0 votes

is it possible to register new domain with Active Directory Module Cmdlets ?

and

is it possible to modify/configure password policies with Active Directory Module Cmdlet ?

Thx.

by (360 points)

1 Answer

0 votes
by (18.0k points)

Hello,

No, unfortunately there are no cmdlets for registering managed domains and configuring password policies.
However, you can use Adaxes ADSI API in your PowerShell script for this purpose (we can provide you with sample scripts).

Here is a list of Adaxes cmdlets: PowerShell Module

0

yes, I want an example

thx.

0

Hello,

Here's a sample script that shows how to register a domain with the help of Adaxes ADSI API:

[Reflection.Assembly]::LoadWithPartialName("Softerra.Adaxes.Adsi")

$domainFqdn = "mydomain.com" # TODO: modify me
$adminCredential = Get-Credential "MYDOMAIN\Administrator" # TODO: modify me

# Connect to the Adaxes service
$admNS = New-Object "Softerra.Adaxes.Adsi.AdmNamespace"
$admService = $admNS.GetServiceDirectly("localhost")

# Bind to the 'Managed Domains' container
$managedDomainsPath = $admService.Backend.GetConfigurationContainerPath(
    "ManagedDomains")
$managedDomainsContainer = $admService.OpenObject($managedDomainsPath, $NULL, $NULL, 0)

# Create a new managed domain
$managedDomain = $managedDomainsContainer.Create("adm-ManagedDomain", "DC=$domainFqdn")
$managedDomain.SetInfo()

# Provide logon information
$user = $adminCredential.UserName
$password = [Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToBSTR($adminCredential.Password))
$managedDomain.Register($user, $password)

In the script:

  • $domainFqdn - the FQDN of the domain that you are trying to register,
  • $adminCredential - the credentials that will be used by Adaxes to connect to the domain and perform operations in it.

As to the script dealing with Password Self-Service Policies, it will take more time to complete. Since we are on the very final stages of preparing for the Adaxes 2013.1 release, our script guy is overloaded with urgent tasks. Sorry for the inconvenience, but we'll be able to make the second sample script only after the new release is available.

By the way, can you clarify on how specifically would you like to configure Password Self-Service Policies with scripts? Can you describe your tasks in more detail?

0

Hello,

I have a problem when I execute the script.

PS C:\Users\Administrateur> # Create a new managed domain
PS C:\Users\Administrateur> $managedDomain = $managedDomainsContainer.Create("adm-ManagedDomain", "DC=$domainFqdn")
PS C:\Users\Administrateur> $managedDomain.SetInfo()
Exception lors de l'appel de « SetInfo » avec « 0 » argument(s) : « Command Processor 'Access Control Processor' threw an exception when processing the command.
Could not acquire a connection for 'BODI-ADMANAGER.bodi.local:12750'. 3 attempts have been made. Connection pool is full.
Below is the connection pool items dump:
Directory: BODI-ADMANAGER.bodi.local:12750; Busy: True; Last access: 23/04/2013 10:44:47; Client: #Fc.#8c
Directory: BODI-ADMANAGER.bodi.local:12750; Busy: True; Last access: 23/04/2013 10:49:21; Client: #Fc.#8c
Directory: BODI-ADMANAGER.bodi.local:12750; Busy: True; Last access: 23/04/2013 10:44:47; Client: #Fc.#8c
Directory: BODI-ADMANAGER.bodi.local:12750; Busy: True; Last access: 23/04/2013 10:44:47; Client: #Fc.#8c
Directory: BODI-ADMANAGER.bodi.local:12750; Busy: True; Last access: 23/04/2013 10:44:47; Client: #Fc.#8c
Directory: BODI-ADMANAGER.bodi.local:12750; Busy: True; Last access: 23/04/2013 10:44:47; Client: #Fc.#8c
Directory: BODI-ADMANAGER.bodi.local:12750; Busy: True; Last access: 23/04/2013 10:49:21; Client: #Fc.#8c
Directory: BODI-ADMANAGER.bodi.local:12750; Busy: True; Last access: 23/04/2013 10:49:21; Client: #Fc.#8c
Directory: BODI-ADMANAGER.bodi.local:12750; Busy: True; Last access: 23/04/2013 10:49:21; Client: #Fc.#8c
Directory: BODI-ADMANAGER.bodi.local:12750; Busy: True; Last access: 23/04/2013 10:49:21; Client: #Fc.#8c
Directory: BODI-ADMANAGER.bodi.local:12750; Busy: True; Last access: 23/04/2013 10:49:21; Client: #Fc.#8c
Directory: BODI-ADMANAGER.bodi.local:12750; Busy: True; Last access: 23/04/2013 10:49:21; Client: #Fc.#8c
Directory: BODI-ADMANAGER.bodi.local:12750; Busy: True; Last access: 23/04/2013 10:49:21; Client: #Fc.#8c
Directory: BODI-ADMANAGER.bodi.local:12750; Busy: True; Last access: 23/04/2013 10:49:21; Client: #Fc.#8c
Directory: BODI-ADMANAGER.bodi.local:12750; Busy: True; Last access: 23/04/2013 10:49:21; Client: #Fc.#8c
Directory: BODI-ADMANAGER.bodi.local:12750; Busy: True; Last access: 23/04/2013 10:49:21; Client: #Fc.#8c
Directory: BODI-ADMANAGER.bodi.local:12750; Busy: True; Last access: 23/04/2013 10:49:21; Client: #Fc.#8c
Directory: BODI-ADMANAGER.bodi.local:12750; Busy: True; Last access: 23/04/2013 10:49:21; Client: #Fc.#8c
Directory: BODI-ADMANAGER.bodi.local:12750; Busy: True; Last access: 23/04/2013 10:49:21; Client: #Fc.#8c
Directory: BODI-ADMANAGER.bodi.local:12750; Busy: True; Last access: 23/04/2013 10:49:21; Client: #Fc.#8c. »
Au niveau de ligne : 1 Caractère : 23
+ $managedDomain.SetInfo <<<< ()
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : DotNetMethodException

