clear()
Remove-PSDrive $content.Config.DomainSource.Name
if($error.Count -gt 0){
#cant remove drive = exit
Write-Log -Message ("[ERROR] Can't Remove PSDrive Domain Source."+$content.Config.DomainSource.server) -severity 1
exit
}
}
"after remove PSDRIVE"
"--------------------"
Get-PSDrive
#verify logon with secure files
$AdminUser=$content.Config.Admin.name
$AdminUser
$Password = Get-Content $PassFile | ConvertTo-SecureString -Key $key
$Password
try{
$domainCredential = New-Object System.Management.Automation.PSCredential($AdminUser,(Get-Content $PassFile | ConvertTo-SecureString -Key $key))
New-PSDrive -Name $content.Config.DomainSource.Name `
-PSProvider ActiveDirectory `
-Server $content.Config.DomainSource.Server `
-Scope Global -Credential $domainCredential -Root "//RootDSE/" -ErrorAction Stop | Out-Null
}
catch{
}
"after logon"
"-----------"
Get-PSDrive
$drivedomain=$null
$drivedomain=Get-PSDrive | where {$_.Name -eq $content.Config.DomainSource.Name}
if($drivedomain -eq $null){
#drive not exist = logon KO
Write-Log -Message ("[ERROR] Can't Mount PSDrive Domain Source.") -severity 3
Write-Log -Message ("[ERROR] Verify Password and Retry.") -severity 3
exit
}else{
"Drivedomain of Domain Source"
"----------------------------"
$drivedomain
Write-Log -Message ("[OK] PSDrive Domain Source mounted.") -severity 1
Write-Log -Message ("[OK] Password.txt is verified.") -severity 1
}
#add password in XML
$PassCrypted = get-content $PassFile
"PassCrypted"
$PassCrypted
$content.Config.Admin.password=$PassCrypted.ToString()
$content.Save($ConfigFile)
Write-Log -Message ("[OK] XML config file rewrited.") -severity 1
############################
#second verify with read XML
############################
$content = [XML] (Get-Content "$ConfigFile")
Write-Log -Message ("[OK] XML config file is reloaded.") -severity 1
#show some parameters
Write-Log -Message ("[INFO] Source domain:"+$content.Config.DomainSource.Name) -severity 4
Write-Log -Message ("[INFO] Source forest:"+$content.Config.DomainSource.FQDN) -severity 4
Write-Log -Message ("[INFO] Source server:"+$content.Config.DomainSource.server) -severity 4
Write-Log -Message ("[INFO] Source admin:"+$content.Config.Admin.name) -severity 4
Write-Log -Message ("[INFO] Source password:"+$content.Config.Admin.password) -severity 4
"Remove PS drive"+$content.Config.DomainSource.Name
Remove-PSDrive $content.Config.DomainSource.Name
Get-PSDrive
#load secure key
$key=$null
$error.Clear()
$Key = get-content "$ConfigPath\Migration.key"
if($error.Count -gt 0){exit}
#create psdrive source domain with XML credential
$AdminUser=$content.Config.Admin.name
$AdminUser
$PassCrypted = $content.Config.Admin.password
$Password = $PassCrypted | ConvertTo-SecureString -Key $key
$Password
try{
#$domainCredential = New-Object System.Management.Automation.PSCredential($AdminUser,(Get-Content $PassFile | ConvertTo-SecureString -Key $key))
$domainCredential = New-Object System.Management.Automation.PSCredential($AdminUser,$password)
New-PSDrive -Name $content.Config.DomainSource.Name `
-PSProvider ActiveDirectory `
-Server $content.Config.DomainSource.Server `
-Scope Global -Credential $domainCredential -Root "//RootDSE/" -ErrorAction Stop | Out-Null
}
catch{
}
"after logon"
"-----------"
Get-PSDrive
$drivedomain=$null
$drivedomain=Get-PSDrive | where {$_.Name -eq $content.Config.DomainSource.Name}
if($drivedomain -eq $null){
#drive not exist = logon KO
Write-Log -Message ("[ERROR] Can't Mount PSDrive Domain Source.") -severity 3
Write-Log -Message ("[ERROR] Verify Password and Retry.") -severity 3
exit
}else{
"Drivedomain of Domain Source"
"----------------------------"
$drivedomain
Write-Log -Message ("[OK] PSDrive Domain Source mounted.") -severity 1
Write-Log -Message ("[OK] "+$keyfile+" is verified.") -severity 1
Write-Log -Message ("[OK] "+$configfile+" is verified.") -severity 1
}
