#Global settings
. "../Settings.ps1"

# Import Required Modules
Import-Module DSInternals
Add-Type -AssemblyName System.IO.Compression.FileSystem

# Define Domains and Associated Usernames
$domains = @{
    "Domain1" = "username1";
    "Domain2" = "username2";
    # Add more domains and usernames as needed
}

# Present Choice of Domains to User
$selectedDomain = $domains.Keys | Out-GridView -Title "Select a Domain" -PassThru
$selectedUsername = $domains[$selectedDomain]

# Ask User to Enter Password for Chosen Account
Write-Host "Enter password for account $selectedUsername in domain $selectedDomain:"
$password = Read-Host -AsSecureString

# Define Domain Controller (Modify as needed)
$domainController = "$selectedDomain" + "Controller"  # Example: Domain1Controller

# Credential Object
$credential = New-Object System.Management.Automation.PSCredential ($selectedUsername, $password)

# Get Current Timestamp
$timestamp = Get-Date -Format "yyyyMMdd_HHmmss"

# Define Export Path and Filename
$exportPath = "C:\Path\To\Export"  # Configure this path as needed
$exportFilename = "extractedHashes_" + $selectedDomain + "_" + $timestamp + ".csv"
$exportFullPath = Join-Path $exportPath $exportFilename

# Extract Non-Disabled Account Hashes
Get-ADReplAccount -All -Server $domainController -Credential $credential |
    Where-Object { -not $_.AccountDisabled } |
    Select-Object -Property SamAccountName, NTHash |
    Export-Csv -Path $exportFullPath -NoTypeInformation

# Ask User for a Secure Password for Encryption
Write-Host "Enter a secure password to encrypt the file:"
$encryptionPassword = Read-Host -AsSecureString

# Compress and Encrypt File
$compressedFile = $exportFullPath + ".zip"
[IO.Compression.ZipFile]::CreateFromDirectory($exportPath, $compressedFile)
$encryptedFile = $compressedFile + ".encrypted"

# Encrypt the Compressed File
ConvertFrom-SecureString $encryptionPassword | Out-File "$encryptedFile"

# Clean Up
Remove-Item -Path $exportFullPath  # Remove the original CSV file
Remove-Item -Path $compressedFile  # Remove the compressed ZIP file

# Output
Write-Host "Hashes exported, compressed, and encrypted to: $encryptedFile"