Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><title>ADHC snapshot report - 17052016</title>
<style type="text/css">
html { height: 100%; -webkit-background-size: cover; -moz-background-size: cover; -o-background-size: cover; background-size: cover; background: #f8f8f8; }
page { background: white; width: 210mm; display: block; margin-top: 1em; margin-left: auto; margin-right: auto; margin-bottom: 1em; border-style: solid; border-width: 1px; border-color: #c6c6c6; }
@media print { body, page { margin: 0; box-shadow: 0; } }
hr { margin-top: 1.0em; }
.TOC { font-family: 'Calibri','Candara','Segoe','Segoe UI','Optima','Arial','Sans-Serif'; font-size: 1.33em; text-align: left; font-weight: normal; color: #0072af; }
.Heading2 { font-family: 'Calibri','Candara','Segoe','Segoe UI','Optima','Arial','Sans-Serif'; font-size: 1.17em; text-align: left; font-weight: normal; color: #0072af; }
.TableDefaultAltRow { font-family: 'Calibri','Candara','Segoe','Segoe UI','Optima','Arial','Sans-Serif'; font-size: 0.92em; text-align: left; font-weight: normal; color: #000000; background-color: #d0ddee; }
.Heading1 { font-family: 'Calibri','Candara','Segoe','Segoe UI','Optima','Arial','Sans-Serif'; font-size: 1.33em; text-align: left; font-weight: normal; color: #0072af; }
.TableDefaultHeading { font-family: 'Calibri','Candara','Segoe','Segoe UI','Optima','Arial','Sans-Serif'; font-size: 0.92em; text-align: left; font-weight: bold; color: #fff; background-color: #4472c4; }
.Footer { font-family: 'Calibri','Candara','Segoe','Segoe UI','Optima','Arial','Sans-Serif'; font-size: 0.67em; text-align: left; font-weight: normal; color: #0072af; }
.Normal { font-family: 'Calibri','Candara','Segoe','Segoe UI','Optima','Arial','Sans-Serif'; font-size: 0.92em; text-align: left; font-weight: normal; color: #000000; }
.TableDefaultRow { font-family: 'Calibri','Candara','Segoe','Segoe UI','Optima','Arial','Sans-Serif'; font-size: 0.92em; text-align: left; font-weight: normal; color: #000000; }
.Title { font-family: 'Calibri','Candara','Segoe','Segoe UI','Optima','Arial','Sans-Serif'; font-size: 2.33em; text-align: left; font-weight: normal; color: #0072af; }
.Heading3 { font-family: 'Calibri','Candara','Segoe','Segoe UI','Optima','Arial','Sans-Serif'; font-size: 1.00em; text-align: left; font-weight: normal; color: #0072af; }
table.tabledefault { padding: 0.08em 0.33em 0em 0.33em; border-style: solid; border-width: 0.08em; border-color: #2a70be; border-collapse: collapse; }
table.tabledefault th { font-family: 'Calibri','Candara','Segoe','Segoe UI','Optima','Arial','Sans-Serif'; font-size: 0.92em; text-align: left; font-weight: bold; color: #fff; background-color: #4472c4; padding: 0.08em 0.33em 0em 0.33em; border-style: solid; border-width: 0.08em; border-color: #2a70be; border-collapse: collapse; }
table.tabledefault tr:nth-child(odd) td { font-family: 'Calibri','Candara','Segoe','Segoe UI','Optima','Arial','Sans-Serif'; font-size: 0.92em; text-align: left; font-weight: normal; color: #000000; padding: 0.08em 0.33em 0em 0.33em; border-style: solid; border-width: 0.08em; border-color: #2a70be; border-collapse: collapse; }
