Script Repository


Update script credentials in custom commands

October 25, 2021
169

The script updates the credentials in the settings of Run a program or PowerShell script actions in the specified custom commands with the given ones. To execute the script, create a custom command or scheduled task configured for the Domain-DNS object type. In case of a scheduled task, the Activity Scope should include a single managed domain.

Parameters:

  • $runAsUsername - Specifies the username to set for script execution.
  • $runAsPassword - Specifies the password to set for script execution.
  • $customCommandIDsToModifyRunAs - Specifies the identifiers of the custom commands to update. For information on how to get the identifier of a custom command, see https://adaxes.com/sdk/HowDoI.GetCustomCommandID/.
Edit Remove
PowerShell
$runAsUsername = "admin@domain.com" # TODO: Modify me
$runAsPassword = "secret" # TODO: Modify me

$customCommandIDsToModifyRunAs = @(
,"{ee9f55c4-17f4-40c5-9c39-3129b4a41bf4}"
,"{50f9c8c6-e4eb-4011-ac10-105a8f16gt7t}"
,"{3644e215-484d-4d8b-b390-af15480a2ff7}"
)# TODO: Modify me

function GetCustomCommandPath($commandId)
{
	try
    {
        # Bind to the 'Custom Commands' container
        $customCommandsPath = $Context.GetWellKnownContainerPath("CustomCommands")
        $searcher = $Context.BindToObject($customCommandsPath)
        
        # Search custom command by ID
        $guidBytes = (New-Object "System.Guid" $commandId).ToByteArray()
        $filterPart = [Softerra.Adaxes.Ldap.FilterBuilder]::Create("adm-CustomCommandID", $guidBytes)
        $searcher.SearchFilter = "(&(objectClass=adm-CustomCommand)$filterPart)"
        $searcher.SearchScope = "ADS_SCOPE_SUBTREE"
    
        # Execute search
        $searchResultIterator = $searcher.ExecuteSearch()
        $searchResults = $searchResultIterator.FetchAll()
    
        if ($searchResults.Length -eq 0)
        {
            $Context.LogMessage("Custom command with ID $commandId not found.", "Warning") 
            return $NULL
        }
        else
        {
            return $searchResults[0].AdsPath
        }
    }
    catch
    {
            $Context.LogException($_.Exception)
            continue        
    }
    finally
    {
        # Release resources
        if ($searchResultIterator){ $searchResultIterator.Dispose() }
    }
}

function ModifyConditionedActions($paramsObj)
{
    $conditionedActions = $paramsObj.conditionedActions
    foreach ($set in $conditionedActions)
    {
        foreach ($action in $set.Actions)
        {
            # Skip other actions
            if($action.Class -ne "adm-RunScriptAction")
            {
                continue
            }
            $actionObj = $action.GetAction()
            
            if($actionObj.ScriptType -ne "ADM_SCRIPTTYPE_POWERSHELL")
            {
                continue
            }
            
            # Check if the supplied credentials are valid
            try
            {
                $actionObj.CanRunAs($runAsUsername, $runAsPassword)
            }
            catch
            {
                $Context.LogException($_.Exception)
                continue
            }
            
            $actionObj.RunAs($runAsUsername, $runAsPassword)
            $action.SetAction($actionObj)
            $action.SetInfo()
        }

        if ($isElseIfBlock)
        {
            continue
        }


        ModifyConditionedActions @{conditionedActions = $set.ElseIfConditionedActions; isElseIfBlock = $True;}

        if ($set.ElseActions.Count -ne 0)
        {
            # Modify Else actions
            foreach ($action in $set.ElseActions)
            {
                # Skip other actions
                if($action.Class -ne "adm-RunScriptAction")
                {
                    continue
                }
                $actionObj = $action.GetAction()
                
                if($actionObj.ScriptType -ne "ADM_SCRIPTTYPE_POWERSHELL")
                {
                    continue
                }
                
				# Check if the supplied credentials are valid
                try
                {
                    $actionObj.CanRunAs($runAsUsername, $runAsPassword)
                }
                catch
                {
                    $Context.LogException($_.Exception)
                    continue
                }
                
                $actionObj.RunAs($runAsUsername, $runAsPassword)
                $action.SetAction($actionObj)
                $action.SetInfo()
            }
        }
    }
}

foreach($customCommandId in $customCommandIDsToModifyRunAs)
{
    $commandAdsPath = GetCustomCommandPath $customCommandId
    if($null -eq $commandAdsPath)
    {
        continue
    }
    $command = $Context.BindToObject($commandAdsPath)
    ModifyConditionedActions @{ conditionedActions = $command.ConditionedActions; isElseIfBlock = $False }
}


Comments ( 0 )
No results found.
Leave a comment