Posted On July 23, 2019

PowerShell: Obtain Domain Admin Credential

kimconnect 0 comments
blog.KimConnect.com >> Codes >> PowerShell: Obtain Domain Admin Credential
July 23, 2019July 23, 2019 kimconnectkimconnect 0 Comments

This little snippet is reusable as an appendix to other scripts since Domain Admin access is required by many scripted operations.

# Check whether a given username matches the list of Domain Admins
function validateDomainAdminMembership{
    param (
        [string]$username
    )
    $matchedAdmin=$username -in $domainAdmins
    if($matchedAdmin){
        Write-Host "$username is a Domain Admin";
        return $True;
        }else{
       Write-Host "$username not a Domain Admin.";
       return $False;
       }
}

function testCredential{
  param (
      [string]$username,
      [string]$password
  )
  $plaintextPassword = (New-Object System.Management.Automation.PSCredential 'N/A',$providedPassword).GetNetworkCredential().Password
  $domainBindTest = (New-Object System.DirectoryServices.DirectoryEntry($domainObject,$username,$plaintextPassword)).DistinguishedName
  if ($domainBindTest){return $True;} else{Return $False;}
}

function obtainDomainAdminCred{
	$domainAdmins=(Get-ADGroupMember -Identity "Domain Admins" -Recursive | %{Get-ADUser -Identity $_.distinguishedName} | Where-Object {$_.Enabled -eq $True}).SamAccountName
  $global:cred=$False
  do {
    $providedID=Read-Host -Prompt 'Input a domain admin username'
    if (validateDomainAdminMembership $providedID){
      $providedPassword = Read-Host -assecurestring "Please enter the password"
      #$providedPassword = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto([System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($password))
      #$providedCredential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $providedID,$providedPassword
      $goodCredential=testCredential -username $providedID -password $providedPassword
      if($goodCredential){
        "Domain Admin Credential validated!";
        $global:cred=New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $providedID,$providedPassword;
         #return $True;
         }
         else{   
         "Password doesn't match.";
         $global:cred=$False;
         #return $False;
         }
    }else{
    "Try again..."
    #return $False;
    }
  } until ($cred) 
}

function validateCurrentAccountAsDomainAdmin{
        if((whoami /groups) -match 'domain admins'){
        "This account is a Domain Admins member"; 
        return $True;
        }else{"This account is NOT a Domain Admins member";return $False;}
}

If(!(validateCurrentAccountAsDomainAdmin)){obtainDomainAdminCred;}
Categories:

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Post

Post Image

Read More

PowerShell: Windows Servers Systems Inventory

Version 0.03 <# Systems-Inventory.ps1Version: 0.03 -- deprecated 12/24/2019Purpose: to generate a CSV spreadsheet with information…
Post Image

Read More

PowerShell: Microsoft Exchange Admin Reports

Function importExchangeModule{ $snapinLoaded = (get-pssnapin microsoft.exchange.management.* -ErrorAction SilentlyContinue).Name $exchangeVersion=(GCM Exsetup.exe | % {$_.FileVersionInfo}).ProductVersion $exchangeVersionMajor=$exchangeVersion.Substring(0,2); $exchangeVersionMinor=$exchangeVersion.Substring(3,2);…
Post Image

Read More

PowerShell: Comparing 2 Directories

# Set source and destination$source="C:\temp"$destination="C:\tempcopy"# Mirror the 2 directoriesrobocopy $source $destination /MIR /R:0 /NP# create…