# ============================================================================== # Cayosoft Administrator - Update AD Connection Account Passwords v 1.1.0 # Copyright Cayosoft Inc., 2022 # Use this tool to update passwords of Active Directory credentials configured # in Active Directory and Exchange extensions. # Use this script to integrate with password rotation solutions for privileged # AD accounts. # See KB article for details: https://support.cayosoft.com/hc/en-us/articles/7864689453837 # # If you have any questions, please contact Cayosoft at sales@cayosoft.com. # ============================================================================== Param([Parameter(Mandatory=$true)][Hashtable]$pwdToPasswords) ### $HashUserNamesToPwd = $pwdToPasswords; #EG #$HashUserNamesToPwd=@{"EXCH\Administrator"="Password1";"test@domain.com"="Password2";}; ### [void]([Reflection.Assembly]::LoadFrom("C:\Program Files\Cayo Software\AdminAssistant\Cayo.PolicyManager.Common.dll")) ### function GetCredentialsXml ($userNameP, $passwordP){ $securedPassword =[Cayo.PolicyManager.Common.DiffieHellman]::EcDiffieHellman($passwordP) $xml = "" return $xml } ### $connectionSettings = New-Object Cayo.PolicyManager.Common.Proxies.SettingsManagerClient([Cayo.PolicyManager.Common.EndpointType]::NetTcp, "localhost", 7800) ##$UserCredentials = Get-Credential #if($Nill -ne $UserCredentials -and (-not [string]::IsNullOrWhiteSpace($UserCredentials.UserName))){ #$connectionSettings.ClientCredentials.Windows.ClientCredential = $UserCredentials.GetNetworkCredential(); #} ###update replication settings $replSet=$connectionSettings.GetReplicationSettings() if($replSet.ReplicationRole -eq 'Subscriber' -and (-not [string]::IsNullOrWhiteSpace($replSet.ConnectUser))){ $HashUserNamesToPwd.GetEnumerator() | %{ $userName = $_.Key; $userPwd = $_.Value; if($replSet.ConnectUser.IndexOf($userName) -ne -1){ $replSet.ConnectPassword = ([Cayo.PolicyManager.Common.DiffieHellman]::EcDiffieHellman($userPwd)); Write-Host "Update Replication password..." [void]($connectionSettings.SaveReplicationSettings($replSet)); } } } ####### #Update AD creds $adsettingsToSet = New-Object System.Collections.Generic.List[Cayo.PolicyManager.Common.ExtSetVal]; $adSettings = $connectionSettings.GetExtSetting("PM.Ext.AD"); $adCred = $adSettings | ?{$_.Id -eq "AD_Credentials"}; $adMngDmns = $adSettings | ?{$_.Id -eq "AD_ManagedDomains"}; ### if($Null -ne $adCred -and (-not [string]::IsNullOrWhiteSpace($adCred.Val))){ $HashUserNamesToPwd.GetEnumerator() | %{ $userName = $_.Key; $userPwd = $_.Value; if($adCred.Val.IndexOf($userName) -ne -1){ $set=[Cayo.PolicyManager.Common.ExtSetVal]::new() $set.Id="AD_Credentials"; $set.Val=$(GetCredentialsXml $userName $userPwd); if(($adsettingsToSet | ?{$_.Id -eq "AD_Credentials"}).Count -eq 0){ [void]($adsettingsToSet.Add($set)); } } } } ### $AdExtChanged = $False; if($Null -ne $adMngDmns -and (-not [string]::IsNullOrWhiteSpace($adMngDmns.Val))){ $MngDomains=[Cayo.PolicyManager.Common.Domains.ManagedDomainsRootNode]::FromXml($adMngDmns.Val) # $MngDomains.Forests | %{ $forest = $_ if(-not [string]::IsNullOrWhiteSpace($_.Credential)){ $HashUserNamesToPwd.GetEnumerator() | %{ $userName = $_.Key; $userPwd = $_.Value; if((-not [string]::IsNullOrWhiteSpace($forest.Credential)) -and $forest.Credential.IndexOf($userName) -ne -1){ $forest.Credential = $(GetCredentialsXml $userName $userPwd); $AdExtChanged = $True; } } } } # $MngDomains.Domains | %{ $domain = $_ if(-not [string]::IsNullOrWhiteSpace($_.Credential)){ $HashUserNamesToPwd.GetEnumerator() | %{ $userName = $_.Key; $userPwd = $_.Value; if((-not [string]::IsNullOrWhiteSpace($domain.Credential)) -and $domain.Credential.IndexOf($userName) -ne -1){ $domain.Credential = $(GetCredentialsXml $userName $userPwd); $AdExtChanged = $True; } } } } # ### if($AdExtChanged -eq $True){ $set=[Cayo.PolicyManager.Common.ExtSetVal]::new() $set.Id="AD_ManagedDomains"; $set.Val=$MngDomains.ToXml(); if(($adsettingsToSet | ?{$_.Id -eq "AD_ManagedDomains"}).Count -eq 0){ [void]($adsettingsToSet.Add($set)); } } } if($adsettingsToSet.Count -gt 0){ Write-Host "Update AD passwords..." $connectionSettings.SaveExtSetting("PM.Ext.AD", $adsettingsToSet) } ############### #Update ExchangeOnPrem creds $exchsettingsToSet = New-Object System.Collections.Generic.List[Cayo.PolicyManager.Common.ExtSetVal]; $exchSettings = $connectionSettings.GetExtSetting("PM.Ext.ExchangeOnPrem"); $exchCred = $exchSettings | ?{$_.Id -eq "ExchangeOnPrem_Credentials"}; ### if($Null -ne $exchCred -and (-not [string]::IsNullOrWhiteSpace($exchCred.Val))){ $HashUserNamesToPwd.GetEnumerator() | %{ $userName = $_.Key; $userPwd = $_.Value; if($exchCred.Val.IndexOf($userName) -ne -1){ $set=[Cayo.PolicyManager.Common.ExtSetVal]::new() $set.Id="ExchangeOnPrem_Credentials"; $set.Val=$(GetCredentialsXml $userName $userPwd); if(($exchsettingsToSet | ?{$_.Id -eq "ExchangeOnPrem_Credentials"}).Count -eq 0){ [void]($exchsettingsToSet.Add($set)); } } } } ### if($exchsettingsToSet.Count -gt 0){ Write-Host "Update Exchange OnPrem passwords..." $connectionSettings.SaveExtSetting("PM.Ext.ExchangeOnPrem", $exchsettingsToSet) } ####################################### try { $connectionSettings.Dispose() } catch {} $connectionSettings = $null #######################################