PowerShell: Obtain Domain Admin Credential

function obtainDomainAdminCredentials{
    # Legacy domain binding function
    function isValidCred($u,$p){
        # Get current domain using logged-on user's credentials
        $domain = "LDAP://" + ([ADSI]"").distinguishedName
        $domainCred = New-Object System.DirectoryServices.DirectoryEntry($domain,$u,$p)
        if ($domainCred){
            return $True
        }else{
            return $False
        }
    }
    function isDomainAdmin($username){
        if (!(get-module activedirectory)){Install-WindowsFeature RSAT-AD-PowerShell -Confirm:$false}
        if((Get-ADUser $username -Properties MemberOf).MemberOf -match '^CN=Domain Admins'){
            return $True;
        }else{return $false;}
    }
 
    # Create a domain context
    function dotNetDomainBind{
        Add-Type -AssemblyName System.DirectoryServices.AccountManagement;  
        Try {
            $type = [System.DirectoryServices.AccountManagement.ContextType]::Domain;
            $context = New-Object System.DirectoryServices.AccountManagement.PrincipalContext $type,$env:USERDOMAIN;
            return $context;
        } Catch {
            If ($_.Exception.InnerException -like "*The server could not be contacted*") {
                write-host "Could not contact a server for the specified domain $env:USERDOMAIN via DotNet Method.";
            } Else {
                write-host "Unknown errors occured while attempting to contact $env:USERDOMAIN via DotNet Method.";
            }
            return $false;
        }
    }
 
    $attempt=0;
    $maxAttempts=3;
    $plainTextPassword='';   
    Do{
        $attempt++;
        $failureMessage = $null; 
        [string][ValidateNotNullOrEmpty()]$userName=Read-Host -Prompt "Please input a User ID";
        if($userName -notmatch '\\'){
            $username=$env:USERDOMAIN+'\'+$userName
        }
        $password = Read-Host -Prompt "Please type in the password for user $userName" -AsSecureString;
        $plainTextPassword=[Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToBSTR($password))
     
        # Test bind to this credential
        try {
            # Test bind
            $context=dotNetDomainBind
            if($context){
                $validatedAccount = $context.ValidateCredentials($userName,$plainTextPassword)
            }else{
                $validatedAccount=isValidCred -u $userName -p $plainTextPassword
            }
             
            If ($validatedAccount) {
                $onlyUserName=$userName -replace '.+\\'
                $isDomainAdmin=isDomainAdmin -username $onlyUserName;
                if($isDomainAdmin){
                    $credentials = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $userName,$password;
                    $validAccount=$true;
                    }else{
                        $failureMessage += "$attempt out of $maxAttempts`: $userName account is valid, but it is not a Domain Admin";
                        }
                }else{
                    $failureMessage += "$attempt out of $maxAttempts`: username and/or password error";
                    }           
            }catch{
                write-warning $_
                $failureMessage += "Unable to bind to $env:USERDNSDOMAIN.";
                }
 
        # Depending on whether there are failures, proceed accordingly       
        if($failureMessage){
            If ($attempt -lt $maxAttempts-1) {
                $message = "$failureMessage`: Authentication error. Please Try again.";
                Write-Warning $message;
            }elseif($attempt -eq $maxAttempts-1){
                    $message = "$failureMessage`: Last attempt.";
                    Write-Warning $message;
                    $credentials= $false;
            }
        }
 
        } Until (($ValidAccount) -or ($Attempt -ge $MaxAttempts))
    if($credentials){return $credentials;}else{return $false}
}
# Obtain Domain Admin Credentials
function obtainDomainAdminCredentials{
# Legacy domain binding function
function isValidCred($u,$p){
# Get current domain using logged-on user's credentials
$domain = "LDAP://" + ([ADSI]"").distinguishedName
$domainCred = New-Object System.DirectoryServices.DirectoryEntry($domain,$u,$p)
if ($domainCred){return $True}else{return $False}
}
function isDomainAdmin($username){
if (!(get-module activedirectory)){includeActiveDirectoryModule}
if((Get-ADUser $username -Properties MemberOf).MemberOf -match 'Domain Admins'){return $True;}else{return $false;}
}

