Last active
January 16, 2017 04:13
-
-
Save darrenjrobinson/521ac3ebb2b52fd47c68f66fc88b4ada to your computer and use it in GitHub Desktop.
PowerShell-UI-O365Utils
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/** | |
* getO365PSInitCommands() | |
* | |
* Returns an array of Powershell initialization commands suitable | |
* for setting up shells spawned with StatefulProcessCommandProxy | |
* to be able to establish a remote PSSession with o365 | |
* | |
* @see https://github.com/bitsofinfo/powershell-credential-encryption-tools | |
* | |
* This function takes the full path to: | |
* - decryptUtil.ps1 from the project above | |
* - path the encrypted credentials file generated with decryptUtil.ps1 | |
* - path to the secret key needed to decrypt the credentials | |
* | |
* In addition there are parameter to define the PSSessionOption timeouts | |
* | |
* Note this is just an example (which works) however you may want to | |
* replace this with your own set of init command tailored to your specific | |
* use-case | |
* | |
* @see the getO365PSDestroyCommands() below for the corresponding cleanup | |
* commands for these init commands | |
*/ | |
module.exports.getO365PSInitCommands = function(pathToDecryptUtilScript, | |
pathToCredsFile, | |
pathToRPSCredsFile, | |
pathToKeyFile, | |
openTimeout, | |
operationTimeout, | |
idleTimeout) { | |
return [ | |
// #0 Encoding UTF8 | |
'chcp 65001', | |
'$OutputEncoding = [System.Text.Encoding]::GetEncoding(65001)', | |
// #1 import some basics | |
'Import-Module AzureADPreview', | |
'Import-Module lithnetrma', | |
// #2 source the decrypt utils script | |
// https://github.com/bitsofinfo/powershell-credential-encryption-tools/blob/master/decryptUtil.ps1 | |
('. ' + pathToDecryptUtilScript), | |
// #3 invoke decrypt2PSCredential to get the PSCredential object | |
// this function is provided by the sourced file above | |
('$PSCredential = decrypt2PSCredential ' + pathToCredsFile + ' ' + pathToKeyFile), | |
('$RPSPSCredential = decrypt2PSCredential ' + pathToRPSCredsFile + ' ' + pathToKeyFile), | |
// #4+ establish the session to the MIM Sync Server | |
('$sessionOpt = New-PSSessionOption –SkipCACheck –SkipCNCheck –SkipRevocationCheck -OpenTimeout '+openTimeout+' -OperationTimeout '+operationTimeout+' -IdleTimeout ' + idleTimeout), | |
'$session = New-PSSession -ConnectionUri "https://mymimsyncserver:5986/WSMAN" -SessionOption $sessionOpt -Credential $RPSPSCredential', | |
// Connect to the MIM Service | |
'Set-ResourceManagementClient -BaseAddress "http://mymimserviceserver:5725" -Credentials $RPSPSCredential', | |
// #5 import the LithnetMIISAutomation Module | |
'Import-PSSession $session -module LithnetMiisAutomation', | |
// #6 connect to AzureAD | |
'Login-AzureRmAccount -Credential $PSCredential', | |
'Connect-AzureAD -Credential $PSCredential', | |
// #7 cleanup | |
'Remove-Variable -Force -ErrorAction SilentlyContinue $PSCredential', | |
'Remove-Variable -Force -ErrorAction SilentlyContinue $RPSPSCredential' | |
] | |
} | |
/** | |
* Destroy commands that correspond to the session | |
* established w/ the initCommands above | |
*/ | |
module.exports.getO365PSDestroyCommands = function() { | |
return [ | |
'Get-PSSession | Remove-PSSession', | |
'Remove-PSSession -Session $session' | |
// 'Remove-Module MIISAutomation' | |
] | |
} | |
/** | |
* Some example blacklisted commands | |
*/ | |
module.exports.getO365BlacklistedCommands = function() { | |
return [ | |
{'regex':'.*Invoke-Expression.*', 'flags':'i'}, | |
{'regex':'.*ScriptBlock.*', 'flags':'i'}, | |
{'regex':'.*Get-Acl.*', 'flags':'i'}, | |
{'regex':'.*Set-Acl.*', 'flags':'i'}, | |