table.tabledefault tr:nth-child(even) td { font-family: 'Calibri','Candara','Segoe','Segoe UI','Optima','Arial','Sans-Serif'; font-size: 0.92em; text-align: left; font-weight: normal; color: #000000; background-color: #d0ddee; padding: 0.08em 0.33em 0em 0.33em; border-style: solid; border-width: 0.08em; border-color: #2a70be; border-collapse: collapse; }
table.tabledefault-list { padding: 0.08em 0.33em 0em 0.33em; border-style: solid; border-width: 0.08em; border-color: #2a70be; border-collapse: collapse; }
table.tabledefault-list td:nth-child(1) { font-family: 'Calibri','Candara','Segoe','Segoe UI','Optima','Arial','Sans-Serif'; font-size: 0.92em; text-align: left; font-weight: bold; color: #fff; background-color: #4472c4; padding: 0.08em 0.33em 0em 0.33em; border-style: solid; border-width: 0.08em; border-color: #2a70be; border-collapse: collapse; }
table.tabledefault-list td:nth-child(2) { font-family: 'Calibri','Candara','Segoe','Segoe UI','Optima','Arial','Sans-Serif'; font-size: 0.92em; text-align: left; font-weight: normal; color: #000000; padding: 0.08em 0.33em 0em 0.33em; border-style: solid; border-width: 0.08em; border-color: #2a70be; border-collapse: collapse; }
</style></head><body><page>
<div class="Normal" style="padding-top: 2em; padding-left: 2em; padding-bottom: 2em; padding-right: 2em;">
<br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><div class="Title">Active Directory Health report - 17052016</div><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /><br /></div></page><page><div class="Normal" style="padding-top: 2em; padding-left: 2em; padding-bottom: 2em; padding-right: 2em;">
<h1 class="TOC">TABLE OF CONTENTS</h1><table style="width: 100%;">
<tr><td>1</td><td><a href="#FORESTINFORMATION" style="text-decoration: none;">FOREST INFORMATION</a></td></tr>
<tr><td>2</td><td><a href="#DOMAININFORMATION" style="text-decoration: none;">DOMAIN INFORMATION</a></td></tr>
<tr><td>3</td><td><a href="#FSMOROLES" style="text-decoration: none;">FSMO ROLES</a></td></tr>
<tr><td>4</td><td><a href="#GLOBALCATALOGS" style="text-decoration: none;">GLOBAL CATALOGS</a></td></tr>
<tr><td>5</td><td><a href="#DOMAINCONTROLLERS" style="text-decoration: none;">DOMAIN CONTROLLERS</a></td></tr>
<tr><td>6</td><td><a href="#DEFAULTDOMAINPASSWORDPOLICY" style="text-decoration: none;">DEFAULT DOMAIN PASSWORD POLICY</a></td></tr>
<tr><td>7</td><td><a href="#DOMAINADMINISTRATORS" style="text-decoration: none;">DOMAIN ADMINISTRATORS</a></td></tr>
<tr><td>8</td><td><a href="#ORGANIZATIONALUNITS" style="text-decoration: none;">ORGANIZATIONAL UNITS</a></td></tr>
<tr><td>9</td><td><a href="#SITES&SUBNETS" style="text-decoration: none;">SITES & SUBNETS</a></td></tr>
<tr><td>9.1</td><td>&nbsp;&nbsp;&nbsp;<a href="#SITES" style="text-decoration: none;">SITES</a></td></tr>
<tr><td>9.1.1</td><td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="#SITESWITHOUTADESCRIPTION" style="text-decoration: none;">SITES WITHOUT A DESCRIPTION</a></td></tr>
<tr><td>9.1.2</td><td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="#SITESWITHOUTASUBNET" style="text-decoration: none;">SITES WITHOUT A SUBNET</a></td></tr>
<tr><td>9.1.3</td><td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="#SITESWITHOUTASERVER" style="text-decoration: none;">SITES WITHOUT A SERVER</a></td></tr>
