Created
May 17, 2024 17:45
-
-
Save Bill-Stewart/fd588bc4fd42a9cd6eaece83e465fcdc to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Reset-DhcpServerDnsCredential.ps1 | |
| # Written by Bill Stewart (bstewart AT iname.com) | |
| # Script prerequisites: PowerShell ActiveDirectory and DhcpServer modules | |
| # On a Windows server, you can meet these prerequisites by installing the | |
| # following feature administration tools found in Remote Server Administration | |
| # Tools: | |
| # * AD DS and AD LDS Tools: Active Directory Module for Windows PowerShell | |
| # * DHCP Server Tools | |
| #requires -version 3 | |
| <# | |
| .SYNOPSIS | |
| Resets the DHCP server dynamic DNS registration account password to a random password and configures all authorized DHCP servers to register DNS records using this account. | |
| .DESCRIPTION | |
| Resets the DHCP server dynamic DNS registration account password to a random password and configures all authorized DHCP servers to register DNS records using this account. | |
| .PARAMETER UserName | |
| Specifies the username of the DHCP server DNS credential account. | |
| .PARAMETER Delay | |
| Specifies a delay, in seconds, after resetting the DNS credential account password before setting the credentials in all authorized DHCP servers. The default is 5 seconds. | |
| #> | |
| [CmdletBinding()] | |
| param( | |
| [Parameter(Mandatory)] | |
| [String] | |
| $UserName, | |
| [Int] | |
| [ValidateRange(1,65535)] | |
| $Delay = 5 | |
| ) | |
| @( | |
| "ActiveDirectory" | |
| "DhcpServer" | |
| ) | Import-Module -ErrorAction Stop | |
| function Get-RandomString { | |
| param( | |
| [Int] | |
| [ValidateRange(4,255)] | |
| $length = 240 | |
| ) | |
| $byteCount = $length * 4 | |
| $bytes = New-Object Byte[] $byteCount | |
| $pRNG = New-Object Security.Cryptography.RNGCryptoServiceProvider | |
| do { | |
| $pRNG.GetBytes($bytes) | |
| $randStr = [Convert]::ToBase64String($bytes).Substring(0,$length) | |
| } | |
| until ( ($randStr -match '\+') -or ($randStr -match '\/' ) ) | |
| $randStr | |
| } | |
| # Parameters for Write-EventLog | |
| $EventLogParams = @{ | |
| "LogName" = "Application" | |
| "Source" = Split-Path $PSCommandPath -Leaf | |
| "EventId" = 100 | |
| "EntryType" = $null # [Diagnostics.EventLogEntryType] | |
| "Message" = $null | |
| } | |
| # Register event log source (ignore error if already exists) | |
| New-EventLog -LogName $EventLogParams.LogName ` | |
| -Source $EventLogParams.Source ` | |
| -ErrorAction SilentlyContinue | |
| $ADAccount = Get-ADUser $UserName | |
| if ( $null -eq $ADAccount ) { | |
| $EventLogParams.EntryType = [Diagnostics.EventLogEntryType]::Error | |
| $EventLogParams.Message = $Error[0] | Out-String -Width ([Int]::MaxValue) | |
| Write-EventLog @EventLogParams | |
| return | |
| } | |
| $DHCPServers = Get-DhcpServerInDC | |
| if ( $null -eq $DHCPServers ) { | |
| $Message = "No authorized DHCP server(s) found." | |
| Write-Warning $Message | |
| $EventLogParams.EntryType = [Diagnostics.EventLogEntryType]::Warning | |
| $EventLogParams.Message = $Message | |
| Write-EventLog @EventLogParams | |
| return | |
| } | |
| # Get translated account name ('DOMAIN\username' format) | |
| $AccountName = $ADAccount.SID.Translate([Security.Principal.NTAccount]).Value | |
| $SecureStr = ConvertTo-SecureString (Get-RandomString) -AsPlainText -Force | |
| $ADAccount | Set-ADAccountPassword -Reset -NewPassword $SecureStr | |
| if ( $? ) { | |
| $Message = "Successfully reset password for account '{0}'." -f $AccountName | |
| Write-Host $Message | |
| $EventLogParams.EntryType = [Diagnostics.EventLogEntryType]::Information | |
| $EventLogParams.Message = $Message | |
| Write-EventLog @EventLogParams | |
| } | |
| else { | |
| $EventLogParams.EntryType = [Diagnostics.EventLogEntryType]::Error | |
| $EventLogParams.Message = $Error[0] | Out-String -Width ([Int]::MaxValue) | |
| Write-EventLog @EventLogParams | |
| return | |
| } | |
| Start-Sleep -Seconds $Delay | |
| $Cred = New-Object Management.Automation.PSCredential($AccountName,$SecureStr) | |
| foreach ( $DHCPServer in $DHCPServers ) { | |
| Set-DhcpServerDnsCredential $Cred -ComputerName $DHCPServer.DnsName | |
| if ( $? ) { | |
| $Message = "Successfully set DHCP dynamic DNS registration credentials on DHCP server '{0}' to use account '{1}'." -f | |
| $DHCPServer.DnsName,$AccountName | |
| Write-Host $Message | |
| $EventLogParams.EntryType = [Diagnostics.EventLogEntryType]::Information | |
| $EventLogParams.Message = $Message | |
| } | |
| else { | |
| $EventLogParams.EntryType = [Diagnostics.EventLogEntryType]::Error | |
| $EventLogParams.Message = $Error[0] | Out-String -Width ([Int]::MaxValue) | |
| } | |
| Write-EventLog @EventLogParams | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment