Upload files to "src/PWExpireNotification/1.0.1/Functions"

2024-12-19 20:05:33 +01:00 · 2024-12-19 20:05:33 +01:00 · 0f9635840e
commit 0f9635840e
parent 615652182d
5 changed files with 312 additions and 0 deletions
--- a/src/PWExpireNotification/1.0.1/Functions/Get-PWADDSExpiringPassword.ps1
+++ b/src/PWExpireNotification/1.0.1/Functions/Get-PWADDSExpiringPassword.ps1
@ -0,0 +1,67 @@
 Function Get-PWADDSExpiringPassword {
    [cmdletbinding()]
    [OutputType([System.Collections.Generic.List[PSCustomObject]])]
    param (
        [int]$ExpireInDays = 30,
        [scriptblock]$ADFilter,
        [switch]$IncludeAll
    )
    begin {
    #ToDO
    # Email Attribute selection vs. current single attribute. Mail, custom attribute
    # Still needs logging
    }
    Process {
        # System Settings
        $Today = Get-Date
        # End System Settings
        if ($PSBoundParameters.ContainsKey('ADFilter' )) {
            $users = get-aduser -filter $ADFilter -Properties Name, PasswordNeverExpires, PasswordExpired, PasswordLastSet, EmailAddress
            if ($PSBoundParameters.ContainsKey('IncludeAll')) {
                $users = $users | Where-Object {$null -ne $PSItem.PasswordLastSet}
            }
            else {
                $users = $users | Where-Object { ($PSItem.Enabled -eq $true) -and ($PSItem.PasswordNeverExpires -eq $false) -and ($PSItem.PasswordExpired -eq $false) }
            }
        }
        else {
            $users = Get-ADUser -filter * -Properties Name, PasswordNeverExpires, PasswordExpired, PasswordLastSet, EmailAddress
            if ($PSBoundParameters.ContainsKey('IncludeAll')) {
                $users = $users | Where-Object {$null -ne $PSItem.PasswordLastSet}
            }
            else {
                $users = $users |  Where-Object { ($PSItem.Enabled -eq $true) -and ($PSItem.PasswordNeverExpires -eq $false) -and ($PSItem.PasswordExpired -eq $false) }
            }
        }
        $DefaultmaxPasswordAge = (Get-ADDefaultDomainPasswordPolicy).MaxPasswordAge
        $UserCollection = [System.Collections.Generic.List[pscustomobject]]::new()
        foreach ($user in $users) {
            Write-Verbose "$($user.Name)"
            $PasswordPol = (Get-AduserResultantPasswordPolicy $user)
            # Check for Fine Grained Password
            if ($PasswordPol) {
                $maxPasswordAge = ($PasswordPol).MaxPasswordAge
            }
            else{
                # No FGP set to Domain Default
                $maxPasswordAge = $DefaultmaxPasswordAge
            }
            $UserCollection.Add(
                [pscustomobject]@{
                    Name = $user.Name
                    EmailAddress = $user.EmailAddress
                    PasswordExpiresOn = $user.PasswordLastSet + $maxPasswordAge
                    PasswordDaystoExpire = (New-TimeSpan -Start $Today -End ($user.PasswordLastSet + $maxPasswordAge)).Days
                }
            )
        }
        return $UserCollection
    }
    end {}
 }
--- a/src/PWExpireNotification/1.0.1/Functions/Get-PWApplicationToken.ps1
+++ b/src/PWExpireNotification/1.0.1/Functions/Get-PWApplicationToken.ps1
@ -0,0 +1,48 @@
 function Get-PWApplicationToken {
    [cmdletbinding()]
    param (
        [parameter(Mandatory = $true)]
        [string]$clientID,
        [parameter(Mandatory = $true)]
        [string]$clientSecret,
        [parameter(Mandatory = $true)]
        [ValidateSet(
        'https://graph.microsoft.com','https://graph.microsoft.us','https://dod-graph.microsoft.us'
        )]
        [string]$Resource,
        [parameter(Mandatory = $true)]
        [string]$tenantName
    )
    begin{
        if ($Resource -eq 'https://graph.microsoft.com') { $AADLoginURI = 'https://login.microsoftonline.com' }
        elseif ($Resource -eq 'https://graph.microsoft.us') { $AADLoginURI = 'https://login.microsoftonline.us' }
        elseif ($Resource -eq 'https://dod-graph.microsoft.us') { $AADLoginURI = 'https://login.microsoftonline.us' }
    }
    process{
        Try {
            $params = @{
                Uri         = "$AADLoginURI/$TenantName/oauth2/v2.0/token"
                Method      = "POST"
                ErrorAction = "Stop"
            }
            $ReqTokenBody = @{
                Grant_Type    = "client_credentials"
                Scope         = "$($Resource)/.default"
                client_Id     = $clientID
                Client_Secret = $clientSecret
            }
            $TokenResponse = Invoke-RestMethod @params -Body $ReqTokenBody
            return $TokenResponse.access_token
        }
        catch {
            $_
            #[System.ApplicationException]::new("Failed to aquire token")
        }
    }
    end{}
 }
--- a/src/PWExpireNotification/1.0.1/Functions/New-PWEmailBody.ps1
+++ b/src/PWExpireNotification/1.0.1/Functions/New-PWEmailBody.ps1
@ -0,0 +1,29 @@
 function New-PWEmailBody {
    [cmdletbinding(SupportsShouldProcess=$true)] 
    param (
    [string]$Subject,
    [string]$Importance,
    [String]$Message,
    [string]$EmailAddress
    )
    if ($PSCmdlet.ShouldProcess(("Subject:{0}; Message: {1}; Recipient(s):{2}" -f $Subject,$Message,$EmailAddress))) {
        $body = [pscustomobject]@{
            Message = [pscustomobject]@{
                Subject = $subject
                importance = $importance
                Body = [pscustomobject]@{
                    ContentType = "Text"
                    Content = $Message
                }
                ToRecipients = [array][pscustomobject]@{
                    EmailAddress = [pscustomobject]@{
                        Address = $emailaddress
                    }
                }
            }
            SaveToSentItems = $false
            isDraft = $false
        }
        return $body
    }
 }
--- a/src/PWExpireNotification/1.0.1/Functions/New-PWEmailMessagePayload.ps1
+++ b/src/PWExpireNotification/1.0.1/Functions/New-PWEmailMessagePayload.ps1
@ -0,0 +1,61 @@
 Function New-PWEmailMessagePayload {
    [cmdletbinding(SupportsShouldProcess=$true)]
    param (
        [parameter(
            Mandatory=$true,
            ParameterSetName = 'Message'
         )]
        [string]$TextToAdd,
        [parameter(
            Mandatory=$true,
            ParameterSetName = 'Message'
        )]
        [parameter(
            Mandatory=$true,
            ParameterSetName = 'Subject'
        )]
        [pscustomobject]$ADAccount,
        [parameter(
            Mandatory=$true,
            ParameterSetName = 'Message'
        )]
        [pscustomobject]$Signature,
        [parameter(
            Mandatory=$true,
            ParameterSetName = 'Subject'
        )]
        [String]$Subject
    )
    $text = @"
 Dear {0},
 Your Password will expire {1}
 $TextToAdd
 Thanks,
 $Signature
 "@
    if ($PSCmdlet.ShouldProcess("Creating new {0}" -f $PSCmdlet.ParameterSetName)) {
        if (($ADAccount.PasswordDaystoExpire) -gt "1") {
            $messageDays = "in " + "$($ADAccount.PasswordDaystoExpire)" + " days."
        }
        else {
            $messageDays = "today."
