Skip to content

Instantly share code, notes, and snippets.

@fabricesemti80

fabricesemti80/README.md

Last active March 12, 2025 15:32
Show Gist options
  • Save fabricesemti80/f71c3e076fe97e3ab12e82e7c1c74e3c to your computer and use it in GitHub Desktop.
Save fabricesemti80/f71c3e076fe97e3ab12e82e7c1c74e3c to your computer and use it in GitHub Desktop.
Download ZIP
PSU-AdminPage
Raw
README.md

Notes

  • Create secret ADCredentialPRD
  • Create endpoints (via GUI or append endpoints.ps1 contents to your PSU's endpoints file)
  • Create application using adtool.ps1
  • (optional: update address if not accessing on localhost:5000)
Raw
adtool.ps1
$Green = '#4bdd35'
$Theme = @{
palette = @{
primary = @{
main = $Green
}
background = @{
default = 'black'
paper = 'black'
}
text = @{
primary = $Green
}
}
typography = @{
fontFamily = "Consolas"
}
}
$Pages = @()
$Pages += New-UDPage -Name "AD User account management" -Content {
New-UDGrid -Container -Content {
## Grid for search fields [grid is 12 unit wide!]
New-UDGrid -Item -ExtraSmallSize 2 -Content {
New-UDForm -SubmitText "Search" -Content {
New-UDTextbox -Id "UserName" -Label "Username" -Icon (New-UDIcon -Icon 'server')
} -OnSubmit {
try {
## Collect user details via API calls
$UserName = $EventData.Username
$UserDetails = Invoke-RestMethod -Uri "http://localhost:5000/ad/getuser/$username" -Method Get
$UserGroups = Invoke-RestMethod -Uri "http://localhost:5000/ad/getusergroups/$username" -Method Get
## Display user groups
Set-UDElement -Id "Groups" -Properties @{
data = $UserGroups
}
## Display basic user info
$Properties = ($UserDetails | Get-Member | Where-Object MemberType -eq NoteProperty).Name
foreach ($property in $Properties) {
Set-UDElement -Id "UserDetails$Property" -Properties @{
content = "$property : $($UserDetails.$property)"
}
}
## Set button states based on user state
Set-UDElement -Id "ResetPassword" -Properties @{
disabled = $false
}
if ($UserDetails.LockedOut -eq $true) {
Set-UDElement -Id "UnlockAccount" -Properties @{
disabled = $false
}
}
else {
Set-UDElement -Id "UnlockAccount" -Properties @{
disable = $true
}
}
if ($UserDetails.enabled -eq $true) {
Set-UDElement -Id "DisableAccount" -Properties @{
disabled = $false
}
Set-UDElement -Id "EnableAccount" -Properties @{
disabled = $true
}
}
else {
Set-UDElement -Id "DisableAccount" -Properties @{
disabled = $true
}
Set-UDElement -Id "EnableAccount" -Properties @{
disabled = $false
}
}
}
catch {
## Error for non-existing user
Show-UDModal -Content {
New-UDAlert -Severity Error -Text "UserName not found - $($_)"
}
## Reset user details for non-existing user
Set-UDElement -Id "Groups" -Properties @{
data = ""
}
Set-UDElement -Id "UserDetailsName" -Properties @{
content = " "
}
Set-UDElement -Id "UserDetailsUserName" -Properties @{
content = " "
}
Set-UDElement -Id "UserDetailsUserPrincipalName" -Properties @{
content = " "
}
Set-UDElement -Id "UserDetailsEmployeeID" -Properties @{
content = " "
}
Set-UDElement -Id "UserDetailsTitle" -Properties @{
content = " "
}
Set-UDElement -Id "UserDetailsEnabled" -Properties @{
content = " "
}
Set-UDElement -Id "UserDetailsPasswordExpired" -Properties @{
content = " "
}
Set-UDElement -Id "UserDetailsLockedOut" -Properties @{
content = " "
}
Set-UDElement -Id "UserDetailsLastBadPasswordAttempt" -Properties @{
content = " "
}
## Update buton states for non-existing user
Set-UDElement -Id "ResetPassword" -Properties @{
disabled = $true
}
Set-UDElement -Id "UnlockAccount" -Properties @{
disabled = $true
}
Set-UDElement -Id "DisableAccount" -Properties @{
disabled = $true
}
Set-UDElement -Id "EnableAccount" -Properties @{
disabled = $true
}
}
}
}
## Grid for buttons
New-UDGrid -Item -ExtraSmallSize 10 -Content {
New-UDParagraph -Content {
New-UDButton -Id "UnlockAccount" -Text "Unlock Account" -Disabled -OnClick {
## Select user account
$UserName = (Get-UDElement -Id "UserDetailsUserName").content.split(':')[1].trim()
## Button action (process user)
Invoke-RestMethod -Uri "http://localhost:5000/ad/unlockaccount/$UserName" -Method Post
## Display updated details
$UserDetails = Invoke-RestMethod -Uri "http://localhost:5000/ad/getuser/$UserName" -Method Get
$Properties = ($UserDetails | Get-Member | Where-Object MemberType -eq NoteProperty).Name
foreach ($property in $Properties) {
