plein de truc

ad-init.ps1

@@ -1,7 +1,21 @@
+if (-not (Get-WindowsFeature -Name DNS).Installed) {
+    Write-Host "Le role DNS n'est pas installer." -ForegroundColor Red
+    Install-WindowsFeature -Name DNS -IncludeManagementTools
+}
+
+
+
+if (-not (Get-WindowsFeature -Name AD-Domain-Services).Installed) {
+    Write-Host "Le role AD DS n'est pas installer." -ForegroundColor Red
+    Install-WindowsFeature -Name AD-Domain-Services -IncludeManagementTools
+}
+
+
+
+
 # Vérifie si le rôle AD DS est installé
 if (-not (Get-WindowsFeature -Name AD-Domain-Services).Installed) {
     Write-Host "Le role AD DS n'est pas installer." -ForegroundColor Red
-    exit
 }
 
 # Collecte les informations de l'utilisateur
@@ -41,3 +55,8 @@ Install-ADDSForest `
     -Force:$true `
     -SafeModeAdministratorPassword $dsrmPwd
 
+Write-Output  "DomainName : $domain"
+Write-Output  "DomainNetbiosName : $netbios"
+Write-Output  "ReplicationSourceDC : $domaine"
+Write-Output  "SafeModePwd : $dsrmPwd"
+

ad-portcheck.ps1

@@ -0,0 +1,25 @@
+# IP ou nom DNS du contrôleur de domaine principal
+$dc = Read-Host "Nom ou IP du controleur de domaine principal"
+
+# Liste des ports nécessaires à AD
+$ports = @(
+    53,    # DNS
+    88,    # Kerberos
+    135,   # RPC Endpoint Mapper
+    389,   # LDAP
+    445,   # SMB
+    3268,  # LDAP Global Catalog
+    3269,  # LDAP GC over SSL
+    636,   # LDAPS
+    9389   # AD Web Services
+)
+
+# Fonction de test
+foreach ($port in $ports) {
+    $result = Test-NetConnection -ComputerName $dc -Port $port -WarningAction SilentlyContinue
+    if ($result.TcpTestSucceeded) {
+        Write-Host "Port $port ouvert vers $dc" -ForegroundColor Green
+    } else {
+        Write-Host "Port $port fermé ou filtré vers $dc" -ForegroundColor Red
+    }
+}

ad-slave-init.ps1

@@ -0,0 +1,32 @@
+
+#$config = Get-Content -Raw -Path ".\config.json" | ConvertFrom-Json
+
+if (-not (Get-WindowsFeature -Name AD-Domain-Services).Installed) {
+    Write-Host "Le role AD DS n'est pas installer." -ForegroundColor Red
+    Install-WindowsFeature -Name AD-Domain-Services -IncludeManagementTools
+}
+
+
+if (-not (Get-WindowsFeature -Name DNS).Installed) {
+    Write-Host "Le role DNS n'est pas installer." -ForegroundColor Red
+    Install-WindowsFeature -Name DNS -IncludeManagementTools
+}
+
+
+$dom = Read-Host "Domain Parent (nom.local) "
+#$net = Read-Host "Nom NetBIOS "
+$pwdsafe = Read-Host "DSRM password " -AsSecureString
+$creds = Get-Credential
+
+Install-ADDSDomainController `
+    -DomainName $dom `
+    -SafeModeAdministratorPassword $pwdsafe `
+    -Credential $creds ` 
+    -InstallDNS $true `
+    -DatabasePath "C:\Windows\NTDS" `
+    -LogPath "C:\Windows\NTDS" `
+    -SYSVOLPath "C:\Windows\SYSVOL" `
+    -ReplicationSourceDC $dom `
+    -NoRebootOnCompletion $false `
+    -Force $true
+

computer-add.ps1

@@ -0,0 +1,7 @@
+$login = Read-Host "Login (Sam)"
+$dom1 = Read-Host "domaine avant le ."
+$dom2 = Read-Host "domaine apres le ."
+
+Add-Computer -DonnainName "$dom1.$dom2" -Credentia1 $dom1\$login -Restart -Force
+
+Get-ADComputer -Identity "$login"

