Skip to content

Instantly share code, notes, and snippets.

@jworkmanjc
Last active March 9, 2021 20:21
Show Gist options
  • Save jworkmanjc/1fc6718a4905ef94684ebb48dd3f0357 to your computer and use it in GitHub Desktop.
Save jworkmanjc/1fc6718a4905ef94684ebb48dd3f0357 to your computer and use it in GitHub Desktop.
Invoke ADMU Migration w/ Admin Bind & System Group Bind
# JumpCloud API Key
$JcApiKey = ''
#check csv for duplicate rows per system
$CSV = "C:\Windows\Temp\admu_discovery.csv"
$Rows = Import-CSV -Path $CSV
$counts = $Rows | Group-Object ComputerName
foreach ($i in $counts)
{
if ($i.count -gt 1)
{
write-error "Duplicate system found $($i.Name)"
}
}
#load target computers from csv
$Computers = @()
$Rows | foreach-object { $computers += ($_.ComputerName) }
#check network connectivity to computers
$ConnectionTest = $Computers | ForEach-Object {
Test-NetConnection -ComputerName:($_) -WarningAction:('SilentlyContinue')
}
$OnlineComputers = $ConnectionTest | Where-Object { $_.PingSucceeded }
$OfflineComputers = $ConnectionTest | Where-Object { -not $_.PingSucceeded }
foreach ( $i in $OnlineComputers )
{
# Select row where the computer name matches report csv
$System = $Rows | Where-Object ComputerName -eq $i.ComputerName
# Step 1 - Convert the Profile
$ADMUConvertSession = New-PSSession -ComputerName $System.ComputerName
Invoke-Command -asJob -Session $ADMUConvertSession -JobName 'ADMU-Job' -ScriptBlock {
Param ($SelectedUserName, $JumpCloudUserName, $TempPassword, $JumpCloudConnectKey, $AcceptEULA, $InstallJCAgent, $LeaveDomain, $ForceReboot, $AzureADProfile, $Customxml, $ConvertProfile, $CreateRestore, $JcApiKey)
# Logoff all users on the system
$quserResult = quser
$quserRegex = $quserResult | ForEach-Object -Process { $_ -replace '\s{2,}', ',' }
$quserObject = $quserRegex | ConvertFrom-Csv
ForEach ($session In $quserObject)
{
logoff.exe $session.ID
}
# Install the ADMU
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
Install-PackageProvider -Name NuGet -Force
Install-Module JumpCloud.ADMU -Force
# Convert Strings to Bools
$AcceptEULA = ([System.Convert]::ToBoolean($AcceptEULA))
$LeaveDomain = ([System.Convert]::ToBoolean($LeaveDomain))
$ForceReboot = ([System.Convert]::ToBoolean($ForceReboot))
$AzureADProfile = ([System.Convert]::ToBoolean($AzureADProfile))
$InstallJCAgent = ([System.Convert]::ToBoolean($InstallJCAgent))
$Customxml = ([System.Convert]::ToBoolean($Customxml))
$ConvertProfile = ([System.Convert]::ToBoolean($ConvertProfile))
$CreateRestore = ([System.Convert]::ToBoolean($CreateRestore))
# Start Migration
Set-ExecutionPolicy -ExecutionPolicy Bypass
# TODO: Deselect or don't pass in forceReboot
Start-Migration -SelectedUserName $SelectedUserName -JumpCloudUserName $JumpCloudUserName -TempPassword $TempPassword -JumpCloudConnectKey $JumpCloudConnectKey -AcceptEULA $AcceptEULA -InstallJCAgent $InstallJCAgent -LeaveDomain $LeaveDomain -ForceReboot $ForceReboot -AZureADProfile $AzureADProfile -ConvertProfile $ConvertProfile -CreateRestore $CreateRestore
# Step 2 - Bind User Steps
# Get the JumpCloud SystemKey
$config = get-content 'C:\Program Files\JumpCloud\Plugins\Contrib\jcagent.conf'
$regex = 'systemKey\":\"(\w+)\"'
$systemKey = [regex]::Match($config, $regex).Groups[1].Value
if ($systemKey){
$Headers = @{
'Accept' = 'application/json';
'Content-Type' = 'application/json';
'x-api-key' = $JcApiKey;
}
$Form = @{
'filter' = "username:eq:$($JumpcloudUserName)"
}
Try{
Write-Host "Getting information from SystemID: $systemKey"
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
$Response = Invoke-WebRequest -Method 'Get' -Uri "https://console.jumpcloud.com/api/systemusers" -Headers $Headers -Body $Form -UseBasicParsing
$StatusCode = $Response.StatusCode
}
catch
{
$StatusCode = $_.Exception.Response.StatusCode.value__
}
# Get Results, convert from Json
$Results = $Response.Content | ConvertFrom-JSON
$JcUserId = $Results.results.id
# Bind Step
if ($JcUserId){
$Headers = @{
'Accept' = 'application/json';
'x-api-key' = $JcApiKey
}
$Form = @{
'op' = 'add';
'type' = 'system';
'id' = "$systemKey";
'attributes' = @{ 'sudo' = @{'enabled' = $true; 'withoutPassword' = $false } };
} | ConvertTo-Json
Try
{
Write-Host "Binding $JumpcloudUserName with userId: $JcUserId to SystemID: $systemKey"
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
$Response = Invoke-WebRequest -Method 'Post' -Uri "https://console.jumpcloud.com/api/v2/users/$JcUserId/associations" -Headers $Headers -Body $Form -ContentType 'application/json' -UseBasicParsing
$StatusCode = $Response.StatusCode
}
catch
{
$StatusCode = $_.Exception.Response.StatusCode.value__
}
}
else {
Write-Host "Cound not bind user/ JumpCloudUsername did not exist in JC Directory"
}
# Add system to System Group
$systemGroupID = '5f748ff01f2475095a64ecac'
if ($systemGroupID){
$Headers = @{
'Accept' = 'application/json';
'x-api-key' = $JcApiKey
}
$Form = @{
'op' = 'add';
'type' = 'system';
'id' = "$systemKey"
} | ConvertTo-Json
Try
{
Write-Host "Adding $systemKey to group with ID: $systemGroupID"
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
$Response = Invoke-WebRequest -Method 'Post' -Uri "https://console.jumpcloud.com/api/v2/systemgroups/$systemGroupID/members" -Headers $Headers -Body $Form -ContentType 'application/json' -UseBasicParsing
$StatusCode = $Response.StatusCode
}
catch
{
$StatusCode = $_.Exception.Response.StatusCode.value__
}
}
}
else{
Write-Host "Could not find systemKey, aborting bind step"
}
# Force Reboot
Write-Host "Rebooting as Job"
Restart-Computer -Force -asJob
} -ArgumentList ($System.SelectedUserName, $System.JumpCloudUserName, $System.TempPassword, $System.JumpCloudConnectKey, $System.AcceptEULA, $System.InstallJCAgent, $System.LeaveDomain, $System.ForceReboot, $System.AzureADProfile, $System.Customxml, $System.ConvertProfile, $System.CreateRestore, $JcApiKey)
}
$confirmation = Read-Host "Do you want to remove all completed psjobs and sessions: (y/n)"
if ($confirmation -eq 'y')
{
Get-Job | Remove-Job
Get-PSSession | Remove-PSSession
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment