forked from NevaSec/ADLab
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathLAB.ps1
More file actions
106 lines (96 loc) · 3.71 KB
/
LAB.ps1
File metadata and controls
106 lines (96 loc) · 3.71 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
# ============================
# Role Mapping
# ============================
$roles = @{
'1' = 'DC01'
'2' = 'SRV01'
'3' = 'PC01'
}
# Check if running as Administrator
if (-not ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")) {
Write-Warning "⚠️ This script must be run as Administrator. Please restart PowerShell with elevated privileges."
exit
}
# ============================
# Functions
# ============================
function Convert-ToLDAPRoot {
param ([string]$domainDns)
return ($domainDns.ToLower().Split('.') | ForEach-Object { "DC=$_" }) -join ','
}
function Prompt-ForDomain {
while ($true) {
$input = Read-Host "`nEnter the domain name (e.g., lab.int)"
if ($input -match '^[a-zA-Z0-9-]+\.[a-zA-Z]{2,}$') {
return $input
} else {
Write-Host "❌ Invalid format. Please enter a domain like 'example.local' or 'corp.internal'."
}
}
}
function Invoke-CloudSetup {
param (
[string]$Role,
[string]$Domain,
[string]$DomainDns,
[string]$LdapRoot,
[string]$Subnet
)
$scriptUrl = "https://raw.githubusercontent.com/Issvn/LAB-AD/main/_scripts/$Role.ps1"
$tempScript = "$env:TEMP\$Role.ps1"
try {
Write-Host "`nDownloading script from GitHub..."
Invoke-WebRequest -Uri $scriptUrl -OutFile $tempScript -ErrorAction Stop
Write-Host "Running script..."
& $tempScript -PCNAME $Role -DOMAIN $Domain -DOMAINDNS $DomainDns -LDAPROOT $LdapRoot -SUBNET $Subnet
Invoke-LabSetup
} catch {
Write-Error "Error during script download or execution: $_"
}
}
function Invoke-LocalSetup {
param (
[string]$Role,
[string]$Domain,
[string]$DomainDns,
[string]$LdapRoot,
[string]$Subnet
)
$localScript = "_scripts/$Role.ps1"
if (Test-Path $localScript) {
Write-Host "`nRunning local script..."
& $localScript -PCNAME $Role -DOMAIN $Domain -DOMAINDNS $DomainDns -LDAPROOT $LdapRoot -SUBNET $Subnet
Invoke-LabSetup
} else {
Write-Error "Local script '$localScript' not found."
}
}
# ============================
# User Input
# ============================
$a = (Read-Host "Execution type:`n 1. Cloud (from GitHub)`n 2. Local (requires local repo)").Trim().ToLower()
$s = (Read-Host "`nSelect role to install:`n 1. Domain Controller (DC01)`n 2. Server (SRV01)`n 3. Client (PC01)`nEnter your choice").Trim()
$subnet = (Read-Host "`nEnter the subnet you are using :").Trim()
if ($roles.ContainsKey($s)) {
$selectedRole = $roles[$s]
# Ask for domain name only if DC is selected
if ($selectedRole -eq 'DC01') {
$domainDns = Prompt-ForDomain
$domain = $domainDns.Split('.')[0].ToUpper()
$ldapRoot = Convert-ToLDAPRoot -domainDns $domainDns
} else {
# Default values for non-DC roles
$domain = "LAB"
$domainDns = "LAB.INT"
$ldapRoot = Convert-ToLDAPRoot -domainDns $domainDns
}
switch ($a) {
'1' { Invoke-CloudSetup -Role $selectedRole -Domain $domain -DomainDns $domainDns -LdapRoot $ldapRoot -Subnet $subnet}
'cloud' { Invoke-CloudSetup -Role $selectedRole -Domain $domain -DomainDns $domainDns -LdapRoot $ldapRoot -Subnet $subnet}
'2' { Invoke-LocalSetup -Role $selectedRole -Domain $domain -DomainDns $domainDns -LdapRoot $ldapRoot -Subnet $subnet}
'local' { Invoke-LocalSetup -Role $selectedRole -Domain $domain -DomainDns $domainDns -LdapRoot $ldapRoot -Subnet $subnet}
default { Write-Host "`nInvalid execution type." }
}
} else {
Write-Host "`nInvalid role selection."
}