Last active
May 26, 2016 09:49
-
-
Save irwins/498bc3c24262cc39f051139c070f0850 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> | |
<html xmlns="http://www.w3.org/1999/xhtml"> | |
<head><title>ADHC snapshot report - 17052016</title> | |
<style type="text/css"> | |
html { height: 100%; -webkit-background-size: cover; -moz-background-size: cover; -o-background-size: cover; background-size: cover; background: #f8f8f8; } | |
page { background: white; width: 210mm; display: block; margin-top: 1em; margin-left: auto; margin-right: auto; margin-bottom: 1em; border-style: solid; border-width: 1px; border-color: #c6c6c6; } | |
@media print { body, page { margin: 0; box-shadow: 0; } } | |
hr { margin-top: 1.0em; } | |
.TOC { font-family: 'Calibri','Candara','Segoe','Segoe UI','Optima','Arial','Sans-Serif'; font-size: 1.33em; text-align: left; font-weight: normal; color: #0072af; } | |
.Heading2 { font-family: 'Calibri','Candara','Segoe','Segoe UI','Optima','Arial','Sans-Serif'; font-size: 1.17em; text-align: left; font-weight: normal; color: #0072af; } | |
.TableDefaultAltRow { font-family: 'Calibri','Candara','Segoe','Segoe UI','Optima','Arial','Sans-Serif'; font-size: 0.92em; text-align: left; font-weight: normal; color: #000000; background-color: #d0ddee; } | |
.Heading1 { font-family: 'Calibri','Candara','Segoe','Segoe UI','Optima','Arial','Sans-Serif'; font-size: 1.33em; text-align: left; font-weight: normal; color: #0072af; } | |
.TableDefaultHeading { font-family: 'Calibri','Candara','Segoe','Segoe UI','Optima','Arial','Sans-Serif'; font-size: 0.92em; text-align: left; font-weight: bold; color: #fff; background-color: #4472c4; } | |
.Footer { font-family: 'Calibri','Candara','Segoe','Segoe UI','Optima','Arial','Sans-Serif'; font-size: 0.67em; text-align: left; font-weight: normal; color: #0072af; } | |
.Normal { font-family: 'Calibri','Candara','Segoe','Segoe UI','Optima','Arial','Sans-Serif'; font-size: 0.92em; text-align: left; font-weight: normal; color: #000000; } | |
.TableDefaultRow { font-family: 'Calibri','Candara','Segoe','Segoe UI','Optima','Arial','Sans-Serif'; font-size: 0.92em; text-align: left; font-weight: normal; color: #000000; } | |
.Title { font-family: 'Calibri','Candara','Segoe','Segoe UI','Optima','Arial','Sans-Serif'; font-size: 2.33em; text-align: left; font-weight: normal; color: #0072af; } | |
.Heading3 { font-family: 'Calibri','Candara','Segoe','Segoe UI','Optima','Arial','Sans-Serif'; font-size: 1.00em; text-align: left; font-weight: normal; color: #0072af; } | |
table.tabledefault { padding: 0.08em 0.33em 0em 0.33em; border-style: solid; border-width: 0.08em; border-color: #2a70be; border-collapse: collapse; } | |
table.tabledefault th { font-family: 'Calibri','Candara','Segoe','Segoe UI','Optima','Arial','Sans-Serif'; font-size: 0.92em; text-align: left; font-weight: bold; color: #fff; background-color: #4472c4; padding: 0.08em 0.33em 0em 0.33em; border-style: solid; border-width: 0.08em; border-color: #2a70be; border-collapse: collapse; } | |
table.tabledefault tr:nth-child(odd) td { font-family: 'Calibri','Candara','Segoe','Segoe UI','Optima','Arial','Sans-Serif'; font-size: 0.92em; text-align: left; font-weight: normal; color: #000000; padding: 0.08em 0.33em 0em 0.33em; border-style: solid; border-width: 0.08em; border-color: #2a70be; border-collapse: collapse; } | |
table.tabledefault tr:nth-child(even) td { font-family: 'Calibri','Candara','Segoe','Segoe UI','Optima','Arial','Sans-Serif'; font-size: 0.92em; text-align: left; font-weight: normal; color: #000000; background-color: #d0ddee; padding: 0.08em 0.33em 0em 0.33em; border-style: solid; border-width: 0.08em; border-color: #2a70be; border-collapse: collapse; } | |
table.tabledefault-list { padding: 0.08em 0.33em 0em 0.33em; border-style: solid; border-width: 0.08em; border-color: #2a70be; border-collapse: collapse; } | |
table.tabledefault-list td:nth-child(1) { font-family: 'Calibri','Candara','Segoe','Segoe UI','Optima','Arial','Sans-Serif'; font-size: 0.92em; text-align: left; font-weight: bold; color: #fff; background-color: #4472c4; padding: 0.08em 0.33em 0em 0.33em; border-style: solid; border-width: 0.08em; border-color: #2a70be; border-collapse: collapse; } | |
table.tabledefault-list td:nth-child(2) { font-family: 'Calibri','Candara','Segoe','Segoe UI','Optima','Arial','Sans-Serif'; font-size: 0.92em; text-align: left; font-weight: normal; color: #000000; padding: 0.08em 0.33em 0em 0.33em; border-style: solid; border-width: 0.08em; border-color: #2a70be; border-collapse: collapse; } | |
</style></head><body><page> | |
<div class="Normal" style="padding-top: 2em; padding-left: 2em; padding-bottom: 2em; padding-right: 2em;"> | |
<br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><div class="Title">Active Directory Health report - 17052016</div><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /></div></page><page><div class="Normal" style="padding-top: 2em; padding-left: 2em; padding-bottom: 2em; padding-right: 2em;"> | |
<h1 class="TOC">TABLE OF CONTENTS</h1><table style="width: 100%;"> | |
<tr><td>1</td><td><a href="#FORESTINFORMATION" style="text-decoration: none;">FOREST INFORMATION</a></td></tr> | |
<tr><td>2</td><td><a href="#DOMAININFORMATION" style="text-decoration: none;">DOMAIN INFORMATION</a></td></tr> | |
<tr><td>3</td><td><a href="#FSMOROLES" style="text-decoration: none;">FSMO ROLES</a></td></tr> | |
<tr><td>4</td><td><a href="#GLOBALCATALOGS" style="text-decoration: none;">GLOBAL CATALOGS</a></td></tr> | |
<tr><td>5</td><td><a href="#DOMAINCONTROLLERS" style="text-decoration: none;">DOMAIN CONTROLLERS</a></td></tr> | |
<tr><td>6</td><td><a href="#DEFAULTDOMAINPASSWORDPOLICY" style="text-decoration: none;">DEFAULT DOMAIN PASSWORD POLICY</a></td></tr> | |
<tr><td>7</td><td><a href="#DOMAINADMINISTRATORS" style="text-decoration: none;">DOMAIN ADMINISTRATORS</a></td></tr> | |
<tr><td>8</td><td><a href="#ORGANIZATIONALUNITS" style="text-decoration: none;">ORGANIZATIONAL UNITS</a></td></tr> | |
<tr><td>9</td><td><a href="#SITES&SUBNETS" style="text-decoration: none;">SITES & SUBNETS</a></td></tr> | |
<tr><td>9.1</td><td> <a href="#SITES" style="text-decoration: none;">SITES</a></td></tr> | |
<tr><td>9.1.1</td><td> <a href="#SITESWITHOUTADESCRIPTION" style="text-decoration: none;">SITES WITHOUT A DESCRIPTION</a></td></tr> | |
<tr><td>9.1.2</td><td> <a href="#SITESWITHOUTASUBNET" style="text-decoration: none;">SITES WITHOUT A SUBNET</a></td></tr> | |
<tr><td>9.1.3</td><td> <a href="#SITESWITHOUTASERVER" style="text-decoration: none;">SITES WITHOUT A SERVER</a></td></tr> | |
<tr><td>9.2</td><td> <a href="#SITELINKS" style="text-decoration: none;">SITELINKS</a></td></tr> | |
<tr><td>9.3</td><td> <a href="#SUBNETS" style="text-decoration: none;">SUBNETS</a></td></tr> | |
</table> | |
</div></page><page><div class="Normal" style="padding-top: 2em; padding-left: 2em; padding-bottom: 2em; padding-right: 2em;"> | |
<a name="FORESTINFORMATION"><h1 class="Heading1">1 FOREST INFORMATION</h1></a><div><table class="tabledefault-list"><tbody><tr><td>Name</td><td>pshirwin.local</td></tr><tr><td>RootDomain</td><td>pshirwin.local</td></tr><tr><td>ForestMode</td><td>Windows2012R2Forest</td></tr><tr><td>Domains</td><td>pshirwin.local</td></tr></tbody></table></div> | |
<a name="DOMAININFORMATION"><h1 class="Heading1">2 DOMAIN INFORMATION</h1></a><div><table class="tabledefault-list"><tbody><tr><td>NetBIOSName</td><td>PSHIRWIN</td></tr><tr><td>DomainMode</td><td>Windows2012R2Domain</td></tr><tr><td>DistinguishedName</td><td>DC=pshirwin,DC=local</td></tr><tr><td>DomainSID</td><td>S-1-5-21-2648780957-277300436-725747423</td></tr></tbody></table></div> | |
<a name="FSMOROLES"><h1 class="Heading1">3 FSMO ROLES</h1></a><div><table class="tabledefault-list"><tbody><tr><td>DomainNamingMaster</td><td>DC-DSC-01.pshirwin.local</td></tr><tr><td>SchemaMaster</td><td>DC-DSC-01.pshirwin.local</td></tr></tbody></table></div> | |
<br /><div><table class="tabledefault-list"><tbody><tr><td>PDCEmulator</td><td>DC-DSC-01.pshirwin.local</td></tr><tr><td>InfrastructureMaster</td><td>DC-DSC-01.pshirwin.local</td></tr><tr><td>RIDMaster</td><td>DC-DSC-01.pshirwin.local</td></tr></tbody></table></div> | |