<tr><td>9.2</td><td>&nbsp;&nbsp;&nbsp;<a href="#SITELINKS" style="text-decoration: none;">SITELINKS</a></td></tr>
<tr><td>9.3</td><td>&nbsp;&nbsp;&nbsp;<a href="#SUBNETS" style="text-decoration: none;">SUBNETS</a></td></tr>
</table>
</div></page><page><div class="Normal" style="padding-top: 2em; padding-left: 2em; padding-bottom: 2em; padding-right: 2em;">
<a name="FORESTINFORMATION"><h1 class="Heading1">1 FOREST INFORMATION</h1></a><div><table class="tabledefault-list"><tbody><tr><td>Name</td><td>pshirwin.local</td></tr><tr><td>RootDomain</td><td>pshirwin.local</td></tr><tr><td>ForestMode</td><td>Windows2012R2Forest</td></tr><tr><td>Domains</td><td>pshirwin.local</td></tr></tbody></table></div>
<a name="DOMAININFORMATION"><h1 class="Heading1">2 DOMAIN INFORMATION</h1></a><div><table class="tabledefault-list"><tbody><tr><td>NetBIOSName</td><td>PSHIRWIN</td></tr><tr><td>DomainMode</td><td>Windows2012R2Domain</td></tr><tr><td>DistinguishedName</td><td>DC=pshirwin,DC=local</td></tr><tr><td>DomainSID</td><td>S-1-5-21-2648780957-277300436-725747423</td></tr></tbody></table></div>
<a name="FSMOROLES"><h1 class="Heading1">3 FSMO ROLES</h1></a><div><table class="tabledefault-list"><tbody><tr><td>DomainNamingMaster</td><td>DC-DSC-01.pshirwin.local</td></tr><tr><td>SchemaMaster</td><td>DC-DSC-01.pshirwin.local</td></tr></tbody></table></div>
<br /><div><table class="tabledefault-list"><tbody><tr><td>PDCEmulator</td><td>DC-DSC-01.pshirwin.local</td></tr><tr><td>InfrastructureMaster</td><td>DC-DSC-01.pshirwin.local</td></tr><tr><td>RIDMaster</td><td>DC-DSC-01.pshirwin.local</td></tr></tbody></table></div>
<a name="GLOBALCATALOGS"><h1 class="Heading1">4 GLOBAL CATALOGS</h1></a><div><table class="tabledefault-list"><tbody><tr><td>Name</td><td>DC-DSC-01.pshirwin.local</td></tr></tbody></table></div>
<a name="DOMAINCONTROLLERS"><h1 class="Heading1">5 DOMAIN CONTROLLERS</h1></a><div><table class="tabledefault-list"><tbody><tr><td>Name</td><td>DC-DSC-01</td></tr><tr><td>OperatingSystem</td><td>Windows Server 2012 R2 Standard</td></tr><tr><td>IPv4Address</td><td>10.15.75.250</td></tr><tr><td>Site</td><td>Default-First-Site-Name</td></tr></tbody></table></div>
<a name="DEFAULTDOMAINPASSWORDPOLICY"><h1 class="Heading1">6 DEFAULT DOMAIN PASSWORD POLICY</h1></a><div><table class="tabledefault-list"><tbody><tr><td>ComplexityEnabled</td><td>True</td></tr><tr><td>LockoutDuration</td><td>00:30:00</td></tr><tr><td>LockoutObservationWindow</td><td>00:30:00</td></tr><tr><td>LockoutThreshold</td><td>0</td></tr><tr><td>MaxPasswordAge</td><td>42.00:00:00</td></tr><tr><td>MinPasswordAge</td><td>1.00:00:00</td></tr><tr><td>MinPasswordLength</td><td>7</td></tr><tr><td>PasswordHistoryCount</td><td>24</td></tr><tr><td>ReversibleEncryptionEnabled</td><td>False</td></tr></tbody></table></div>
<a name="DOMAINADMINISTRATORS"><h1 class="Heading1">7 DOMAIN ADMINISTRATORS</h1></a><div><table class="tabledefault"><thead><tr><th>name</th><th>distinguishedName</th></tr></thead><tbody>
<tr><td>Administrator</td><td>CN=Administrator,CN=Users,DC=pshirwin,DC=local</td></tr>
<tr><td>9006487</td><td>CN=9006487,OU=Disabled,OU=Gebruikers,OU=IPI,DC=pshirwin,DC=local</td></tr>
</tbody></table></div>
