public void ShowADPermissionScript()
{
var current = this.SelectedDomain;
if (current == null)
{
return;
}
var vm = new ScriptContentViewModel(this.dialogCoordinator)
{
HelpText = "Run the following script with Domain Admins rights to add the service account to the correct groups",
ScriptText = ScriptTemplates.AddDomainGroupMembershipPermissions
.Replace("{domainDNS}", current.Name, StringComparison.OrdinalIgnoreCase)
.Replace("{serviceAccountSid}", this.serviceSettings.GetServiceAccount().Value, StringComparison.OrdinalIgnoreCase)
};
ExternalDialogWindow w = new ExternalDialogWindow
{
Title = "Script",
DataContext = vm,
SaveButtonVisible = false,
CancelButtonName = "Close"
};
w.ShowDialog();
current.RefreshGroupMembership();
}
public void PublishSelectedCertificate()
{
var de = this.discoveryServices.GetConfigurationNamingContext(this.SelectedForest.RootDomain.Name);
var certData = Convert.ToBase64String(this.SelectedCertificate.Model.RawData, Base64FormattingOptions.InsertLineBreaks);
var vm = new ScriptContentViewModel(this.dialogCoordinator)
{
HelpText = "Run the following script to publish the encryption certificate",
ScriptText = this.scriptTemplateProvider.PublishLithnetAccessManagerCertificate
.Replace("{configurationNamingContext}", de.GetPropertyString("distinguishedName"))
.Replace("{certificateData}", certData)
.Replace("{forest}", this.SelectedForest.Name)
};
ExternalDialogWindow w = new ExternalDialogWindow
{
Title = "Script",
DataContext = vm,
SaveButtonVisible = false,
CancelButtonName = "Close"
};
w.ShowDialog();
try
{
if (this.certificateProvider.TryGetCertificateFromDirectory(out X509Certificate2 publishedCert,
this.SelectedForest.RootDomain.Name))
{
if (publishedCert.Thumbprint == this.SelectedCertificate.Model.Thumbprint)
{
this.SelectedCertificate.IsPublished = true;
foreach (var c in this.AvailableCertificates.ToList())
{
if (this.SelectedCertificate != c)
{
c.IsPublished = false;
}
if (c.IsOrphaned)
{
this.AvailableCertificates.Remove(c);
}
}
}
}
}
catch (Exception ex)
{
logger.LogWarning(EventIDs.UIGenericWarning, ex, "Could not update certificate publication information");
}
}
public void DelegateMsLapsPermission()
{
var vm = new ScriptContentViewModel(this.dialogCoordinator)
{
HelpText = "Modify the OU variable in this script, and run it with domain admin rights to assign permissions for the service account to be able to read Microsoft LAPS passwords from the directory",
ScriptText = ScriptTemplates.GrantMsLapsPermissions.Replace("{serviceAccount}", this.serviceSettings.GetServiceAccount().ToString(), StringComparison.OrdinalIgnoreCase)
};
ExternalDialogWindow w = new ExternalDialogWindow
{
DataContext = vm,
SaveButtonVisible = false,
CancelButtonName = "Close"
};
w.ShowDialog();
}
public void DelegateServicePermission()
{
var vm = new ScriptContentViewModel(this.dialogCoordinator)
{
HelpText = "Modify the OU variable in this script, and run it with domain admin rights to assign permissions for the service account to be able to read BitLocker recovery passwords from the directory",
ScriptText = this.scriptTemplateProvider.GrantBitLockerRecoveryPasswordPermissions.Replace("{serviceAccount}", this.windowsServiceProvider.GetServiceAccountSid().ToString(), StringComparison.OrdinalIgnoreCase)
};
ExternalDialogWindow w = new ExternalDialogWindow
{
Title = "Script",
DataContext = vm,
SaveButtonVisible = false,
CancelButtonName = "Close"
};
w.ShowDialog();
}
public async Task ExtendSchemaLithnetAccessManager()
{
ActiveDirectoryForestSchemaViewModel current = this.SelectedForest;
var vm = new ScriptContentViewModel(this.dialogCoordinator)
{
HelpText = "Run the following script as an account that is a member of the 'Schema Admins' group",
ScriptText = ScriptTemplates.UpdateAdSchemaTemplate
.Replace("{forest}", current.Name)
};
ExternalDialogWindow w = new ExternalDialogWindow
{
DataContext = vm,
SaveButtonVisible = false,
CancelButtonName = "Close"
};
w.ShowDialog();
await Task.Run(() => current.RefreshSchemaStatus()).ConfigureAwait(false);
}