<a name="GLOBALCATALOGS"><h1 class="Heading1">4 GLOBAL CATALOGS</h1></a><div><table class="tabledefault-list"><tbody><tr><td>Name</td><td>DC-DSC-01.pshirwin.local</td></tr></tbody></table></div> | |
<a name="DOMAINCONTROLLERS"><h1 class="Heading1">5 DOMAIN CONTROLLERS</h1></a><div><table class="tabledefault-list"><tbody><tr><td>Name</td><td>DC-DSC-01</td></tr><tr><td>OperatingSystem</td><td>Windows Server 2012 R2 Standard</td></tr><tr><td>IPv4Address</td><td>10.15.75.250</td></tr><tr><td>Site</td><td>Default-First-Site-Name</td></tr></tbody></table></div> | |
<a name="DEFAULTDOMAINPASSWORDPOLICY"><h1 class="Heading1">6 DEFAULT DOMAIN PASSWORD POLICY</h1></a><div><table class="tabledefault-list"><tbody><tr><td>ComplexityEnabled</td><td>True</td></tr><tr><td>LockoutDuration</td><td>00:30:00</td></tr><tr><td>LockoutObservationWindow</td><td>00:30:00</td></tr><tr><td>LockoutThreshold</td><td>0</td></tr><tr><td>MaxPasswordAge</td><td>42.00:00:00</td></tr><tr><td>MinPasswordAge</td><td>1.00:00:00</td></tr><tr><td>MinPasswordLength</td><td>7</td></tr><tr><td>PasswordHistoryCount</td><td>24</td></tr><tr><td>ReversibleEncryptionEnabled</td><td>False</td></tr></tbody></table></div> | |
<a name="DOMAINADMINISTRATORS"><h1 class="Heading1">7 DOMAIN ADMINISTRATORS</h1></a><div><table class="tabledefault"><thead><tr><th>name</th><th>distinguishedName</th></tr></thead><tbody> | |
<tr><td>Administrator</td><td>CN=Administrator,CN=Users,DC=pshirwin,DC=local</td></tr> | |
<tr><td>9006487</td><td>CN=9006487,OU=Disabled,OU=Gebruikers,OU=IPI,DC=pshirwin,DC=local</td></tr> | |
</tbody></table></div> | |
<a name="ORGANIZATIONALUNITS"><h1 class="Heading1">8 ORGANIZATIONAL UNITS</h1></a><div><table class="tabledefault"><thead><tr><th>Name</th><th>DistinguishedName</th></tr></thead><tbody> | |
<tr><td>Domain Controllers</td><td>OU=Domain Controllers,DC=pshirwin,DC=local</td></tr> | |
<tr><td>Servers</td><td>OU=Servers,DC=pshirwin,DC=local</td></tr> | |
<tr><td>Resources</td><td>OU=Resources,DC=pshirwin,DC=local</td></tr> | |
<tr><td>Users</td><td>OU=Users,OU=Resources,DC=pshirwin,DC=local</td></tr> | |
<tr><td>Groups</td><td>OU=Groups,OU=Resources,DC=pshirwin,DC=local</td></tr> | |
<tr><td>RBAC</td><td>OU=RBAC,OU=Resources,DC=pshirwin,DC=local</td></tr> | |
<tr><td>IPI</td><td>OU=IPI,DC=pshirwin,DC=local</td></tr> | |
<tr><td>Gebruikers</td><td>OU=Gebruikers,OU=IPI,DC=pshirwin,DC=local</td></tr> | |
<tr><td>Propertize</td><td>OU=Propertize,OU=Gebruikers,OU=IPI,DC=pshirwin,DC=local</td></tr> | |
<tr><td>Delegation</td><td>OU=Delegation,OU=Resources,DC=pshirwin,DC=local</td></tr> | |
<tr><td>Maarssen</td><td>OU=Maarssen,OU=Gebruikers,OU=IPI,DC=pshirwin,DC=local</td></tr> | |
<tr><td>Pantar</td><td>OU=Pantar,OU=Gebruikers,OU=IPI,DC=pshirwin,DC=local</td></tr> | |
<tr><td>Roles</td><td>OU=Roles,OU=Resources,DC=pshirwin,DC=local</td></tr> | |
<tr><td>DAT</td><td>OU=DAT,OU=Resources,DC=pshirwin,DC=local</td></tr> | |
<tr><td>Extern</td><td>OU=Extern,OU=Gebruikers,OU=IPI,DC=pshirwin,DC=local</td></tr> | |
<tr><td>Disabled</td><td>OU=Disabled,OU=Gebruikers,OU=IPI,DC=pshirwin,DC=local</td></tr> | |
<tr><td>Temp</td><td>OU=Temp,OU=IPI,DC=pshirwin,DC=local</td></tr> | |
</tbody></table></div> | |
<a name="SITES&SUBNETS"><h1 class="Heading1">9 SITES & SUBNETS</h1></a><a name="SITES"><h2 class="Heading2">9.1 SITES</h2></a><div><table class="tabledefault-list"><tbody><tr><td>Name</td><td>Default-First-Site-Name</td></tr><tr><td>Description</td><td> </td></tr><tr><td>DistinguishedName</td><td>CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=pshirwin,DC=local</td></tr></tbody></table></div> | |
<p /> | |
<div><table class="tabledefault-list"><tbody><tr><td>Name</td><td>Branch01</td></tr><tr><td>Description</td><td> </td></tr><tr><td>DistinguishedName</td><td>CN=Branch01,CN=Sites,CN=Configuration,DC=pshirwin,DC=local</td></tr></tbody></table></div> | |
<a name="SITESWITHOUTADESCRIPTION"><h3 class="Heading3">9.1.1 SITES WITHOUT A DESCRIPTION</h3></a><div><table class="tabledefault"><thead><tr><th>Name</th></tr></thead><tbody> | |
