Set-TierAdminUser.ps1
|
<#
.SYNOPSIS Creates a new administrator in the tiered environment. Adds them to their Harvard affiliatecode admin group. .FUNCTIONALITY Active Directory tiered administration .DESCRIPTION Specify a sam account a source user to create an administrator account for. The tools verifies the user can be added to the group and then adds the user into the administrator group .PARAMETER AdminAcct OPTIONAL: Can be used with the Reset parameter to specify the Tiered Admain account that you would like to reset the password for. Example -Reset -AdminAcct abc123-at2 .PARAMETER Domain OPTIONAL: Default University, but can be changed for use in additional domains. Example -Domain HUITDEV .PARAMETER Reset Optional: Can be used when a Tiered Admin account password needs to be reset. Example -Reset -AdminAcct abc123-at1 .PARAMETER Roles MANDATORY: Which portion of the tier and 3 letter code will the person administer Example -Roles Admin or -Roles Group,OU,HelpDesk .PARAMETER SourceAcct MANDATORY: Samaccountname or HUID of the administrator you want to modify .PARAMETER Ticket OPTIONAL: Ticket # from Service Now for the Tiered account request. This value will be written to the account Notes field (info attribute). .PARAMETER Tier MANDATORY: Tier # that the admin account will be created for .EXAMPLE Set-TierAdminUser -SourceAcct abc123 -tier 1 -Domain Contoso -Roles Admin Creates a new tiered administrator user in the Contoso Domain for abc123-t1 and adds them to the admin group of their 3 letter code .EXAMPLE Set-TierAdminUser -SourceAcct abc123 -tier 2 -Roles Computer,HelpDesk Creates a new tiered administrator user for abc123-t2 and adds them to the HelpDesk and Computer Admins groups of their 3 letter code .EXAMPLE Set-TierAdminUser -SourceAcct abc123 -tier 2 -Ticket INC01223344 -Roles HelpDesk Creates a new tiered administrator user for abc123-t2, writes the ticket number in the Notes field and adds them to the HelpDesk group of their 3 letter code .EXAMPLE Set-TierAdminUser -Reset -AdminAcct abc123-at2 Creates a new tiered administrator user for abc123-t2, writes the ticket number in the Notes field and adds them to the HelpDesk group of their 3 letter code #> #------------------------------------ [Commandline switches] ------------------------------------------------------ [CmdletBinding(DefaultParameterSetName = 'SourceAcct')] Param ( [Parameter(Mandatory=$false)] [string]$Domain = "university", [Parameter(Mandatory=$false)] [string]$Ticket, [Parameter(Mandatory=$false,ParameterSetName = 'SourceAcct')] [string]$SourceAcct, [Parameter(Mandatory=$true,ParameterSetName = 'SourceAcct')] [ValidateSet('2','1','0')] [int]$Tier, [Parameter(ValueFromRemainingArguments=$true,Mandatory=$false,ParameterSetName = 'SourceAcct')] [String[]]$Roles, [Parameter(ValueFromRemainingArguments=$true,Mandatory=$false,ParameterSetName = 'SourceAcct')] [String[]]$Groups, [Parameter(Mandatory=$true,ParameterSetName = 'Reset')] [switch]$Reset=$true, [Parameter(Mandatory=$true,ParameterSetName = 'Reset')] [string]$AdminAcct ) #-----------------------------------------------------------[Functions]------------------------------------------------------------ function Write-Log { [CmdletBinding()] Param ( [Parameter(Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [ValidateNotNullOrEmpty()] [Alias("LogContent")] [string]$Message, [Parameter(Mandatory=$false)] [Alias('LogPath')] [string]$Path="C:\Logs\Script.log", [Parameter(Mandatory=$false)] [ValidateSet("Error","Warn","Info")] [string]$Level="Info", [Parameter(Mandatory=$false)] [switch]$NoClobber ) Begin { # Set VerbosePreference to Continue so that verbose messages are displayed. #$VerbosePreference = 'SilentlyContinue' $VerbosePreference = 'Continue' } Process { #If the file already exists and NoClobber was specified, do not write to the log. if ((Test-Path $Path) -AND $NoClobber) { Write-Error "Log file $Path already exists, and you specified NoClobber. Either delete the file or specify a different name." Return } # If attempting to write to a log file in a folder/path that doesn't exist create the file including the path. elseif (!(Test-Path $Path)) { Write-Verbose "Creating $Path." $NewLogFile = New-Item $Path -Force -ItemType File } else { # Nothing to see here yet. } # Format Date for our Log File $FormattedDate = Get-Date -Format "yyyy-MM-dd HH:mm:ss" # Write message to error, warning, or verbose pipeline and specify $LevelText switch ($Level) { 'Error' { Write-Error $Message $LevelText = 'ERROR:' } 'Warn' { Write-Warning $Message $LevelText = 'WARNING:' } 'Info' { Write-Verbose $Message $LevelText = 'INFO:' } } # Write log entry to $Path "$FormattedDate $LevelText $Message" | Out-File -FilePath $Path -Append } End{} } function New-SWRandomPassword { <# .Synopsis Generates one or more complex passwords designed to fulfill the requirements for Active Directory .DESCRIPTION Generates one or more complex passwords designed to fulfill the requirements for Active Directory .EXAMPLE New-SWRandomPassword C&3SX6Kn Will generate one password with a length between 8 and 12 chars. .EXAMPLE New-SWRandomPassword -MinPasswordLength 8 -MaxPasswordLength 12 -Count 4 7d&5cnaB !Bh776T"Fw 9"C"RxKcY %mtM7#9LQ9h Will generate four passwords, each with a length of between 8 and 12 chars. .EXAMPLE New-SWRandomPassword -InputStrings abc, ABC, 123 -PasswordLength 4 3ABa Generates a password with a length of 4 containing atleast one char from each InputString .EXAMPLE New-SWRandomPassword -InputStrings abc, ABC, 123 -PasswordLength 4 -FirstChar abcdefghijkmnpqrstuvwxyzABCEFGHJKLMNPQRSTUVWXYZ 3ABa Generates a password with a length of 4 containing atleast one char from each InputString that will start with a letter from the string specified with the parameter FirstChar .OUTPUTS [String] .NOTES Written by Simon WÃ¥hlin, blog.simonw.se I take no responsibility for any issues caused by this script. .FUNCTIONALITY Generates random passwords .LINK http://blog.simonw.se/powershell-generating-random-password-for-active-directory/ #> [CmdletBinding(DefaultParameterSetName='FixedLength',ConfirmImpact='None')] [OutputType([String])] Param ( # Specifies minimum password length [Parameter(Mandatory=$false, ParameterSetName='RandomLength')] [ValidateScript({$_ -gt 0})] [Alias('Min')] [int]$MinPasswordLength = 12, # Specifies maximum password length [Parameter(Mandatory=$false, ParameterSetName='RandomLength')] [ValidateScript({ if($_ -ge $MinPasswordLength){$true} else{Throw 'Max value cannot be lesser than min value.'}})] [Alias('Max')] [int]$MaxPasswordLength = 20, # Specifies a fixed password length [Parameter(Mandatory=$false, ParameterSetName='FixedLength')] [ValidateRange(1,2147483647)] [int]$PasswordLength = 8, # Specifies an array of strings containing charactergroups from which the password will be generated. # At least one char from each group (string) will be used. [String[]]$InputStrings = @('abcdefghijkmnpqrstuvwxyz', 'ABCEFGHJKLMNPQRSTUVWXYZ', '23456789', '!#%&'), # Specifies a string containing a character group from which the first character in the password will be generated. # Useful for systems which requires first char in password to be alphabetic. [String] $FirstChar, # Specifies number of passwords to generate. [ValidateRange(1,2147483647)] [int]$Count = 1 ) Begin { Function Get-Seed{ # Generate a seed for randomization $RandomBytes = New-Object -TypeName 'System.Byte[]' 4 $Random = New-Object -TypeName 'System.Security.Cryptography.RNGCryptoServiceProvider' $Random.GetBytes($RandomBytes) [BitConverter]::ToUInt32($RandomBytes, 0) } } Process { For($iteration = 1;$iteration -le $Count; $iteration++){ $Password = @{} # Create char arrays containing groups of possible chars [char[][]]$CharGroups = $InputStrings # Create char array containing all chars $AllChars = $CharGroups | ForEach-Object {[Char[]]$_} # Set password length if($PSCmdlet.ParameterSetName -eq 'RandomLength') { if($MinPasswordLength -eq $MaxPasswordLength) { # If password length is set, use set length $PasswordLength = $MinPasswordLength } else { # Otherwise randomize password length $PasswordLength = ((Get-Seed) % ($MaxPasswordLength + 1 - $MinPasswordLength)) + $MinPasswordLength } } # If FirstChar is defined, randomize first char in password from that string. if($PSBoundParameters.ContainsKey('FirstChar')){ $Password.Add(0,$FirstChar[((Get-Seed) % $FirstChar.Length)]) } # Randomize one char from each group Foreach($Group in $CharGroups) { if($Password.Count -lt $PasswordLength) { $Index = Get-Seed While ($Password.ContainsKey($Index)){ $Index = Get-Seed } $Password.Add($Index,$Group[((Get-Seed) % $Group.Count)]) } } # Fill out with chars from $AllChars for($i=$Password.Count;$i -lt $PasswordLength;$i++) { $Index = Get-Seed While ($Password.ContainsKey($Index)){ $Index = Get-Seed } $Password.Add($Index,$AllChars[((Get-Seed) % $AllChars.Count)]) } Write-Output -InputObject $(-join ($Password.GetEnumerator() | Sort-Object -Property Name | Select-Object -ExpandProperty Value)) } } } function Write-AccountInfo { Param ( [Parameter(Mandatory=$true)] [string]$Account="", [Parameter(Mandatory=$true)] [string]$password="", [Parameter(Mandatory=$false)] [string]$ticket="" ) Write-Host $Account -ForegroundColor Cyan Write-Host "Current password: $password" -ForegroundColor Cyan $FileOutput = $previouspath + "\" + $Account + ".txt" $Account |Out-File -FilePath $FileOutput "Current password: $password" |Out-File -FilePath $FileOutput -Append "SNOW Ticket: $ticket" |Out-File -FilePath $FileOutput -Append } function NewAcct() { Begin{ Write-Verbose -Message "Using variable $SourceAcct" $ADUserCheck = $null try{ Write-Verbose -Message "Checking for SAMACCOUNTNAME" $ADUserCheck = Get-ADUser $SourceAcct -Properties * } Catch{ Write-Verbose -Message "Checking for HUID" Try{ $ADUserCheck = Get-ADUser -f{harvardEduADHUID -eq $SourceAcct} -Properties * } Catch{} if (!$ADUserCheck){ Write-Warning "$SourceAcct not found in domain. Exiting script" } } if ($ADUserCheck){ #BEGIN PARAMS #==================== $d = (Get-ADDomain) $dn = $d.distinguishedname $pdc = $d.PDCEmulator #=================== $tierOU = 'OU=T'+$tier +'-Accounts,OU=Tier '+$tier +',OU=Admin,'+ $dn #Begin Functions Used ############################################## $pwd = (New-SWRandomPassword -MinPasswordLength 18 -MaxPasswordLength 20) $harvardEduADAffiliateCode = ($ADUserCheck.harvardEduADRoleAffiliateCode0) if($harvardEduADAffiliateCode.length -ne 3){$harvardEduADAffiliateCode = $ADUserCheck.harvardEduADRoleAffiliateCode1} if($harvardEduADAffiliateCode.length -ne 3){$harvardEduADAffiliateCode = $ADUserCheck.harvardEduADRoleAffiliateCode2} $AdminGivenName = $ADUserCheck.givenname $AdminSurname = $ADUserCheck.surname $AdminSAM = $ADUserCheck.SamAccountName #Permission set to OU names #The function names in the formulas that grant acl permissions do not match our OU naming structure #[ValidateSet('Admin','Computer','Group','User','Printer','OU','GPO')] $RoleToGroupMapping = @{} $RoleToGroupMapping.Add('Admin','Administrators') $RoleToGroupMapping.Add('Computer','Computer_Administrators') $RoleToGroupMapping.Add('Group','Group_Administrators') $RoleToGroupMapping.Add('User','User_Administrators') $RoleToGroupMapping.Add('Printer', 'Printer_Administrators') $RoleToGroupMapping.Add('OU','OU_Administrators') $RoleToGroupMapping.Add('GPO', 'GPO_Administrators') $RoleToGroupMapping.Add('HelpDesk', 'HelpDesk') # Search for the SubOU above the Affiliate Code OU, if it exists $OUTier = "Tier " + $tier $harvardEduADAffiliateCodeOUPart = "OU=" + $harvardEduADAffiliateCode + "," If ($Roles) { $CheckRoleGrp = $Roles | Select-Object -first 1 $GroupOU = (Get-ADOrganizationalUnit -SearchScope Subtree -Filter {Name -eq $harvardEduADAffiliateCode} | ` Where-Object {$_.DistinguishedName -like "*$OUTier*" ` -and $_.DistinguishedName -Notlike "*Devices*" ` -and $_.DistinguishedName -Notlike "*Groups*" ` -and $_.DistinguishedName -Notlike "*ServiceAccounts*" ` -and $_.DistinguishedName -Notlike "*Test*"} ).DistinguishedName $TopLevelOU = $GroupOU.Replace($harvardEduADAffiliateCodeOUPart,"").split(",")[0].split("=")[1] $checkgrp = $TopLevelOU + "_" + $harvardEduADAffiliateCode+"_t"+ $tier +"_"+ $RoleToGroupMapping[$CheckRoleGrp] Try { Get-ADGroup -Identity $checkgrp -ErrorAction Stop | Out-Null $GroupExists = $true $SubOU = $TopLevelOU } catch [Microsoft.ActiveDirectory.Management.ADIdentityResolutionException] { # Group SubOU does not exist Write-Host "User account is not in group SUB OU" -ForegroundColor Gray $SubOU = $null } } } } Process{ #======================== # If tier 0 specified, no need to do the Sub ou Check, or the tier 1 and tier 2 things # Grant only to the admin OU and the appropriate group #======================== if ($ADUserCheck){ try{ If ($Domain -eq "university") { # Create Hashtable for OtherAttributes so we can remove any null values $OtherAttributes = @{ # harvardEduADRoleType = "Admin" # harvardEduADSourceSystemUID = $ADUserCheck.harvardeduadhuid info = $Ticket mail = $ADUserCheck.mail } } Else { # Create Hashtable for OtherAttributes so we can remove any null values $OtherAttributes = @{ info = $Ticket mail = $ADUserCheck.mail } } # Clear out any null values from OtherAttributes ($OtherAttributes.GetEnumerator() | ? { -not $_.Value }) | % { $OtherAttributes.Remove($_.Name) } # Call option to create account New-ADUser ` -Description $("Tier "+ $tier +" Admin") ` -DisplayName ($AdminGivenName +" " + $AdminSurname) ` -name ($AdminSAM +"-at"+ $tier) ` -SamAccountName ($AdminSAM +"-at" +$tier) ` -Surname $AdminSurname ` -GivenName $AdminGivenName ` -Enabled $true ` -Path $tierOU ` -UserPrincipalName ($AdminSAM+"-at"+$tier+"@university.harvard.edu") ` -AccountPassword (ConvertTo-SecureString ($pwd) -AsPlainText -force) ` -AccountNotDelegated $false ` -AllowReversiblePasswordEncryption $false ` -CannotChangePassword $false ` -PasswordNeverExpires $false ` -PasswordNotRequired $false ` -SmartcardLogonRequired $false ` -TrustedForDelegation $false ` -Server $pdc ` -Department $ADUserCheck.Department ` -OtherAttributes $OtherAttributes ` -ErrorAction Stop | Out-Null Write-Host "User created successfully" -ForegroundColor Green Write-AccountInfo -Account "$AdminSAM-at$tier" -password $pwd -ticket $Ticket } catch{ Write-Host "Must have an error" #Write-Warning "Error Action for $SourceAcct in tier $tier" #$error[0] if ($Error[0].Exception.message -eq "The specified account already exists"){ Write-Host "Skipping account creation, $AdminSAM-at$tier already exists." -ForegroundColor Yellow Set-ADAccountPassword "$AdminSAM-at$tier" -NewPassword (ConvertTo-SecureString ($pwd) -AsPlainText -force) Enable-ADAccount "$AdminSAM-at$tier" Write-AccountInfo -Account "$AdminSAM-at$tier" -password $pwd -ticket $Ticket } if ($Error[0].Exception.message -like "*access is denied*"){ Write-Host "You do not have permissions to created this type of account $AdminSAM-at$tier." -ForegroundColor Red } } # Add to groups If ($tier -ne 0) { If ($Groups) { Foreach ($Group in $Groups) { $GroupCheck = Get-ADGroup $Group Add-ADGroupMember -Identity $GroupCheck.distinguishedname -Members ($AdminSAM +"-at" +$tier) -Server $pdc -ErrorAction Stop |Out-Null Write-Host "User added to group $Group" -ForegroundColor Green } } If ($Roles) { Foreach ($AdminRole in $Roles) { If (!$SubOU){ $grp = $harvardEduADAffiliateCode+"_t"+ $tier +"_"+ $RoleToGroupMapping[$AdminRole] } Else { $grp = $Subou + "_" + $harvardEduADAffiliateCode+"_t"+ $tier +"_"+ $RoleToGroupMapping[$AdminRole] } Try { Add-ADGroupMember -Identity $grp -Members ($AdminSAM +"-at" +$tier) -Server $pdc -ErrorAction Stop |Out-Null Write-Host "User added to group $grp" -ForegroundColor Green } Catch { if ($Error[0].Exception.message -like "*Insufficient access rights*"){ Write-Host "Access Denied: Unable to add user to group $grp." -ForegroundColor Red } } } } Else { #No Roles were added so we will add the account to a TierXAdmins group if no groups were also added above. If (!$Groups) { # No roles selected. Account will be added to the TierXAdmins group. $grp = "Tier" + $tier +"Admins" Try { Add-ADGroupMember -Identity $grp -Members ($AdminSAM +"-at" +$tier) -Server $pdc -ErrorAction Stop |Out-Null Write-Host "No admin groups selected, so user has been added to group $grp" -ForegroundColor Green } Catch { if ($Error[0].Exception.message -like "*Insufficient access rights*"){ Write-Host "Access Denied: Unable to add user to group $grp." -ForegroundColor Red } } } } } } } End{} } function Reset() { Begin{ Write-Verbose -Message "Using variable $AdminAcct" $ADUserCheck = $null try{ Write-Verbose -Message "Checking for SAMACCOUNTNAME" $ADUserCheck = Get-ADUser $AdminAcct -ErrorAction Stop } Catch{ Write-Verbose -Message "Checking for Tiered Account" #Write-Warning "$AdminAcct not found in domain. Exiting script" } if ($ADUserCheck){ #BEGIN PARAMS #==================== $d = (Get-ADDomain) $dn = $d.distinguishedname $pdc = $d.PDCEmulator #=================== #Begin Functions Used ############################################## $pwd = (New-SWRandomPassword -MinPasswordLength 18 -MaxPasswordLength 20) } } Process{ #======================== # Update the Tiered account password and unlock #======================== if ($ADUserCheck){ Write-Host "Updating Tiered Account, $AdminAcct password." Set-ADAccountPassword $AdminAcct -NewPassword (ConvertTo-SecureString ($pwd) -AsPlainText -force) Unlock-ADAccount $AdminAcct Write-Host "User updated successfully" -ForegroundColor Green Write-AccountInfo -Account $AdminAcct -password $pwd -ticket $Ticket } } End{} } #-----------------------------------------------------------[Main Script Body]------------------------------------------------------------ # Check if the Domain parameter was passed, otherwise the script will run against the current domain if ($Domain) { # Check the current path to return the script to the same directory it started from If ((Get-Location).Path -like "*\\*") { # Current path is UNC $PreviousPath = ((Get-Location).Path).split(":")[2] } Else { $PreviousPath = (Get-Location).Path } Import-Module ActiveDirectory $DomainInfo = Get-ADDomain $Domain New-PSDrive -Name $DomainInfo.NetBIOSName -PSProvider ActiveDirectory -Root "//RootDSE/" -Scope Global -Server $DomainInfo.DNSRoot $Drive = $DomainInfo.NetBIOSName + ":" Set-Location $Drive } If ($SourceAcct) {NewAcct} If ($Reset) {Reset} Set-Location C: Set-Location $PreviousPath Remove-PSDrive -Name $DomainInfo.NetBIOSName # SIG # Begin signature block # MIIPrwYJKoZIhvcNAQcCoIIPoDCCD5wCAQExCzAJBgUrDgMCGgUAMGkGCisGAQQB # gjcCAQSgWzBZMDQGCisGAQQBgjcCAR4wJgIDAQAABBAfzDtgWUsITrck0sYpfvNR # AgEAAgEAAgEAAgEAAgEAMCEwCQYFKw4DAhoFAAQUou/+K13e3dFeXhQat2BhS0zt # beWgggy7MIIGITCCBQmgAwIBAgITYwAAAVOZckg75vLFNQAAAAABUzANBgkqhkiG # 9w0BAQsFADCBpDELMAkGA1UEBhMCVVMxFjAUBgNVBAgTDU1hc3NhY2h1c2V0dHMx # EjAQBgNVBAcTCUNhbWJyaWRnZTExMC8GA1UEChMoUHJlc2lkZW50IGFuZCBGZWxs # b3dzIG9mIEhhcnZhcmQgQ29sbGVnZTEMMAoGA1UECxMDUEtJMSgwJgYDVQQDEx9I # YXJ2YXJkIFVuaXZlcnNpdHkgSXNzdWluZyBDQSAwMB4XDTIyMDkwOTE2MDc1NVoX # DTI1MDkwODE2MDc1NVowgbIxCzAJBgNVBAYTAlVTMRYwFAYDVQQIEw1NYXNzYWNo # dXNldHRzMRIwEAYDVQQHEwlDYW1icmlkZ2UxMTAvBgNVBAoTKFByZXNpZGVudCBh # bmQgRmVsbG93cyBvZiBIYXJ2YXJkIENvbGxlZ2UxDDAKBgNVBAsTA1BLSTE2MDQG # A1UEAxMtSGFydmFyZCBDb2RlIFNpZ25pbmcgQXV0aG9yaXR5IC0gSm9obiBMb2Nr # ZXR0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuUu4M5+FKMkzMFRz # rPgxeo3HjIYxzRaHD9hlABxjD4a/qDMmefEk/lqTG1sL/5o4devvSyyJYlsBFckf # y7J1mnt6xoLPAD7i7d/ozdEwm4JFrBlES0FL1uP6SUuJhC3m4zBtULGyelTv7h0d # EXu5yuYSXKDHIACLQ1JtfodE6mCz8xc0ZbHhkyfBqGSe7EClijxjRwsApI2zPLx7 # bsJwURnc7nGdarG+KDH3xD3FyZAGIX3o7TjVgRPjk+70jk9mDDIXza4pPKF3CUD6 # hEvTnQ4ewrsB0IFsa8j8y57Hwwun9hIa+eAtrCtGCPS/EB4JAxVbH9wRppfIn/gD # Jmt0xQIDAQABo4ICOjCCAjYwPgYJKwYBBAGCNxUHBDEwLwYnKwYBBAGCNxUIgbyH # d4OYsyKHqZ0ih8rAOoHjsmyBAYeut3yB+M0LAgFkAgEQMBMGA1UdJQQMMAoGCCsG # AQUFBwMDMA4GA1UdDwEB/wQEAwIHgDBWBgNVHSAETzBNMEsGCysGAQQBsUWDfQEE # MDwwOgYIKwYBBQUHAgEWLmh0dHA6Ly9jcmwuaHVpdC5oYXJ2YXJkLmVkdS9wb2xp # Y2llcy9oaWdoLmh0bWwwGwYJKwYBBAGCNxUKBA4wDDAKBggrBgEFBQcDAzAdBgNV # HQ4EFgQU0OBFyn+6uXYRXQvQ4NhhN29MLvYwHwYDVR0jBBgwFoAUtrP8YtlLby2p # qOM9wNbmhQhyVAgwXAYDVR0fBFUwUzBRoE+gTYZLaHR0cDovL2NybC5odWl0Lmhh # cnZhcmQuZWR1L3BraS9IYXJ2YXJkJTIwVW5pdmVyc2l0eSUyMElzc3VpbmclMjBD # QSUyMDAuY3JsMIG7BggrBgEFBQcBAQSBrjCBqzB6BggrBgEFBQcwAoZuaHR0cDov # L2NybC5odWl0LmhhcnZhcmQuZWR1L3BraS9QMC1QS0ktSVNTQ0EwLnJlZC5odWl0 # LmhhcnZhcmQuZWR1X0hhcnZhcmQlMjBVbml2ZXJzaXR5JTIwSXNzdWluZyUyMENB # JTIwMC5jcnQwLQYIKwYBBQUHMAGGIWh0dHA6Ly9vY3NwLmh1aXQuaGFydmFyZC5l # ZHUvb2NzcDANBgkqhkiG9w0BAQsFAAOCAQEAQ88H4jF8MoupCyIXtjHte4Xj+5sK # tvmNc5S+Lom21qohQFz3p8X/2kdC7rsRdXlDiwahvje5IN10CSUVtRR0cADKNOzr # gYqRNb5xjq8bMyFFL5S40ghlmXPdS3gSeor+UQXWuSAhirrG4WXUXujfBrWo9fOZ # rdZykznLpDfgmrs0+4xd4C3yyknYyH6hpKMuNt+dJPCM4ssBln2lRIVdYr4NwCg7 # OOVjXY24k9b8baTFijWn3IzUlSUVSq3nkLb1NiYAopNi9O7Fo0Apr6RoH56EaT9T # KcXQHQzv+ZN+iZGnxXwn8eeXydiuWmgy35pIbA9f4Y1AJSNFYMMMKUJMZTCCBpIw # ggR6oAMCAQICEycAAAACEE6egJ9S5DMAAAAAAAIwDQYJKoZIhvcNAQELBQAwgZ8x # CzAJBgNVBAYTAlVTMRYwFAYDVQQIEw1NYXNzYWNodXNldHRzMRIwEAYDVQQHEwlD # YW1icmlkZ2UxMTAvBgNVBAoTKFByZXNpZGVudCBhbmQgRmVsbG93cyBvZiBIYXJ2 # YXJkIENvbGxlZ2UxDDAKBgNVBAsTA1BLSTEjMCEGA1UEAxMaSGFydmFyZCBVbml2 # ZXJzaXR5IFJvb3QgQ0EwHhcNMTgxMTI3MjA1NTQwWhcNMjgxMTI3MjEwNTQwWjCB # pDELMAkGA1UEBhMCVVMxFjAUBgNVBAgTDU1hc3NhY2h1c2V0dHMxEjAQBgNVBAcT # CUNhbWJyaWRnZTExMC8GA1UEChMoUHJlc2lkZW50IGFuZCBGZWxsb3dzIG9mIEhh # cnZhcmQgQ29sbGVnZTEMMAoGA1UECxMDUEtJMSgwJgYDVQQDEx9IYXJ2YXJkIFVu # aXZlcnNpdHkgSXNzdWluZyBDQSAwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB # CgKCAQEAv5agkImBBfNDH20UkgckfukHNTUqPbJ5F9ctwIwFJD/0TJ43JO5bis+4 # ZHkeXzx9uGs+gMM2nfJBifexAzcuY6JlHofW1RpXkhbTcgNEjmLmqk5jesQGphkz # a7HlPdQ8vd3HDhWEFgos2mwfxXIpV9Tgi+ySVf394xu9XaDhaBK/t8vOOH1fIp4D # Tosy6j1W+rhNGRr/aPEqDEFocG9FhVl5YFj/WpbGZUFbiOxvYIFeNuaWLjxM/L5r # bpQjj6ZSMppqzH7BAyYQxy9YYC3/mYOOS/v9I/D8uxnh8Pe6z62ej0sab/EU9oO0 # kuJCx9A1DtDXd9e5HlATXttkhWdEfwIDAQABo4IBvjCCAbowCwYDVR0PBAQDAgGG # MBAGCSsGAQQBgjcVAQQDAgEAMB0GA1UdDgQWBBS2s/xi2UtvLamo4z3A1uaFCHJU # CDBmBgNVHSAEXzBdMA0GCysGAQQBsUWDfQECMA0GCysGAQQBsUWDfQEDMA0GCysG # AQQBsUWDfQEEMA4GDCsGAQQBsUWDfQEEATAOBgwrBgEEAbFFg30BBAMwDgYMKwYB # BAGxRYN9AQQEMBkGCSsGAQQBgjcUAgQMHgoAUwB1AGIAQwBBMA8GA1UdEwEB/wQF # MAMBAf8wHwYDVR0jBBgwFoAUYoKA1zSUqpUkOghATS0l6RYwrBIwVQYDVR0fBE4w # TDBKoEigRoZEaHR0cDovL2NybC5odWl0LmhhcnZhcmQuZWR1L3BraS9IYXJ2YXJk # JTIwVW5pdmVyc2l0eSUyMFJvb3QlMjBDQS5jcmwwbgYIKwYBBQUHAQEEYjBgMF4G # CCsGAQUFBzAChlJodHRwOi8vY3JsLmh1aXQuaGFydmFyZC5lZHUvcGtpL1AwLVBL # SS1Sb290Q0FfSGFydmFyZCUyMFVuaXZlcnNpdHklMjBSb290JTIwQ0EuY3J0MA0G # CSqGSIb3DQEBCwUAA4ICAQCkJrhO58DnnYeEzuYL6WLC6QsQKPAtR9qR4r+BmnrZ # 0OXDC9IjhhiIcYtnESsR8liR2Ta4VvwvONBxtH4NwCVQSK8Pnp6OunKjR+oCeopP # AIpmXRiZNLzgmbMKXin+BnYYwsGy36TB926JghMx7N0BCaICgdDNsOx9GQiZvVJV # fVl1yTeYnGS+t+4G1xbbIrmHqMnoTxyl2keEHHNjNmDYU6ABNMNeySXD58BCf5YQ # eeQVuSuEurZBN96TOk3D2cPZN5J8yxGonFTuT8zLDs55hylPh6j0PsaehGhm3JVD # 6JWYNXvYdx3lKe7ddB2N9RjPMt0Snu7xhLe31I9hmbvUJ7LuUvHKwLWy1/Q0tqDx # fbLho/402giQOjkCBGYYQx/k3wHDooOdvuW56RKnzoN4E6OmTTjn29NivX5VQgYW # IlXD6YbbE6OFOZ5mnZs+7GLF2w1DdmpCX1k8cSpkf+VqLiYtyKv9grCAh0S0jcAX # jBpRTESeTo8Eu6ylvKGVAHzgeOAdBcZc7R9vTbOIyQ6dYTRVgQWOFt45zz81Z17n # u3q/4GoSCCXn2ho+Vs2FAsGRCDdvA4cHWEhlGRGQIHVcO6qlvML8NEYkz8/pumSv # 8auf3m+LhgoTI6sdn6jdqUSpqo6UYkhzq6GlMrRCAQRUYUw7kW94nqV6WoW1rWsE # rTGCAl4wggJaAgEBMIG8MIGkMQswCQYDVQQGEwJVUzEWMBQGA1UECBMNTWFzc2Fj # aHVzZXR0czESMBAGA1UEBxMJQ2FtYnJpZGdlMTEwLwYDVQQKEyhQcmVzaWRlbnQg # YW5kIEZlbGxvd3Mgb2YgSGFydmFyZCBDb2xsZWdlMQwwCgYDVQQLEwNQS0kxKDAm # BgNVBAMTH0hhcnZhcmQgVW5pdmVyc2l0eSBJc3N1aW5nIENBIDACE2MAAAFTmXJI # O+byxTUAAAAAAVMwCQYFKw4DAhoFAKB4MBgGCisGAQQBgjcCAQwxCjAIoAKAAKEC # gAAwGQYJKoZIhvcNAQkDMQwGCisGAQQBgjcCAQQwHAYKKwYBBAGCNwIBCzEOMAwG # CisGAQQBgjcCARUwIwYJKoZIhvcNAQkEMRYEFCJAdlSrUho3GJ7J9/lnPEr4cAho # MA0GCSqGSIb3DQEBAQUABIIBAAsi8b2RUGBnoJsvNq/1befsgmIKwH9W3ycN5tWr # +t+KlMowOX3Gq2lX3AEYCSNjWAMQNGLaZo2VU1gP/blfEOGcuzT/tWU7mgE7X2vl # YR+IYhBUkdJh/M/KZXdmDLWhH+ZB7HE+htUUg5XVgg+ZeHsVyRWto+xuqhvZmRIl # 3Yg2W3b62Qz5iYtx+E4vYNqG+U35a2ac9DZAceB2d2cqrnGde75ukyQPuAJRyFXV # QYagZwCrpLNKxIcH4M7gh+jRwh8qqn3FCqvUx3XYGSIXhsv8drbp35cFmH1b2n3k # mMiGP+Pn5W8zzUclkxsUrm5BDBTtMaijUumqVScJ6TG3NOc= # SIG # End signature block |