darrenjrobinson/Pwned Password MA - Import.ps1

## Pwned Password MA - Import.ps1
param (
    $Username,
	$Password,
    $Credentials,
	$OperationType,
    [bool] $usepagedimport,
	$pagesize
    )


$DebugFilePath = "C:\PROGRA~1\MICROS~4\2010\SYNCHR~1\EXTENS~2\PwnedPWD\Debug\ADImport.txt"

if(!(Test-Path $DebugFilePath))
    {
        $DebugFile = New-Item -Path $DebugFilePath -ItemType File
    }
    else
    {
        $DebugFile = Get-Item -Path $DebugFilePath
    }

    "Starting Import as : " + $OperationType + (Get-Date) | Out-File $DebugFile -Append

#Needs reference to .NET assembly used in the script.
Add-Type -AssemblyName System.DirectoryServices.Protocols

$CookieFile = "C:\PROGRA~1\MICROS~4\2010\SYNCHR~1\EXTENS~2\PwnedPWD\ADCookie.bin"
$count = 0

#Getting Cookie from file
If (Test-Path $CookieFile –PathType leaf) {
    [byte[]] $Cookie = Get-Content -Encoding byte –Path $CookieFile
} else {
    $Cookie = $null
}

#region User
$Properties = @("objectGuid","givenName","displayName","mail","sn","pwdLastSet","badPwdCount","badPasswordTime","lastLogon","logonCount","adminCount","sAMAccountName","userPrincipalName","isDeleted")

#Running as ther user specified on the MA
$Credentials = New-Object System.Net.NetworkCredential($username,$password)
$RootDSE = [ADSI]"LDAP://RootDSE"
$LDAPDirectory = New-Object System.DirectoryServices.Protocols.LdapDirectoryIdentifier($RootDSE.dnsHostName)
$LDAPConnection = New-Object System.DirectoryServices.Protocols.LDAPConnection($LDAPDirectory, $Credentials)
$Request = New-Object System.DirectoryServices.Protocols.SearchRequest($RootDSE.defaultNamingContext, "(&(objectClass=user))", "Subtree", $Properties)


#Defining the object type returned from searches for performance reasons.
[System.DirectoryServices.Protocols.SearchResultEntry]$entry = $null


if ($OperationType -eq "Full")
{
    $Cookie = $null
}
else
{
    # delta run and we should use the cookie we already found
}

$DirSyncRC = New-Object System.DirectoryServices.Protocols.DirSyncRequestControl($Cookie, [System.DirectoryServices.Protocols.DirectorySynchronizationOptions]::IncrementalValues, [System.Int32]::MaxValue)
$Request.Controls.Add($DirSyncRC) | Out-Null

$MoreData = $true
$Guids = @()

while ($MoreData) {
    $Response = $LDAPConnection.SendRequest($Request)

    ForEach($entry in $Response.Entries){
        #Check if this GUID already been handled to avoid adding duplicate objects
        If($Guids -contains ([GUID] $entry.Attributes["objectguid"][0]).ToString()){continue}

