Last active
March 9, 2021 20:21
-
-
Save jworkmanjc/1fc6718a4905ef94684ebb48dd3f0357 to your computer and use it in GitHub Desktop.
Invoke ADMU Migration w/ Admin Bind & System Group Bind
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# JumpCloud API Key | |
$JcApiKey = '' | |
#check csv for duplicate rows per system | |
$CSV = "C:\Windows\Temp\admu_discovery.csv" | |
$Rows = Import-CSV -Path $CSV | |
$counts = $Rows | Group-Object ComputerName | |
foreach ($i in $counts) | |
{ | |
if ($i.count -gt 1) | |
{ | |
write-error "Duplicate system found $($i.Name)" | |
} | |
} | |
#load target computers from csv | |
$Computers = @() | |
$Rows | foreach-object { $computers += ($_.ComputerName) } | |
#check network connectivity to computers | |
$ConnectionTest = $Computers | ForEach-Object { | |
Test-NetConnection -ComputerName:($_) -WarningAction:('SilentlyContinue') | |
} | |
$OnlineComputers = $ConnectionTest | Where-Object { $_.PingSucceeded } | |
$OfflineComputers = $ConnectionTest | Where-Object { -not $_.PingSucceeded } | |
foreach ( $i in $OnlineComputers ) | |
{ | |
# Select row where the computer name matches report csv | |
$System = $Rows | Where-Object ComputerName -eq $i.ComputerName | |
# Step 1 - Convert the Profile | |
$ADMUConvertSession = New-PSSession -ComputerName $System.ComputerName | |
Invoke-Command -asJob -Session $ADMUConvertSession -JobName 'ADMU-Job' -ScriptBlock { | |
Param ($SelectedUserName, $JumpCloudUserName, $TempPassword, $JumpCloudConnectKey, $AcceptEULA, $InstallJCAgent, $LeaveDomain, $ForceReboot, $AzureADProfile, $Customxml, $ConvertProfile, $CreateRestore, $JcApiKey) | |
# Logoff all users on the system | |
$quserResult = quser | |
$quserRegex = $quserResult | ForEach-Object -Process { $_ -replace '\s{2,}', ',' } | |
$quserObject = $quserRegex | ConvertFrom-Csv | |
ForEach ($session In $quserObject) | |
{ | |
logoff.exe $session.ID | |
} | |
# Install the ADMU | |
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 | |
Install-PackageProvider -Name NuGet -Force | |
Install-Module JumpCloud.ADMU -Force | |
# Convert Strings to Bools | |
$AcceptEULA = ([System.Convert]::ToBoolean($AcceptEULA)) | |
$LeaveDomain = ([System.Convert]::ToBoolean($LeaveDomain)) | |
$ForceReboot = ([System.Convert]::ToBoolean($ForceReboot)) | |
$AzureADProfile = ([System.Convert]::ToBoolean($AzureADProfile)) | |
$InstallJCAgent = ([System.Convert]::ToBoolean($InstallJCAgent)) | |
$Customxml = ([System.Convert]::ToBoolean($Customxml)) | |
$ConvertProfile = ([System.Convert]::ToBoolean($ConvertProfile)) | |
$CreateRestore = ([System.Convert]::ToBoolean($CreateRestore)) | |
# Start Migration | |
Set-ExecutionPolicy -ExecutionPolicy Bypass | |
# TODO: Deselect or don't pass in forceReboot | |
Start-Migration -SelectedUserName $SelectedUserName -JumpCloudUserName $JumpCloudUserName -TempPassword $TempPassword -JumpCloudConnectKey $JumpCloudConnectKey -AcceptEULA $AcceptEULA -InstallJCAgent $InstallJCAgent -LeaveDomain $LeaveDomain -ForceReboot $ForceReboot -AZureADProfile $AzureADProfile -ConvertProfile $ConvertProfile -CreateRestore $CreateRestore | |
# Step 2 - Bind User Steps | |
# Get the JumpCloud SystemKey | |
$config = get-content 'C:\Program Files\JumpCloud\Plugins\Contrib\jcagent.conf' | |
