[CmdletBinding()]param ( [Parameter(ValueFromPipeline=$true)] [string] $B64Input)$ErrorActionPreference ="Stop"$DebugPreference ='Continue'functionConvertFrom-B64 {param ( [string] $B64String )try { $Json = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($B64String)) $Output = $Json |ConvertFrom-Json }catch {Write-Error"Failed to convert Base64 string: $B64String" }return $Output}# The JSON data is passed to the Gateway as a Base64 encoded string.$Params =ConvertFrom-B64-B64String $B64InputWrite-Debug"Running Post-Rotation Script on: $($Params.userRecordUid)"# Convert the attached Resource Records from Base64 encoded JSON string and find the # Admin Record we need to update the Service's `Log On As` property by filtering by the # Admin Record's UID.$ResourceCredentials =ConvertFrom-B64-B64 $Params.records$AdminRecord = $ResourceCredentials |Where-Object { $_.uid-eq'<Admin Record UID>' }# Each record type will have a different JSON structure. In this instance, we are using # a PAM Directory record type, so we need to build the username from the `login` and # `domainName` properties.try { $SecurePassword =ConvertTo-SecureString $AdminRecord.password -AsPlainText -Force $AdminCredential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList "$($AdminRecord.login)@$($AdminRecord.domainName)", $SecurePassword
Write-Debug"New PSCredential created for: $($AdminRecord.login)"}catch {Write-Error"Failed to create PSCredential for: $($AdminRecord.login)"}$ScheduledTaskName ='<Task Name>'$ScheduledTaskStatus =Invoke-Command`-ComputerName '<Target Machine>'`-Credential $AdminCredential `-ConfigurationName 'PowerShell.7'`-ScriptBlock { Stop-ScheduledTask-TaskName $Using:ScheduledTaskName Set-ScheduledTask -TaskName $Using:ScheduledTaskName -User $Using:Params.user -Password $Using:Params.newPassword
Start-ScheduledTask-TaskName $Using:ScheduledTaskNamereturnGet-ScheduledTask-TaskName $Using:ScheduledTaskName |Select-Object"State"}Write-Debug"$ScheduledTaskName is: $($ScheduledTaskStatus.State)"