        }
        if ($PSBoundParameters.ContainsKey('Signature')) {
        $outtext = ($text -f $ADAccount.Name, $messageDays)
        }
        elseif ($PSBoundParameters.ContainsKey('Subject')) {
            $outtext = ($Subject -f $messageDays)
        }
        return $outtext
    }
 }
--- a/src/PWExpireNotification/1.0.1/Functions/Send-PWExpiringMailMessage.ps1
+++ b/src/PWExpireNotification/1.0.1/Functions/Send-PWExpiringMailMessage.ps1
@ -0,0 +1,107 @@
 function Send-PWExpiringMailMessage {
    [cmdletbinding()]
    param(
        [parameter(Mandatory = $true)]
        [ValidateSet(
        'https://graph.microsoft.com','https://graph.microsoft.us','https://dod-graph.microsoft.us'
        )]
        [string]$Resource,
        [parameter(Mandatory = $true)]
        [string]$SendEmailAccount,
        [parameter(Mandatory = $True)]
        [string]$Token,
        [parameter(Mandatory = $false)]
        [string]$TestAddress,
        [parameter(Mandatory = $true)]
        [PSCustomObject]$ADAccount,
        [parameter(Mandatory = $true)]
        [string]$Signature,
        [parameter(Mandatory = $true)]
        [string]$TextToAdd,
        [int]$ExpireInDaysThreshold = 30,
        [Parameter(
            ParameterSetName = 'Log'
        )]
        [switch]$Logging,
        [Parameter(
            ParameterSetName = 'Log'
        )]
        [string]$LogFile = "$($PWD.Path)\Expiring.csv" # ie. c:\mylog.csv
    )
    begin{
        <#TODO
            Update handling of logging for Notified
        #>
        if (!$token) {
            Write-Error "No Token. Please provide a valide token"
            Break
        }
    }
    process{
        if ($PSBoundParameters.ContainsKey('Logging')) {
            # Test Log File Path
            $logfilePath = (Test-Path $logFile)
            if (($logFilePath) -ne "True") {
                # Create CSV File and Headers
                $null = New-Item $logfile -ItemType File
                Add-Content $logfile "Date,Name,EmailAddress,DaystoExpire,ExpiresOn,Notified"
            }
        }
        # If Testing Is Enabled - Email Administrator
        Write-Verbose ("User Account: {0}, ExpiresOn: {1}, Days: {2} " -f $ADAccount.Name, $ADAccount.PasswordExpiresOn, $ADAccount.PasswordDaystoExpire)
        if ($TestAddress) {
            $emailAddress = $TestAddress
        }
        # If a user has no email address listed
        elseif (!($ADAccount.EmailAddress)) {
            $emailAddress = $TestAddress
            if (!($emailAddress)) {throw "No email address"}
        }
        else { $emailAddress = $ADAccount.EmailAddress }
        Write-Verbose ("EmailAddress to recieve email: {0}" -f $emailAddress)
        # Email Subject Set Here
        $subject= New-PWEmailMessagePayload -ADAccount $ADAccount -Subject "Your password will expire {0}"
        $Message = New-PWEmailMessagePayload -TextToAdd $TextToAdd -ADAccount $ADAccount -Signature $Signature
        $body = New-PWEmailBody -Subject $subject -Importance 'High' -Message $Message -EmailAddress $emailAddress
        #Send the email message
        if (($ADAccount.PasswordDaystoExpire -ge "0") -and ($ADAccount.PasswordDaystoExpire -le $ExpireInDaysThreshold)) {
            $sent = "Yes"
            # If Logging is Enabled Log Details
            if ($PSBoundParameters.ContainsKey('Logging')) {
                Add-Content $logfile "$([datetime]::Today.ToShortDateString()),$($ADAccount.Name),$emailaddress,$($ADAccount.PasswordDaystoExpire),$($ADAccount.PasswordExpiresOn),$sent"
            }
            Try {
                $apiUrl = "$resource/v1.0/users/$SendEmailAccount/sendMail"
                Write-Verbose $apiUrl
                Write-Verbose ("Using Token: {0}"  -f $Token)
                $bodyson = $body | ConvertTo-Json -Depth 20 -Compress
                Write-Verbose ("Payload: {0}" -f $bodyson)
                Invoke-RestMethod -Headers @{Authorization = "Bearer $($token)"} -Uri $apiUrl -Body $bodyson -Method Post -ContentType 'application/json'
            }
            Catch {
                $_
            }
        }
        else{
            $sent = "No"
            # If Logging is Enabled Log Details
            if ($PSBoundParameters.ContainsKey('Logging')) {
                Add-Content $logfile "$([datetime]::Today.ToShortDateString()),$($ADAccount.Name),$emailaddress,$($ADAccount.PasswordDaystoExpire),$($ADAccount.PasswordExpiresOn),$sent"
            }
        }
    }
    end{}
 }