<a name="ORGANIZATIONALUNITS"><h1 class="Heading1">8 ORGANIZATIONAL UNITS</h1></a><div><table class="tabledefault"><thead><tr><th>Name</th><th>DistinguishedName</th></tr></thead><tbody>
<tr><td>Domain Controllers</td><td>OU=Domain Controllers,DC=pshirwin,DC=local</td></tr>
<tr><td>Servers</td><td>OU=Servers,DC=pshirwin,DC=local</td></tr>
<tr><td>Resources</td><td>OU=Resources,DC=pshirwin,DC=local</td></tr>
<tr><td>Users</td><td>OU=Users,OU=Resources,DC=pshirwin,DC=local</td></tr>
<tr><td>Groups</td><td>OU=Groups,OU=Resources,DC=pshirwin,DC=local</td></tr>
<tr><td>RBAC</td><td>OU=RBAC,OU=Resources,DC=pshirwin,DC=local</td></tr>
<tr><td>IPI</td><td>OU=IPI,DC=pshirwin,DC=local</td></tr>
<tr><td>Gebruikers</td><td>OU=Gebruikers,OU=IPI,DC=pshirwin,DC=local</td></tr>
<tr><td>Propertize</td><td>OU=Propertize,OU=Gebruikers,OU=IPI,DC=pshirwin,DC=local</td></tr>
<tr><td>Delegation</td><td>OU=Delegation,OU=Resources,DC=pshirwin,DC=local</td></tr>
<tr><td>Maarssen</td><td>OU=Maarssen,OU=Gebruikers,OU=IPI,DC=pshirwin,DC=local</td></tr>
<tr><td>Pantar</td><td>OU=Pantar,OU=Gebruikers,OU=IPI,DC=pshirwin,DC=local</td></tr>
<tr><td>Roles</td><td>OU=Roles,OU=Resources,DC=pshirwin,DC=local</td></tr>
<tr><td>DAT</td><td>OU=DAT,OU=Resources,DC=pshirwin,DC=local</td></tr>
<tr><td>Extern</td><td>OU=Extern,OU=Gebruikers,OU=IPI,DC=pshirwin,DC=local</td></tr>
<tr><td>Disabled</td><td>OU=Disabled,OU=Gebruikers,OU=IPI,DC=pshirwin,DC=local</td></tr>
<tr><td>Temp</td><td>OU=Temp,OU=IPI,DC=pshirwin,DC=local</td></tr>
</tbody></table></div>
<a name="SITES&SUBNETS"><h1 class="Heading1">9 SITES & SUBNETS</h1></a><a name="SITES"><h2 class="Heading2">9.1 SITES</h2></a><div><table class="tabledefault-list"><tbody><tr><td>Name</td><td>Default-First-Site-Name</td></tr><tr><td>Description</td><td>&nbsp;</td></tr><tr><td>DistinguishedName</td><td>CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=pshirwin,DC=local</td></tr></tbody></table></div>
<p />
<div><table class="tabledefault-list"><tbody><tr><td>Name</td><td>Branch01</td></tr><tr><td>Description</td><td>&nbsp;</td></tr><tr><td>DistinguishedName</td><td>CN=Branch01,CN=Sites,CN=Configuration,DC=pshirwin,DC=local</td></tr></tbody></table></div>
<a name="SITESWITHOUTADESCRIPTION"><h3 class="Heading3">9.1.1 SITES WITHOUT A DESCRIPTION</h3></a><div><table class="tabledefault"><thead><tr><th>Name</th></tr></thead><tbody>
<tr><td>Default-First-Site-Name</td></tr>
<tr><td>Branch01</td></tr>
</tbody></table></div>
<a name="SITESWITHOUTASUBNET"><h3 class="Heading3">9.1.2 SITES WITHOUT A SUBNET</h3></a><div><table class="tabledefault"><thead><tr><th>Name</th></tr></thead><tbody>
<tr><td>Default-First-Site-Name</td></tr>
</tbody></table></div>
<a name="SITESWITHOUTASERVER"><h3 class="Heading3">9.1.3 SITES WITHOUT A SERVER</h3></a><div><table class="tabledefault"><thead><tr><th>Name</th></tr></thead><tbody>
<tr><td>Branch01</td></tr>
</tbody></table></div>
<a name="SITELINKS"><h2 class="Heading2">9.2 SITELINKS</h2></a><div><table class="tabledefault"><thead><tr><th>Name</th><th>Cost</th><th>ReplicationFrequencyInMinutes</th></tr></thead><tbody>
<tr><td>DEFAULTIPSITELINK</td><td>100</td><td>180</td></tr>
</tbody></table></div>
