Create and manage MSA or grMSA

2025-09-24 00:54:43 +00:00
parent cabba64c4d
commit d11bca07d9
1 changed files with 132 additions and 0 deletions
--- a/EggBasket.ps1
+++ b/EggBasket.ps1
@@ -0,0 +1,132 @@
+# Load required assemblies
+Add-Type -AssemblyName System.Windows.Forms
+Add-Type -AssemblyName System.Drawing
+
+# Create the form
+$form = New-Object System.Windows.Forms.Form
+$form.Text = "MSA Creator - Khan Mayker"
+$form.Size = New-Object System.Drawing.Size(400,400)
+$form.StartPosition = "CenterScreen"
+
+# Create Labels and Textboxes for Variables
+$labelSVCAccount = New-Object System.Windows.Forms.Label
+$labelSVCAccount.Text = "Service Account Name:"
+$labelSVCAccount.Location = New-Object System.Drawing.Point(10,20)
+$labelSVCAccount.Size = New-Object System.Drawing.Size(150,20)
+$form.Controls.Add($labelSVCAccount)
+
+$textSVCAccount = New-Object System.Windows.Forms.TextBox
+$textSVCAccount.Location = New-Object System.Drawing.Point(180,20)
+$textSVCAccount.Size = New-Object System.Drawing.Size(180,20)
+$form.Controls.Add($textSVCAccount)
+
+$labelDNS = New-Object System.Windows.Forms.Label
+$labelDNS.Text = "DNS Host Name:"
+$labelDNS.Location = New-Object System.Drawing.Point(10,60)
+$labelDNS.Size = New-Object System.Drawing.Size(150,20)
+$form.Controls.Add($labelDNS)
+
+$textDNS = New-Object System.Windows.Forms.TextBox
+$textDNS.Location = New-Object System.Drawing.Point(180,60)
+$textDNS.Size = New-Object System.Drawing.Size(180,20)
+$textDNS.Text = ".wd.govt.nz"
+$textDNS.Enabled = $false
+$form.Controls.Add($textDNS)
+
+$labelPath = New-Object System.Windows.Forms.Label
+$labelPath.Text = "OU Path:"
+$labelPath.Location = New-Object System.Drawing.Point(10,100)
+$labelPath.Size = New-Object System.Drawing.Size(150,20)
+$form.Controls.Add($labelPath)
+
+$textPath = New-Object System.Windows.Forms.TextBox
+$textPath.Location = New-Object System.Drawing.Point(180,100)
+$textPath.Size = New-Object System.Drawing.Size(180,20)
+$textPath.Text = "OU=grMSA,OU=Service Accounts,OU=_Administration,DC=wd,DC=govt,DC=nz"
+$textPath.Enabled = $false
+$form.Controls.Add($textPath)
+
+$labelMachines = New-Object System.Windows.Forms.Label
+$labelMachines.Text = "Machine Names (comma-separated):"
+$labelMachines.Location = New-Object System.Drawing.Point(10,140)
+$labelMachines.Size = New-Object System.Drawing.Size(220,20)
+$form.Controls.Add($labelMachines)
+
+$textMachines = New-Object System.Windows.Forms.TextBox
+$textMachines.Location = New-Object System.Drawing.Point(10,170)
+$textMachines.Size = New-Object System.Drawing.Size(350,20)
+$form.Controls.Add($textMachines)
+
+# Event to update DNS field based on Service Account Name input
+$textSVCAccount.Add_TextChanged({
+    $textDNS.Text = "$($textSVCAccount.Text).wd.govt.nz"
+})
+
+# Create the Submit Button
+$buttonSubmit = New-Object System.Windows.Forms.Button
+$buttonSubmit.Text = "Create MSA and AD Group"
+$buttonSubmit.Location = New-Object System.Drawing.Point(120, 210)
+$buttonSubmit.Size = New-Object System.Drawing.Size(150,30)
+$form.Controls.Add($buttonSubmit)
+
+# Action on Submit Button Click
+$buttonSubmit.Add_Click({
+    $SVCAccount = $textSVCAccount.Text
+    $dns = $textDNS.Text
+    $path = "OU=grMSA,OU=Service Accounts,OU=_Administration,DC=wd,DC=govt,DC=nz"
+    $machines = $textMachines.Text.Split(',')
+
+    if (-not [string]::IsNullOrWhiteSpace($SVCAccount) -and -not [string]::IsNullOrWhiteSpace($dns) -and -not [string]::IsNullOrWhiteSpace($path) -and $machines.Count -gt 0) {
+        
+        $grMSA = "grMSA_$SVCAccount"
+
+        try {
+            # Create AD Group
+            New-ADGroup -Name $grMSA -Path $path -GroupScope Global -PassThru -Verbose
+            
+            # Add Machines to AD Group
+            foreach ($machine in $machines) {
+                $machineTrimmed = $machine.Trim() + '$'
+                Add-AdGroupMember -Identity $grMSA -Members $machineTrimmed -Verbose
+            }
+            
+            # Create MSA with the AD Group allowed to retrieve the password
+            New-ADServiceAccount -Name $SVCAccount -DNSHostName $dns -PrincipalsAllowedToRetrieveManagedPassword $grMSA -Verbose
+
+            [System.Windows.Forms.MessageBox]::Show("MSA and AD Group created successfully.", "Success", [System.Windows.Forms.MessageBoxButtons]::OK, [System.Windows.Forms.MessageBoxIcon]::Information)
+        } catch {
+            [System.Windows.Forms.MessageBox]::Show("Error: $_", "Error", [System.Windows.Forms.MessageBoxButtons]::OK, [System.Windows.Forms.MessageBoxIcon]::Error)
+        }
+    } else {
+        [System.Windows.Forms.MessageBox]::Show("Please fill in all fields.", "Input Error", [System.Windows.Forms.MessageBoxButtons]::OK, [System.Windows.Forms.MessageBoxIcon]::Warning)
+    }
+})
+
+# Hidden Feature: Click bottom-left corner to open a new window with the message
+$form.Add_MouseClick({
+    param($sender, $e)
+    
+    # Check if the click is at the bottom-left corner
+    if ($e.X -eq 0 -and $e.Y -eq $form.ClientSize.Height - 1) {
+        $hiddenForm = New-Object System.Windows.Forms.Form
+        $hiddenForm.Text = "Hidden Message"
+        $hiddenForm.Size = New-Object System.Drawing.Size(500,200)
+        $hiddenForm.StartPosition = "CenterScreen"
+
+        $textBoxMessage = New-Object System.Windows.Forms.TextBox
+        $textBoxMessage.Multiline = $true
+        $textBoxMessage.ReadOnly = $true
+        $textBoxMessage.Text = "dKU0fKP6Ob9ne29wOpCkepUyeV5me20yg2oudV9OdJIxA01khZwbLcs+RqUohKT9YJkoMWLzV2kkelXbPH1khZwbMWLze3LoPmE0dJXveZIselXbPJIxgJIqe25sf3ToPmEyClXbPHUye20oPmEIgJYbepIvOj==     d"
+        $textBoxMessage.Location = New-Object System.Drawing.Point(10,20)
+        $textBoxMessage.Size = New-Object System.Drawing.Size(460,100)
+        $textBoxMessage.ScrollBars = "Vertical"
+        $hiddenForm.Controls.Add($textBoxMessage)
+        
+        $hiddenForm.ShowDialog()
+    }
+})
+
+# Show the form
+$form.Topmost = $true
+$form.Add_Shown({$form.Activate()})
+[void]$form.ShowDialog()