<tr><td>Default-First-Site-Name</td></tr> | |
<tr><td>Branch01</td></tr> | |
</tbody></table></div> | |
<a name="SITESWITHOUTASUBNET"><h3 class="Heading3">9.1.2 SITES WITHOUT A SUBNET</h3></a><div><table class="tabledefault"><thead><tr><th>Name</th></tr></thead><tbody> | |
<tr><td>Default-First-Site-Name</td></tr> | |
</tbody></table></div> | |
<a name="SITESWITHOUTASERVER"><h3 class="Heading3">9.1.3 SITES WITHOUT A SERVER</h3></a><div><table class="tabledefault"><thead><tr><th>Name</th></tr></thead><tbody> | |
<tr><td>Branch01</td></tr> | |
</tbody></table></div> | |
<a name="SITELINKS"><h2 class="Heading2">9.2 SITELINKS</h2></a><div><table class="tabledefault"><thead><tr><th>Name</th><th>Cost</th><th>ReplicationFrequencyInMinutes</th></tr></thead><tbody> | |
<tr><td>DEFAULTIPSITELINK</td><td>100</td><td>180</td></tr> | |
</tbody></table></div> | |
<a name="SUBNETS"><h2 class="Heading2">9.3 SUBNETS</h2></a><div><table class="tabledefault"><thead><tr><th>Name</th><th>Site</th></tr></thead><tbody> | |
<tr><td>192.168.0.0/24</td><td>CN=Branch01,CN=Sites,CN=Configuration,DC=pshirwin,DC=local</td></tr> | |
</tbody></table></div> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<# | |
Author: I.Strachan | |
Version: 1.0 | |
Version History: | |
Purpose: Active Directory Health Check PScribo/Excel report | |
#> | |
[CmdletBinding()] | |
Param( | |
$snapshotDate= '26052016' | |
) | |
#PScribo link: https://github.com/iainbrighton/PScribo | |
Import-Module PScribo,ImportExcel -Verbose:$false | |
#ImportExcel link: https://github.com/dfinke/ImportExcel | |
Import-Module ImportExcel -Verbose:$false | |
#Get ADSnapshot | |
$ADHCSnapshot = Import-Clixml .\export\adds\ADHC-$($snapshotDate).xml | |
#region Create PScribo Document | |
$reportAD = Document "ADHC snapshot report - $($snapshotDate)" { | |
GlobalOption -ForceUppercaseSection -EnableSectionNumbering -PageSize A4 -Margin 24 | |
BlankLine -Count 20 | |
Paragraph "Active Directory Health report - $($snapshotDate)" -Style Title | |
BlankLine -Count 20 | |
PageBreak | |
TOC -Name 'Table of Contents' | |
PageBreak | |
Section -Style Heading1 'Forest Information' { | |
$ADForest = [Ordered]@{ | |
Name = $($ADHCSnapshot.ADDS.Forest.Name) | |
RootDomain = $($ADHCSnapshot.ADDS.Forest.RootDomain) | |
ForestMode = $($ADHCSnapshot.ADDS.Forest.ForestMode.ToString()) | |
Domains = $($ADHCSnapshot.ADDS.Forest.Domains) | |
} | |
Table -Name 'AutofitWidth-AutofitCell-NoHighlighting' -List -Width 0 -Hashtable $ADForest | |
Section -Style Heading2 'FSMO Roles' { | |
$ADHCSnapshot.ADDS.Forest | | |
Select-Object DomainNamingMaster,SchemaMaster | | |
Table -Name 'AutofitWidth-AutofitCell-NoHighlighting' -List -Width 0 | |
Blankline | |
$ADHCSnapshot.ADDS.Domain | | |
Select-Object PDCEmulator,InfrastructureMaster,RIDMaster | | |
Table -Name 'AutofitWidth-AutofitCell-NoHighlighting' -List -Width 0 | |
} | |
Section -Style Heading2 'Global Catalogs' { | |
$ADHCSnapshot.ADDS._Forest.GlobalCatalogs | | |
Select-Object Name | | |
Table -Name 'AutofitWidth-AutofitCell-NoHighlighting' -Width 0 | |
} | |
} | |
PageBreak | |
Section -Style Heading1 'Domain Information' { | |
$ADDomain = [Ordered]@{ | |
NetBIOSName = $($ADHCSnapshot.ADDS.Domain.NetBIOSName) | |
DomainMode = $($ADHCSnapshot.ADDS.Domain.DomainMode.ToString()) | |
DistinguishedName = $($ADHCSnapshot.ADDS.Domain.DistinguishedName) | |
DomainSID = $($ADHCSnapshot.ADDS.Domain.DomainSID) | |
} | |
Table -Name 'AutofitWidth-AutofitCell-NoHighlighting' -List -Width 0 -Hashtable $ADDomain | |
Section -Style Heading2 'Domain Controllers' { | |
$ADHCSnapshot.ADDS.DomainControllers | | |
Select-Object Name,OperatingSystem,IPv4Address,Site | | |
Table -Name 'AutofitWidth-AutofitCell-NoHighlighting' -List -Width 0 | |
} | |
Section -Style Heading2 'Default Domain Password Policy' { | |
$ADHCSnapshot.ADDS.DefaultPassWordPoLicy | | |
Select-Object ComplexityEnabled,LockoutDuration,LockoutObservationWindow,LockoutThreshold, | |
MaxPasswordAge,MinPasswordAge,MinPasswordLength,PasswordHistoryCount,ReversibleEncryptionEnabled | | |