<a name="SUBNETS"><h2 class="Heading2">9.3 SUBNETS</h2></a><div><table class="tabledefault"><thead><tr><th>Name</th><th>Site</th></tr></thead><tbody>
<tr><td>192.168.0.0/24</td><td>CN=Branch01,CN=Sites,CN=Configuration,DC=pshirwin,DC=local</td></tr>
</tbody></table></div>
<#
Author: I.Strachan
Version: 1.0
Version History:
Purpose: Active Directory Health Check PScribo/Excel report
#>
[CmdletBinding()]
Param(
$snapshotDate= '26052016'
)
#PScribo link: https://github.com/iainbrighton/PScribo
Import-Module PScribo,ImportExcel -Verbose:$false
#ImportExcel link: https://github.com/dfinke/ImportExcel
Import-Module ImportExcel -Verbose:$false
#Get ADSnapshot
$ADHCSnapshot = Import-Clixml .\export\adds\ADHC-$($snapshotDate).xml
#region Create PScribo Document
$reportAD = Document "ADHC snapshot report - $($snapshotDate)" {
GlobalOption -ForceUppercaseSection -EnableSectionNumbering -PageSize A4 -Margin 24
BlankLine -Count 20
Paragraph "Active Directory Health report - $($snapshotDate)" -Style Title
BlankLine -Count 20
PageBreak
TOC -Name 'Table of Contents'
PageBreak
Section -Style Heading1 'Forest Information' {
$ADForest = [Ordered]@{
Name = $($ADHCSnapshot.ADDS.Forest.Name)
RootDomain = $($ADHCSnapshot.ADDS.Forest.RootDomain)
ForestMode = $($ADHCSnapshot.ADDS.Forest.ForestMode.ToString())
Domains = $($ADHCSnapshot.ADDS.Forest.Domains)
}
Table -Name 'AutofitWidth-AutofitCell-NoHighlighting' -List -Width 0 -Hashtable $ADForest
Section -Style Heading2 'FSMO Roles' {
$ADHCSnapshot.ADDS.Forest |
Select-Object DomainNamingMaster,SchemaMaster |
Table -Name 'AutofitWidth-AutofitCell-NoHighlighting' -List -Width 0
Blankline
$ADHCSnapshot.ADDS.Domain |
Select-Object PDCEmulator,InfrastructureMaster,RIDMaster |
Table -Name 'AutofitWidth-AutofitCell-NoHighlighting' -List -Width 0
}
Section -Style Heading2 'Global Catalogs' {
$ADHCSnapshot.ADDS._Forest.GlobalCatalogs |
Select-Object Name |
Table -Name 'AutofitWidth-AutofitCell-NoHighlighting' -Width 0
}
}
PageBreak
Section -Style Heading1 'Domain Information' {
$ADDomain = [Ordered]@{
NetBIOSName = $($ADHCSnapshot.ADDS.Domain.NetBIOSName)
DomainMode = $($ADHCSnapshot.ADDS.Domain.DomainMode.ToString())
DistinguishedName = $($ADHCSnapshot.ADDS.Domain.DistinguishedName)
DomainSID = $($ADHCSnapshot.ADDS.Domain.DomainSID)
}
Table -Name 'AutofitWidth-AutofitCell-NoHighlighting' -List -Width 0 -Hashtable $ADDomain
Section -Style Heading2 'Domain Controllers' {
$ADHCSnapshot.ADDS.DomainControllers |
Select-Object Name,OperatingSystem,IPv4Address,Site |
Table -Name 'AutofitWidth-AutofitCell-NoHighlighting' -List -Width 0
}
Section -Style Heading2 'Default Domain Password Policy' {
$ADHCSnapshot.ADDS.DefaultPassWordPoLicy |
Select-Object ComplexityEnabled,LockoutDuration,LockoutObservationWindow,LockoutThreshold,
MaxPasswordAge,MinPasswordAge,MinPasswordLength,PasswordHistoryCount,ReversibleEncryptionEnabled |
Table -Name 'AutofitWidth-AutofitCell-NoHighlighting' -List -Width 0
}
Section -Style Heading2 'Domain Administrators' {
$ADHCSnapshot.ADDS.DomainAdministrators |
Select-Object Name,DistinguishedName |
Table -Name 'AutofitWidth-AutofitCell-NoHighlighting' -Width 0
}
PageBreak
Section -Style Heading2 'Organizational Units' {
$ADHCSnapshot.ADDS.OrganizationalUnits |
Select-Object Name,DistinguishedName |
Table -Name 'AutofitWidth-AutofitCell-NoHighlighting' -Width 0
}
PageBreak
Section -Style Heading2 'Groups' {
$ADHCSnapshot.Groups.Privileged |
Select-Object DomainSID,NETBIOSName,FQDN |
Table -Name 'AutofitWidth-AutofitCell-NoHighlighting' -list -Width 0
Section -Style Heading3 'Privileged groups'{
$ADHCSnapshot.Groups.Privileged.Groups |
Foreach-Object{
[PSCustomObject]@{
Name = $_.Name
Category = $_.GroupCategory.ToString()
Scope = $_.GroupScope.ToString()
SID = $_.SID
}
} |
Table -Name 'AutofitWidth-AutofitCell-NoHighlighting' -Width 0
}
Section -Style Heading3 'Privileged groups count'{
$ADHCSnapshot.Groups.Privileged.Groups |
Foreach-object {
[PSCustomObject]@{
Name = $_.Name
MemberCount = @($_.Members).Count
}
} |
Table -Name 'AutofitWidth-AutofitCell-NoHighlighting' -Width 0
}
}
}
PageBreak
Section -Style Heading1 'Sites & Subnets' {
Section -Style Heading2 'Sites' {
$ADHCSnapshot.ADDS.Sites |
Select-Object Name,Description,DistinguishedName |
Table -Name 'AutofitWidth-AutofitCell-NoHighlighting' -Width 0
Section -Style Heading3 'Sites without a description' {
$ADHCSnapshot.ADDS.Sites.Where{$_.Description -eq $null} |
Select-Object Name |
Table -Name 'AutofitWidth-AutofitCell-NoHighlighting' -Width 0
}
if($ADHCSnapshot.ADDS._Forest.Sites.Where{@($_.Subnets).Count -eq 0 }){
Section -Style Heading3 'Sites without a subnet' {
$ADHCSnapshot.ADDS._Forest.Sites.Where{@($_.Subnets).Count -eq 0 } |
Select-Object Name |
Table -Name 'AutofitWidth-AutofitCell-NoHighlighting' -Width 0
}
}
if($ADHCSnapshot.ADDS._Forest.Sites.Where{@($_.Servers).Count -eq 0 }){
Section -Style Heading3 'Sites without a DC' {
$ADHCSnapshot.ADDS._Forest.Sites.Where{@($_.Servers).Count -eq 0 } |
Select-Object Name |
Table -Name 'AutofitWidth-AutofitCell-NoHighlighting' -Width 0
}
}
Section -Style Heading3 'Sites Stats' {
$ADHCSnapshot.ADDS.SitesStats |
Table -Name 'AutofitWidth-AutofitCell-NoHighlighting' -Width 0
}
}
Section -Style Heading2 'Sitelinks' {
$ADHCSnapshot.ADDS.SiteLinks |
Select-Object Name,Cost,ReplicationFrequencyInMinutes |
Table -Name 'AutofitWidth-AutofitCell-NoHighlighting' -Width 0
}
Section -Style Heading2 'Subnets' {
$ADHCSnapshot.ADDS.Subnets |
Select-Object Name,Site |
Table -Name 'AutofitWidth-AutofitCell-NoHighlighting' -Width 0
}
}
PageBreak
Section -Style Heading1 'Group Policies' {
$ADHCSnapshot.GPOs.All |
Select-Object DisplayName,Description,GPOStatus,ModificationTime |
Table -Name 'AutofitWidth-AutofitCell-NoHighlighting' -Width 0
Section -Style Heading2 'Group Policy Scope of Management' {
$ADHCSnapshot.GPOs.GPOsSoM |
Select-Object DisplayName,LinkOrderNr,GPOStatus,LinkEnabled,Enforced,BlockInheritance |
Table -Name 'AutofitWidth-AutofitCell-NoHighlighting' -Width 0
}
}
}
#endregion
#region Render report in HTML format
$reportAD | Export-Document -Path .\export\adds -Format Html
#endregion
#region Export Users,Group & Computers to Excel
$xlsxUserFile = ".\export\adds\ADHC - USG - UserReport - $($snapshotDate).xlsx"
$xlsxComputerFile = ".\export\adds\ADHC - USG - ComputerReport - $($snapshotDate).xlsx"
$xlsxGroupMembersFile = ".\export\adds\ADHC - USG - PrivilegedMembersReport - $($snapshotDate).xlsx"
$xlsxGroupMemberOfFile = ".\export\adds\ADHC - USG - PrivilegedMemberOfReport - $($snapshotDate).xlsx"
