Update Schedule-Remote-Meerkat.ps1

TonyPhipps · Nov 8, 2023 · a3fc2e4 · a3fc2e4
1 parent f1729f6
commit a3fc2e4
Showing 1 changed file with 23 additions and 9 deletions.
diff --git a/Utilities/Schedule-Remote-Meerkat.ps1 b/Utilities/Schedule-Remote-Meerkat.ps1
@@ -25,15 +25,29 @@ $ScriptName = "C:\Meerkat-Task.ps1"
 $AtTime = "1/30/2023 1:01:00 AM"
 
 # Create the MSA
-Add-WindowsFeature RSAT-AD-PowerShell
-Import-Module ActiveDirectory
-Add-KdsRootKey -EffectiveTime ((Get-Date).AddHours(-10))
-
-$Identity = Get-ADComputer -identity $Server
-New-ADServiceAccount -Name $MSAName -Enabled $true -RestrictToSingleComputer -KerberosEncryptionType AES256
-Add-ADComputerServiceAccount -Identity $Identity -ServiceAccount $MSAName
-
-Install-ADServiceAccount -Identity ($MSAName + "$")
+if(-not $MSAExists) {
+    Add-WindowsFeature RSAT-AD-PowerShell
+    Import-Module ActiveDirectory
+
+    $KDSKeys = Get-KdsRootKey
+
+    if ($null -ne $KDSKeys -and $KDSKeys.Count -gt 0 ) {
+        Write-Information -InformationAction Continue -MessageData ("'{0}' KDS Root Key(s) exists already, skipping KdsRootKey creation." -f $KDSKeyCount)
+    }
+    elseif ($null -eq $KDSKeys) {
+        Write-Information -InformationAction Continue -MessageData ("Permissions not available. Skipping KdsRootKey creation." -f $KDSKeyCount)
+    }
+    else {
+        Write-Information -InformationAction Continue -MessageData ("No KDS Root Key found. Creating KdsRootKey")
+        Add-KdsRootKey -EffectiveTime ((Get-Date).AddHours(-10))
+    }
+
+    $Identity = Get-ADComputer -identity $Server
+    New-ADServiceAccount -Name $MSAName -Enabled $true -RestrictToSingleComputer -KerberosEncryptionType AES256
+    Add-ADComputerServiceAccount -Identity $Identity -ServiceAccount $MSAName
+
+    Install-ADServiceAccount -Identity ($MSAName + "$")
+}
 
 # Create the Scheduled Task