Table -Name 'AutofitWidth-AutofitCell-NoHighlighting' -List -Width 0 | |
} | |
Section -Style Heading2 'Domain Administrators' { | |
$ADHCSnapshot.ADDS.DomainAdministrators | | |
Select-Object Name,DistinguishedName | | |
Table -Name 'AutofitWidth-AutofitCell-NoHighlighting' -Width 0 | |
} | |
PageBreak | |
Section -Style Heading2 'Organizational Units' { | |
$ADHCSnapshot.ADDS.OrganizationalUnits | | |
Select-Object Name,DistinguishedName | | |
Table -Name 'AutofitWidth-AutofitCell-NoHighlighting' -Width 0 | |
} | |
PageBreak | |
Section -Style Heading2 'Groups' { | |
$ADHCSnapshot.Groups.Privileged | | |
Select-Object DomainSID,NETBIOSName,FQDN | | |
Table -Name 'AutofitWidth-AutofitCell-NoHighlighting' -list -Width 0 | |
Section -Style Heading3 'Privileged groups'{ | |
$ADHCSnapshot.Groups.Privileged.Groups | | |
Foreach-Object{ | |
[PSCustomObject]@{ | |
Name = $_.Name | |
Category = $_.GroupCategory.ToString() | |
Scope = $_.GroupScope.ToString() | |
SID = $_.SID | |
} | |
} | | |
Table -Name 'AutofitWidth-AutofitCell-NoHighlighting' -Width 0 | |
} | |
Section -Style Heading3 'Privileged groups count'{ | |
$ADHCSnapshot.Groups.Privileged.Groups | | |
Foreach-object { | |
[PSCustomObject]@{ | |
Name = $_.Name | |
MemberCount = @($_.Members).Count | |
} | |
} | | |
Table -Name 'AutofitWidth-AutofitCell-NoHighlighting' -Width 0 | |
} | |
} | |
} | |
PageBreak | |
Section -Style Heading1 'Sites & Subnets' { | |
Section -Style Heading2 'Sites' { | |
$ADHCSnapshot.ADDS.Sites | | |
Select-Object Name,Description,DistinguishedName | | |
Table -Name 'AutofitWidth-AutofitCell-NoHighlighting' -Width 0 | |
Section -Style Heading3 'Sites without a description' { | |
$ADHCSnapshot.ADDS.Sites.Where{$_.Description -eq $null} | | |
Select-Object Name | | |
Table -Name 'AutofitWidth-AutofitCell-NoHighlighting' -Width 0 | |
} | |
if($ADHCSnapshot.ADDS._Forest.Sites.Where{@($_.Subnets).Count -eq 0 }){ | |
Section -Style Heading3 'Sites without a subnet' { | |
$ADHCSnapshot.ADDS._Forest.Sites.Where{@($_.Subnets).Count -eq 0 } | | |
Select-Object Name | | |
Table -Name 'AutofitWidth-AutofitCell-NoHighlighting' -Width 0 | |
} | |
} | |
if($ADHCSnapshot.ADDS._Forest.Sites.Where{@($_.Servers).Count -eq 0 }){ | |
Section -Style Heading3 'Sites without a DC' { | |
$ADHCSnapshot.ADDS._Forest.Sites.Where{@($_.Servers).Count -eq 0 } | | |
Select-Object Name | | |
Table -Name 'AutofitWidth-AutofitCell-NoHighlighting' -Width 0 | |
} | |
} | |
Section -Style Heading3 'Sites Stats' { | |
$ADHCSnapshot.ADDS.SitesStats | | |
Table -Name 'AutofitWidth-AutofitCell-NoHighlighting' -Width 0 | |
} | |
} | |
Section -Style Heading2 'Sitelinks' { | |
$ADHCSnapshot.ADDS.SiteLinks | | |
Select-Object Name,Cost,ReplicationFrequencyInMinutes | | |
Table -Name 'AutofitWidth-AutofitCell-NoHighlighting' -Width 0 | |
} | |
Section -Style Heading2 'Subnets' { | |
$ADHCSnapshot.ADDS.Subnets | | |
Select-Object Name,Site | | |
Table -Name 'AutofitWidth-AutofitCell-NoHighlighting' -Width 0 | |
} | |
} | |
PageBreak | |
Section -Style Heading1 'Group Policies' { | |
$ADHCSnapshot.GPOs.All | | |
Select-Object DisplayName,Description,GPOStatus,ModificationTime | | |
Table -Name 'AutofitWidth-AutofitCell-NoHighlighting' -Width 0 | |
Section -Style Heading2 'Group Policy Scope of Management' { | |
$ADHCSnapshot.GPOs.GPOsSoM | | |
Select-Object DisplayName,LinkOrderNr,GPOStatus,LinkEnabled,Enforced,BlockInheritance | | |
Table -Name 'AutofitWidth-AutofitCell-NoHighlighting' -Width 0 | |
} | |
} | |
} | |
#endregion | |
#region Render report in HTML format | |
$reportAD | Export-Document -Path .\export\adds -Format Html | |
#endregion | |
#region Export Users,Group & Computers to Excel | |
$xlsxUserFile = ".\export\adds\ADHC - USG - UserReport - $($snapshotDate).xlsx" | |
$xlsxComputerFile = ".\export\adds\ADHC - USG - ComputerReport - $($snapshotDate).xlsx" | |
$xlsxGroupMembersFile = ".\export\adds\ADHC - USG - PrivilegedMembersReport - $($snapshotDate).xlsx" | |
$xlsxGroupMemberOfFile = ".\export\adds\ADHC - USG - PrivilegedMemberOfReport - $($snapshotDate).xlsx" | |
#Users xlsx file | |