        # Add objectGuid and objectClass to all objects
        $obj = @{}
        $obj.Add("objectGuid", ([GUID] $entry.Attributes["objectguid"][0]).ToString())
        $obj.Add("objectClass", "user")
        if ( $entry.distinguishedName.Contains("CN=Deleted Objects"))
	    {
		    # this is a deleted object, so we return a changeType of 'delete'; default changeType is 'Add'
		    $obj.Add("changeType", "Delete")
	    }
	    else
	    {
		    # we need to get the directory entry to get the additional attributes
		    $DirEntry = New-Object System.DirectoryServices.DirectoryEntry "LDAP://$($entry.distinguishedName)"
		     # add values to the attributes that have changed
            $obj.Add("sAMAccountName",$DirEntry.Properties["sAMAccountName"][0])
            if ($DirEntry.Properties["userPrincipalName"][0]){$obj.Add("userPrincipalName",$DirEntry.Properties["userPrincipalName"][0])}
  	        if ($DirEntry.Properties["givenName"][0]){$obj.Add("givenName",$DirEntry.Properties["givenName"][0])}
            if ($DirEntry.Properties["displayName"][0]){$obj.Add("displayName",$DirEntry.Properties["displayName"][0])}
            if ($DirEntry.Properties["mail"][0]){$obj.Add("mail",$DirEntry.Properties["mail"][0])}
            if ($DirEntry.Properties["sn"][0]){$obj.Add("sn",$DirEntry.Properties["sn"][0])}
            # [datetime]::fromfiletime($entry.Attributes.pwdlastset[0])
            if ($entry.Attributes.pwdlastset[0]){$obj.Add("pwdLastSet",$entry.Attributes.pwdlastset[0])}
            if ($entry.Attributes.lastlogontimestamp[0]){$obj.Add("lastLogon",$entry.Attributes.lastlogontimestamp[0])}
            if ($DirEntry.Properties["logonCount"][0]){$obj.Add("logonCount",$DirEntry.Properties["logonCount"][0])}
            if ($DirEntry.Properties["adminCount"][0]){$obj.Add("adminCount",$DirEntry.Properties["adminCount"][0])}

            #Add Guid to list of processed guids to avoid duplication
            $Guids += ,([GUID] $entry.Attributes["objectguid"][0]).ToString()
            #Return the object to the MA
	        $obj
        }
    }

    ForEach ($Control in $Response.Controls) {
        If ($Control.GetType().Name -eq "DirSyncResponseControl") {
            $Cookie = $Control.Cookie
            $MoreData = $Control.MoreData
            }
        }
    $DirSyncRC.Cookie = $Cookie
}

#Saving cookie file
Set-Content -Value $Cookie -Encoding byte –Path $CookieFile
$global:RunStepCustomData = [System.Convert]::ToBase64String($Cookie)

# ***********************************************************

 "Finished Import as : " + $OperationType + (Get-Date) | Out-File $DebugFile -Append

#endregion
	param (
	$Username,
	$Password,
	$Credentials,
	$OperationType,
	[bool] $usepagedimport,
	$pagesize
	)


	$DebugFilePath = "C:\PROGRA~1\MICROS~4\2010\SYNCHR~1\EXTENS~2\PwnedPWD\Debug\ADImport.txt"

	if(!(Test-Path $DebugFilePath))
	{
	$DebugFile = New-Item -Path $DebugFilePath -ItemType File
	}
	else
	{
	$DebugFile = Get-Item -Path $DebugFilePath
	}

	"Starting Import as : " + $OperationType + (Get-Date) \| Out-File $DebugFile -Append

	#Needs reference to .NET assembly used in the script.
	Add-Type -AssemblyName System.DirectoryServices.Protocols

	$CookieFile = "C:\PROGRA~1\MICROS~4\2010\SYNCHR~1\EXTENS~2\PwnedPWD\ADCookie.bin"
	$count = 0

	#Getting Cookie from file
	If (Test-Path $CookieFile –PathType leaf) {
	[byte[]] $Cookie = Get-Content -Encoding byte –Path $CookieFile
	} else {
	$Cookie = $null
	}

	#region User
	$Properties = @("objectGuid","givenName","displayName","mail","sn","pwdLastSet","badPwdCount","badPasswordTime","lastLogon","logonCount","adminCount","sAMAccountName","userPrincipalName","isDeleted")

	#Running as ther user specified on the MA
	$Credentials = New-Object System.Net.NetworkCredential($username,$password)
	$RootDSE = [ADSI]"LDAP://RootDSE"
	$LDAPDirectory = New-Object System.DirectoryServices.Protocols.LdapDirectoryIdentifier($RootDSE.dnsHostName)
	$LDAPConnection = New-Object System.DirectoryServices.Protocols.LDAPConnection($LDAPDirectory, $Credentials)
	$Request = New-Object System.DirectoryServices.Protocols.SearchRequest($RootDSE.defaultNamingContext, "(&(objectClass=user))", "Subtree", $Properties)


