DSInternals.Bootstrap.psm1

#
# Script module file for the 'DSInternals' module.
#
# Copyright (c) Michael Grafnetter
#

#
# Load the platform-specific libraries.
# Note: This operation cannot be done in the module manifest,
# as it only supports restricted language mode.
#

[string] $interopAssemblyPath = Join-Path $PSScriptRoot "$env:PROCESSOR_ARCHITECTURE\DSInternals.Replication.Interop.dll"
try
{
    Add-Type -Path $interopAssemblyPath -ErrorAction Stop
}
catch [System.IO.IOException]
{
    #
    # Make the error message more meaningful by checking common failure reasons.
    #

    [string] $message = 'The Get-ADRepl* cmdlets will not work properly, because the "{0}" assembly could not be loaded.' -f $interopAssemblyPath
    [System.Management.Automation.ErrorCategory] $errorCategory = [System.Management.Automation.ErrorCategory]::OpenError

    # Check the presence of the Universal C Runtime
    [string] $ucrtPath = Join-Path ([System.Environment]::SystemDirectory) 'ucrtbase.dll'
    [bool] $ucrtPresent = Test-Path -Path $ucrtPath

    if(-not $ucrtPresent)
    {
        # This can happen on systems prior to Windows 10 with missing updates.
        $message += ' The Universal C Runtime is missing. Run Windows Update or install it manually and reload the DSInternals module afterwards.'
        $errorCategory = [System.Management.Automation.ErrorCategory]::NotInstalled
    }

    # Check if the interop assembly is blocked
    [object] $zoneIdentifier = Get-Item -Path $interopAssemblyPath -Stream 'Zone.Identifier' -ErrorAction SilentlyContinue

    if($zoneIdentifier -ne $null)
    {
        # This usually happens to users of the ZIP distribution who forget to unblock it before extracting the files.
        $message += ' Unblock the assembly using either the Properties dialog or the Unblock-File cmdlet and reload the DSInternals module afterwards.'
        $errorCategory = [System.Management.Automation.ErrorCategory]::SecurityError
    }

    # Build the error report
    Write-Error -Message $message `
                -Exception $PSItem.Exception `
                -Category $errorCategory `
                -CategoryTargetName $interopAssemblyPath `
                -CategoryActivity $PSItem.CategoryInfo.Activity `
                -CategoryReason $PSItem.CategoryInfo.Reason
}

#
# Check if the MD5 hash function is available.
#

if([System.Security.Cryptography.CryptoConfig]::AllowOnlyFipsAlgorithms)
{
    [string] $message = 'Only FIPS certified cryptographic algorithms are enabled in .NET. DSInternals cmdlets that require the MD5 hash function will not work as expected.'
    [string] $configPath = [System.Diagnostics.Process]::GetCurrentProcess().Path + '.config'
    [string] $recommendedAction = 'Add the <enforceFIPSPolicy enabled="false"/> directive to the "{0}" file.' -f $configPath

    Write-Error -Message $message `
                -RecommendedAction $recommendedAction `
                -Category ([System.Management.Automation.ErrorCategory]::SecurityError)
}

#
# Check if the current OS is Windows.
#

if($env:OS -ne 'Windows_NT')
{
    Write-Error -Message 'The DSInternals PowerShell module is only supported on Windows.' `
                -Category ([System.Management.Automation.ErrorCategory]::NotImplemented)
}

#
# Type Data
# Note: *.types.ps1xml cannot be used for the following configuration, because it is processed before *.psm1 and would thus fail loading platform-specific assemblies.
#

Update-TypeData -TypeName 'DSInternals.Common.Data.SupplementalCredentials' `
                -TypeConverter ([DSInternals.PowerShell.SupplementalCredentialsDeserializer]) `
                -Force

#
# Cmdlet aliases
#

New-Alias -Name Set-ADAccountPasswordHash          -Value Set-SamAccountPasswordHash
New-Alias -Name Set-WinUserPasswordHash            -Value Set-SamAccountPasswordHash
New-Alias -Name Get-ADPasswordPolicy               -Value Get-SamPasswordPolicy
New-Alias -Name Get-ADDefaultPasswordPolicy        -Value Get-SamPasswordPolicy
New-Alias -Name ConvertFrom-UnattendXmlPassword    -Value ConvertFrom-UnicodePassword
New-Alias -Name ConvertTo-AADHash                  -Value ConvertTo-OrgIdHash
New-Alias -Name ConvertTo-MsoPasswordHash          -Value ConvertTo-OrgIdHash
New-Alias -Name Get-ADReplicationAccount           -Value Get-ADReplAccount
New-Alias -Name ConvertFrom-ManagedPasswordBlob    -Value ConvertFrom-ADManagedPasswordBlob
New-Alias -Name Get-SysKey                         -Value Get-BootKey
New-Alias -Name Get-SystemKey                      -Value Get-BootKey
New-Alias -Name Set-ADDBSysKey                     -Value Set-ADDBBootKey
New-Alias -Name Test-ADPasswordQuality             -Value Test-PasswordQuality
New-Alias -Name Test-ADDBPasswordQuality           -Value Test-PasswordQuality
New-Alias -Name Test-ADReplPasswordQuality         -Value Test-PasswordQuality
New-Alias -Name Get-KeyCredential                  -Value Get-ADKeyCredential
New-Alias -Name Get-KeyCredentialLink              -Value Get-ADKeyCredential
New-Alias -Name Get-ADKeyCredentialLink            -Value Get-ADKeyCredential
New-Alias -Name New-ADKeyCredential                -Value Get-ADKeyCredential
New-Alias -Name New-ADKeyCredentialLink            -Value Get-ADKeyCredential
New-Alias -Name New-ADNgcKey                       -Value Get-ADKeyCredential
New-Alias -Name Get-LsaPolicy                      -Value Get-LsaPolicyInformation
New-Alias -Name Set-LsaPolicy                      -Value Set-LsaPolicyInformation
New-Alias -Name Write-ADReplNgcKey                 -Value Add-ADReplNgcKey
New-Alias -Name Write-ADNgcKey                     -Value Add-ADReplNgcKey
New-Alias -Name Add-ADNgcKey                       -Value Add-ADReplNgcKey
New-Alias -Name Get-ADDBGroupManagedServiceAccount -Value Get-ADDBServiceAccount

# Export the aliases
Export-ModuleMember -Alias * -Cmdlet *