foreach($entry in $ADHCSnapshot.Users.Keys){ | |
$WorkSheetName = $entry | |
If($ADHCSnapshot.Users.$entry){ | |
$ADHCSnapshot.Users.$entry | | |
ConvertTo-Csv -Delimiter ';' -NoTypeInformation | | |
ConvertFrom-Csv -Delimiter ';' | | |
Export-Excel -Path $xlsxUserFile -WorkSheetname $WorkSheetName -AutoSize -BoldTopRow -FreezeTopRow | |
} | |
} | |
#Computers xlsx file | |
foreach($entry in $ADHCSnapshot.Computers.Keys){ | |
$WorkSheetName = $entry | |
if($ADHCSnapshot.Computers.$entry){ | |
$ADHCSnapshot.Computers.$entry | | |
ConvertTo-Csv -Delimiter ';' -NoTypeInformation | | |
ConvertFrom-Csv -Delimiter ';' | | |
Export-Excel -Path $xlsxComputerFile -WorkSheetname $WorkSheetName -AutoSize -BoldTopRow -FreezeTopRow | |
} | |
} | |
#Groups xlsx file | |
$snapshot.Groups.Privileged.Groups.ForEach{ | |
if($_.Members){ | |
$_.Members | | |
ForEach-Object{ | |
$_ | Get-ADObject | | |
Select-Object Name,DistinguishedName | |
} | | |
Export-Excel -Path $xlsxGroupMembersFile -WorkSheetname $_.Name -AutoSize -BoldTopRow -FreezeTopRow | |
} | |
if($_.MemberOf){ | |
$_.MemberOf | | |
ForEach-Object{ | |
$_ | Get-ADObject | | |
Select-Object Name,DistinguishedName | |
} | | |
Export-Excel -Path $xlsxGroupMemberOfFile -WorkSheetname $_.Name -AutoSize -BoldTopRow -FreezeTopRow | |
} | |
} | |
foreach($entry in $ADHCSnapshot.Computers.Keys){ | |
$WorkSheetName = $entry | |
if($ADHCSnapshot.Computers.$entry){ | |
$ADHCSnapshot.Computers.$entry | | |
ConvertTo-Csv -Delimiter ';' -NoTypeInformation | | |
ConvertFrom-Csv -Delimiter ';' | | |
Export-Excel -Path $xlsxComputerFile -WorkSheetname $WorkSheetName -AutoSize -BoldTopRow -FreezeTopRow | |
} | |
} | |
#endregion |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<# | |
Author: I.Strachan | |
Version: | |
Version History: | |
Purpose: Get Snapshot of Active Directory current Health | |
#> | |
[cmdletbinding()] | |
Param() | |
Import-Module ActiveDirectory,GroupPolicy -Verbose:$false | |
#region Helper Functions. Ideally this would be a module. You can also . Source an external script | |
Function Get-SitesStats{ | |
#Ahsley McGlone Freaky neat AD site links | |
#https://blogs.technet.microsoft.com/ashleymcglone/2012/09/10/freaky-neat-active-directory-site-links-with-powershell/ | |
Get-ADObject -LDAPFilter '(objectClass=site)' -SearchBase (Get-ADRootDSE).ConfigurationNamingContext -Properties WhenCreated, Description | | |
Select-Object Name, | |
@{label='IsEmpty';expression={If ($(Get-ADObject -Filter {ObjectClass -eq 'nTDSDSA'} -SearchBase $_.DistinguishedName)) {$false} else {$true}}}, | |
@{label='DCCount';expression={@($(Get-ADObject -Filter {ObjectClass -eq 'nTDSDSA'} -SearchBase $_.DistinguishedName)).Count}}, | |
@{label='SubnetCount';expression={@($(Get-ADObject -Filter {ObjectClass -eq 'subnet' -and siteObject -eq $_.DistinguishedName} -SearchBase (Get-ADRootDSE).ConfigurationNamingContext)).Count}}, | |
@{label='SiteLinkCount';expression={@($(Get-ADObject -Filter {ObjectClass -eq 'sitelink' -and siteList -eq $_.DistinguishedName} -SearchBase (Get-ADRootDSE).ConfigurationNamingContext)).Count}}, | |
WhenCreated,Description | |
} | |
Function Get-GPOsSoM { | |
#Ashley McGlone GPO Report | |
#https://blogs.technet.microsoft.com/ashleymcglone/2013/05/29/dude-wheres-my-gpo-using-powershell-to-find-all-of-your-group-policy-links/ | |
BEGIN{ | |
#region Get a list of all GPOs | |
$GPOs = Get-GPO -All | | |
Select-Object ID, Path, DisplayName, GPOStatus, WMIFilter | |
#endregion | |
#Array for GPLinks results | |
$gPLinks = @() | |
#region GPO Linked to the Domain | |
$domainGPO = @{ | |
Identity = ((Get-ADDomain).distinguishedName) | |
Properties = @('name', 'distinguishedName', 'gPLink', 'gPOptions', 'canonicalname') | |
} | |
$gPlinks += Get-ADObject @domainGPO | | |
Select-Object 'name', 'distinguishedName', 'gPLink', 'gPOptions', 'canonicalname', | |
@{name='Depth';expression={0}} | |
#endregion | |
#region GPO Linked to OUs | |
$ouGPOs = @{ | |
Filter = '*' | |
Properties = @('name', 'distinguishedName', 'gPLink', 'gPOptions', 'canonicalname') | |
} | |
$gPLinks += Get-ADOrganizationalUnit @ouGPOs | | |
Select-Object name, distinguishedName, gPLink, gPOptions ,canonicalname , | |
@{name='Depth';expression={($_.distinguishedName -split 'OU=').count - 1}} | |
#endregion | |
#region GPOs linked to sites | |
$siteGPOs = @{ | |
LDAPFilter = '(objectClass=site)' | |
SearchBase = "CN=Sites,$((Get-ADRootDSE).configurationNamingContext)" | |
SearchScope = 'Onelevel' | |
Properties = @('name', 'distinguishedName', 'gPLink', 'gPOptions', 'canonicalname') | |
} | |
$gPLinks += Get-ADObject @siteGPOs | | |
Select-Object name, distinguishedName, gPLink, gPOptions ,canonicalname, | |
@{name='Depth';expression={0}} | |
#endregion | |
#Hashtable to lookup GPOs | |
$lookupGPO = $GPOs | Group-Object -AsHashTable -Property 'Path' | |
} | |
PROCESS{ | |
#Get the Scope of Management of each gPLink | |
ForEach ($SOM in $gPLinks) { | |
if ($SOM.gPLink) { | |
If ($SOM.gPLink.length -gt 1) { | |
$links = @($SOM.gPLink -split {$_ -eq '[' -or $_ -eq ']'} | Where-Object {$_}) | |
For ( $i = $links.count - 1 ; $i -ge 0 ; $i-- ) { | |
$GPOData = $links[$i] -split {$_ -eq '/' -or $_ -eq ';'} | |
[PSCustomObject]@{ | |
Depth = $SOM.Depth; | |
Name = $SOM.Name; | |
DistinguishedName = $SOM.distinguishedName; | |
canonicalName = $SOM.canonicalname; | |
PolicyDN = $GPOData[2]; | |
LinkOrderNr = $links.count - $i | |
GUID = $lookupGPO.$($GPOData[2]).ID; | |
DisplayName = $lookupGPO.$($GPOData[2]).DisplayName; | |
GPOStatus = $lookupGPO.$($GPOData[2]).GPOStatus; | |
WMIFilter = $lookupGPO.$($GPOData[2]).WMIFilter.Name; | |
Config = $GPOData[3]; | |
LinkEnabled = [bool](!([int]$GPOData[3] -band 1)); | |
Enforced = [bool]([int]$GPOData[3] -band 2); | |
BlockInheritance = [bool]($SOM.gPOptions -band 1) | |
} | |
} | |
} | |
} | |
} | |
} | |
END{} | |
} | |
Function Get-PrivilegedGroups{ | |
#Jeff Wouters script. | |
Param ( | |
$Domain | |
) | |
BEGIN{ | |
$PrivilegedGroups = @( | |
"$($Domain.DomainSID)-512" #Domain Admins | |
"$($Domain.DomainSID)-518" #Schema Admins | |
"$($Domain.DomainSID)-519" #Enterprise Admins | |
"$($Domain.DomainSID)-520" #Group Policy Creatr Owners | |
'S-1-5-32-544' #Builtin\Administrators | |
'S-1-5-32-548' #Builtin\Account Operators | |
'S-1-5-32-549' #Builtin\Server Operators | |
'S-1-5-32-550' #Builtin\Print Operators | |
'S-1-5-32-551' #Builtin\Backup Operators | |
'S-1-5-32-552' #Builtin\Replicators | |
'S-1-5-32-556' #Builtin\Network Configuration Operations | |
'S-1-5-32-557' #Builtin\Incoming Forest Trust Builders | |
'S-1-5-32-573' #Builtin\Event Log Readers | |
'S-1-5-32-578' #Builtin\Hyper-V Administrators | |
'S-1-5-32-580' #Builtin\Remote Management Users | |
) | |
} | |
PROCESS{ | |
$objDomainPrivilegedGroups = @{ | |
DomainSID = $Domain.DomainSID | |
NETBIOSName = $Domain.Name | |
FQDN = $Domain.DNSRoot | |
} | |
$colPrivilegedGroups = @() | |
foreach($group in $PrivilegedGroups){ | |
$colPrivilegedGroups += Get-ADGroup -Identity $group -Properties Members,MemberOf | |
} | |
$objDomainPrivilegedGroups.Groups = $colPrivilegedGroups | |
[PSCustomObject]$objDomainPrivilegedGroups | |
} | |
END{} | |
} | |
#endregion | |
$snapshot = @{ | |
ADDS = @{} | |
Users = @{} | |
Groups = @{} | |
GPOs = @{} | |
Computers = @{} | |
} | |
#region: snapshotADDS | |
$snapshot.ADDS.RootDSE = $(Get-ADRootDSE) | |
$snapshot.ADDS.Forest = $(Get-ADForest) | |
$snapshot.ADDS._Forest = [System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest() | |
$snapshot.ADDS.Domain = $(Get-ADDomain) | |
$snapshot.ADDS._Domain = [System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain() | |
$snapshot.ADDS.DomainControllers = $(Get-ADDomainController -Filter *) | |
$snapshot.ADDS.DomainTrusts = (Get-ADTrust -Filter *) | |
$snapshot.ADDS.DefaultPassWordPoLicy = $(Get-ADDefaultDomainPasswordPolicy) | |
$snapshot.ADDS.AuthenticationPolicies = $(Get-ADAuthenticationPolicy -LDAPFilter '(name=AuthenticationPolicy*)') | |
$snapshot.ADDS.AuthenticationPolicySilos = $(Get-ADAuthenticationPolicySilo -Filter 'Name -like "*AuthenticationPolicySilo*"') | |
$snapshot.ADDS.CentralAccessPolicies = $(Get-ADCentralAccessPolicy -Filter *) | |
