diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md new file mode 100644 index 0000000..b735373 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/bug_report.md @@ -0,0 +1,35 @@ +--- +name: Bug report +about: Create a report to help us improve + +--- + +**Describe the bug** +A clear and concise description of what the bug is. + +**To Reproduce** +Steps to reproduce the behavior: +1. Go to '...' +2. Click on '....' +3. Scroll down to '....' +4. See error + +**Expected behavior** +A clear and concise description of what you expected to happen. + +**Screenshots** +If applicable, add screenshots to help explain your problem. + +**Desktop (please complete the following information):** + - OS: [e.g. iOS] + - Browser [e.g. chrome, safari] + - Version [e.g. 22] + +**Smartphone (please complete the following information):** + - Device: [e.g. iPhone6] + - OS: [e.g. iOS8.1] + - Browser [e.g. stock browser, safari] + - Version [e.g. 22] + +**Additional context** +Add any other context about the problem here. diff --git a/.github/ISSUE_TEMPLATE/feature_request.md b/.github/ISSUE_TEMPLATE/feature_request.md new file mode 100644 index 0000000..066b2d9 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/feature_request.md @@ -0,0 +1,17 @@ +--- +name: Feature request +about: Suggest an idea for this project + +--- + +**Is your feature request related to a problem? Please describe.** +A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] + +**Describe the solution you'd like** +A clear and concise description of what you want to happen. + +**Describe alternatives you've considered** +A clear and concise description of any alternative solutions or features you've considered. + +**Additional context** +Add any other context or screenshots about the feature request here. diff --git a/.github/ISSUE_TEMPLATE/use-case-request.md b/.github/ISSUE_TEMPLATE/use-case-request.md new file mode 100644 index 0000000..638f755 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/use-case-request.md @@ -0,0 +1,30 @@ +--- +name: Use Case Request +about: Eine neue Aktion/Anwendungsfall zur Umsetzung mit ScriptRunner beauftragen. + +--- + +**Primäre Anwendergruppe** +An welche Anwendergruppe soll die Aktion delegiert werden? +- [ ] Help Desk / Service Hotline / First-Level-Support +- [ ] Second-Level-Support +- [ ] Fachbereich +- [ ] Endbenutzer +- [ ] Administratoren + +**Kurzbeschreibung** +Eine kurze Erläuterung des gewünschten Anwendungsfalls. + +**Skriptparameter** +Eine Auflistung, der erforderlichen Skriptparameter inkl. Beschreibung und Typ. + +**Zielsysteme und Credentials** +Auf welchen Zielsystemen und mit welchen Credentials soll der Anwendungsfall ausgeführt werden? + +**Voraussetzungen** +Voraussetzungen auf dem Zielsystem / Credentials / Infrastruktur / etc. + +**Screenshots** +Screenshots, die helfen den Anwendungsfall genauer zu Beschreiben. + +**Weitere Anmerkungen** diff --git a/ActiveDirectory/Computer/Get-ADComputersWithDefinedStatus.ps1 b/ActiveDirectory/Computer/Get-ADComputersWithDefinedStatus.ps1 new file mode 100644 index 0000000..fa95d72 --- /dev/null +++ b/ActiveDirectory/Computer/Get-ADComputersWithDefinedStatus.ps1 @@ -0,0 +1,148 @@ +#Requires -Version 4.0 +#Requires -Modules ActiveDirectory + +<# + .SYNOPSIS + Lists computers where disabled or inactive + + .DESCRIPTION + + .NOTES + This PowerShell script was developed and optimized for ScriptRunner. The use of the scripts requires ScriptRunner. + The customer or user is authorized to copy the script from the repository and use them in ScriptRunner. + The terms of use for ScriptRunner do not apply to this script. In particular, AppSphere AG assumes no liability for the function, + the use and the consequences of the use of this freely available script. + PowerShell is a product of Microsoft Corporation. ScriptRunner is a product of AppSphere AG. + © AppSphere AG + + .COMPONENT + Requires Module