This project is part of a blog-post-series on https://blog.tritze.eu
!Attention - This is a not tested pre-version!
furry-funicular is a set of PowerShell scripts that must be implemented as Azure Automation Runbooks, to have, combined with Microsoft Operations Management Suite, a solution that does an automated password recovery for user accounts. This is done with a simple SMS system.
- User A has forgotten his password.
- User A's account has been locked out.
- OMS analyses the server logs.
- Bases on the logs, OMS triggers a OMS Alert for the locked-out account of User A.
- The Alert triggers a WebHook from a Azure Automation Runbook.
- The Runbook gets the mobile phone number of the user.
- The Runbook creates an entry in a SQL database.
- The Runbook sends an SMS to User A's mobile phone.
- User A gets an SMS with information that his account is locked-out.
- The user can now reply, by SMS, with "UNLOCK" to start the unlock process.
- The SMS reply triggers a second Runbook.
- The Runbooks controls if there is any entry in the database.
- If an entry exists, the Runbook gets the location information of the User from the Active Directory.
- The Runbook sends a second SMS to the User's mobile phone, with the question where he is located.
- The User receives the SMS and replies with his location. - like "STUTTGART"
- The second reply SMS triggers a the Runbook again
- The Runbook checks if the location is correct.
- If correct, the Runbook generates a random password.
- User A's password will set to the generated one.
- Also the account will be unlocked.
- And the password must be changed at the next logon.
- In the last step, the runbook triggers a final SMS with the new password to the user.
- User A is now able to login and change his one-time password to a real one.
Azure based variable’s to be in place:
- $TwilioAccountSid = Get-AutomationVariable -Name 'TwilioAccountSid'
- $TwilioAuthToken = Get-AutomationVariable -Name 'TwilioAuthToken'
- $TwilioPhoneNumber = Get-AutomationVariable -Name 'TwilioPhoneNumber'
- $SQLConnectionString = Get-AutomationVariable -Name 'SQLConnectionString'
- $DatabaseName = Get-AutomationVariable -Name 'DatabaseName'
- $ADAdminUserName = Get-AutomationVariable -Name 'ADAdminUserName'
- $ADAdminUserPassword = Get-AutomationVariable -Name 'ADAdminUserPassword'
Also a OMS Alert with this query is required: Type=SecurityEvent EventID=4740