	#Defining the object type returned from searches for performance reasons.
	[System.DirectoryServices.Protocols.SearchResultEntry]$entry = $null


	if ($OperationType -eq "Full")
	{
	$Cookie = $null
	}
	else
	{
	# delta run and we should use the cookie we already found
	}

	$DirSyncRC = New-Object System.DirectoryServices.Protocols.DirSyncRequestControl($Cookie, [System.DirectoryServices.Protocols.DirectorySynchronizationOptions]::IncrementalValues, [System.Int32]::MaxValue)
	$Request.Controls.Add($DirSyncRC) \| Out-Null

	$MoreData = $true
	$Guids = @()

	while ($MoreData) {
	$Response = $LDAPConnection.SendRequest($Request)

	ForEach($entry in $Response.Entries){
	#Check if this GUID already been handled to avoid adding duplicate objects
	If($Guids -contains ([GUID] $entry.Attributes["objectguid"][0]).ToString()){continue}

	# Add objectGuid and objectClass to all objects
	$obj = @{}
	$obj.Add("objectGuid", ([GUID] $entry.Attributes["objectguid"][0]).ToString())
	$obj.Add("objectClass", "user")
	if ( $entry.distinguishedName.Contains("CN=Deleted Objects"))
	{
	# this is a deleted object, so we return a changeType of 'delete'; default changeType is 'Add'
	$obj.Add("changeType", "Delete")
	}
	else
	{
	# we need to get the directory entry to get the additional attributes
	$DirEntry = New-Object System.DirectoryServices.DirectoryEntry "LDAP://$($entry.distinguishedName)"
	# add values to the attributes that have changed
	$obj.Add("sAMAccountName",$DirEntry.Properties["sAMAccountName"][0])
	if ($DirEntry.Properties["userPrincipalName"][0]){$obj.Add("userPrincipalName",$DirEntry.Properties["userPrincipalName"][0])}
	if ($DirEntry.Properties["givenName"][0]){$obj.Add("givenName",$DirEntry.Properties["givenName"][0])}
	if ($DirEntry.Properties["displayName"][0]){$obj.Add("displayName",$DirEntry.Properties["displayName"][0])}
	if ($DirEntry.Properties["mail"][0]){$obj.Add("mail",$DirEntry.Properties["mail"][0])}
	if ($DirEntry.Properties["sn"][0]){$obj.Add("sn",$DirEntry.Properties["sn"][0])}
	# [datetime]::fromfiletime($entry.Attributes.pwdlastset[0])
	if ($entry.Attributes.pwdlastset[0]){$obj.Add("pwdLastSet",$entry.Attributes.pwdlastset[0])}
	if ($entry.Attributes.lastlogontimestamp[0]){$obj.Add("lastLogon",$entry.Attributes.lastlogontimestamp[0])}
	if ($DirEntry.Properties["logonCount"][0]){$obj.Add("logonCount",$DirEntry.Properties["logonCount"][0])}
	if ($DirEntry.Properties["adminCount"][0]){$obj.Add("adminCount",$DirEntry.Properties["adminCount"][0])}

	#Add Guid to list of processed guids to avoid duplication
	$Guids += ,([GUID] $entry.Attributes["objectguid"][0]).ToString()
	#Return the object to the MA
	$obj
	}
	}

	ForEach ($Control in $Response.Controls) {
	If ($Control.GetType().Name -eq "DirSyncResponseControl") {
	$Cookie = $Control.Cookie
	$MoreData = $Control.MoreData
	}
	}
	$DirSyncRC.Cookie = $Cookie
	}

	#Saving cookie file
	Set-Content -Value $Cookie -Encoding byte –Path $CookieFile
	$global:RunStepCustomData = [System.Convert]::ToBase64String($Cookie)

	# ***********************************************************

	"Finished Import as : " + $OperationType + (Get-Date) \| Out-File $DebugFile -Append

	#endregion