Adaxes

Module powershell for Adaxes

0 votes

is it possible to register new domain with Active Directory Module Cmdlets ?

and

is it possible to modify/configure password policies with Active Directory Module Cmdlet ?

Thx.

by (360 points)

1 Answer

0 votes
by (18.0k points)

Hello,

No, unfortunately there are no cmdlets for registering managed domains and configuring password policies.
However, you can use Adaxes ADSI API in your PowerShell script for this purpose (we can provide you with sample scripts).

Here is a list of Adaxes cmdlets: PowerShell Module

0

yes, I want an example

thx.

by (360 points)
0

Hello,

Here's a sample script that shows how to register a domain with the help of Adaxes ADSI API:

[Reflection.Assembly]::LoadWithPartialName("Softerra.Adaxes.Adsi")

$domainFqdn = "mydomain.com" # TODO: modify me
$adminCredential = Get-Credential "MYDOMAIN\Administrator" # TODO: modify me

# Connect to the Adaxes service
$admNS = New-Object "Softerra.Adaxes.Adsi.AdmNamespace"
$admService = $admNS.GetServiceDirectly("localhost")

# Bind to the 'Managed Domains' container
$managedDomainsPath = $admService.Backend.GetConfigurationContainerPath(
    "ManagedDomains")
$managedDomainsContainer = $admService.OpenObject($managedDomainsPath, $NULL, $NULL, 0)

# Create a new managed domain
$managedDomain = $managedDomainsContainer.Create("adm-ManagedDomain", "DC=$domainFqdn")
$managedDomain.SetInfo()

# Provide logon information
$user = $adminCredential.UserName
$password = [Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToBSTR($adminCredential.Password))
$managedDomain.Register($user, $password)

In the script:

  • $domainFqdn - the FQDN of the domain that you are trying to register,
  • $adminCredential - the credentials that will be used by Adaxes to connect to the domain and perform operations in it.

As to the script dealing with Password Self-Service Policies, it will take more time to complete. Since we are on the very final stages of preparing for the Adaxes 2013.1 release, our script guy is overloaded with urgent tasks. Sorry for the inconvenience, but we'll be able to make the second sample script only after the new release is available.

By the way, can you clarify on how specifically would you like to configure Password Self-Service Policies with scripts? Can you describe your tasks in more detail?

by (216k points)
0

Hello,

I have a problem when I execute the script.

PS C:\Users\Administrateur> # Create a new managed domain
PS C:\Users\Administrateur> $managedDomain = $managedDomainsContainer.Create("adm-ManagedDomain", "DC=$domainFqdn")
PS C:\Users\Administrateur> $managedDomain.SetInfo()
Exception lors de l'appel de « SetInfo » avec « 0 » argument(s) : « Command Processor 'Access Control Processor' threw an exception when processing the command.
Could not acquire a connection for 'BODI-ADMANAGER.bodi.local:12750'. 3 attempts have been made. Connection pool is full.
Below is the connection pool items dump:
Directory: BODI-ADMANAGER.bodi.local:12750; Busy: True; Last access: 23/04/2013 10:44:47; Client: #Fc.#8c
Directory: BODI-ADMANAGER.bodi.local:12750; Busy: True; Last access: 23/04/2013 10:49:21; Client: #Fc.#8c
Directory: BODI-ADMANAGER.bodi.local:12750; Busy: True; Last access: 23/04/2013 10:44:47; Client: #Fc.#8c
Directory: BODI-ADMANAGER.bodi.local:12750; Busy: True; Last access: 23/04/2013 10:44:47; Client: #Fc.#8c
Directory: BODI-ADMANAGER.bodi.local:12750; Busy: True; Last access: 23/04/2013 10:44:47; Client: #Fc.#8c
Directory: BODI-ADMANAGER.bodi.local:12750; Busy: True; Last access: 23/04/2013 10:44:47; Client: #Fc.#8c
Directory: BODI-ADMANAGER.bodi.local:12750; Busy: True; Last access: 23/04/2013 10:49:21; Client: #Fc.#8c
Directory: BODI-ADMANAGER.bodi.local:12750; Busy: True; Last access: 23/04/2013 10:49:21; Client: #Fc.#8c
Directory: BODI-ADMANAGER.bodi.local:12750; Busy: True; Last access: 23/04/2013 10:49:21; Client: #Fc.#8c
Directory: BODI-ADMANAGER.bodi.local:12750; Busy: True; Last access: 23/04/2013 10:49:21; Client: #Fc.#8c
Directory: BODI-ADMANAGER.bodi.local:12750; Busy: True; Last access: 23/04/2013 10:49:21; Client: #Fc.#8c
Directory: BODI-ADMANAGER.bodi.local:12750; Busy: True; Last access: 23/04/2013 10:49:21; Client: #Fc.#8c
Directory: BODI-ADMANAGER.bodi.local:12750; Busy: True; Last access: 23/04/2013 10:49:21; Client: #Fc.#8c
Directory: BODI-ADMANAGER.bodi.local:12750; Busy: True; Last access: 23/04/2013 10:49:21; Client: #Fc.#8c
Directory: BODI-ADMANAGER.bodi.local:12750; Busy: True; Last access: 23/04/2013 10:49:21; Client: #Fc.#8c
Directory: BODI-ADMANAGER.bodi.local:12750; Busy: True; Last access: 23/04/2013 10:49:21; Client: #Fc.#8c
Directory: BODI-ADMANAGER.bodi.local:12750; Busy: True; Last access: 23/04/2013 10:49:21; Client: #Fc.#8c
Directory: BODI-ADMANAGER.bodi.local:12750; Busy: True; Last access: 23/04/2013 10:49:21; Client: #Fc.#8c
Directory: BODI-ADMANAGER.bodi.local:12750; Busy: True; Last access: 23/04/2013 10:49:21; Client: #Fc.#8c
Directory: BODI-ADMANAGER.bodi.local:12750; Busy: True; Last access: 23/04/2013 10:49:21; Client: #Fc.#8c. »
Au niveau de ligne : 1 Caractère : 23
+ $managedDomain.SetInfo <<<< ()
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : DotNetMethodException