{'regex':'.*Get-Content.*', 'flags':'i'}, | |
{'regex':'.*-History.*', 'flags':'i'}, | |
{'regex':'.*Out-File.*', 'flags':'i'} | |
] | |
} | |
/** | |
* Configuration auto invalidation, checking PSSession availability | |
* @param checkIntervalMS | |
*/ | |
module.exports.getO365AutoInvalidationConfig = function(checkIntervalMS) { | |
return { | |
'checkIntervalMS': checkIntervalMS, | |
'commands': [ | |
// no remote pssession established? invalid! | |
{ 'command': 'Get-PSSession', | |
'regexes': { | |
'stdout' : [ {'regex':'.*Opened.*', 'flags':'i', 'invalidOn':'noMatch'}] | |
} | |
}] | |
}; | |
} | |
/** | |
* Defines a registry of Powershell commands | |
* that can be injected into the PSCommandService | |
* instance. | |
* | |
* Note these are just some example configurations specifically for a few | |
* o365 functions and limited arguments for each, (they work) however you may want to | |
* replace this with your own set of init command tailored to your specific | |
* use-case | |
*/ | |
var o365CommandRegistry = { | |
/******************************* | |
* | |
* o365 Powershell Command registry | |
* | |
* argument properties (optional): | |
* - quoted: true|false, default true | |
* - valued: true|false, default true | |
* - default: optional default value (only if valued..) | |
* | |
* return properties: | |
* type: none, text or json are valid values | |
* | |
********************************/ | |
/******************************* | |
* AzureADPreview | |
********************************/ | |
'Get-AzureADGroup': { | |
'command': 'Get-AzureADGroup {{{arguments}}} | ConvertTo-Json', | |
'arguments': { | |
'searchstring': {}, | |
'objectID': {}, | |
'top': {}, | |
'filter': {} | |
}, | |
'return': { type: 'json' } | |
}, | |
'Get-AzureADUser': { | |
'command': 'Get-AzureADUser {{{arguments}}} | ConvertTo-Json', | |
'arguments': { | |
'searchstring': {}, | |
'objectID': {}, | |
'top': {}, | |
'filter': {} | |
}, | |
'return': { type: 'json' } | |
}, | |
/******************************* | |
* Lithnet Resource Management | |
********************************/ | |
'Get-Resource': { | |
'command': 'Get-Resource {{{arguments}}} | ConvertTo-Json', | |
'arguments': { | |
'ObjectType': {'string': 'Person'}, | |
'AttributeName': {'string': 'FirstName'}, | |
'AttributeValue': {'string': 'Darren'}, | |
'AttributesToGet': {'string': 'displayname,location'}, | |
'Locale': {} | |
}, | |
'return': { type: 'json' } | |
}, | |
/******************************* | |
* Lithnet MIIS Automation | |
********************************/ | |
'Get-MAStatistics': { | |
'command': 'Get-MAStatistics {{{arguments}}} | ConvertTo-Json', | |
'arguments': { | |
'MA ': {'string': 'AD MA'} | |
}, | |
'return': { type: 'json' } | |
}, | |
'Get-MVObject': { | |
'command': 'Get-MVObject {{{arguments}}} | ConvertTo-Json', | |
'arguments': { | |
'ObjectType ': {'string': 'Person'}, | |
'Attribute ': {'string': 'uid'}, | |
'Value ': {'string': 'darrenjrobinson'}, | |
'ID ': {}, | |
'Queries ': {}, | |
'Collation ': {} | |
}, | |
'return': { type: 'json' } | |
}, | |
}; | |
module.exports.o365CommandRegistry = o365CommandRegistry; | |
/** | |
* Some example whitelisted commands | |
* (only permit) what is in the registry | |
*/ | |
module.exports.getO365WhitelistedCommands = function() { | |
var whitelist = []; | |
for (var cmdName in o365CommandRegistry) { | |
var config = o365CommandRegistry[cmdName]; | |
var commandStart = config.command.substring(0,config.command.indexOf(' ')).trim(); | |
whitelist.push({'regex':'^'+commandStart+'\\s+.*', 'flags':'i'}); | |
} | |
return whitelist; | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment