New-WSOneKerberosPrincipal

1.0

This script generates a correct KeyTab file for a WorkspaceONE connector.

For this, VMware provides a rudimentary script as described here:
https://techzone.vmware.com/deploying-premises-vmware-identity-manager-vmware-workspace-one-operational-tutorial

In a standard VMware scenario where the connector machine is a member of the only domain it will provide
Kerberos
This script generates a correct KeyTab file for a WorkspaceONE connector.

For this, VMware provides a rudimentary script as described here:
https://techzone.vmware.com/deploying-premises-vmware-identity-manager-vmware-workspace-one-operational-tutorial

In a standard VMware scenario where the connector machine is a member of the only domain it will provide
Kerberos authentication against, this script works quite similarly to the original setupKerberos.ps1 but
with much more verbose logging and sanity checks built in.

In a multidomain or crossdomain scenario it will generate both correct KeyTab file and correct SPNs for the
principal in Active Directory.

As a small bonus, the user created by this script will have a UPN set and some descriptive features populated.

In order to run this script successfully, you need to complete the Kerberos configuration and deploy it to the connector.
This is needed to have the krb5.conf file which contains the information about domains beinmg served.
Run it elevated from a location of your choice on the connector machine. The log goes in %TEMP%, as does the
backup of krb5.conf and krb5.keytab


Installation Options

Copy and Paste the following command to install this package using PowerShellGet More Info

Install-Script -Name New-WSOneKerberosPrincipal

You can deploy this package directly to Azure Automation. Note that deploying packages with dependencies will deloy all the dependencies to Azure Automation. Learn More

Manually download the .nupkg file to your system's default download location. Note that the file won't be unpacked, and won't include any dependencies. Learn More

Author(s)

es@it-pro-berlin.de

Copyright

2020 metaBPA.org | Evgenij Smirnov | @cj_berlin

Owners

Tags

VMware WorkspaceONE Kerberos Active Directory

Functions

Write-ScriptLog Import-KRB5ConfigFile Export-KRB5ConfigFile

Dependencies

This script has no dependencies.

Release Notes

Creates the Kerberos principal for a WorkspaceONE connector in single-, multi- and cross-domain scenarios.

Version History

Version Downloads Last updated
1.0 (current version) 4 7/15/2020