diff --git a/Documentation/PowerShell/New-ADDBRestoreFromMediaScript.md b/Documentation/PowerShell/New-ADDBRestoreFromMediaScript.md
index f5a522f..fd2abc0 100644
--- a/Documentation/PowerShell/New-ADDBRestoreFromMediaScript.md
+++ b/Documentation/PowerShell/New-ADDBRestoreFromMediaScript.md
@@ -170,14 +170,14 @@ $initTask = Register-ScheduledJob -Name DSInternals-RFM-Initializer -ScriptBlock
# Re-encrypt the DB with the new boot key.
$currentBootKey = Get-BootKey -Online
- Set-ADDBBootKey -DatabasePath 'C:\Backup\Active Directory\ntds.dit' -LogPath 'C:\Backup\Active Directory' -OldBootKey 610bc29e6f62ca7004e9872cd51a0116 -NewBootKey $currentBootKey
+ Set-ADDBBootKey -DatabasePath 'C:\Backup\Active Directory\ntds.dit' -LogPath 'C:\Backup\Active Directory' -OldBootKey 610bc29e6f62ca7004e9872cd51a0116 -NewBootKey $currentBootKey -Force
# Clone the DC account password.
$ntdsParams = Get-ItemProperty -Path registry::HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters
InlineScript {
# Note: SupplementalCredentials do not get serialized properly without using the InlineScript activity.
$dcAccount = Get-ADDBAccount -SamAccountName 'LON-DC1$' -DatabasePath $using:ntdsParams.'DSA Database file' -LogPath $using:ntdsParams.'Database log files path' -BootKey $using:currentBootKey
- Set-ADDBAccountPasswordHash -ObjectGuid 9bb4d6f4-060a-4585-9f18-625774e7c088 -NTHash $dcAccount.NTHash -SupplementalCredentials $dcAccount.SupplementalCredentials -DatabasePath 'C:\Backup\Active Directory\ntds.dit' -LogPath 'C:\Backup\Active Directory' -BootKey $using:currentBootKey
+ Set-ADDBAccountPasswordHash -ObjectGuid 9bb4d6f4-060a-4585-9f18-625774e7c088 -NTHash $dcAccount.NTHash -SupplementalCredentials $dcAccount.SupplementalCredentials -DatabasePath 'C:\Backup\Active Directory\ntds.dit' -LogPath 'C:\Backup\Active Directory' -BootKey $using:currentBootKey -Force
}
# Replace the database and transaction logs.
diff --git a/Documentation/PowerShell/Set-ADDBBootKey.md b/Documentation/PowerShell/Set-ADDBBootKey.md
index 026a8a2..af2c708 100644
--- a/Documentation/PowerShell/Set-ADDBBootKey.md
+++ b/Documentation/PowerShell/Set-ADDBBootKey.md
@@ -13,7 +13,7 @@ Re-encrypts a ntds.dit file with a new BootKey/SysKey.
## SYNTAX
```
-Set-ADDBBootKey -OldBootKey <Byte[]> [-NewBootKey <Byte[]>] -DatabasePath <String> [-LogPath <String>]
+Set-ADDBBootKey -OldBootKey <Byte[]> [-NewBootKey <Byte[]>] [-Force] -DatabasePath <String> [-LogPath <String>]
[<CommonParameters>]
```
@@ -49,6 +49,21 @@ Accept pipeline input: False
Accept wildcard characters: False
```
+### -Force
+Forces the cmdlet to perform the desired operation.
+
+```yaml
+Type: SwitchParameter
+Parameter Sets: (All)
+Aliases:
+
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
### -LogPath
Specifies the path to a directory where the transaction log files are located. For instance, C:\Windows\NTDS. The default log directory is the one that contains the database file itself.
diff --git a/Src/DSInternals.PowerShell/ADDBRestoreFromMediaScriptTemplate.ps1 b/Src/DSInternals.PowerShell/ADDBRestoreFromMediaScriptTemplate.ps1
index 92f547f..d201f93 100644
--- a/Src/DSInternals.PowerShell/ADDBRestoreFromMediaScriptTemplate.ps1
+++ b/Src/DSInternals.PowerShell/ADDBRestoreFromMediaScriptTemplate.ps1
@@ -1,12 +1,11 @@
<#
.SYNOPSIS
-Restores the {DCName} domain controller from ntds.dit.
+Restores the {DCName} domain controller from its ntds.dit file.
.REMARKS
This script should only be executed on a freshly installed {OSName}. Use at your own risk.
The DSInternals PowerShell module must be installed for all users on the target server.
