Set-xOTP.ps1

<#
     .SYNOPSIS
        Sets SecureMFA.com OTP accounts state in SQL database.
    .DESCRIPTION
        Sets SecureMFA OTP accounts to disabled or enabled state.
        Dependencies:
            * System which executes a script must have Microsoft Framework 4.6.1 and above installed.
            * SecureMFA_SupportTools.dll file must be present in script directory.
            * SecureMFA_SupportTools.json configuration file must be present in script directory.
                                     
            Bellow is a sample of valid Json config file with minimal configuration required for script to work:
                {
                "sql_server": "asqlaol1.adatum.labnet",
                "sql_database": "SecureMfaOTP",
                "ui_input_text": "Please enter user's UPN"
                "ui_environment": "MyCompany"
                }
 
    .PARAMETER Disable
        Disbales user's OTP account in the database.
 
    .NOTES
        Version: 1.0.0.5
        Author: SecureMfa.com
        Creation Date: 04/04/2020
        Purpose/Change: New
   
    .EXAMPLE
        C:\PS> Set-xOTP
 
        This command will import SecureMFA_SupportTools.json file from current directory and sets OTP user state as enabled.
        It will enable user for authentication.
 
    .EXAMPLE
        C:\PS> Set-xOTP -Disable
 
        This command will import SecureMFA_SupportTools.json file from current directory and sets OTP user state as disbaled.
        It will disable user for authentication.
     
#>


#>
Function Set-xOTP {
Param
(
    [Parameter(Mandatory=$false,ParameterSetName="Default")]
    [String]$upn = $null,
    [Parameter(Mandatory=$false, ParameterSetName="Default")]
    [Switch]$Disable,
    [Switch]$Force

)

#Static Parameters
$Event_Source = "SecureMFA_SupportTools"
[Int16]$UserStatus = 0;
$ConfirmPreference="high"
$decision_Validation = $null

$message  = "Please confirm if you want to disable OTP for user [$upn]"            
$question = 'Please confirm?'
$choices = New-Object Collections.ObjectModel.Collection[Management.Automation.Host.ChoiceDescription]
$choices.Add((New-Object Management.Automation.Host.ChoiceDescription -ArgumentList '&Yes'))
$choices.Add((New-Object Management.Automation.Host.ChoiceDescription -ArgumentList '&No'))

#Confirmation for before disabling account
if($Disable -and !($Force)) { $decision_Validation = $Host.UI.PromptForChoice($message, $question, $choices, 0) ; if ($decision_Validation -eq 1 ) {break} }

#Checking Dependencies
#EventLog source dependency
$ErrMsg = "Set OTP User EventLog source is missing. Please execute following PS command 'New-EventLog -Source SecureMFA_SupportTools -LogName Application' on the system before using the app."
if (((Get-ChildItem HKLM:\SYSTEM\CurrentControlSet\Services\EventLog\Application).pschildname | where { $_ -eq $Event_Source} | measure).Count -eq 0) 
{write-host $ErrMsg -ForegroundColor red; pause; break}
#Config file dependency
$configfile = (Join-Path -Path $PSScriptRoot -ChildPath SecureMFA_SupportTools.json)
$ErrMsg = "$configfile file is missing. Please copy a file to script directory and try again."
if (!(Test-Path $configfile)) { write-host $ErrMsg -ForegroundColor red; pause; break }
#DLL file dependency
$dllpath = (Join-Path -Path $PSScriptRoot -ChildPath SecureMFA_SupportTools.dll)
$ErrMsg = "$configfile file is missing. Please copy a file to script directory and try again."
if (!(Test-Path $dllpath)) { write-host $ErrMsg -ForegroundColor red; pause; break }

#Read JSON file Configuration
$json = Get-Content -Raw $configfile | ConvertFrom-Json
$sqlinstance = $json.sqlserver
$sqldbname = $json.sqldbname
$sqlintegratedsecurity = $json.sqlintegratedsecurity
$sqluseraccount = $json.sqluseraccount
$sqluserpassword = $json.sqluserpassword
$input_text = $json.ui_input_text
$environment = $json.ui_environment
$sqlConnectString = "server=" + $sqlinstance + ";initial catalog=" + $sqldbname + ";integrated security=" + $sqlintegratedsecurity + ";User ID=" + $sqluseraccount + ";Password=" + $sqluserpassword;

#Get user's input if required
write-host " -- Set OTP User utility for $environment --" -ForegroundColor Green -NoNewline
if ($Disable) {write-host " [Disable OTP User] " -ForegroundColor red} else {write-host " [Enable OTP User] " -ForegroundColor yellow}
if ($upn -eq $null) { Do { $upn = read-host $input_text} while ($upn -eq "")}

Try {

    [System.Reflection.Assembly]::LoadFile($dllpath) | Out-Null 
    
    if ([SecureMFA_SupportTools.OTP]::isUserExist($upn, $sqlConnectString, [ref] $UserStatus)) 
        {
        
        switch($UserStatus){
               0 {$UserStatusValue = "Never logged in."}
               1 {$UserStatusValue = "Enabled."}
               2 {$UserStatusValue = "Disabled."}
        }        
        write-host "User status before change: $UserStatusValue" -ForegroundColor Cyan   

        #Enable for active user
        if (!($Disable) -and ($UserStatus -gt 0)) 
            {
            $isSuccess = [SecureMFA_SupportTools.OTP]::SetUserEnable($upn, $sqlConnectString, $env:username, $env:computername)
            if ($isSuccess) {write-host "User: $upn has been enabled by: $env:username from computer: $env:computername"} 
            }
        #Disable User
        elseif (($Disable) -and ($UserStatus -gt 0))
            {
            $isSuccess = [SecureMFA_SupportTools.OTP]::SetUserDisable($upn, $sqlConnectString, $env:username, $env:computername)
            if ($isSuccess) {write-host "User: $upn has been disabled by: $env:username from computer: $env:computername"} 
            }
        #Enable for non active user
        else
            {
             write-host "Account status cannot be chnaged for User: [$upn] , because user have not logged in yet."
            } 
             
        } 
        
    else 
        {
         write-host "User: [$upn] doesn’t exist in OTP database. "
        }
    }

#On error acction
catch [System.Exception] { 
        $completed = get-date
        $line = $_.InvocationInfo.ScriptLineNumber
        $msg = $_.Exception.Message 

        Write-Host -ForegroundColor Red "Error: $msg"
        Write-EventLog –LogName Application –Source $Event_Source –EntryType Error –EventID 5559 –Message “$msg Executed by: $env:username Computer: $env:computername Line: $line”                 
        }    

}