ad-rbac

1.3.0

public/Test-RBACFeatures.ps1

                                Function Test-RBACFeatures {

    $ObjectGUIDs = get-ADObjectGUIDs

    $Runtime['Domain']['ConfigurationNamingContext'] = $((get-adrootdse).configurationNamingContext)

    @{

        sudoRoles = $ObjectGUIDs.name.contains("sudoRole")

        sshPublicKeys = $ObjectGUIDs.name.contains("sshPublicKeys")

        LAPS = $ObjectGUIDs.name.contains("ms-LAPS-EncryptedPassword")

        PKI = try {

                [bool]$(get-adobject -filter "objectclass -ne 'Container' -and name -ne 'OID'" -searchbase "CN=Public Key Services,CN=Services,CN=Configuration,$($Runtime['Domain']['ConfigurationNamingContext'])" -ResultSetSize 1 -erroraction SilentlyContinue)

            } catch {

                $False

            }

        <#$(

            $pkiPathExists = [bool](test-path "AD:CN=OID,CN=Public Key Services,CN=Services,$($Runtime['Domain']['ConfigurationNamingContext'])")

            $CertTmplExists = [bool](get-adobject -SearchBase "CN=Certificate Templates,CN=Public Key Services,CN=Services,$($Runtime['Domain']['ConfigurationNamingContext'])" -Filter "objectClass -eq 'pKICertificateTemplate'")

            $CAExists = [bool](get-adobject -SearchBase "CN=Certification Authorities,CN=Public Key Services,CN=Services,$($Runtime['Domain']['ConfigurationNamingContext'])" -Filter "objectClass -eq 'certificationAuthority'")

            # Disable for now.

            $false -and $pkiPathExists -and $CertTmplExists -and $CAExists

            )

        #>

    }

}