ActiveDirectory + + .LINK + https://github.com/scriptrunner/ActionPacks/tree/master/ActiveDirectory/Computers + + .Parameter OUPath + Specifies the AD path + + .Parameter DomainAccount + Active Directory Credential for remote execution on jumphost without CredSSP + + .Parameter Disabled + Shows the disabled computers + + .Parameter InActive + Shows the inactive computers + + .Parameter DomainName + Name of Active Directory Domain + + .Parameter SearchScope + Specifies the scope of an Active Directory search + + .Parameter AuthType + Specifies the authentication method to use +#> + +param( + [Parameter(Mandatory = $true,ParameterSetName = "Local or Remote DC")] + [Parameter(Mandatory = $true,ParameterSetName = "Remote Jumphost")] + [string]$OUPath, + [Parameter(ParameterSetName = "Local or Remote DC")] + [Parameter(ParameterSetName = "Remote Jumphost")] + [switch]$Disabled, + [Parameter(ParameterSetName = "Local or Remote DC")] + [Parameter(ParameterSetName = "Remote Jumphost")] + [switch]$InActive, + [Parameter(Mandatory = $true,ParameterSetName = "Remote Jumphost")] + [PSCredential]$DomainAccount, + [Parameter(ParameterSetName = "Local or Remote DC")] + [Parameter(ParameterSetName = "Remote Jumphost")] + [string]$DomainName, + [Parameter(ParameterSetName = "Local or Remote DC")] + [Parameter(ParameterSetName = "Remote Jumphost")] + [ValidateSet('Base','OneLevel','SubTree')] + [string]$SearchScope='SubTree', + [Parameter(ParameterSetName = "Local or Remote DC")] + [Parameter(ParameterSetName = "Remote Jumphost")] + [ValidateSet('Basic', 'Negotiate')] + [string]$AuthType="Negotiate" +) + +Import-Module ActiveDirectory + +#Clear +#$ErrorActionPreference='Stop' +try{ + $resultMessage = @() + if($PSCmdlet.ParameterSetName -eq "Remote Jumphost"){ + if([System.String]::IsNullOrWhiteSpace($DomainName)){ + $Domain = Get-ADDomain -Current LocalComputer -AuthType $AuthType -Credential $DomainAccount -ErrorAction Stop + } + else{ + $Domain = Get-ADDomain -Identity $DomainName -AuthType $AuthType -Credential $DomainAccount -ErrorAction Stop + } + if([System.String]::IsNullOrWhiteSpace($OUPath)){ + $OUPath = $Domain.DistinguishedName + } + if($Disabled -eq $true){ + $computers = Search-ADAccount -Credential $DomainAccount -Server $Domain.PDCEmulator -AuthType $AuthType -AccountDisabled -ComputersOnly ` + -SearchBase $OUPath -SearchScope $SearchScope | Select-Object DistinguishedName, SAMAccountName | Sort-Object -Property SAMAccountName + if($computers){ + foreach($itm in $computers){ + $resultMessage = $resultMessage + ("Disabled: " + $itm.DistinguishedName + ';' +$itm.SamAccountName) + } + $resultMessage = $resultMessage + '' + } + } + if($InActive -eq $true){ + $computers = Search-ADAccount -Credential $DomainAccount -Server $Domain.PDCEmulator -AuthType $AuthType -AccountInactive -ComputersOnly ` + -SearchBase $OUPath -SearchScope $SearchScope | Select-Object DistinguishedName, SAMAccountName | Sort-Object -Property SAMAccountName + if($computers){ + foreach($itm in $computers){ + $resultMessage = $resultMessage + ("Inactive: " + $itm.DistinguishedName + ';' +$itm.SamAccountName) + } + } + } + } + else{ + if([System.String]::IsNullOrWhiteSpace($DomainName)){ + $Domain = Get-ADDomain -Current LocalComputer -AuthType $AuthType -ErrorAction Stop + } + else{ + $Domain = Get-ADDomain -Identity $DomainName -AuthType $AuthType -ErrorAction Stop + } + if([System.String]::IsNullOrWhiteSpace($OUPath)){ + $OUPath = $Domain.DistinguishedName + } + if($Disabled -eq $true){ + $computers = Search-ADAccount -Server $Domain.PDCEmulator -AuthType $AuthType -AccountDisabled -ComputersOnly ` + -SearchBase $OUPath -SearchScope $SearchScope | Select-Object DistinguishedName, SAMAccountName | Sort-Object -Property SAMAccountName + if($computers){ + foreach($itm in $computers){ + $resultMessage = $resultMessage + ("Disabled: " + $itm.DistinguishedName + ';' +$itm.SamAccountName) + } + $resultMessage = $resultMessage + '' + } + } + if($InActive -eq $true){ + $computers = Search-ADAccount -Server $Domain.PDCEmulator -AuthType $AuthType -AccountInactive -ComputersOnly ` + -SearchBase $OUPath -SearchScope $SearchScope | Select-Object DistinguishedName, SAMAccountName | Sort-Object -Property SAMAccountName + if($computers){ + foreach($itm in $computers){ + $resultMessage = $resultMessage + ("Inactive: " + $itm.DistinguishedName + ';' +$itm.SamAccountName) + } + } + } + } + if($SRXEnv) { + $SRXEnv.ResultMessage = $resultMessage + } + else{ + Write-Output $resultMessage + } +} +catch{ + throw +} +finally{ +} \ No newline at end of file diff --git a/ActiveDirectory/User/Set-ADUserExpirationDate.ps1 b/ActiveDirectory/User/Set-ADUserExpirationDate.ps1 new file mode 100644 index 0000000..151375c --- /dev/null +++ b/ActiveDirectory/User/Set-ADUserExpirationDate.ps1 @@ -0,0 +1,176 @@ +#Requires -Version 4.0 +#Requires -Modules ActiveDirectory + +<# + .SYNOPSIS + Sets the expiration date for an Active Directory account + + .DESCRIPTION + + .NOTES + This PowerShell script was developed and optimized for ScriptRunner. The use of the scripts requires ScriptRunner. + The customer or user is authorized to copy the script from the repository and use them in ScriptRunner. + The terms of use for ScriptRunner do not apply to this script. In particular, AppSphere AG assumes no liability for the function, + the use and the consequences of the use of this freely available script. + PowerShell is a product of Microsoft Corporation. ScriptRunner is a product of AppSphere AG. + © AppSphere AG + + .COMPONENT + Requires Module ActiveDirectory + + .LINK + https://github.com/scriptrunner/ActionPacks/tree/master/ActiveDirectory/Users + + .Parameter OUPath + Specifies the AD path + + .Parameter Username + Display name, SAMAccountName, DistinguishedName or user principal name of an Active Directory account + + .Parameter DomainAccount + Active Directory Credential for remote execution without CredSSP + + .Parameter Day + Specifies the day of the expiration date for an Active Directory account + + .Parameter Month + Specifies the month of the expiration date for an Active Directory account + + .Parameter Year + Specifies the year of the expiration date for an Active Directory account + + .Parameter NeverExpires + Specifies the Active Directory account never expires + + .Parameter DomainName + Name of Active Directory Domain + + .Parameter SearchScope + Specifies the scope of an Active Directory search + + .Parameter AuthType + Specifies the authentication method to use +#> + +param( + [Parameter(Mandatory = $true,ParameterSetName = "Local or Remote DC")] + [Parameter(Mandatory = $true,ParameterSetName = "Remote Jumphost")] + [string]$OUPath, + [Parameter(Mandatory = $true,ParameterSetName = "Local or Remote DC")] + [Parameter(Mandatory = $true,ParameterSetName = "Remote Jumphost")] + [string]$Username, + [Parameter(Mandatory = $true,ParameterSetName = "Remote Jumphost")] + [PSCredential]$DomainAccount, + [Parameter(ParameterSetName = "Local or Remote DC")] + [Parameter(ParameterSetName = "Remote Jumphost")] + [ValidateRange(1,31)] + [int]$Day=1, + [Parameter(ParameterSetName = "Local or Remote DC")] + [Parameter(ParameterSetName = "Remote Jumphost")] + [ValidateRange(1,12)] + [int]$Month=1, + [Parameter(ParameterSetName = "Local or Remote DC")] + [Parameter(ParameterSetName = "Remote Jumphost")] + [ValidateRange(2017,2030)] + [int]$Year, + [Parameter(ParameterSetName = "Local or Remote DC")] + [Parameter(ParameterSetName = "Remote Jumphost")] + [switch]$NeverExpires, + [Parameter(ParameterSetName = "Local or Remote DC")] + [Parameter(ParameterSetName = "Remote Jumphost")] + [string]$DomainName, + [Parameter(ParameterSetName = "Local or Remote DC")] + [Parameter(ParameterSetName = "Remote Jumphost")] + [ValidateSet('Base','OneLevel','SubTree')] + [string]$SearchScope='SubTree', + [Parameter(ParameterSetName = "Local or Remote DC")] + [Parameter(ParameterSetName = "Remote Jumphost")] + [ValidateSet('Basic', 'Negotiate')] + [string]$AuthType="Negotiate" +) + +Import-Module ActiveDirectory + +#Clear +#$ErrorActionPreference='Stop' +try{ + $Script:Domain + $Script:User + + if($PSCmdlet.ParameterSetName -eq "Remote Jumphost"){ + if([System.String]::IsNullOrWhiteSpace($DomainName)){ + $Script:Domain = Get-ADDomain -Current LocalComputer -AuthType $AuthType -Credential $DomainAccount -ErrorAction Stop + } + else{ + $Script:Domain = Get-ADDomain -Identity $DomainName -AuthType $AuthType -Credential $DomainAccount -ErrorAction Stop + } + $Script:User= Get-ADUser -Server $Script:Domain.PDCEmulator -Credential $DomainAccount -AuthType $AuthType ` + -SearchBase $OUPath -SearchScope $SearchScope ` + -Filter {(SamAccountName -eq $Username) -or (DisplayName -eq $Username) -or (DistinguishedName -eq $Username) -or (UserPrincipalName -eq $Username)} -ErrorAction Stop + } + else{ + if([System.String]::IsNullOrWhiteSpace($DomainName)){ + $Script:Domain = Get-ADDomain -Current LocalComputer -AuthType $AuthType -ErrorAction Stop + } + else{ + $Script:Domain = Get-ADDomain -Identity $DomainName -AuthType $AuthType -ErrorAction Stop + } + $Script:User= Get-ADUser -Server $Script:Domain.PDCEmulator -AuthType $AuthType ` + -SearchBase $OUPath -SearchScope $SearchScope ` + -Filter {(SamAccountName -eq $Username) -or (DisplayName -eq $Username) -or (DistinguishedName -eq $Username) -or (UserPrincipalName -eq $Username)} -ErrorAction Stop + } + if($null -ne $Script:User){ + $Out='' + if($NeverExpires -eq $true){ + if($PSCmdlet.ParameterSetName -eq "Remote Jumphost"){ + Set-ADUser -Identity $Script:User.SamAccountName -Credential $DomainAccount -AuthType $AuthType -Server $Script:Domain.PDCEmulator -AccountExpirationDate $null -ErrorAction Stop + } + else { + Set-ADUser -Identity $Script:User.SamAccountName -AuthType $AuthType -Server $Script:Domain.PDCEmulator -AccountExpirationDate $null -ErrorAction Stop + } + } + else{ + [datetime]$start = New-Object DateTime $Year, $Month, $Day + if($start.ToFileTimeUtc() -lt [DateTime]::Now.ToFileTimeUtc()){ + Throw "Expiration date is in the past" + } + if($PSCmdlet.ParameterSetName -eq "Remote Jumphost"){ + Set-ADUser -Identity $Script:User.SamAccountName -Credential $DomainAccount -AuthType $AuthType -Server $Script:Domain.PDCEmulator -AccountExpirationDate $start -ErrorAction Stop + } + else { + Set-ADUser -Identity $Script:User.SamAccountName -AuthType $AuthType -Server $Script:Domain.PDCEmulator -AccountExpirationDate $start -ErrorAction Stop + } + } + Start-Sleep -Seconds 5 # wait + if($PSCmdlet.ParameterSetName -eq "Remote Jumphost"){ + $Script:User = Get-ADUser -Identity $Script:User.SAMAccountName -Properties * -Credential $DomainAccount -AuthType $AuthType -Server $Script:Domain.PDCEmulator + } + else{ + $Script:User = Get-ADUser -Identity $Script:User.SAMAccountName -Properties * -AuthType $AuthType -Server $Script:Domain.PDCEmulator + } + if([System.String]::IsNullOrWhiteSpace($Script:User.AccountExpirationDate)){ + $Out = "Account for user $($Username) never expires" + } + else{ + $Out=[System.TimeZone]::CurrentTimeZone.ToLocalTime([System.DateTime]::FromFileTimeUtc($Script:User.accountExpires)) + $Out = "Account for user $($Username) expires on the $($Out). Please inform the user in time." + } + if($SRXEnv) { + $SRXEnv.ResultMessage = $Out + } + else { + Write-Output $Out + } + } + else{ + if($SRXEnv) { + $SRXEnv.ResultMessage = "User $($Username) not found" + } + Throw "User $($Username) not found" + } +} +catch{ + throw +} +finally{ +} \ No newline at end of file diff --git a/README.md b/README.md index 1604ddd..479955e 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -# Team Develpoment +# Team Development An introductory example of developing scripts for ScriptRunner in the team on GitHub.