Public/Get-ADComputerLAPSInfo.ps1

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
#Requires -Modules ActiveDirectory
#Requires -Version 3.0


Function Get-ADComputerLAPSInfo () {

<#
.SYNOPSIS
 Get Computer LAPS Passwords information from Active Directory.
 
.DESCRIPTION
 Get LAPS Passwords information from Active Directory.
 ComputerName;Password;PasswordExpTime
 
 Requirement of the script:
    - Active Directory PowerShell Module
    - Needed rights to view AD LAPS Attributes: ms-Mcs-AdmPwd, ms-Mcs-AdmPwdExpirationTime
    
 
 Usage:
    Get-ADComputerLAPSInfo -ComputerName COMPUTER1
    Get-ADComputerLAPSInfo COMPUTER1, COMPUTER2
  
 
.PARAMETER ComputerName
    Optional parameter to view computer LAPS info
  
 
.EXAMPLE
   Get-ADComputerLAPSInfo -ComputerName COMPUTER1
 
   Description
   -----------
   Get LAPS Info for computer
    
.EXAMPLE
   Get-ADComputerLAPSInfo COMPUTER1, COMPUTER2
 
   Description
   -----------
   Get LAPS Info for computers
 
 
.NOTES
   File Name : Get-ADComputerLAPSInfo.ps1
   Version : 2.1912
   Author : Andriy Zarevych
 
   Find me on :
   * My Blog : https://angry-admin.blogspot.com/
   * LinkedIn : https://linkedin.com/in/zarevych/
   * Github : https://github.com/zarevych
 
   Change Log:
   V2.1912 : Initial version
 
#>


    [CmdletBinding()]
    [OutputType([pscustomobject])]
    [Alias("Get-ADComputerLAPS")]
    
    param(
        [Parameter(ValueFromPipeline=$true
        ,ValueFromPipelineByPropertyName=$true,
        Position=0)]
        [ValidateNotNullOrEmpty()]
        [Alias('Computer','Name')]
        [String[]]$ComputerName = $env:ComputerName
    )

    Process {

        $Computers = $ComputerName

        ForEach ($Computer in $Computers) {

            try {
                $Computer = Get-ADComputer $Computer -Property * -ErrorAction Stop
            }
            catch {
                #Write-Error $_.Exception.Message
                Write-Host $_.Exception.Message`n -ForegroundColor Red
                #Break
                Continue
            }

            # Get LAPS Info

            if ($Computer.'ms-Mcs-AdmPwd'){
   
                #$strComputerPassword=$Computer.'ms-Mcs-AdmPwd'
        
                $strComputerExpTime = $Computer.'ms-MCS-AdmPwdExpirationTime'

                if ($strComputerExpTime -ge 0) {$strComputerExpTime = $([datetime]::FromFileTime([convert]::ToInt64($strComputerExpTime)))}
        
                $strComputerExpTime = "{0:yyyy-MM-dd HH:mm:ss}" -f [datetime]$strComputerExpTime

            }          
            
            # Return LAPS data

            [PSCustomObject]@{
                Name = $Computer.Name
                ComputerPassword = $Computer.'ms-Mcs-AdmPwd'
                PasswordExpTime = $strComputerExpTime
            }
            
        }

    }
}