-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathzzCertImporter.ps1
84 lines (76 loc) · 2.72 KB
/
zzCertImporter.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
### No longer in use.
### This script imports our certificate to all DCs, to be used by NPS (RADIUS auth for WiFi).
# Importing the configuration file
$config = Import-PowerShellDataFile $PSScriptRoot\Config.PSD1
# Creating variables to determine magic strings and getting them from the configuration file
$filePath = $config.filePath
$certStoreLocation = $config.certStoreLocation
$certPass = Get-Content $config.certPass
$certKey = Get-Content $config.certKey
$password = $certPass | ConvertTo-SecureString -Key $certKey
$PDC = $config.PDC
$DCs = $config.DCs
$logLocation = $config.logLocation
$emailFrom = $config.emailFrom
$emailTo = $config.emailTo
$emailSmtp = $config.emailSmtp
$failedDCs = ""
# Get a timestamp for logging
function Get-TimeStamp
{
return "[{0:yyyy/MM/dd} {0:HH:mm:ss}]" -f (Get-Date)
}
Try
{
# Import PFX to PDC
Import-PfxCertificate -FilePath $filePath -CertStoreLocation $certStoreLocation -Password $password -ErrorAction Stop
Write-Output "$(Get-TimeStamp) Certificate successfully imported on $PDC" | Out-File $logLocation -Append
}
Catch
{
Write-Output "$(Get-TimeStamp) $PDC`: $_" | Out-File $logLocation -Append
$failedDCs = $failedDCs + $PDC
}
# Copy PFX to each DC and Import
ForEach ($DC in $DCs) {
Try
{
Copy-Item $filePath -Destination "\\$dc\c$\DataImportant\CertImporter" -ErrorAction Stop
Invoke-Command -ComputerName "$dc" -ArgumentList $filePath, $certStoreLocation, $password -ErrorAction Stop -ScriptBlock {
$filePath = $args[0]
$certStoreLocation = $args[1]
$password = $args[2]
Import-PfxCertificate -FilePath $filePath -CertStoreLocation $certStoreLocation -Password $password
Restart-Service -Name "IAS"
}
Write-Output "$(Get-TimeStamp) Certificate successfully imported on $DC" | Out-File $logLocation -Append
}
Catch
{
Write-Output "$(Get-TimeStamp) $DC`: $_" | Out-File $logLocation -Append
$failedDCs = $failedDCs + ", $DC"
}
}
# Set up the error alert email
$emailBody = @"
<H3>Hi SysAdmins,</H3>
<p>We have a script that runs on $PDC to import our wildcard certificate on all DCs for RADIUS auth for Wifi.</br>
This script has failed on $failedDCs.</p>
<ol>
<li>Please check the log file on $PDC in C:\DataImportant\CertImporter, investigate and fix.</li>
</ol>
<p>Thanks!</p>
<p>Powered by C:\DataImportant\CertImporter\CertImporter.ps1 pn $PDC</p>
"@
$emailParams = @{
From = $emailFrom
To = $emailTo
Subject = "Certificate import failed on $failedDCs"
Body = $emailBody
SmtpServer = $emailSmtp
}
# If any DCs errored, send the email
If ($failedDCs)
{
Send-MailMessage @emailParams -BodyAsHtml
}