SvenAelterman · March 24, 2026 16:26
diff --git a/GpoArcEnabledServerOnboardingUpdateSecret.ps1 b/GpoArcEnabledServerOnboardingUpdateSecret.ps1
 #requires -Modules ActiveDirectory

 [CmdLetBinding()]
 param (
    [Parameter(Mandatory = $True)]
    [System.String]$DomainFQDN,
    [Parameter(Mandatory = $True)]
    [System.String]$ReportServerFQDN,
    [Parameter(Mandatory = $True)]
    [System.String]$ArcRemoteShare,
    [Parameter(Mandatory = $true)]
    [string]$ServicePrincipalSecret
 )

 $ErrorActionPreference = "Stop"

 # Contains the DpapiNgUtil class
 Import-Module $PSScriptRoot\AzureArcDeployment.psm1

 [string]$FolderRemotePath = "\\$ReportServerFQDN\$ArcRemoteShare"
 [string]$AzureArcDeployPath = "$FolderRemotePath\AzureArcDeploy"
 [string]$FileName = "encryptedServicePrincipalSecret"
 [string]$FullFilePath = Join-Path -Path $AzureArcDeployPath -ChildPath $FileName

 # Fetching Domain Information
 $DomainSID = (Get-ADDomain $DomainFQDN).DomainSID.Value
 $DomainComputersSID = $DomainSID + '-515'
 $DomainControllersSID = $DomainSID + '-516'

 # Prepare the ACL for the encrypted secret file
 $DomainComputersSID = "SID=" + $DomainComputersSID
 $DomainControllersSID = "SID=" + $DomainControllersSID
 $Descriptor = @($DomainComputersSID, $DomainControllersSID) -join " OR "

 # Backup the existing file if it exists
 if (Test-Path $FullFilePath -ErrorAction SilentlyContinue) {
    $timestamp = Get-Date -Format "yyyyMMddHHmmss"
    $backupFilePath = "$FullFilePath.$timestamp.bak"
    Rename-Item -Path $FullFilePath -NewName $backupFilePath -Force
    Write-Host "File `'$FullFilePath`' already exists; renamed to `'$backupFilePath`'" -ForegroundColor Yellow;
 }
    
 $encryptedSecret = [DpapiNgUtil]::ProtectBase64($Descriptor, $ServicePrincipalSecret)
 $encryptedSecret | Out-File -FilePath $FullFilePath -Force
	#requires -Modules ActiveDirectory

	[CmdLetBinding()]
	param (
	[Parameter(Mandatory = $True)]
	[System.String]$DomainFQDN,
	[Parameter(Mandatory = $True)]
	[System.String]$ReportServerFQDN,
	[Parameter(Mandatory = $True)]
	[System.String]$ArcRemoteShare,
	[Parameter(Mandatory = $true)]
	[string]$ServicePrincipalSecret
	)

	$ErrorActionPreference = "Stop"

	# Contains the DpapiNgUtil class
	Import-Module $PSScriptRoot\AzureArcDeployment.psm1

	[string]$FolderRemotePath = "\\$ReportServerFQDN\$ArcRemoteShare"
	[string]$AzureArcDeployPath = "$FolderRemotePath\AzureArcDeploy"
	[string]$FileName = "encryptedServicePrincipalSecret"
	[string]$FullFilePath = Join-Path -Path $AzureArcDeployPath -ChildPath $FileName

	# Fetching Domain Information
	$DomainSID = (Get-ADDomain $DomainFQDN).DomainSID.Value
	$DomainComputersSID = $DomainSID + '-515'
	$DomainControllersSID = $DomainSID + '-516'

	# Prepare the ACL for the encrypted secret file
	$DomainComputersSID = "SID=" + $DomainComputersSID
	$DomainControllersSID = "SID=" + $DomainControllersSID
	$Descriptor = @($DomainComputersSID, $DomainControllersSID) -join " OR "

	# Backup the existing file if it exists
	if (Test-Path $FullFilePath -ErrorAction SilentlyContinue) {
	$timestamp = Get-Date -Format "yyyyMMddHHmmss"
	$backupFilePath = "$FullFilePath.$timestamp.bak"
	Rename-Item -Path $FullFilePath -NewName $backupFilePath -Force
	Write-Host "File `'$FullFilePath`' already exists; renamed to `'$backupFilePath`'" -ForegroundColor Yellow;
	}

	$encryptedSecret = [DpapiNgUtil]::ProtectBase64($Descriptor, $ServicePrincipalSecret)
	$encryptedSecret \| Out-File -FilePath $FullFilePath -Force
No results found