TP1
This commit is contained in:
56
scripts/ad_admin.ps1
Normal file
56
scripts/ad_admin.ps1
Normal file
@@ -0,0 +1,56 @@
|
||||
if (-not ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)) {
|
||||
Write-Error "Exécutez ce script en tant qu'administrateur."
|
||||
exit 1
|
||||
}
|
||||
|
||||
function Get-RandomPassword {
|
||||
Add-Type -AssemblyName System.Web
|
||||
return ([System.Web.Security.Membership]::GeneratePassword(18, 6))
|
||||
}
|
||||
|
||||
Import-Module ActiveDirectory -ErrorAction Stop
|
||||
|
||||
# OU Creation
|
||||
$ou = @("Direction", "RH", "Informatique")
|
||||
foreach ($unit in $ou) {
|
||||
if (-not (Get-ADOrganizationalUnit -Filter "Name -eq '$unit'" -ErrorAction SilentlyContinue)) {
|
||||
New-ADOrganizationalUnit -Name $unit -Path "DC=entreprisexyz,DC=local" -ProtectedFromAccidentalDeletion $true
|
||||
}
|
||||
}
|
||||
|
||||
# Group Creation
|
||||
$groups = @("GRP_Direction", "GRP_RH", "GRP_Informatique")
|
||||
foreach ($group in $groups) {
|
||||
if (-not (Get-ADGroup -Filter "Name -eq '$group'" -ErrorAction SilentlyContinue)) {
|
||||
New-ADGroup -Name $group -Path "OU=$($group.Split('_')[1]),DC=entreprisexyz,DC=local" -GroupScope Global -GroupCategory Security
|
||||
}
|
||||
}
|
||||
|
||||
# User Creation
|
||||
New-ADUser -Name "Patrick Laddict" -Description "Dicrection" -AccountPassword $(ConvertTo-SecureString (Get-RandomPassword) -AsPlainText -Force) -ChangePasswordAtLogon $true -PasswordNeverExpires $false -Enabled $true
|
||||
New-ADUser -Name "Karen Ceplein" -Description "Directrice RH" -AccountPassword $(ConvertTo-SecureString (Get-RandomPassword) -AsPlainText -Force) -ChangePasswordAtLogon $true -PasswordNeverExpires $false -Enabled $true
|
||||
New-ADUser -Name "John Informatique" -Description "Administrateur reseau" -AccountPassword $(ConvertTo-SecureString (Get-RandomPassword) -AsPlainText -Force) -ChangePasswordAtLogon $true -PasswordNeverExpires $false -Enabled $true
|
||||
|
||||
# Adding Users to Groups
|
||||
Add-ADGroupMember -Identity "GRP_Direction" -Members "Patrick Laddict"
|
||||
Add-ADGroupMember -Identity "GRP_RH" -Members "Karen Ceplein"
|
||||
Add-ADGroupMember -Identity "GRP_Informatique" -Members "John Informatique"
|
||||
|
||||
# Shares and Permissions
|
||||
$shares = @(
|
||||
@{ Name = "Direction"; Group = "GRP_Direction" },
|
||||
@{ Name = "RH"; Group = "GRP_RH" },
|
||||
@{ Name = "Informatique"; Group = "GRP_Informatique" }
|
||||
)
|
||||
$shareRoot = 'C:\Shares'
|
||||
|
||||
foreach ($share in $shares) {
|
||||
$sharePath = Join-Path -Path $shareRoot -ChildPath $share.Name
|
||||
New-Item -Path $sharePath -ItemType Directory -Force | Out-Null
|
||||
New-SmbShare -Name $share.Name -Path $sharePath -FullAccess "$($share.Group)" -ChangeAccess "Administrators" -ErrorAction Stop
|
||||
|
||||
$acl = Get-Acl -Path $sharePath
|
||||
$accessRule = New-Object System.Security.AccessControl.FileSystemAccessRule("$($share.Group)", "FullControl", "ContainerInherit,ObjectInherit", "None", "Allow")
|
||||
$acl.SetAccessRule($accessRule)
|
||||
Set-Acl -Path $sharePath -AclObject $acl
|
||||
}
|
||||
55
scripts/ad_config.ps1
Normal file
55
scripts/ad_config.ps1
Normal file
@@ -0,0 +1,55 @@
|
||||
if (-not ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)) {
|
||||
Write-Error "Exécutez ce script en tant qu'administrateur."