PS C:\Users\Administrateur>
PS C:\Users\Administrateur> # Provide logon information
PS C:\Users\Administrateur> $user = $adminCredential.UserName
PS C:\Users\Administrateur> $password = [Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToBSTR($adminCredential.Password))
PS C:\Users\Administrateur> $managedDomain.Register($user, $password)
Exception lors de l'appel de « Register » avec « 2 » argument(s) : « Parameter must be a null reference if the object is created. »
Au niveau de ligne : 1 Caractère : 24
+ $managedDomain.Register <<<< ($user, $password)
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : DotNetMethodException

0

Hello,

It looks like you are attempting to launch the script multiple times in a short period of time. The thing is that the PowerShell console holds connections open for some time. Try waiting for a couple of minutes after launching the script.

0

now, i have this error :

PS C:\Users\Administrateur> [Reflection.Assembly]::LoadWithPartialName("Softerra.Adaxes.Adsi")

GAC Version Location
--- ------- --------
True v2.0.50727 C:\Windows\assembly\GAC_MSIL\Softerra.Adaxes.Adsi\3.3.8906.0__43a637781bd9a3c2\Softerra.Adaxes.Adsi.dll

PS C:\Users\Administrateur>
PS C:\Users\Administrateur> $domainFqdn = "oranfresh.local" # TODO: modify me
PS C:\Users\Administrateur> $adminCredential = Get-Credential "oranfresh\Administrateur" # TODO: modify me
PS C:\Users\Administrateur>
PS C:\Users\Administrateur> # Connect to the Adaxes service
PS C:\Users\Administrateur> $admNS = New-Object "Softerra.Adaxes.Adsi.AdmNamespace"
PS C:\Users\Administrateur> $admService = $admNS.GetServiceDirectly("localhost")
PS C:\Users\Administrateur>
PS C:\Users\Administrateur> # Bind to the 'Managed Domains' container
PS C:\Users\Administrateur> $managedDomainsPath = $admService.Backend.GetConfigurationContainerPath("ManagedDomains")
PS C:\Users\Administrateur> $managedDomainsContainer = $admService.OpenObject($managedDomainsPath, $NULL, $NULL, 0)
PS C:\Users\Administrateur>
PS C:\Users\Administrateur> # Create a new managed domain
PS C:\Users\Administrateur> $managedDomain = $managedDomainsContainer.Create("adm-ManagedDomain", "DC=$domainFqdn")
PS C:\Users\Administrateur> $managedDomain.SetInfo()
Exception lors de l'appel de « SetInfo » avec « 0 » argument(s) : « 'oranfresh.local' is not operational. »
Au niveau de ligne : 1 Caractère : 23
+ $managedDomain.SetInfo <<<< ()
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : DotNetMethodException

PS C:\Users\Administrateur>
PS C:\Users\Administrateur> # Provide logon information
PS C:\Users\Administrateur> $user = $adminCredential.UserName
PS C:\Users\Administrateur> $password = [Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToBSTR($adminCr
PS C:\Users\Administrateur> $managedDomain.Register($user, $password)
Exception lors de l'appel de « Register » avec « 2 » argument(s) : « Parameter must be a null reference if the object is created. »
Au niveau de ligne : 1 Caractère : 24
+ $managedDomain.Register <<<< ($user, $password)
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : DotNetMethodException

0

Hello,

The actual error is 'oranfresh.local' is not operational. Make sure the domain is available.
Also, I suggest you execute the script using Windows PowerShell ISE.

0

Ok, problem of DNS for the new domain.

thx.

0

For the other script, I would like to change the default password policy : Complex : no , Min Age : disable ......

0

Hello,

Here you go:

[Reflection.Assembly]::LoadWithPartialName("Softerra.Adaxes.Adsi")

$admNS = New-Object "Softerra.Adaxes.Adsi.AdmNamespace"
$admService = $admNS.GetServiceDirectly("localhost")

# TODO: modify me
$domain = "domain.com"
$maxPwdAgeDays = 55                 # Max password age (days)
$minPwdAgeDays = 5                  # Min password age (days)
$minPwdLen = 8                      # Min password length
$pwdComplexity = $True              # Password complexity
$pwdHistoryLen = 24                 # Password history length
$maxBadPasswordsAllowed = 15        # Lock account after N attempts
$lockoutObservationMins = 35        # Reset failed attempt counter after (minutes)
$lockoutDurationMins = 50           # Automatically unlock after (minutes)

# Bind to the domain
$domain = $admService.OpenObject("Adaxes://$domain", $NULL  $NULL, 0)

# Update the Defaut Domain Password Policy
[Softerra.Adaxes.Adsi.AdsLargeInteger]$maxAge = New-Object Softerra.Adaxes.Adsi.AdsLargeInteger([Int64]$maxPwdAgeDays * 60 * 60 * 24 * -10000000)
$domain.Put("maxPwdAge", $maxAge)
[Softerra.Adaxes.Adsi.AdsLargeInteger]$minAge = New-Object Softerra.Adaxes.Adsi.AdsLargeInteger([Int64]$minPwdAgeDays * 60 * 60 * 24 * -10000000)
$domain.Put("minPwdAge", $minAge)

$domain.MinPasswordLength = $minPwdLen

$passwordAttrs = 0 # PASSWORD_ATTR_NONE
if ($pwdComplexity)
{
    $passwordAttrs = $passwordAttrs -bor 1 # DOMAIN_PASSWORD_COMPLEX
}
$domain.Put("pwdProperties", $passwordAttrs)

$domain.PasswordHistoryLength = $pwdHistoryLen

$domain.MaxBadPasswordsAllowed = $maxBadPasswordsAllowed

[Softerra.Adaxes.Adsi.AdsLargeInteger]$lockoutWindow = New-Object Softerra.Adaxes.Adsi.AdsLargeInteger([Int64]$lockoutObservationMins * 60 * -10000000)
$domain.Put("lockOutObservationWindow", $lockoutWindow)

[Softerra.Adaxes.Adsi.AdsLargeInteger]$autoUnlock = New-Object Softerra.Adaxes.Adsi.AdsLargeInteger([Int64]$lockoutDurationMins * 60 * -10000000)
$domain.Put("lockoutDuration", $autoUnlock)

# Commit changes
$domain.SetInfo()

Related questions

0 votes
1 answer

My role as a developer require a form submission with Adaxes to get JIT (just in time) access to an client environment, I want to need guidance to form submission with the Adaxes PowerShell module.

asked Nov 19, 2020 by spencer.nicol (20 points)
0 votes
1 answer

Hi all, I got a script that works, but is kinda finicky: $memberListProperty = "adm-CustomAttributeTextMultiValue1" try { $records = $Context.TargetObject.GetEx($memberListProperty) } ... = "fraisalan.ch" } Thank you for your help! Best regards Benjamin

asked Oct 17 by basshunter98 (20 points)
0 votes
1 answer

The individualmodule for PnP if upgraded to 2.2 in non PowerShell 7 breaks in Adaxers. Previous versions of Powershell will not allow the 2.2 PnP version to connect which is ... to make this work but if it is deprecated by MS, then we will lose functionality.

asked Aug 16, 2023 by nick.boehm (20 points)
0 votes
1 answer

Are PowerShell commands supposed to show up in the programming interface after adding the module to the Adaxes server? I've installed modules and they don't show.

asked Aug 18, 2020 by ComputerHabit (790 points)
0 votes
1 answer

In a business rule, I'd like to pass Adaxes variables into a powershell script that I'll run. For example, pass %username% into the script so it can be used inside the script.

asked Sep 5 by P-Sysadmin (20 points)
3,588 questions
3,277 answers
8,303 comments
548,087 users