• State Not Answered
  • +1 person also asked this people also asked this
  • Replies 2 replies
  • Subscribers 63 subscribers
  • Views 828 views
  • Users 0 members are here
Options
Related

Script to better handle old and new LAPS.

shawn donovan
over 1 year ago

Hello,

Currently I use a script to populate the field on the Web UI and it works great.  My current challenge is to have it handle using the old laps attribute in AD as well.  Here is what I am looking for help on getting it to do:

1) If the Windows OS is 10/2019 or newer, run the Get-LAPSADPassword Command and shows its value

2) if the Windows OS if older the 10/2019, show the value from the legacy LAPS attribute: ms-mcs-AdmPwd

function onPostGet($Request){

    if($Request.Class -ne "computer") {return}
        if ($Request.IsAttributeRequested("edsvaLAPS") -eq $false) {return}
        
        $machineName = $Request.Get("sAMAccountName")

        try {
            $customValue = Get-LapsADPassword -Identity $machineName -AsPlainText | ForEach-Object { $_.Password }
            
        }
        catch {
            # An error occurred
            $customValue = "An error occurred, verify that this computer is registered with LAPS"
        }

        $strAttrname = "edsvaLAPS"
    
        $Request.Put($strAttrname, $customValue)
		
       
    } #end request class

Parents
  • 0 over 1 year ago

    Hello, Shawn.

    To my knowledge, the only means by which to determine O/S version/installation information is to actually establish a remote connection to the computer in question and interrogate it using one of a variety of methods. Remote PowerShell, WMI, registry key value, etc. While the description attribute in AD does have the basic O/S identity, it definitely does not have the date or build number. The problem that implementing any of those remote access options will encounter is that you will likely have to deal with timeout delays whenever attempting to reach a machine that happens to be offline or inaccessible due to firewall configuration.

    If forced into having to provide something like this, a couple of options come to mind:

    1. Use a tool like Enterprise Reporter to gather this information for you into a database,
    2. Create a multi-threaded scheduled scripted process that will gather this data during off-peak times, is resilient to dealing with timeouts, and stores the data you need in some other AR virtual attribute

    Hope that helps! Perhaps someone else will offer some insight on a less complex option.

Reply
  • 0 over 1 year ago

    Hello, Shawn.

    To my knowledge, the only means by which to determine O/S version/installation information is to actually establish a remote connection to the computer in question and interrogate it using one of a variety of methods. Remote PowerShell, WMI, registry key value, etc. While the description attribute in AD does have the basic O/S identity, it definitely does not have the date or build number. The problem that implementing any of those remote access options will encounter is that you will likely have to deal with timeout delays whenever attempting to reach a machine that happens to be offline or inaccessible due to firewall configuration.

    If forced into having to provide something like this, a couple of options come to mind:

    1. Use a tool like Enterprise Reporter to gather this information for you into a database,
    2. Create a multi-threaded scheduled scripted process that will gather this data during off-peak times, is resilient to dealing with timeouts, and stores the data you need in some other AR virtual attribute

    Hope that helps! Perhaps someone else will offer some insight on a less complex option.

Children
No Data