-
Author: Michael Grafnetter
#>
@@ -20,7 +19,7 @@ $vssResult = ([wmiclass] 'Win32_ShadowCopy').Create("$env:SystemDrive\", 'Client
Write-Host 'Installing the Active Directory module for Windows PowerShell...'
Add-WindowsFeature -Name RSAT-AD-PowerShell -ErrorAction Stop
-# All the other operations will be executed by a restartable workflow running in SYSTEM context.
+# All the other operations will be executed by a restartable workflow running in the SYSTEM context.
Write-Host 'Registering restartable workflows...'
# Delete any pre-existing scheduled jobs with the same names before registering new ones.
@@ -73,14 +72,14 @@ $initTask = Register-ScheduledJob -Name DSInternals-RFM-Initializer -ScriptBlock
# Re-encrypt the DB with the new boot key.
$currentBootKey = Get-BootKey -Online
- Set-ADDBBootKey -DatabasePath '{SourceDBPath}' -LogPath '{SourceLogDirPath}' -OldBootKey {OldBootKey} -NewBootKey $currentBootKey
+ Set-ADDBBootKey -DatabasePath '{SourceDBPath}' -LogPath '{SourceLogDirPath}' -OldBootKey {OldBootKey} -NewBootKey $currentBootKey -Force
# Clone the DC account password.
$ntdsParams = Get-ItemProperty -Path registry::HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters
InlineScript {
# Note: SupplementalCredentials do not get serialized properly without using the InlineScript activity.
$dcAccount = Get-ADDBAccount -SamAccountName '{DCName}$' -DatabasePath $using:ntdsParams.'DSA Database file' -LogPath $using:ntdsParams.'Database log files path' -BootKey $using:currentBootKey
- Set-ADDBAccountPasswordHash -ObjectGuid {DCGuid} -NTHash $dcAccount.NTHash -SupplementalCredentials $dcAccount.SupplementalCredentials -DatabasePath '{SourceDBPath}' -LogPath '{SourceLogDirPath}' -BootKey $using:currentBootKey
+ Set-ADDBAccountPasswordHash -ObjectGuid {DCGuid} -NTHash $dcAccount.NTHash -SupplementalCredentials $dcAccount.SupplementalCredentials -DatabasePath '{SourceDBPath}' -LogPath '{SourceLogDirPath}' -BootKey $using:currentBootKey -Force
}
# Replace the database and transaction logs.
diff --git a/Src/DSInternals.PowerShell/Commands/Datastore/RestoreADDBAttributeCommand.cs b/Src/DSInternals.PowerShell/Commands/Datastore/RestoreADDBAttributeCommand.cs
index 2073f1d..8b5a451 100644
--- a/Src/DSInternals.PowerShell/Commands/Datastore/RestoreADDBAttributeCommand.cs
+++ b/Src/DSInternals.PowerShell/Commands/Datastore/RestoreADDBAttributeCommand.cs
@@ -1,5 +1,6 @@
using System;
using System.Management.Automation;
+using DSInternals.PowerShell.Properties;
namespace DSInternals.PowerShell.Commands
{
@@ -25,6 +26,13 @@ namespace DSInternals.PowerShell.Commands
set;
}
+ [Parameter]
+ public SwitchParameter Force
+ {
+ get;
+ set;
+ }
+
protected override bool ReadOnly
{
get
@@ -36,6 +44,14 @@ namespace DSInternals.PowerShell.Commands
protected override void ProcessRecord()
{
throw new NotImplementedException();
+
+ if (!Force.IsPresent)
+ {
+ // Do not continue with operation until the user enforces it.
+ var exception = new ArgumentException(Resources.WarningMessage);
+ var error = new ErrorRecord(exception, "RestoreADDBAttribute_ForceRequired", ErrorCategory.InvalidArgument, null);
+ this.ThrowTerminatingError(error);
+ }
}
}
-}
\ No newline at end of file
+}
diff --git a/Src/DSInternals.PowerShell/Commands/Datastore/SetADDBBootKeyCommand.cs b/Src/DSInternals.PowerShell/Commands/Datastore/SetADDBBootKeyCommand.cs
index 454e622..6bd87bc 100644
--- a/Src/DSInternals.PowerShell/Commands/Datastore/SetADDBBootKeyCommand.cs
+++ b/Src/DSInternals.PowerShell/Commands/Datastore/SetADDBBootKeyCommand.cs
@@ -1,7 +1,9 @@
namespace DSInternals.PowerShell.Commands
{
+ using System;
using System.Management.Automation;
using DSInternals.DataStore;
+ using DSInternals.PowerShell.Properties;
[Cmdlet(VerbsCommon.Set, "ADDBBootKey")]
[OutputType("None")]
@@ -29,8 +31,23 @@
set;
}
+ [Parameter]
+ public SwitchParameter Force
+ {
+ get;
+ set;
+ }
+
protected override void BeginProcessing()
{
+ if (!Force.IsPresent)
+ {
+ // Do not continue with operation until the user enforces it.