PS C:\Users\Administrateur>
PS C:\Users\Administrateur> # Provide logon information
PS C:\Users\Administrateur> $user = $adminCredential.UserName
PS C:\Users\Administrateur> $password = [Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToBSTR($adminCredential.Password))
PS C:\Users\Administrateur> $managedDomain.Register($user, $password)
Exception lors de l'appel de « Register » avec « 2 » argument(s) : « Parameter must be a null reference if the object is created. »
Au niveau de ligne : 1 Caractère : 24
+ $managedDomain.Register <<<< ($user, $password)
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : DotNetMethodException

by (360 points)
0

Hello,

It looks like you are attempting to launch the script multiple times in a short period of time. The thing is that the PowerShell console holds connections open for some time. Try waiting for a couple of minutes after launching the script.

by (216k points)
0

now, i have this error :

PS C:\Users\Administrateur> [Reflection.Assembly]::LoadWithPartialName("Softerra.Adaxes.Adsi")

GAC Version Location
--- ------- --------
True v2.0.50727 C:\Windows\assembly\GAC_MSIL\Softerra.Adaxes.Adsi\3.3.8906.0__43a637781bd9a3c2\Softerra.Adaxes.Adsi.dll

PS C:\Users\Administrateur>
PS C:\Users\Administrateur> $domainFqdn = "oranfresh.local" # TODO: modify me
PS C:\Users\Administrateur> $adminCredential = Get-Credential "oranfresh\Administrateur" # TODO: modify me
PS C:\Users\Administrateur>
PS C:\Users\Administrateur> # Connect to the Adaxes service
PS C:\Users\Administrateur> $admNS = New-Object "Softerra.Adaxes.Adsi.AdmNamespace"
PS C:\Users\Administrateur> $admService = $admNS.GetServiceDirectly("localhost")
PS C:\Users\Administrateur>
PS C:\Users\Administrateur> # Bind to the 'Managed Domains' container
PS C:\Users\Administrateur> $managedDomainsPath = $admService.Backend.GetConfigurationContainerPath("ManagedDomains")
PS C:\Users\Administrateur> $managedDomainsContainer = $admService.OpenObject($managedDomainsPath, $NULL, $NULL, 0)
PS C:\Users\Administrateur>
PS C:\Users\Administrateur> # Create a new managed domain
PS C:\Users\Administrateur> $managedDomain = $managedDomainsContainer.Create("adm-ManagedDomain", "DC=$domainFqdn")
PS C:\Users\Administrateur> $managedDomain.SetInfo()
Exception lors de l'appel de « SetInfo » avec « 0 » argument(s) : « 'oranfresh.local' is not operational. »
Au niveau de ligne : 1 Caractère : 23
+ $managedDomain.SetInfo <<<< ()
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : DotNetMethodException

PS C:\Users\Administrateur>
PS C:\Users\Administrateur> # Provide logon information
PS C:\Users\Administrateur> $user = $adminCredential.UserName
PS C:\Users\Administrateur> $password = [Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToBSTR($adminCr
PS C:\Users\Administrateur> $managedDomain.Register($user, $password)
Exception lors de l'appel de « Register » avec « 2 » argument(s) : « Parameter must be a null reference if the object is created. »
Au niveau de ligne : 1 Caractère : 24
+ $managedDomain.Register <<<< ($user, $password)
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : DotNetMethodException

by (360 points)
0

Hello,

The actual error is 'oranfresh.local' is not operational. Make sure the domain is available.
Also, I suggest you execute the script using Windows PowerShell ISE.