# Create a domain context
function dotNetDomainBind{
Add-Type -AssemblyName System.DirectoryServices.AccountManagement;
Try {
$type = [System.DirectoryServices.AccountManagement.ContextType]::Domain;
$context = New-Object System.DirectoryServices.AccountManagement.PrincipalContext $type,$env:USERDOMAIN;
return $context;
} Catch {
If ($_.Exception.InnerException -like "*The server could not be contacted*") {
write-host "Could not contact a server for the specified domain $env:USERDOMAIN via DotNet Method.";
} Else {
write-host "Unknown errors occured while attempting to contact $env:USERDOMAIN via DotNet Method.";
}
return $false;
}
}

$attempt=0;
$maxAttempts=3;
$plainTextPassword='';
Do{
$attempt++;
$failureMessage = $null;

[string][ValidateNotNullOrEmpty()]$userName=Read-Host -Prompt "Please input a User ID";
if($userName -match '\\'){$username=$env:USERDOMAIN+'\'+$userName}
$password = Read-Host -Prompt "Please type in the password for user $userName" -AsSecureString;
$plainTextPassword=[Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToBSTR($password))

# Test bind to this credential
try {
# Test bind
$context=dotNetDomainBind
if($context){
$validatedAccount = $context.ValidateCredentials($userName,$plainTextPassword)
}else{
$validatedAccount=isValidCred -u $userName -p $plainTextPassword
}

If ($validatedAccount) {
$isDomainAdmin=isDomainAdmin -username $userName;
if($isDomainAdmin){
$credentials = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $userName,$password;
$validAccount=$true;
}else{
$failureMessage += "$attempt out of $maxAttempts`: $userName account is valid, but it is not a Domain Admin";
}
}else{
$failureMessage += "$attempt out of $maxAttempts`: username and/or password error";
}
}catch{
$failureMessage += "Unable to bind to $env:USERDOMAIN.";
}

# Depending on whether there are failures, proceed accordingly
if($failureMessage){
If ($attempt -lt $maxAttempts-1) {
$message = "$failureMessage`: Authentication error. Please Try again.";
Write-Warning $message;
} elseif ($attempt -eq $maxAttempts-1){
$message = "$failureMessage`: Last attempt.";
Write-Warning $message;
$credentials= $false;
}
}

} Until (($ValidAccount) -or ($Attempt -eq $MaxAttempts))
if($credentials){return $credentials;}else{return $false}
}

Function includeActiveDirectoryModule{
if (!(get-module -Name "ActiveDirectory") ){
try{
Install-WindowsFeature ActiveDirectory -ErrorAction Stop | out-null;
Import-Module ActiveDirectory -ErrorAction Stop | out-null;
return $true;
}catch{
$rsatFailoverClusterInstalled=(Get-WindowsCapability -name Rsat.FailoverCluster* -online).State;
$wuRegistryHive="REGISTRY::HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU"
$wuKey="UseWUServer"
$currentWu = Get-ItemProperty -Path $wuRegistryHive -Name $wuKey -ErrorAction SilentlyContinue | select -ExpandProperty UseWUServer
if($currentWu){
Set-ItemProperty -Path $wuRegistryHive -Name $wuKey -Value 0;
Restart-Service wuauserv;
}
Get-WindowsCapability -Name Rsat.ActiveDirectory* -Online | Add-WindowsCapability –Online
if($currentWu){
Set-ItemProperty -Path $wuRegistryHive -Name $wuKey -Value $currentWu;
Restart-Service wuauserv;
}
try {Import-Module ActiveDirectory}catch{
return $false;
};
}
}else{
write-host "ActiveDirectory Module is available on this computer.";
return $true;
}

}

$credential=obtainDomainAdminCredentials;
$username=$credential.Username;
$plaintextPassword=$credential.GetNetworkCredential().password;

Leave a Reply

Your email address will not be published. Required fields are marked *