$snapshot.ADDS.CentralAccessRules = $(Get-ADCentralAccessRule -Filter *) | |
$snapshot.ADDS.ClaimTransformPolicies = $(Get-ADClaimTransformPolicy -Filter *) | |
$snapshot.ADDS.ClaimTypes = $(Get-ADClaimType -Filter *) | |
$snapshot.ADDS.DomainAdministrators =$( Get-ADGroup -Identity $('{0}-512' -f (Get-ADDomain).domainSID) | Get-ADGroupMember -Recursive) | |
$snapshot.ADDS.OrganizationalUnits = $(Get-ADOrganizationalUnit -Filter *) | |
$snapshot.ADDS.OptionalFeatures = $(Get-ADOptionalFeature -Filter *) | |
$snapshot.ADDS.Sites = $(Get-ADReplicationSite -Filter *) #Applies To: Windows 8.1, Windows PowerShell 4.0, Windows Server 2012 R2 | |
$snapshot.ADDS.Subnets = $(Get-ADReplicationSubnet -Filter *) #Applies To: Windows 8.1, Windows PowerShell 4.0, Windows Server 2012 R2 | |
$snapshot.ADDS.SiteLinks = $(Get-ADReplicationSiteLink -Filter *) #Applies To: Windows 8.1, Windows PowerShell 4.0, Windows Server 2012 R2 | |
$snapshot.ADDS.ReplicationMetaData = $(Get-ADReplicationPartnerMetadata -Target (Get-ADDomain).DNSRoot -Scope Domain) | |
$snapshot.ADDS.SitesStats = $(Get-SitesStats) #Courtesy of Ashley McGlone | |
$snapshot.ADDS.repadmin = $(repadmin.exe /showrepl * /csv | ConvertFrom-CSV) #Courtesy of Ashley McGlone | |
#endregion | |
#region snapshotGPOs | |
$snapshot.GPOs.GPOsSoM = Get-GPOsSoM | |
$snapshot.GPOs.All = Get-GPO -All | Select-Object '*' | |
#endregion | |
#region snapshotUsers | |
$snapshot.Users.Disabled = Search-ADAccount -AccountDisabled | |
$snapshot.Users.Expired = Search-ADAccount -AccountExpired | |
$snapshot.Users.Expiring = Search-ADAccount -AccountExpiring | |
$snapshot.Users.NoExpireDate = Get-ADUser -LDAPFilter '(|(accountExpires=0)(accountExpires=9223372036854775807))' | |
$snapshot.Users.Inactive = Search-ADAccount -AccountInactive | |
$snapshot.Users.NoKerberosPreAuth = get-aduser -filter * -properties DoesNotRequirePreAuth | Where-Object {$_.DoesNotRequirePreAuth} | |
$snapshot.Users.MustChangePassWord = Get-ADUser -Filter {pwdLastSet -eq 0} | |
$snapshot.Users.CannotChangePassWord = Get-ADUser -Filter * -Properties CannotChangePassword |Where-Object {$_.CannotChangePassword} | |
$snapshot.Users.All = Get-ADUser -Filter '*' | Select-Object '*' | |
#endregion | |
#region snapshotGroups | |
$snapshot.Groups.All = Get-ADGroup -Filter '*' | |
$snapshot.Groups.Privileged = Get-PrivilegedGroups -Domain $(Get-ADDomain) | |
#endregion | |
#region snapshotComputers | |
$snapshot.Computers.All = Get-ADComputer -Filter * -Properties OperatingSystem | |
$snapshot.Computers.Disabled = Search-ADAccount -AccountDisabled -ComputersOnly | |
$snapshot.Computers.Expired = Search-ADAccount -AccountExpired -ComputersOnly | |
$snapshot.Computers.Expiring = Search-ADAccount -AccountExpiring -ComputersOnly | |
#endregion | |
#region Export to XML. Change folder to reflect your location | |
$exportDate = Get-Date -Format ddMMyyyy | |
$snapshot | Export-Clixml .\export\adds\ADHC-$($exportDate).xml -Encoding UTF8 | |
#endregion | |
#region Querying snapshot. Try each one seperately! | |
"`nDisabled users`n" | |
$snapshot.Users.Disabled | Select-Object Name | |
"`nExpired users`n" | |
$snapshot.Users.Expired | Select-Object Name | |
"`nExpiring users`n" | |
$snapshot.Users.Expiring | Select-Object Name | |
"`nPrivilegedGroup`n" | |
$snapshot.Groups.Privileged.Groups | Select-Object Name | |
"`nPrivilegedGroup Members count`n" | |
$snapshot.Groups.Privileged.Groups | | |
Foreach-object { | |
[PSCustomObject]@{ | |
Name = $_.Name | |
MemberCount = @($_.Members).Count | |
} | |
} #From here you can do your own filtering | |
"`nGPOs`n" | |
$snapshot.GPOs.All | Select-Object DisplayName,ID | |
"`nGPOs Scope of Management Inheritance blocked`n" | |
$snapshot.GPOs.GPOsSoM | Select-Object Displayname,BlockInheritance,GUID | |
"`nMember servers`n" | |
$snapshot.Computers.All | | |
Where-Object { | |
($_.OperatingSystem -like '*server*') -and | |
(!($_.DistinguishedName -like '*OU=Domain Controllers*')) | |
} | | |
Select-Object Name | |
#endregion |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Here's the link to view the HTML formatted