Weak Passwords - AD Test

Summary

This script utilizes the agnostic script Test-WeakCredentials to test the hashed credentials in Active Directory against a known compromised or weak list. It returns items to be placed into a custom table plugin_proval_ad_pwd_audit.

File Path: C:/ProgramData/_automation/script/Test-WeakCredentials/Test-WeakCredentials.ps1
File Hash (SHA256): 9D8F297FC48A28E71AE6AFAEE1907FD920976DB38C22A89C479332595E57547A
File Hash (MD5): 977CA8E428D75CBE74971F49EB9E13FC

File Path: C:/ProgramData/_automation/script/Test-WeakCredentials/Test-WeakCredentialsAI.ps1
File Hash (SHA256): E7465B5C313FD4F13DB0F5ACAC1F970E8084D6C349F247F69007C7D1565F8D73
File Hash (MD5): 84C227128A51A30AEECFC1A2257F14D3

Sample Run

Dependencies

1. The Active Directory Plugin needs to be installed and configured.
2. The machine this script is running on needs to be the Infrastructure Master Active Directory server.
3. This script is only supported on Server 2016 and above. Server 2012 may work but has not been tested.

• EPM - Accounts - Agnostic - Script - Test-Credentials
• AD - Create Views/Table/Schedule for AD Reporting Solution
• EPM - Accounts - Report - Active Directory Reporting Solution
• EPM - Accounts - Report - Active Directory User Assessment

User Parameters

Name	Example	Mandatory	Default	Description
PWDictSize	Small	False	Tiny	The password list you desire to use based on a Validate Set of options; they include: Tiny Small Medium Large
Cleanup	All	False		The extent of cleanup that you desire to run after script completion. The options are: All - this will remove all created or downloaded files, including 7zip, the 7za file, the extracted txt file, and the xml file created in the process Text - This will remove just the .txt file Zipped - This will remove just the downloaded 7za file.

Global Parameters

Name	Example	Required	Description
TableName	plugin_proval_ad_pwd_audit	True	Assigns the table name to the create table SQL query if not exists, or the table name to insert data into when the script returns results.

Output

This script is designed to output all data into the 'plugin_proval_ad_pwd_audit' table for reporting purposes. If anything fails, it will report that information to the script log.

• Script log