$regex = 'systemKey\":\"(\w+)\"' | |
$systemKey = [regex]::Match($config, $regex).Groups[1].Value | |
if ($systemKey){ | |
$Headers = @{ | |
'Accept' = 'application/json'; | |
'Content-Type' = 'application/json'; | |
'x-api-key' = $JcApiKey; | |
} | |
$Form = @{ | |
'filter' = "username:eq:$($JumpcloudUserName)" | |
} | |
Try{ | |
Write-Host "Getting information from SystemID: $systemKey" | |
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 | |
$Response = Invoke-WebRequest -Method 'Get' -Uri "https://console.jumpcloud.com/api/systemusers" -Headers $Headers -Body $Form -UseBasicParsing | |
$StatusCode = $Response.StatusCode | |
} | |
catch | |
{ | |
$StatusCode = $_.Exception.Response.StatusCode.value__ | |
} | |
# Get Results, convert from Json | |
$Results = $Response.Content | ConvertFrom-JSON | |
$JcUserId = $Results.results.id | |
# Bind Step | |
if ($JcUserId){ | |
$Headers = @{ | |
'Accept' = 'application/json'; | |
'x-api-key' = $JcApiKey | |
} | |
$Form = @{ | |
'op' = 'add'; | |
'type' = 'system'; | |
'id' = "$systemKey"; | |
'attributes' = @{ 'sudo' = @{'enabled' = $true; 'withoutPassword' = $false } }; | |
} | ConvertTo-Json | |
Try | |
{ | |
Write-Host "Binding $JumpcloudUserName with userId: $JcUserId to SystemID: $systemKey" | |
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 | |
$Response = Invoke-WebRequest -Method 'Post' -Uri "https://console.jumpcloud.com/api/v2/users/$JcUserId/associations" -Headers $Headers -Body $Form -ContentType 'application/json' -UseBasicParsing | |
$StatusCode = $Response.StatusCode | |
} | |
catch | |
{ | |
$StatusCode = $_.Exception.Response.StatusCode.value__ | |
} | |
} | |
else { | |
Write-Host "Cound not bind user/ JumpCloudUsername did not exist in JC Directory" | |
} | |
# Add system to System Group | |
$systemGroupID = '5f748ff01f2475095a64ecac' | |
if ($systemGroupID){ | |
$Headers = @{ | |
'Accept' = 'application/json'; | |
'x-api-key' = $JcApiKey | |
} | |
$Form = @{ | |
'op' = 'add'; | |
'type' = 'system'; | |
'id' = "$systemKey" | |
} | ConvertTo-Json | |
Try | |
{ | |
Write-Host "Adding $systemKey to group with ID: $systemGroupID" | |
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 | |
$Response = Invoke-WebRequest -Method 'Post' -Uri "https://console.jumpcloud.com/api/v2/systemgroups/$systemGroupID/members" -Headers $Headers -Body $Form -ContentType 'application/json' -UseBasicParsing | |
$StatusCode = $Response.StatusCode | |
} | |
catch | |
{ | |
$StatusCode = $_.Exception.Response.StatusCode.value__ | |
} | |
} | |
} | |
else{ | |
Write-Host "Could not find systemKey, aborting bind step" | |
} | |
# Force Reboot | |
Write-Host "Rebooting as Job" | |
Restart-Computer -Force -asJob | |
} -ArgumentList ($System.SelectedUserName, $System.JumpCloudUserName, $System.TempPassword, $System.JumpCloudConnectKey, $System.AcceptEULA, $System.InstallJCAgent, $System.LeaveDomain, $System.ForceReboot, $System.AzureADProfile, $System.Customxml, $System.ConvertProfile, $System.CreateRestore, $JcApiKey) | |
} | |
$confirmation = Read-Host "Do you want to remove all completed psjobs and sessions: (y/n)" | |
if ($confirmation -eq 'y') | |
{ | |
Get-Job | Remove-Job | |
Get-PSSession | Remove-PSSession | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment