Prepare for release 4.15

2025-01-02 11:52:08 +00:00 · 2024-12-23 09:50:54 +01:00 · 2024-12-23 09:50:54 +01:00 · 3d9e015eb0
commit 3d9e015eb0
parent 76f7d40a92
7 changed files with 47 additions and 15 deletions
--- a/Documentation/CHANGELOG.md
+++ b/Documentation/CHANGELOG.md
@ -5,6 +5,28 @@

 All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).

+## [4.15] - 2024-12-23
+
+This is a PowerShell-only release.
+
+### Added
+
+- Implemented support for individual *.txt files from HIBP in the [Test-PasswordQuality](PowerShell/Test-PasswordQuality.md#test-passwordquality) cmdlet.
+
+### Fixed
+
+- The [New-ADDBRestoreFromMediaScript](PowerShell/New-ADDBRestoreFromMediaScript.md#new-addbrestorefrommediascript) cmdlet now generates a more robust DC recovery script:
+  - Regular scheduled tasks are used instead of PowerShell scheduled jobs and workflows.
+  - The script can be executed under the SYSTEM account.
+  - Domain controller names longer than 15 characters are now fully supported.
+  - SYSVOL GPO ACLs are optionally restored as well.
+  - The Directory Services Restore Mode (DSRM) phase is skipped and only 2 reboots are required instead of 3.
+  - The entire process has been tested on Windows Server 2022 and Windows Server 2008 R2.
+
+### Removed
+
+- The [Add-ADDBSidHistory](PowerShell/Add-ADDBSidHistory.md#add-addbsidhistory) cmdlet has been removed to prevent it from being used in migration scenarios.
+
 ## [4.14] - 2024-04-13

 ### Fixed
@ -510,7 +532,8 @@ This is a [Chocolatey](https://chocolatey.org/packages/dsinternals-psmodule)-onl
 ## 1.0 - 2015-01-20
 Initial release!

-[Unreleased]: https://github.com/MichaelGrafnetter/DSInternals/compare/v4.14...HEAD
+[Unreleased]: https://github.com/MichaelGrafnetter/DSInternals/compare/v4.15...HEAD
+[4.15]: https://github.com/MichaelGrafnetter/DSInternals/compare/v4.14...v4.15
 [4.14]: https://github.com/MichaelGrafnetter/DSInternals/compare/v4.13...v4.14
 [4.13]: https://github.com/MichaelGrafnetter/DSInternals/compare/v4.12...v4.13
 [4.12]: https://github.com/MichaelGrafnetter/DSInternals/compare/v4.11...v4.12
--- a/Documentation/PowerShell/New-ADDBRestoreFromMediaScript.md
+++ b/Documentation/PowerShell/New-ADDBRestoreFromMediaScript.md
@ -128,7 +128,7 @@ Version: 2.1

 #>

-#Requires -Version 3 -Modules DSInternals,ServerManager -RunAsAdministrator
+#Requires -Version 3 -Modules DSInternals -RunAsAdministrator

 param(
    [Parameter(Mandatory = $false)]
@ -186,6 +186,7 @@ function Main {

            # Note: The ServerManager module is not available during Safe Boot. It is therefore not imported globally.
            Import-Module -Name ServerManager -ErrorAction Stop
+
            # Notes:
            # The dcpromo.exe tool would install most of these features if absent.
            # The BitLocker Recovery Password Viewer is called RSAT-Bitlocker-RecPwd on Windows Server 2008 R2 and cannot be instaleld on non-domain computers.
--- a/Src/DSInternals.PowerShell/ADDBRestoreFromMediaScriptTemplate.ps1
+++ b/Src/DSInternals.PowerShell/ADDBRestoreFromMediaScriptTemplate.ps1
@ -473,7 +473,6 @@ function Update-FrsSubscription {
        # Download the updated FRS configuration from AD.
        Write-Log -Message 'Polling AD for FRS configuration changes...'
        ntfrsutl.exe poll /now *>> $script:LogFile
-        # TODO: Check what happens if the FRS service is disabled on the new DC.
    } else {
        Write-Log -Message 'FRS subscription was not found in AD. This is expected.'
    }
--- a/Src/DSInternals.PowerShell/Chocolatey/dsinternals-psmodule.nuspec
+++ b/Src/DSInternals.PowerShell/Chocolatey/dsinternals-psmodule.nuspec
@ -3,7 +3,7 @@
 <package xmlns="http://schemas.microsoft.com/packaging/2015/06/nuspec.xsd">
  <metadata>
    <id>DSInternals-PSModule</id>
-    <version>4.14</version>
+    <version>4.15</version>
    <packageSourceUrl>https://github.com/MichaelGrafnetter/DSInternals/tree/master/Src/DSInternals.PowerShell/Chocolatey</packageSourceUrl>
    <owners>MichaelGrafnetter</owners>
    <title>DSInternals PowerShell Module</title>
@ -37,7 +37,9 @@ The DSInternals PowerShell Module has these main features:
 ## Disclaimer
 Features exposed through these tools are not supported by Microsoft. Improper use might cause irreversible damage to domain controllers or negatively impact domain security.</description>
    <releaseNotes>
-* Minor credential roaming parser improvement.
+* Implemented support for individual *.txt files from HIBP in the Test-PasswordQuality cmdlet.
+* The New-ADDBRestoreFromMediaScript cmdlet now generates a more robust DC recovery script.
+* The Add-ADDBSidHistory cmdlet has been removed to prevent it from being used in migration scenarios.
    </releaseNotes>
    <dependencies>
      <!-- Windows Management Framework 3+. For OS prior to Windows 8 and Windows Server 2012. -->
--- a/Src/DSInternals.PowerShell/Commands/Misc/TestPasswordQualityCommand.cs
+++ b/Src/DSInternals.PowerShell/Commands/Misc/TestPasswordQualityCommand.cs
@ -38,6 +38,11 @@
        /// Separator of hashes in the file from HaveIBeenPwned.
        /// </summary>
        private const char HashSeparator = ':';
+
+        /// <summary>
+        /// Length of the hash prefix (K-anonymity) in the files from HaveIBeenPwned.
+        /// </summary>
+        private const int HashPrefixLength = 5;
        #endregion Constants

        #region Parameters
@ -92,6 +97,7 @@
        }

        [Parameter(ParameterSetName = ParamSetSingleSortedFile)]
+        [Alias("HIBPFile", "HaveIBeenPwnedFile")]
        [ValidateNotNullOrEmpty]
        public string WeakPasswordHashesSortedFile
        {
@ -100,6 +106,7 @@
        }

        [Parameter(ParameterSetName = ParamSetMultipuleSortedFile)]
+        [Alias("WeakPasswordHashesSortedDirectory", "HIBPDirectory", "HaveIBeenPwnedDirectory")]
        [ValidateNotNullOrEmpty]
        public string WeakPasswordHashesSortedFilePath
        {
@ -312,14 +319,14 @@
            if (this.WeakPasswordHashesSortedFilePath != null)
            {
                // The files in the path should be named with the first 5 chararacters of the hash and the extension txt, like ABDD0.txt
-                string sortedHashesFile = this.ResolveFilePath(this.WeakPasswordHashesSortedFilePath + hash.Substring(0, 5) + ".txt");
+                string sortedHashesFile = this.ResolveFilePath(this.WeakPasswordHashesSortedFilePath + hash.Substring(0, HashPrefixLength) + ".txt");
                if (sortedHashesFile != null)
                {
                    // Assuming all went well, we should be able to set up to search this much smaller file for the hashes
                    this.sortedHashFileSearcher = new SortedFileSearcher(sortedHashesFile);

                    // In the split database the hashes are stored in the sorted files starting with the 6th character (since the filename is the first 5
-                    hash = hash.Substring(5);
+                    hash = hash.Substring(HashPrefixLength);
                }
            }

@ -502,9 +509,8 @@
        private void TestSamAccountNameAsPassword()
        {
            string userLowerPassword = this.Account.SamAccountName.ToLower();
-            
            byte[] userLowerHash = NTHash.ComputeHash(userLowerPassword);
-            
+
            if (HashEqualityComparer.GetInstance().Equals(this.Account.NTHash, userLowerHash))
            {
                // Username Password is lowercase SamAccountName
@ -516,7 +522,6 @@
                byte[] userExactHash = NTHash.ComputeHash(userExactPassword);
                if (HashEqualityComparer.GetInstance().Equals(this.Account.NTHash, userExactHash))
                {
-                    
                    // Username Password is exact SamAccountName
                    this.result.SamAccountNameAsPassword.Add(this.Account.LogonName);
                }
--- a/Src/DSInternals.PowerShell/DSInternals.psd1
+++ b/Src/DSInternals.PowerShell/DSInternals.psd1
@ -8,7 +8,7 @@
 RootModule = 'DSInternals.Bootstrap.psm1'

 # Version number of this module.
-ModuleVersion = '4.14'
+ModuleVersion = '4.15'

 # Supported PSEditions
 # CompatiblePSEditions = 'Desktop'
@ -72,7 +72,7 @@ FunctionsToExport = @()
 CmdletsToExport = 'ConvertTo-NTHash', 'ConvertTo-LMHash', 'Set-SamAccountPasswordHash',
                  'ConvertFrom-UnicodePassword', 'ConvertTo-UnicodePassword',
                  'ConvertTo-OrgIdHash', 'ConvertFrom-GPPrefPassword',
-                  'ConvertTo-GPPrefPassword', 'Add-ADDBSidHistory',
+                  'ConvertTo-GPPrefPassword', # 'Add-ADDBSidHistory',
                  'Set-ADDBPrimaryGroup', 'Get-ADDBDomainController',
                  'Set-ADDBDomainController', 'Get-ADDBSchemaAttribute',
                  'Remove-ADDBObject', 'Get-ADDBAccount', 'Get-BootKey',
@ -143,7 +143,9 @@ PrivateData = @{

        # ReleaseNotes of this module
        ReleaseNotes = @"
- Minor credential roaming parser improvement.
+- Implemented support for individual *.txt files from HIBP in the Test-PasswordQuality cmdlet.
+- The New-ADDBRestoreFromMediaScript cmdlet now generates a more robust DC recovery script.
+- The Add-ADDBSidHistory cmdlet has been removed to prevent it from being used in migration scenarios.
 "@
    } # End of PSData hashtable

--- a/Src/DSInternals.PowerShell/Properties/AssemblyInfo.cs
+++ b/Src/DSInternals.PowerShell/Properties/AssemblyInfo.cs
@ -5,8 +5,8 @@ using System.Runtime.InteropServices;
 // set of attributes. Change these attribute values to modify the information
 // associated with an assembly.
 [assembly: AssemblyTitle("DSInternals PowerShell Commands")]
-[assembly: AssemblyVersion("4.14")]
-[assembly: AssemblyFileVersion("4.14")]
+[assembly: AssemblyVersion("4.15")]
+[assembly: AssemblyFileVersion("4.15")]
 [assembly: AssemblyDescription("")]
 [assembly: AssemblyConfiguration("")]
 [assembly: AssemblyCompany("")]