by (18.0k points)
0

Ok, problem of DNS for the new domain.

thx.

by (360 points)
0

For the other script, I would like to change the default password policy : Complex : no , Min Age : disable ......

by (360 points)
0

Hello,

Here you go:

[Reflection.Assembly]::LoadWithPartialName("Softerra.Adaxes.Adsi")

$admNS = New-Object "Softerra.Adaxes.Adsi.AdmNamespace"
$admService = $admNS.GetServiceDirectly("localhost")

# TODO: modify me
$domain = "domain.com"
$maxPwdAgeDays = 55                 # Max password age (days)
$minPwdAgeDays = 5                  # Min password age (days)
$minPwdLen = 8                      # Min password length
$pwdComplexity = $True              # Password complexity
$pwdHistoryLen = 24                 # Password history length
$maxBadPasswordsAllowed = 15        # Lock account after N attempts
$lockoutObservationMins = 35        # Reset failed attempt counter after (minutes)
$lockoutDurationMins = 50           # Automatically unlock after (minutes)

# Bind to the domain
$domain = $admService.OpenObject("Adaxes://$domain", $NULL  $NULL, 0)

# Update the Defaut Domain Password Policy
[Softerra.Adaxes.Adsi.AdsLargeInteger]$maxAge = New-Object Softerra.Adaxes.Adsi.AdsLargeInteger([Int64]$maxPwdAgeDays * 60 * 60 * 24 * -10000000)
$domain.Put("maxPwdAge", $maxAge)
[Softerra.Adaxes.Adsi.AdsLargeInteger]$minAge = New-Object Softerra.Adaxes.Adsi.AdsLargeInteger([Int64]$minPwdAgeDays * 60 * 60 * 24 * -10000000)
$domain.Put("minPwdAge", $minAge)

$domain.MinPasswordLength = $minPwdLen

$passwordAttrs = 0 # PASSWORD_ATTR_NONE
if ($pwdComplexity)
{
    $passwordAttrs = $passwordAttrs -bor 1 # DOMAIN_PASSWORD_COMPLEX
}
$domain.Put("pwdProperties", $passwordAttrs)

$domain.PasswordHistoryLength = $pwdHistoryLen

$domain.MaxBadPasswordsAllowed = $maxBadPasswordsAllowed

[Softerra.Adaxes.Adsi.AdsLargeInteger]$lockoutWindow = New-Object Softerra.Adaxes.Adsi.AdsLargeInteger([Int64]$lockoutObservationMins * 60 * -10000000)
$domain.Put("lockOutObservationWindow", $lockoutWindow)

[Softerra.Adaxes.Adsi.AdsLargeInteger]$autoUnlock = New-Object Softerra.Adaxes.Adsi.AdsLargeInteger([Int64]$lockoutDurationMins * 60 * -10000000)
$domain.Put("lockoutDuration", $autoUnlock)

# Commit changes
$domain.SetInfo()
by (18.0k points)

Related questions

0 votes
1 answer
Use the Adaxes PowerShell SDK Module for JIT Form Submission

My role as a developer require a form submission with Adaxes to get JIT (just in time) access to an client environment, I want to need guidance to form submission with the Adaxes PowerShell module.

asked Nov 19, 2020 by spencer.nicol (20 points)
0 votes
1 answer
Using Powershell Module for Cloud and On-Prem

Hi all, I got a script that works, but is kinda finicky: $memberListProperty = "adm-CustomAttributeTextMultiValue1" try { $records = $Context.TargetObject.GetEx($memberListProperty) } ... = "fraisalan.ch" } Thank you for your help! Best regards Benjamin

asked Oct 17 by basshunter98 (20 points)
0 votes
1 answer
Does Adaxes plan to upgrade the PnP PowerShell module to 2.2?

The individualmodule for PnP if upgraded to 2.2 in non PowerShell 7 breaks in Adaxers. Previous versions of Powershell will not allow the 2.2 PnP version to connect which is ... to make this work but if it is deprecated by MS, then we will lose functionality.

asked Aug 16, 2023 by nick.boehm (20 points)
0 votes
1 answer
Are PowerShell commands supposed to show up in the programming interface after adding the module to the Adaxes server?

Are PowerShell commands supposed to show up in the programming interface after adding the module to the Adaxes server? I've installed modules and they don't show.

asked Aug 18, 2020 by ComputerHabit (790 points)
0 votes
1 answer
How to pass Adaxes variables (%username% as an example) into a powershell script for a business rule?

In a business rule, I'd like to pass Adaxes variables into a powershell script that I'll run. For example, pass %username% into the script so it can be used inside the script.

asked Sep 5 by P-Sysadmin (20 points)
3,541 questions
3,232 answers
8,225 comments
547,802 users