Public/ActiveDirectory/Get-LAPSCredential.ps1

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
function Get-LAPSCredential {
    <#
    .SYNOPSIS
    Retrieves LAPS password from AD and creates Credential Object
    .DESCRIPTION
    Using Local Administrator Password Solution cmdlet Get-AdmPwdPassword will query AD for ms-Mcs-AdmPwd attribute. Will use retrieved password to create Credential Object
    .PARAMETER ComputerName
    ComputerName to search for LAPS password
    .EXAMPLE
    Get-LAPSCredential -ComputerName 'SomeComputer'
    UserName Password
    -------- --------
    SomeComputer\Administrator System.Security.SecureString
    #>

    [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSAvoidUsingConvertToSecureStringWithPlainText', '')]
    [CmdletBinding()]
    Param(
        [Parameter(Mandatory = $True,
            ValueFromPipeline = $True, ValueFromPipelineByPropertyName = $True)]
        [string]
        $ComputerName
    )
    Process {
        Write-Log -Info -Message "Retrieving LAPS Password for Computer {$ComputerName}"
        $LAPSPassword = (Get-AdmPwdPassword -ComputerName $ComputerName -ErrorAction SilentlyContinue).Password
        If ($LAPSPassword) {
            Write-Log -Info -Message "Found LAPS Password for Computer {$ComputerName}"
            $LocalAdminPassword = ConvertTo-SecureString -String $LAPSPassword -AsPlainText -Force
            $LocalAdminCredential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList "$ComputerName\Administrator", $LocalAdminPassword
            Write-Log -Info -Message "Returning created Credential Object {$($LocalAdminCredential.UserName)}"
            $LocalAdminCredential
        }
        Else {
            Write-Log -Error  -Message "No LAPS password found for computer {$ComputerName}"
            $Null
        }
    }
}