• State Not Answered
  • +1 person also asked this people also asked this
  • Replies 2 replies
  • Subscribers 63 subscribers
  • Views 826 views
  • Users 0 members are here
Options
Related

Script to better handle old and new LAPS.

shawn donovan
over 1 year ago

Hello,

Currently I use a script to populate the field on the Web UI and it works great.  My current challenge is to have it handle using the old laps attribute in AD as well.  Here is what I am looking for help on getting it to do:

1) If the Windows OS is 10/2019 or newer, run the Get-LAPSADPassword Command and shows its value

2) if the Windows OS if older the 10/2019, show the value from the legacy LAPS attribute: ms-mcs-AdmPwd

function onPostGet($Request){

    if($Request.Class -ne "computer") {return}
        if ($Request.IsAttributeRequested("edsvaLAPS") -eq $false) {return}
        
        $machineName = $Request.Get("sAMAccountName")

        try {
            $customValue = Get-LapsADPassword -Identity $machineName -AsPlainText | ForEach-Object { $_.Password }
            
        }
        catch {
            # An error occurred
            $customValue = "An error occurred, verify that this computer is registered with LAPS"
        }

        $strAttrname = "edsvaLAPS"
    
        $Request.Put($strAttrname, $customValue)
		
       
    } #end request class

Parents
  • 0 over 1 year ago

    By far the biggest challenge with getting machine data using PoSh is in gaining access to the machines.   is correct about the possible technologies however in general, remote access to hosts is something that most organizations lockdown.

    The one option you might have for running a script against each host is if your organization runs some kind of endpoint management that allows for software distribution and the execution of scripts.

Reply
  • 0 over 1 year ago

    By far the biggest challenge with getting machine data using PoSh is in gaining access to the machines.   is correct about the possible technologies however in general, remote access to hosts is something that most organizations lockdown.

    The one option you might have for running a script against each host is if your organization runs some kind of endpoint management that allows for software distribution and the execution of scripts.

Children
No Data