dhcpsrv-init.ps1

@@ -0,0 +1,15 @@
+if (-not (Get-WindowsFeature -Name DHCP).Installed) {
+    Write-Host "Le role DHCP n'est pas installer." -ForegroundColor Red
+    Install-WindowsFeature -Name DHCP -IncludeManagementTools
+    $pool = Read-Host "Nom de la pool "
+    $net = Read-Host "Network (en .0)"
+    $start = Read-Host "Start du Dhcp "
+    $end = Read-Host "Fin du Dhcp "
+    $subnet = Read-Host "Masque de sous reseaux "
+    $gateway = Read-Host "Gateway "
+    $dns = Read-Host "DNS "
+Add-DhcpServerv4Scope -Name $pool -StartRange $start -EndRange $end -SubnetMask $subnet -State Active
+    Set-DhcpServerv4OptionValue -ScopeId $net -Router $gateway -DnsServer $dns
+    Get-Service dhcpserver
+}
+

dns-patch.ps1

@@ -0,0 +1 @@
+Set-DhcpServerv4OptionValue -DnsServer 1.1.1.1

gpo-init.ps1

@@ -0,0 +1,42 @@
+Import-Module GroupPolicy
+
+$Dom = Read-Host "Nom du domain (sans .local): "
+$Ou = Read-Host "Nom de la nouvelle OU : "
+New-ADOrganizationalUnit -Name "$Ou" -Path "DC=$Dom,DC=local"  
+# Nom de la GPO
+$ouTarget = "OU=Postes,DC=$Dom,DC=local"
+$gpoName = "Securite - Verrouillage postes"
+# Créer la GPO
+New-GPO -Name "Securite - Verrouillage postes" -Comment "Renforcement securite poste utilisateur" | New-GPLink -Target $ouTarget -LinkEnabled Yes
+
+# -----------------------
+# PARAMÈTRES GPO APPLIQUÉS
+# -----------------------
+
+# 1. Verrouillage du panneau de configuration
+Set-GPRegistryValue -Name $gpoName -Key "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" -ValueName "NoControlPanel" -Type DWord -Value 1
+
+# 2. Verrouillage CMD & PowerShell
+Set-GPRegistryValue -Name $gpoName -Key "HKCU\Software\Policies\Microsoft\Windows\System" -ValueName "DisableCMD" -Type DWord -Value 1
+Set-GPRegistryValue -Name $gpoName -Key "HKCU\Software\Policies\Microsoft\Windows\PowerShell" -ValueName "EnableScripts" -Type DWord -Value 0
+
+# 3. Désactivation du hash LAN Manager
+Set-GPRegistryValue -Name $gpoName -Key "HKLM\SYSTEM\CurrentControlSet\Control\Lsa" -ValueName "NoLMHash" -Type DWord -Value 1
+
+# 4. Désactiver installation sans mot de passe admin
+Set-GPRegistryValue -Name $gpoName -Key "HKLM\Software\Policies\Microsoft\Windows\Installer" -ValueName "DisableMSI" -Type DWord -Value 1
+
+# 5. Désactivation du compte invité
+Set-GPRegistryValue -Name $gpoName -Key "HKLM\SAM\SAM\Domains\Account\Users\Names\Guest" -ValueName "Enabled" -Type DWord -Value 0
+
+# 6. Politique de mot de passe (complexité et longueur)
+Set-GPRegistryValue -Name $gpoName -Key "HKLM\SYSTEM\CurrentControlSet\Control\Lsa" -ValueName "PasswordComplexity" -Type DWord -Value 1
+Set-GPRegistryValue -Name $gpoName -Key "HKLM\SYSTEM\CurrentControlSet\Control\Lsa" -ValueName "MinimumPasswordLength" -Type DWord -Value 10
+
+# 7. Expiration du mot de passe (90 jours)
+Set-GPRegistryValue -Name $gpoName -Key "HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters" -ValueName "MaximumPasswordAge" -Type DWord -Value 90
+
+# 8. Blocage énumération SID anonymes
+Set-GPRegistryValue -Name $gpoName -Key "HKLM\SYSTEM\CurrentControlSet\Control\Lsa" -ValueName "RestrictAnonymousSAM" -Type DWord -Value 1
+
+Write-Host "GPO '$gpoName' crer et lie a $ouTarget"

gpo-secu.ps1

@@ -0,0 +1,43 @@
+Import-Module GroupPolicy
+
+# Nom de la GPO
+$gpoName = "Sécurité - Verrouillage postes"
+$ouTarget = "OU=Postes,DC=tondomaine,DC=local"  # <- À ADAPTER
+
+# Créer la GPO
+$gpo = New-GPO -Name $gpoName -Comment "Renforcement sécurité poste utilisateur"
+
+# Lier à l'OU
+New-GPLink -Name $gpo.DisplayName -Target $ouTarget
+
+# ------------------------
+# PARAMÈTRES GPO APPLIQUÉS
+# ------------------------
+
+# 1. Verrouillage du panneau de configuration
+Set-GPRegistryValue -Name $gpoName -Key "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" -ValueName "NoControlPanel" -Type DWord -Value 1
+
+# 2. Verrouillage CMD & PowerShell
+Set-GPRegistryValue -Name $gpoName -Key "HKCU\Software\Policies\Microsoft\Windows\System" -ValueName "DisableCMD" -Type DWord -Value 1
+Set-GPRegistryValue -Name $gpoName -Key "HKCU\Software\Policies\Microsoft\Windows\PowerShell" -ValueName "EnableScripts" -Type DWord -Value 0
+
+# 3. Désactivation du hash LAN Manager
+Set-GPRegistryValue -Name $gpoName -Key "HKLM\SYSTEM\CurrentControlSet\Control\Lsa" -ValueName "NoLMHash" -Type DWord -Value 1
+
+# 4. Désactiver installation sans mot de passe admin
+Set-GPRegistryValue -Name $gpoName -Key "HKLM\Software\Policies\Microsoft\Windows\Installer" -ValueName "DisableMSI" -Type DWord -Value 1
+
+# 5. Désactivation du compte invité
+Set-GPRegistryValue -Name $gpoName -Key "HKLM\SAM\SAM\Domains\Account\Users\Names\Guest" -ValueName "Enabled" -Type DWord -Value 0
+
+# 6. Politique de mot de passe (complexité et longueur)
+Set-GPRegistryValue -Name $gpoName -Key "HKLM\SYSTEM\CurrentControlSet\Control\Lsa" -ValueName "PasswordComplexity" -Type DWord -Value 1
+Set-GPRegistryValue -Name $gpoName -Key "HKLM\SYSTEM\CurrentControlSet\Control\Lsa" -ValueName "MinimumPasswordLength" -Type DWord -Value 10
+
+# 7. Expiration du mot de passe (90 jours)
+Set-GPRegistryValue -Name $gpoName -Key "HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters" -ValueName "MaximumPasswordAge" -Type DWord -Value 90
+
+# 8. Blocage énumération SID anonymes
+Set-GPRegistryValue -Name $gpoName -Key "HKLM\SYSTEM\CurrentControlSet\Control\Lsa" -ValueName "RestrictAnonymousSAM" -Type DWord -Value 1
+
+Write-Host "GPO '$gpoName' créée et liée à $ouTarget"

group-add.ps1

@@ -0,0 +1,21 @@
+$group = Read-Host "Group Name "
+$Ou = Read-Host "OU= "
+#pitié pas le fonction de découpage
+$dom1 = Read-Host "domaine avant le ."
+$dom2 = Read-Host "domaine apres le ."
+
+Write-Host "Creation du groupe $group"
+New-ADGroup -Name $group -GroupScope Global -Path "OU=$Ou,DC=$dom1,DC=$dom2"
+Get-ADGroupMember -Identity "$group"
+
+
+$answ = Read-Host "Lier a un user existant ? (y/n) "
+$login = Read-Host "Login (Sam) "
+
+if ($answ -eq "y") {
+    Add-ADGroupMember -Identity "$group" -Members "$login"
+    Get-ADGroupMember -Identity "$group"
+} else {
+    exit
+}
+

user-add.ps1

@@ -0,0 +1,33 @@
+$name = Read-Host "Nom "
+$gname = Read-Host "Given name " 
+$sname = Read-Host "Surname "
+$login = Read-Host "Login "
+$mdp = Read-Host "Mot de passe " -AsSecureString
+$Ou = Read-Host "OU= "
+#pitié pas le fonction de découpage
+$dom1 = Read-Host "domaine avant le ."
+$dom2 = Read-Host "domaine apres le ."
+
+New-ADUser `
+    -Name "$name" `
+    -GivenName "$gname" `
+    -Surname "$sname" `
+    -SamAccountName "$login" `
+    -UserPrincipalName "$login@$dom1.$dom2" `
+    -Path "OU=$Ou,DC=$dom1,DC=$dom2" `
+    -AccountPassword $mdp `
+    -Enabled $true
+
+$answ = Read-Host "Lier a un groupe existant ? (y/n) "
+$group = Read-Host "Group Name "
+
+if ($answ -eq "y") {
+    Write-Host "Le Groupe existe deja"
+    Add-ADGroupMember -Identity "$group" -Members "$login"
+    Get-ADGroupMember -Identity "$group"
+} else {
+    exit
+}
+
+
+