darrenjrobinson/Pwned Password MA DB Version - Password.ps1

## Pwned Password MA DB Version - Password.ps1
param
(
     $Username,
     $Password,
     $Credentials,
     $Action,
     $OldPassword,
     $NewPassword,
     [switch] $UnlockAccount,
     [switch] $ForceChangeAtLogOn,
     [switch] $ValidatePassword
)
BEGIN
{
}
PROCESS
{
      # Logging
      $log = "C:\PROGRA~1\MICROS~4\2010\SYNCHR~1\EXTENS~2\PwnedPWD\Debug\PwnedPWD.log"
      "=============================================================" | out-file $log -Append
      $DisplayName = $_["displayName"].Value
      $Accountname = $_["sAMAccountName"].Value
      "Account Name: $Accountname" | Out-File $log -Append
      "Display Name: $DisplayName" | Out-File $log -Append
      "Action: $Action" | Out-File $log -Append
      "Old pwd: $OldPassword" | Out-File $log -Append
      "New pwd: $NewPassword" | Out-File $log -Append
      "Unlock: $UnlockAccount" | Out-File $log -Append
      "Force change: $ForceChangeAtLogOn" | Out-File $log -Append
      "Validate: $ValidatePassword" | Out-File $log -Append

    $Connection = new-object System.Data.SqlClient.SqlConnection("Data Source=SQLSERVER;Integrated Security=SSPI;Initial Catalog=PwnedPasswords");
    $SqlCmd = New-Object System.Data.SqlClient.SqlCommand

    $pwdsha1 = Get-Hash -Algorithm SHA1 -StringEncoding utf8 -InputObject $NewPassword
    $NewPassword = $pwdsha1.HashString

    $SqlQuery = @"
        SELECT * FROM dbo.pwnedPasswords WHERE passwords = '$($NewPassword)'
"@

    $Connection.open()
    # Write-host "Connection to database successful." -foregroundcolor green -backgroundcolor black
    $SqlCmd.CommandText = $SqlQuery
    $SqlAdapter = New-Object System.Data.SqlClient.SqlDataAdapter
    $SqlAdapter.SelectCommand = $SqlCmd
    $SqlCmd.Connection = $Connection
    $DataSet = New-Object System.Data.DataSet
    $SqlAdapter.Fill($DataSet)
    $Connection.Close()
    if ($DataSet.Tables[0].Columns.Count) {
        # Password output
        if ($DataSet.Tables[0].passwords){
            write-host $DataSet.Tables[0].passwords
            $pwned = $true
        }
        else {
            $pwned = $false
        }

        write-host "Have I Been Pwned? $pwned"
    }

    # Update the MIM Portal
    # Update the user in the MIM Service
    if ($pwned -or !$pwned){
        Import-Module lithnetrma

        $pwd = $Password | ConvertTo-SecureString -asPlainText -Force
        $Credential = New-Object System.Management.Automation.PSCredential($Username,$pwd)

        Set-ResourceManagementClient -BaseAddress http://MIMSERVICESRV:5725 -Credentials $Credential
        # Get the user from the MIM Service
        $user = Get-Resource -ObjectType Person -AttributeName AccountName -AttributeValue $Accountname
        if ($user){
            $user.pwnedPassword = $pwned
            Save-Resource $user
            "Updated MIM Service for $Accountname who's password pwned status is $pwned" | Out-File $log -Append
        }
    }

}
END
{
}
	param
	(
	$Username,
	$Password,
	$Credentials,
	$Action,
	$OldPassword,
	$NewPassword,
	[switch] $UnlockAccount,
	[switch] $ForceChangeAtLogOn,
	[switch] $ValidatePassword
	)
	BEGIN
	{
	}
	PROCESS
	{
	# Logging
	$log = "C:\PROGRA~1\MICROS~4\2010\SYNCHR~1\EXTENS~2\PwnedPWD\Debug\PwnedPWD.log"
	"=============================================================" \| out-file $log -Append
	$DisplayName = $_["displayName"].Value
	$Accountname = $_["sAMAccountName"].Value
	"Account Name: $Accountname" \| Out-File $log -Append
	"Display Name: $DisplayName" \| Out-File $log -Append
	"Action: $Action" \| Out-File $log -Append
	"Old pwd: $OldPassword" \| Out-File $log -Append
	"New pwd: $NewPassword" \| Out-File $log -Append
	"Unlock: $UnlockAccount" \| Out-File $log -Append
	"Force change: $ForceChangeAtLogOn" \| Out-File $log -Append
	"Validate: $ValidatePassword" \| Out-File $log -Append

	$Connection = new-object System.Data.SqlClient.SqlConnection("Data Source=SQLSERVER;Integrated Security=SSPI;Initial Catalog=PwnedPasswords");
	$SqlCmd = New-Object System.Data.SqlClient.SqlCommand

	$pwdsha1 = Get-Hash -Algorithm SHA1 -StringEncoding utf8 -InputObject $NewPassword
	$NewPassword = $pwdsha1.HashString

	$SqlQuery = @"
	SELECT * FROM dbo.pwnedPasswords WHERE passwords = '$($NewPassword)'
	"@

	$Connection.open()
	# Write-host "Connection to database successful." -foregroundcolor green -backgroundcolor black
	$SqlCmd.CommandText = $SqlQuery
	$SqlAdapter = New-Object System.Data.SqlClient.SqlDataAdapter
	$SqlAdapter.SelectCommand = $SqlCmd
	$SqlCmd.Connection = $Connection
	$DataSet = New-Object System.Data.DataSet
	$SqlAdapter.Fill($DataSet)
	$Connection.Close()
	if ($DataSet.Tables[0].Columns.Count) {
	# Password output
	if ($DataSet.Tables[0].passwords){
	write-host $DataSet.Tables[0].passwords
	$pwned = $true
	}
	else {
	$pwned = $false
	}

	write-host "Have I Been Pwned? $pwned"
	}

	# Update the MIM Portal
	# Update the user in the MIM Service
	if ($pwned -or !$pwned){
	Import-Module lithnetrma

	$pwd = $Password \| ConvertTo-SecureString -asPlainText -Force
	$Credential = New-Object System.Management.Automation.PSCredential($Username,$pwd)

	Set-ResourceManagementClient -BaseAddress http://MIMSERVICESRV:5725 -Credentials $Credential
	# Get the user from the MIM Service
	$user = Get-Resource -ObjectType Person -AttributeName AccountName -AttributeValue $Accountname
	if ($user){
	$user.pwnedPassword = $pwned
	Save-Resource $user
	"Updated MIM Service for $Accountname who's password pwned status is $pwned" \| Out-File $log -Append
	}
	}

	}
	END
	{
	}