#Users xlsx file
foreach($entry in $ADHCSnapshot.Users.Keys){
$WorkSheetName = $entry
If($ADHCSnapshot.Users.$entry){
$ADHCSnapshot.Users.$entry |
ConvertTo-Csv -Delimiter ';' -NoTypeInformation |
ConvertFrom-Csv -Delimiter ';' |
Export-Excel -Path $xlsxUserFile -WorkSheetname $WorkSheetName -AutoSize -BoldTopRow -FreezeTopRow
}
}
#Computers xlsx file
foreach($entry in $ADHCSnapshot.Computers.Keys){
$WorkSheetName = $entry
if($ADHCSnapshot.Computers.$entry){
$ADHCSnapshot.Computers.$entry |
ConvertTo-Csv -Delimiter ';' -NoTypeInformation |
ConvertFrom-Csv -Delimiter ';' |
Export-Excel -Path $xlsxComputerFile -WorkSheetname $WorkSheetName -AutoSize -BoldTopRow -FreezeTopRow
}
}
#Groups xlsx file
$snapshot.Groups.Privileged.Groups.ForEach{
if($_.Members){
$_.Members |
ForEach-Object{
$_ | Get-ADObject |
Select-Object Name,DistinguishedName
} |
Export-Excel -Path $xlsxGroupMembersFile -WorkSheetname $_.Name -AutoSize -BoldTopRow -FreezeTopRow
}
if($_.MemberOf){
$_.MemberOf |
ForEach-Object{
$_ | Get-ADObject |
Select-Object Name,DistinguishedName
} |
Export-Excel -Path $xlsxGroupMemberOfFile -WorkSheetname $_.Name -AutoSize -BoldTopRow -FreezeTopRow
}
}
foreach($entry in $ADHCSnapshot.Computers.Keys){
$WorkSheetName = $entry
if($ADHCSnapshot.Computers.$entry){
$ADHCSnapshot.Computers.$entry |
ConvertTo-Csv -Delimiter ';' -NoTypeInformation |
ConvertFrom-Csv -Delimiter ';' |
Export-Excel -Path $xlsxComputerFile -WorkSheetname $WorkSheetName -AutoSize -BoldTopRow -FreezeTopRow
}
}
#endregion
<#
Author: I.Strachan
Version:
Version History:
Purpose: Get Snapshot of Active Directory current Health
#>
[cmdletbinding()]
Param()
Import-Module ActiveDirectory,GroupPolicy -Verbose:$false
#region Helper Functions. Ideally this would be a module. You can also . Source an external script
Function Get-SitesStats{
#Ahsley McGlone Freaky neat AD site links
#https://blogs.technet.microsoft.com/ashleymcglone/2012/09/10/freaky-neat-active-directory-site-links-with-powershell/
Get-ADObject -LDAPFilter '(objectClass=site)' -SearchBase (Get-ADRootDSE).ConfigurationNamingContext -Properties WhenCreated, Description |
Select-Object Name,
@{label='IsEmpty';expression={If ($(Get-ADObject -Filter {ObjectClass -eq 'nTDSDSA'} -SearchBase $_.DistinguishedName)) {$false} else {$true}}},
@{label='DCCount';expression={@($(Get-ADObject -Filter {ObjectClass -eq 'nTDSDSA'} -SearchBase $_.DistinguishedName)).Count}},
@{label='SubnetCount';expression={@($(Get-ADObject -Filter {ObjectClass -eq 'subnet' -and siteObject -eq $_.DistinguishedName} -SearchBase (Get-ADRootDSE).ConfigurationNamingContext)).Count}},
@{label='SiteLinkCount';expression={@($(Get-ADObject -Filter {ObjectClass -eq 'sitelink' -and siteList -eq $_.DistinguishedName} -SearchBase (Get-ADRootDSE).ConfigurationNamingContext)).Count}},
WhenCreated,Description
}
Function Get-GPOsSoM {
#Ashley McGlone GPO Report
#https://blogs.technet.microsoft.com/ashleymcglone/2013/05/29/dude-wheres-my-gpo-using-powershell-to-find-all-of-your-group-policy-links/
BEGIN{
#region Get a list of all GPOs
$GPOs = Get-GPO -All |
Select-Object ID, Path, DisplayName, GPOStatus, WMIFilter
#endregion
#Array for GPLinks results
$gPLinks = @()
#region GPO Linked to the Domain
