2
« : 25 Декабрь 2019, 17:24:25 »
Небольшой скрипт для автоматизации.
#https://pro-ldap.ru/art/levintsa/20160420-ktpass/
$pass = -join ((65..90) + (97..122) | Get-Random -Count 12 | % {[char]$_})
$pass
$domain = "TEST.LOCAL"
$domainl = $domain.ToLower()
$lhostname = "www"
$ip = "192.168.1.3"
$fqdn = $lhostname + "." + $domain.ToLower()
$dc1, $dc = $domain.ToLower().Split(".")
$dc1u = $dc1.ToUpper()
#adding object "Computer" to ad Computers
dsadd computer "CN=$lhostname,CN=Computers,DC=$dc1,DC=$dc"
#setting two default spn
setspn -A HTTP/$domainl@$domain $lhostname
setspn -A HTTP/$fqdn@$domain $lhostname
setspn -A HTTP/$lhostname@$domain $lhostname
#setting password for computer with name lhostname and generating tmp keytab
ktpass.exe /princ HTTP/$domainl@$domain /mapuser $dc1u\$lhostname$ /ptype KRB5_NT_SRV_HST /pass "$pass" /out krb5.tmp.keytab +answer
#taking current kvno
$kvno = Get-ADComputer $lhostname -property msDS-KeyVersionNumber | select -Expand msDS-KeyVersionNumber
#adding second spn to new keytab
ktpass.exe /princ HTTP/$lhostname@$domain /mapuser $dc1u\$lhostname$ /ptype KRB5_NT_SRV_HST /pass "$pass" -setpass /kvno $kvno /in krb5.tmp.keytab /out krb5.tmp.keytab -setupn
ktpass.exe /princ HTTP/$fqdn@$domain /mapuser $dc1u\$lhostname$ /ptype KRB5_NT_SRV_HST /pass "$pass" -setpass /kvno $kvno /in krb5.tmp.keytab /out krb5.keytab -setupn
#cleaning
rm krb5.tmp.keytab
mv .\krb5.keytab .\Desktop
#adding dns records
Add-DnsServerResourceRecordA -Name $lhostname -ZoneName $domainl -AllowUpdateAny -IPv4Address $ip -CreatePtr
Просмотр сообщений