+ var exception = new ArgumentException(Resources.WarningMessage);
+ var error = new ErrorRecord(exception, "SetADDBBootKey_ForceRequired", ErrorCategory.InvalidArgument, null);
+ this.ThrowTerminatingError(error);
+ }
+
base.BeginProcessing();
using(var directoryAgent = new DirectoryAgent(this.DirectoryContext))
{
diff --git a/Src/DSInternals.PowerShell/en-US/DSInternals.PowerShell.dll-Help.xml b/Src/DSInternals.PowerShell/en-US/DSInternals.PowerShell.dll-Help.xml
index 3de0e73..d9b8648 100644
--- a/Src/DSInternals.PowerShell/en-US/DSInternals.PowerShell.dll-Help.xml
+++ b/Src/DSInternals.PowerShell/en-US/DSInternals.PowerShell.dll-Help.xml
@@ -7101,14 +7101,14 @@ $initTask = Register-ScheduledJob -Name DSInternals-RFM-Initializer -ScriptBlock
# Re-encrypt the DB with the new boot key.
$currentBootKey = Get-BootKey -Online
- Set-ADDBBootKey -DatabasePath 'C:\Backup\Active Directory\ntds.dit' -LogPath 'C:\Backup\Active Directory' -OldBootKey 610bc29e6f62ca7004e9872cd51a0116 -NewBootKey $currentBootKey
+ Set-ADDBBootKey -DatabasePath 'C:\Backup\Active Directory\ntds.dit' -LogPath 'C:\Backup\Active Directory' -OldBootKey 610bc29e6f62ca7004e9872cd51a0116 -NewBootKey $currentBootKey -Force
# Clone the DC account password.
$ntdsParams = Get-ItemProperty -Path registry::HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters
InlineScript {
# Note: SupplementalCredentials do not get serialized properly without using the InlineScript activity.
$dcAccount = Get-ADDBAccount -SamAccountName 'LON-DC1$' -DatabasePath $using:ntdsParams.'DSA Database file' -LogPath $using:ntdsParams.'Database log files path' -BootKey $using:currentBootKey
- Set-ADDBAccountPasswordHash -ObjectGuid 9bb4d6f4-060a-4585-9f18-625774e7c088 -NTHash $dcAccount.NTHash -SupplementalCredentials $dcAccount.SupplementalCredentials -DatabasePath 'C:\Backup\Active Directory\ntds.dit' -LogPath 'C:\Backup\Active Directory' -BootKey $using:currentBootKey
+ Set-ADDBAccountPasswordHash -ObjectGuid 9bb4d6f4-060a-4585-9f18-625774e7c088 -NTHash $dcAccount.NTHash -SupplementalCredentials $dcAccount.SupplementalCredentials -DatabasePath 'C:\Backup\Active Directory\ntds.dit' -LogPath 'C:\Backup\Active Directory' -BootKey $using:currentBootKey -Force
}
# Replace the database and transaction logs.
@@ -8978,6 +8978,17 @@ PS C:\> Set-ADDBAccountPasswordHash -SamAccountName john `
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
+ <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
+ <maml:name>Force</maml:name>
+ <maml:Description>
+ <maml:para>Forces the cmdlet to perform the desired operation.</maml:para>
+ </maml:Description>
+ <dev:type>
+ <maml:name>SwitchParameter</maml:name>
+ <maml:uri />
+ </dev:type>
+ <dev:defaultValue>False</dev:defaultValue>
+ </command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Log, TransactionLogPath">
<maml:name>LogPath</maml:name>
<maml:Description>
@@ -9029,6 +9040,18 @@ PS C:\> Set-ADDBAccountPasswordHash -SamAccountName john `
</dev:type>
<dev:defaultValue>None</dev:defaultValue>
</command:parameter>
+ <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none">
+ <maml:name>Force</maml:name>
+ <maml:Description>
+ <maml:para>Forces the cmdlet to perform the desired operation.</maml:para>
+ </maml:Description>
+ <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue>
+ <dev:type>
+ <maml:name>SwitchParameter</maml:name>
+ <maml:uri />
+ </dev:type>
+ <dev:defaultValue>False</dev:defaultValue>
+ </command:parameter>
<command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="Log, TransactionLogPath">
<maml:name>LogPath</maml:name>
<maml:Description>