Set-UDElement -Id "UserDetails$Property" -Properties @{
content = "$property : $($UserDetails.$property)"
}
}
## Update button state post-action
Set-UDElement -Id "UnlockAccount" -Properties @{
disabled = $true
}
}
New-UDButton -Id "EnableAccount" -Text "Enable Account" -Disabled -OnClick {
## Select user account
$UserName = (Get-UDElement -Id "UserDetailsUserName").content.split(':')[1].trim()
## Button action (process user)
Invoke-RestMethod -Uri "http://localhost:5000/ad/enableaccount/$UserName" -Method Post
## Display updated details
$UserDetails = Invoke-RestMethod -Uri "http://localhost:5000/ad/getuser/$UserName" -Method Get
$Properties = ($UserDetails | Get-Member | Where-Object MemberType -eq NoteProperty).Name
foreach ($property in $Properties) {
Set-UDElement -Id "UserDetails$Property" -Properties @{
content = "$property : $($UserDetails.$property)"
}
}
## Update button states post-action
Set-UDElement -Id "EnableAccount" -Properties @{
disabled = $true
}
Set-UDElement -Id "DisableAccount" -Properties @{
disabled = $false
}
}
New-UDButton -Id "DisableAccount" -Text "Disable Account" -Disabled -OnClick {
## Select user account
$UserName = (Get-UDElement -Id "UserDetailsUserName").content.split(':')[1].trim()
## Button action (process user)
Invoke-RestMethod -Uri "http://localhost:5000/ad/disableaccount/$UserName" -Method Post
## Display updated details
$UserDetails = Invoke-RestMethod -Uri "http://localhost:5000/ad/getuser/$UserName" -Method Get
$Properties = ($UserDetails | Get-Member | Where-Object MemberType -eq NoteProperty).Name
foreach ($property in $Properties) {
Set-UDElement -Id "UserDetails$Property" -Properties @{
content = "$property : $($UserDetails.$property)"
}
}
## Update button states post-action
Set-UDElement -Id "EnableAccount" -Properties @{
disabled = $false
}
Set-UDElement -Id "DisableAccount" -Properties @{
disabled = $true
}
}
New-UDButton -Id "ResetPassword" -Text "Reset Password" -Disabled -OnClick {
## Select user account
$UserName = (Get-UDElement -Id "UserDetailsUserName").content.split(':')[1].trim()
## Button action (process user)
$NewPassword = Invoke-RestMethod -Uri "http://localhost:5000/ad/resetpassword/$UserName" -Method Post
# Display pop-up with password
Show-UDModal -Content {
New-UDAlert -Severity Info -Text "Password for $($NewPassword.UserName) has been reset to: $($NewPassword.NewPassword)"
}
}
}
}
## Grid for User Details
New-UDGrid -Item -ExtraSmallSize 5 -Content {
New-UDHeading -Content { "User details" } -Size 2 -Color White
New-UDElement -Id "UserDetails" -Tag "ul" -Content {
New-UDElement -Id "UserDetailsName" -Tag "li" -Content {}
New-UDElement -Id "UserDetailsUserName" -Tag "li" -Content {}
New-UDElement -Id "UserDetailsUserPrincipalName" -Tag "li" -Content {}
New-UDElement -Id "UserDetailsEmployeeID" -Tag "li" -Content {}
New-UDElement -Id "UserDetailsTitle" -Tag "li" -Content {}
New-UDElement -Id "UserDetailsEnabled" -Tag "li" -Content {}
New-UDElement -Id "UserDetailsPasswordExpired" -Tag "li" -Content {}
New-UDElement -Id "UserDetailsLockedOut" -Tag "li" -Content {}
New-UDElement -Id "UserDetailsLastBadPasswordAttempt" -Tag "li" -Content {}
}
}
## Grid for Group Membership
New-UDGrid -Item -ExtraSmallSize 5 -Content {
New-UDHeading -Content {
"Group Membership"
} -Size 2 -Color White
New-UDTable -Id "Groups" -Columns @(
New-UDTableColumn -Property "Name" -Title "Name"
New-UDTableColumn -Property "GroupCategory" -Title "Group Category"
New-UDTableColumn -Property "GroupScope" -Title "Group Scope"
New-UDTableColumn -Property "Description" -Title "Description"
)
}
}
}
$Pages += New-UDPage -Name "AD Placeholder" -Content {
New-UDTypography -Text "This is a placholder for now"
}
New-UDDashboard -Title "Pages" -Pages $Pages -Theme $Theme
Raw
endpoints.ps1
New-PSUEndpoint -Url "/ad/disableaccount/:username" -Description "Simple API to disable the user given as {username}" -Method @('POST') -Endpoint {
Import-Module ActiveDirectory
$ADCredential = $secret:ADCredentialPRD
$ADServer = "< your domain controller >"
# $UserName = # provided by the :UserName
$splat = @{
Identity = $UserName
Server = $ADServer
Credential = $ADCredential
}
Set-ADUser -Enabled $true -Confirm:$false @splat
$User = Get-ADUser -Properties Enabled @splat
$result = [PSCustomObject]@{
UserName = $UserName
Enabled = $User.Enabled
