Scripts/ActiveDirectory/remove-cohesityactivedirectory.ps1

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
#### USAGE ####
# ********************** Using Function *********************
# Remove-CohesityActiveDirectory -DomainName cohesity.com
# Remove-CohesityActiveDirectory -DomainName cohesity.com -Credential (New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList "Administrator", (ConvertTo-SecureString -AsPlainText "secret" -Force)) -Confirm:$false
###############
function Remove-CohesityActiveDirectory {
    [CmdletBinding(SupportsShouldProcess = $True, ConfirmImpact = "High")]
    Param(
        [Parameter(Mandatory = $true)]
        $DomainName,
        [Parameter(Mandatory = $true)]
        [ValidateNotNull()]
        [System.Management.Automation.PSCredential]
        [System.Management.Automation.Credential()]
        $Credential
    )
    Begin {
        if (-not (Test-Path -Path "$HOME/.cohesity")) {
            throw "Failed to authenticate. Please connect to the Cohesity Cluster using 'Connect-CohesityCluster'"
        }
        $session = Get-Content -Path $HOME/.cohesity | ConvertFrom-Json

        $server = $session.ClusterUri

        $token = $session.Accesstoken.Accesstoken
    }

    Process {
        $UserName = $Credential.UserName
        $PlainPassword = $Credential.GetNetworkCredential().Password

        $url = $server + '/irisservices/api/v1/public/activeDirectory'

        $headers = @{'Authorization' = 'Bearer ' + $token}
        if ($PSCmdlet.ShouldProcess($Name)) {

            $payload = @{
                domainName                 = $DomainName
                machineAccounts            = @($MachineAccounts)
                preferredDomainControllers = @(@{domainName = $DomainName})
                trustedDomainsEnabled      = $false
                userIdMapping              = @{ }
                userName                   = $UserName
                password                   = $PlainPassword
            }
            $payloadJson = $payload | ConvertTo-Json
            $resp = Invoke-RestApi -Method Delete -Uri $url -Headers $headers -Body $payloadJson
            if ($resp) {
                $errorMsg = "Active Directory : $DomainName deleted."
                CSLog -Message $errorMsg
                $resp
            }
            else {
                $errorMsg = "Active Directory : $DomainName could not be deleted"
                Write-Output $errorMsg
                CSLog -Message $errorMsg
            }
        }
    }
    End {
    }
}