|
||||
exit 1
|
||||
}
|
||||
|
||||
function Get-RandomPassword {
|
||||
Add-Type -AssemblyName System.Web
|
||||
return ([System.Web.Security.Membership]::GeneratePassword(18, 6))
|
||||
}
|
||||
|
||||
$DomainName = 'entreprisexyz.local'
|
||||
$InstallDns = $true
|
||||
$Force = $false
|
||||
$DRSMPassword = $(ConvertTo-SecureString (Get-RandomPassword) -AsPlainText -Force)
|
||||
$NtdsService = Get-Service -Name ntds -ErrorAction SilentlyContinue
|
||||
|
||||
if ($NtdsService) {
|
||||
Write-Host "Ce serveur semble déjà être un contrôleur de domaine (service NTDS présent). Rien à faire." -ForegroundColor Yellow
|
||||
exit 0
|
||||
}
|
||||
|
||||
$features = @('AD-Domain-Services')
|
||||
if ($InstallDns) { $features += 'DNS' }
|
||||
|
||||
Write-Host "Installation des rôles : $($features -join ', ')"
|
||||
Install-WindowsFeature -Name $features -IncludeManagementTools -ErrorAction Stop | Out-Null
|
||||
Write-Host "Rôles installés." -ForegroundColor Green
|
||||
|
||||
Import-Module ADDSDeployment -ErrorAction Stop
|
||||
|
||||
$installParams = @{
|
||||
CreateDnsDelegation = $false
|
||||
DatabasePath = "C:\Windows\NTDS"
|
||||
DomainMode = "Win2025"
|
||||
ForestMode = "Win2025"
|
||||
LogPath = "C:\Windows\NTDS"
|
||||
NoRebootOnCompletion = $true
|
||||
SysvolPath = "C:\Windows\SYSVOL"
|
||||
Force = $Force.IsPresent
|
||||
SafeModeAdministratorPassword = $DRSMPassword
|
||||
DomainName = $DomainName
|
||||
InstallDns = $InstallDns.IsPresent
|
||||
}
|
||||
|
||||
try {
|
||||
Write-Host "Promotion en contrôleur de domaine pour le domaine '$DomainName'..."
|
||||
Install-ADDSForest @installParams -ErrorAction Stop
|
||||
|
||||
Write-Host "Promotion terminée. Le serveur va redémarrer pour finaliser l'installation." -ForegroundColor Green
|
||||
Restart-Computer -Force
|
||||
}
|
||||
catch {
|
||||
Write-Warning "Échec de l'opération : $_"
|
||||
exit 1
|
||||
}
|
||||
33
scripts/audit_system.ps1
Normal file
33
scripts/audit_system.ps1
Normal file
@@ -0,0 +1,33 @@
|
||||
# audit_system.ps1
|
||||
|
||||
$Date = Get-Date -Format 'dd/MM/yyyy HH:mm'
|
||||
$ComputerName = $env:COMPUTERNAME
|
||||
$User = $env:USERNAME
|
||||
$OS = (Get-CimInstance -ClassName Win32_OperatingSystem).Caption
|
||||
$CPU = (Get-CimInstance -ClassName Win32_Processor | Select-Object -ExpandProperty Name) -join ', '
|
||||
$RAM = (Get-CimInstance -ClassName Win32_ComputerSystem).TotalPhysicalMemory / 1GB
|
||||
|
||||
# Determine script directory (works when run from console or as a script)
|
||||
$ScriptDir = if ($PSScriptRoot) { $PSScriptRoot } else { (Get-Location).ProviderPath }
|
||||
$ExportDir = Join-Path $ScriptDir 'exports'
|
||||
New-Item -Path $ExportDir -ItemType Directory -Force | Out-Null
|
||||
$FilePath = Join-Path $ExportDir 'system_info.txt'
|
||||
|
||||
$Rapport = @"
|
||||
===== RAPPORT SYSTEME =====
|
||||
Machine : $ComputerName
|
||||
Utilisateur : $User
|
||||
OS : $OS
|
||||
Processeur : $CPU
|
||||
RAM (Go) : $([math]::Round($RAM,2))
|
||||
Date : $Date
|
||||
===========================
|
||||
"@
|
||||
|
||||
Try {
|
||||
$Rapport | Out-File -FilePath $FilePath -Encoding UTF8 -Force
|
||||
Write-Host "Rapport généré dans $FilePath" -ForegroundColor Green
|
||||
} Catch {
|
||||
Write-Host "Erreur lors de la génération du rapport: $($_.Exception.Message)" -ForegroundColor Red
|
||||
exit 1
|
||||
}
|
||||
Reference in New Issue
Block a user