From d11bca07d96543d44400d74e6b7a4d3b03851454 Mon Sep 17 00:00:00 2001 From: Rephl3x Date: Wed, 24 Sep 2025 00:54:43 +0000 Subject: [PATCH] Create and manage MSA or grMSA --- EggBasket.ps1 | 132 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 132 insertions(+) create mode 100644 EggBasket.ps1 diff --git a/EggBasket.ps1 b/EggBasket.ps1 new file mode 100644 index 0000000..bd1970d --- /dev/null +++ b/EggBasket.ps1 @@ -0,0 +1,132 @@ +# Load required assemblies +Add-Type -AssemblyName System.Windows.Forms +Add-Type -AssemblyName System.Drawing + +# Create the form +$form = New-Object System.Windows.Forms.Form +$form.Text = "MSA Creator - Khan Mayker" +$form.Size = New-Object System.Drawing.Size(400,400) +$form.StartPosition = "CenterScreen" + +# Create Labels and Textboxes for Variables +$labelSVCAccount = New-Object System.Windows.Forms.Label +$labelSVCAccount.Text = "Service Account Name:" +$labelSVCAccount.Location = New-Object System.Drawing.Point(10,20) +$labelSVCAccount.Size = New-Object System.Drawing.Size(150,20) +$form.Controls.Add($labelSVCAccount) + +$textSVCAccount = New-Object System.Windows.Forms.TextBox +$textSVCAccount.Location = New-Object System.Drawing.Point(180,20) +$textSVCAccount.Size = New-Object System.Drawing.Size(180,20) +$form.Controls.Add($textSVCAccount) + +$labelDNS = New-Object System.Windows.Forms.Label +$labelDNS.Text = "DNS Host Name:" +$labelDNS.Location = New-Object System.Drawing.Point(10,60) +$labelDNS.Size = New-Object System.Drawing.Size(150,20) +$form.Controls.Add($labelDNS) + +$textDNS = New-Object System.Windows.Forms.TextBox +$textDNS.Location = New-Object System.Drawing.Point(180,60) +$textDNS.Size = New-Object System.Drawing.Size(180,20) +$textDNS.Text = ".wd.govt.nz" +$textDNS.Enabled = $false +$form.Controls.Add($textDNS) + +$labelPath = New-Object System.Windows.Forms.Label +$labelPath.Text = "OU Path:" +$labelPath.Location = New-Object System.Drawing.Point(10,100) +$labelPath.Size = New-Object System.Drawing.Size(150,20) +$form.Controls.Add($labelPath) + +$textPath = New-Object System.Windows.Forms.TextBox +$textPath.Location = New-Object System.Drawing.Point(180,100) +$textPath.Size = New-Object System.Drawing.Size(180,20) +$textPath.Text = "OU=grMSA,OU=Service Accounts,OU=_Administration,DC=wd,DC=govt,DC=nz" +$textPath.Enabled = $false +$form.Controls.Add($textPath) + +$labelMachines = New-Object System.Windows.Forms.Label +$labelMachines.Text = "Machine Names (comma-separated):" +$labelMachines.Location = New-Object System.Drawing.Point(10,140) +$labelMachines.Size = New-Object System.Drawing.Size(220,20) +$form.Controls.Add($labelMachines) + +$textMachines = New-Object System.Windows.Forms.TextBox +$textMachines.Location = New-Object System.Drawing.Point(10,170) +$textMachines.Size = New-Object System.Drawing.Size(350,20) +$form.Controls.Add($textMachines) + +# Event to update DNS field based on Service Account Name input +$textSVCAccount.Add_TextChanged({ + $textDNS.Text = "$($textSVCAccount.Text).wd.govt.nz" +}) + +# Create the Submit Button +$buttonSubmit = New-Object System.Windows.Forms.Button +$buttonSubmit.Text = "Create MSA and AD Group" +$buttonSubmit.Location = New-Object System.Drawing.Point(120, 210) +$buttonSubmit.Size = New-Object System.Drawing.Size(150,30) +$form.Controls.Add($buttonSubmit) + +# Action on Submit Button Click +$buttonSubmit.Add_Click({ + $SVCAccount = $textSVCAccount.Text + $dns = $textDNS.Text + $path = "OU=grMSA,OU=Service Accounts,OU=_Administration,DC=wd,DC=govt,DC=nz" + $machines = $textMachines.Text.Split(',') + + if (-not [string]::IsNullOrWhiteSpace($SVCAccount) -and -not [string]::IsNullOrWhiteSpace($dns) -and -not [string]::IsNullOrWhiteSpace($path) -and $machines.Count -gt 0) { + + $grMSA = "grMSA_$SVCAccount" + + try { + # Create AD Group + New-ADGroup -Name $grMSA -Path $path -GroupScope Global -PassThru -Verbose + + # Add Machines to AD Group + foreach ($machine in $machines) { + $machineTrimmed = $machine.Trim() + '$' + Add-AdGroupMember -Identity $grMSA -Members $machineTrimmed -Verbose + } + + # Create MSA with the AD Group allowed to retrieve the password + New-ADServiceAccount -Name $SVCAccount -DNSHostName $dns -PrincipalsAllowedToRetrieveManagedPassword $grMSA -Verbose + + [System.Windows.Forms.MessageBox]::Show("MSA and AD Group created successfully.", "Success", [System.Windows.Forms.MessageBoxButtons]::OK, [System.Windows.Forms.MessageBoxIcon]::Information) + } catch { + [System.Windows.Forms.MessageBox]::Show("Error: $_", "Error", [System.Windows.Forms.MessageBoxButtons]::OK, [System.Windows.Forms.MessageBoxIcon]::Error) + } + } else { + [System.Windows.Forms.MessageBox]::Show("Please fill in all fields.", "Input Error", [System.Windows.Forms.MessageBoxButtons]::OK, [System.Windows.Forms.MessageBoxIcon]::Warning) + } +}) + +# Hidden Feature: Click bottom-left corner to open a new window with the message +$form.Add_MouseClick({ + param($sender, $e) + + # Check if the click is at the bottom-left corner + if ($e.X -eq 0 -and $e.Y -eq $form.ClientSize.Height - 1) { + $hiddenForm = New-Object System.Windows.Forms.Form + $hiddenForm.Text = "Hidden Message" + $hiddenForm.Size = New-Object System.Drawing.Size(500,200) + $hiddenForm.StartPosition = "CenterScreen" + + $textBoxMessage = New-Object System.Windows.Forms.TextBox + $textBoxMessage.Multiline = $true + $textBoxMessage.ReadOnly = $true + $textBoxMessage.Text = "dKU0fKP6Ob9ne29wOpCkepUyeV5me20yg2oudV9OdJIxA01khZwbLcs+RqUohKT9YJkoMWLzV2kkelXbPH1khZwbMWLze3LoPmE0dJXveZIselXbPJIxgJIqe25sf3ToPmEyClXbPHUye20oPmEIgJYbepIvOj== d" + $textBoxMessage.Location = New-Object System.Drawing.Point(10,20) + $textBoxMessage.Size = New-Object System.Drawing.Size(460,100) + $textBoxMessage.ScrollBars = "Vertical" + $hiddenForm.Controls.Add($textBoxMessage) + + $hiddenForm.ShowDialog() + } +}) + +# Show the form +$form.Topmost = $true +$form.Add_Shown({$form.Activate()}) +[void]$form.ShowDialog()