}
return $result
} -Timeout 10
New-PSUEndpoint -Url "/ad/enableaccount/:username" -Description "Simple API to enable the user given as {username}" -Method @('POST') -Endpoint {
Import-Module ActiveDirectory
$ADCredential = $secret:ADCredentialPRD
$ADServer = "< your domain controller >"
# $UserName = # provided by the :UserName
$splat = @{
Identity = $UserName
Server = $ADServer
Credential = $ADCredential
}
Set-ADUser -Enabled $true -Confirm:$false @splat
$User = Get-ADUser -Properties Enabled @splat
$result = [PSCustomObject]@{
UserName = $UserName
Enabled = $User.Enabled
}
return $result
} -Timeout 10
New-PSUEndpoint -Url "/ad/getuser/:username" -Description "Simple API to get basic AD information of the user given as {username}" -Method @('GET') -Endpoint {
Import-Module ActiveDirectory
$ADCredential = $secret:ADCredentialPRD
$ADServer = "< your domain controller >"
# $username = # provided by the :username
$splat = @{
Identity = $username
Server = $ADServer
Credential = $ADCredential
}
$user = Get-ADUser -Properties * @splat
$result = [PSCustomObject]@{
Name = $user.Name
UserName = $user.SamAccountName
UserPrincipalName = $user.UserPrincipalName
EmployeeID = $user.EmployeeID
Title = $user.Title
Enabled = $user.Enabled
PasswordExpired = $user.PasswordExpired
LockedOut = $user.LockedOut
LastBadPasswordAttempt = $user.LastBadPasswordAttempt
}
$result
}
New-PSUEndpoint -Url "/ad/getusergroups/:username" -Description "Simple API to get AD group memberships of the user given as {username}" -Method @('GET') -Endpoint {
Import-Module ActiveDirectory
$ADCredential = $secret:ADCredentialPRD
$ADServer = "< your domain controller >"
# $UserName = # provided by the :UserName
$splat = @{
Identity = $UserName
Server = $ADServer
Credential = $ADCredential
}
$Result = @()
$groups = Get-ADPrincipalGroupMembership @splat
foreach ($group in $groups) {
$GroupDetails = Get-ADGroup -Identity $group -Properties * -Server $ADServer
$Entry = [PSCustomObject]@{
Name = $group.Name
GroupCategory = $group.GroupCategory.ToString()
GroupScope = $GroupDetails.GroupScope.ToString()
Description = $GroupDetails.Description
}
$Result += $Entry
}
$Result
}
New-PSUEndpoint -Url "/ad/resetpassword/:username" -Description "Simple API to reset the password of a user given as {username}" -Method @('POST') -Endpoint {
Import-Module ActiveDirectory
$ADCredential = $secret:ADCredentialPRD
$ADServer = "< your domain controller >"
# $UserName = # provided by the :UserName
$PasswordLength = 12 # default pw lenght, if no resultant password policy exists
$splat = @{
Identity = $UserName
Server = $ADServer
Credential = $ADCredential
}
$PasswordPolicy = $null
$PasswordPolicy = Get-ADUserResultantPasswordPolicy @splat
# overide password lenght if the user has a policy for this
if ($PasswordPolicy) {
$PasswordLength = $PasswordPolicy.MinPasswordLength
}
$UpperCaseSet = (65..90) | ForEach-Object { [char]$_ }
$LowerCaseSet = (97..122) | ForEach-Object { [char]$_ }
$NumericSet = (48..57) | ForEach-Object { [char]$_ }
$SpecialSet = (33, 35, 36, 37, 38, 42, 63) | ForEach-Object { [char]$_ }
$CharSet = $UpperCaseSet + $LowerCaseSet + $NumericSet + $SpecialSet
$PasswordPlainText = -join (Get-Random -Count $PasswordLength -InputObject $CharSet)
$Password = $PasswordPlainText | ConvertTo-SecureString -AsPlainText -Force
$Password
Set-ADAccountPassword -NewPassword $Password -Reset @splat
Set-ADUser -ChangePasswordAtLogon $true -PasswordNeverExpires $false @splat
$result = [PSCustomObject]@{
UserName = $UserName
NewPassword = $PasswordPlainText
}
return $result
} -Timeout 10 -Environment "Windows PowerShell 5.1"
New-PSUEndpoint -Url "/ad/unlockaccount/:username" -Description "Unlock <username> AD user account" -Method @('POST') -Endpoint {
Import-Module ActiveDirectory
$ADCredential = $secret:ADCredentialPRD
$ADServer = "< your domain controller >"
# $UserName = # provided by the :UserName
$splat = @{
Identity = $UserName
Server = $ADServer
Credential = $ADCredential
}
Unlock-ADAccount -Confirm:$false @splat
$User = Get-ADUser -Properties lockedout @splat
$result = [PSCustomObject]@{
UserName = $UserName
LockedOut = $User.LockedOut
}
return $result
} -Timeout 10 -Environment "Windows PowerShell 5.1"
@fabricesemti80
Copy link
Author

image

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment