Skip to content

Commit

Permalink
Update Find-PSServiceAccounts
Browse files Browse the repository at this point in the history
  • Loading branch information
PyroTek3 committed Jan 16, 2015
1 parent df70703 commit 157acb4
Showing 1 changed file with 18 additions and 18 deletions.
36 changes: 18 additions & 18 deletions Find-PSServiceAccounts
Original file line number Diff line number Diff line change
Expand Up @@ -10,22 +10,17 @@ Author: Sean Metcalf, Twitter: @PyroTek3
License: BSD 3-Clause
Required Dependencies: None
Optional Dependencies: None
Last Updated: 1/03/2015
Version: 1.0
Last Updated: 1/16/2015
Version: 1.1

.DESCRIPTION
This function discovers all user accounts configured with a ServicePrincipalName in the Active Directory domain or forest and returns this data in a custom object including the following:
* Domain - the service account's domain
* UserID - the SAM Account name for the service account
* Description - service account's description property data
* SPNServers - all servers configured with SPNs for the service account (server FQDNs stored in an array)
* SPNTypes - all SPN types (classes) configured for the service account (SPN types stored in an array)
* ServicePrincipalNames - all SPNs with a server FQDN configured for the service account (SPNs stored in an array)
This function discovers all user accounts configured with a ServicePrincipalName in the Active Directory domain or forest.

Currently, the script performs the following actions:
* Forest Mode: Queries a Global Catalog in the Active Directory root domain for all user accounts configured with a ServicePrincipalName in the forest by querying the Global Catalog for SPN info.
* Domain Mode: Queries a DC in the current Active Directory domain for all user accounts configured with a ServicePrincipalName in the forest by querying the DCfor SPN info.
* Identifies the ServicePrincipalNames associated with the account and reports on the SPN types and server FQDNs.
* Identifies the ServicePrincipalNames associated with the account and reports on the SPN types and server names.
* Provides password last set date & last logon date for service accounts

REQUIRES: Active Directory user authentication. Standard user access is fine - admin access is not necessary.

Expand All @@ -41,6 +36,11 @@ Perform current AD forest user account SPN discovery via AD and returns the resu
Find-PSServiceAccounts -Domain "ad.domain.com"
Perform user account SPN discovery for the Active Directory domain "ad.domain.com" via AD and returns the results in a custom PowerShell object.

.EXAMPLE
Find-PSServiceAccounts -Domain "ad.domain.com" -DumpSPNs
Perform user account SPN discovery for the Active Directory domain "ad.domain.com" via AD and returns the list of discovered SPN FQDNs (de-duplicated).


.NOTES
This function discovers all user accounts configured with a ServicePrincipalName in the Active Directory domain or forest.

Expand Down Expand Up @@ -155,17 +155,17 @@ ForEach ($AllServiceAccountsItem in $AllServiceAccounts)

[string]$ServiceAccountsItemSAMAccountName = $AllServiceAccountsItem.properties.samaccountname
[string]$ServiceAccountsItemdescription = $AllServiceAccountsItem.properties.description
#[string]$ServiceAccountsItempwdlastset = $AllServiceAccountsItem.properties.pwdlastset
#[string]$ServiceAccountsItemPasswordLastSetDate = [datetime]::FromFileTimeUTC($ServiceAccountsItempwdlastset)
#[string]$ServiceAccountsItemlastlogon = $AllServiceAccountsItem.properties.lastlogon
#[string]$ServiceAccountsItemLastLogonDate = [datetime]::FromFileTimeUTC($ServiceAccountsItemlastlogon)
[string]$ServiceAccountsItempwdlastset = $AllServiceAccountsItem.properties.pwdlastset
[string]$ServiceAccountsItemPasswordLastSetDate = [datetime]::FromFileTimeUTC($ServiceAccountsItempwdlastset)
[string]$ServiceAccountsItemlastlogon = $AllServiceAccountsItem.properties.lastlogon
[string]$ServiceAccountsItemLastLogonDate = [datetime]::FromFileTimeUTC($ServiceAccountsItemlastlogon)

$ServiceAccountsReport = New-Object PSObject -Property @{
Domain = $AllServiceAccountsItemDomainName
UserID = $ServiceAccountsItemSAMAccountName
Description = $ServiceAccountsItemdescription
#PasswordLastSet = $ServiceAccountsItemPasswordLastSetDate
#LastLogon = $ServiceAccountsItemLastLogonDate
PasswordLastSet = $ServiceAccountsItemPasswordLastSetDate
LastLogon = $ServiceAccountsItemLastLogonDate
SPNServers = $AllServiceAccountsItemSPNServerNames
SPNTypes = $AllServiceAccountsItemSPNTypes
ServicePrincipalNames = $AllServiceAccountsItemSPNs
Expand All @@ -174,7 +174,7 @@ ForEach ($AllServiceAccountsItem in $AllServiceAccounts)
[array]$AllServiceAccountsReport += $ServiceAccountsReport
}

$AllServiceAccountsReport = $AllServiceAccountsReport | Select-Object Domain,UserID,Description,SPNServers,SPNTypes,ServicePrincipalNames
$AllServiceAccountsReport = $AllServiceAccountsReport | Select-Object Domain,UserID,PasswordLastSet,LastLogon,Description,SPNServers,SPNTypes,ServicePrincipalNames

If ($DumpSPNs -eq $True)
{
Expand All @@ -185,7 +185,7 @@ If ($DumpSPNs -eq $True)
{
ForEach ($AllServiceAccountsSPNsItem in $AllServiceAccountsSPNs)
{
Add-Type -AssemblyNAme System.IdentityModel
Add-Type -AssemblyName System.IdentityModel
New-Object System.IdentityModel.Tokens.KerberosRequestorSecurityToken -ArgumentList "$AllServiceAccountsSPNsItem"
}
}
Expand Down

0 comments on commit 157acb4

Please sign in to comment.