$domainGPO = @{
Identity = ((Get-ADDomain).distinguishedName)
Properties = @('name', 'distinguishedName', 'gPLink', 'gPOptions', 'canonicalname')
}
$gPlinks += Get-ADObject @domainGPO |
Select-Object 'name', 'distinguishedName', 'gPLink', 'gPOptions', 'canonicalname',
@{name='Depth';expression={0}}
#endregion
#region GPO Linked to OUs
$ouGPOs = @{
Filter = '*'
Properties = @('name', 'distinguishedName', 'gPLink', 'gPOptions', 'canonicalname')
}
$gPLinks += Get-ADOrganizationalUnit @ouGPOs |
Select-Object name, distinguishedName, gPLink, gPOptions ,canonicalname ,
@{name='Depth';expression={($_.distinguishedName -split 'OU=').count - 1}}
#endregion
#region GPOs linked to sites
$siteGPOs = @{
LDAPFilter = '(objectClass=site)'
SearchBase = "CN=Sites,$((Get-ADRootDSE).configurationNamingContext)"
SearchScope = 'Onelevel'
Properties = @('name', 'distinguishedName', 'gPLink', 'gPOptions', 'canonicalname')
}
$gPLinks += Get-ADObject @siteGPOs |
Select-Object name, distinguishedName, gPLink, gPOptions ,canonicalname,
@{name='Depth';expression={0}}
#endregion
#Hashtable to lookup GPOs
$lookupGPO = $GPOs | Group-Object -AsHashTable -Property 'Path'
}
PROCESS{
#Get the Scope of Management of each gPLink
ForEach ($SOM in $gPLinks) {
if ($SOM.gPLink) {
If ($SOM.gPLink.length -gt 1) {
$links = @($SOM.gPLink -split {$_ -eq '[' -or $_ -eq ']'} | Where-Object {$_})
For ( $i = $links.count - 1 ; $i -ge 0 ; $i-- ) {
$GPOData = $links[$i] -split {$_ -eq '/' -or $_ -eq ';'}
[PSCustomObject]@{
Depth = $SOM.Depth;
Name = $SOM.Name;
DistinguishedName = $SOM.distinguishedName;
canonicalName = $SOM.canonicalname;
PolicyDN = $GPOData[2];
LinkOrderNr = $links.count - $i
GUID = $lookupGPO.$($GPOData[2]).ID;
DisplayName = $lookupGPO.$($GPOData[2]).DisplayName;
GPOStatus = $lookupGPO.$($GPOData[2]).GPOStatus;
WMIFilter = $lookupGPO.$($GPOData[2]).WMIFilter.Name;
Config = $GPOData[3];
LinkEnabled = [bool](!([int]$GPOData[3] -band 1));
Enforced = [bool]([int]$GPOData[3] -band 2);
BlockInheritance = [bool]($SOM.gPOptions -band 1)
}
}
}
}
}
}
END{}
}
Function Get-PrivilegedGroups{
#Jeff Wouters script.
Param (
$Domain
)
BEGIN{
$PrivilegedGroups = @(
"$($Domain.DomainSID)-512" #Domain Admins
"$($Domain.DomainSID)-518" #Schema Admins
"$($Domain.DomainSID)-519" #Enterprise Admins
"$($Domain.DomainSID)-520" #Group Policy Creatr Owners
'S-1-5-32-544' #Builtin\Administrators
'S-1-5-32-548' #Builtin\Account Operators
'S-1-5-32-549' #Builtin\Server Operators
'S-1-5-32-550' #Builtin\Print Operators
'S-1-5-32-551' #Builtin\Backup Operators
'S-1-5-32-552' #Builtin\Replicators
'S-1-5-32-556' #Builtin\Network Configuration Operations
'S-1-5-32-557' #Builtin\Incoming Forest Trust Builders
'S-1-5-32-573' #Builtin\Event Log Readers
'S-1-5-32-578' #Builtin\Hyper-V Administrators
'S-1-5-32-580' #Builtin\Remote Management Users
)
}
PROCESS{
$objDomainPrivilegedGroups = @{
DomainSID = $Domain.DomainSID
NETBIOSName = $Domain.Name
FQDN = $Domain.DNSRoot
}
$colPrivilegedGroups = @()
foreach($group in $PrivilegedGroups){
$colPrivilegedGroups += Get-ADGroup -Identity $group -Properties Members,MemberOf
}
$objDomainPrivilegedGroups.Groups = $colPrivilegedGroups
[PSCustomObject]$objDomainPrivilegedGroups
}
END{}
}
#endregion
$snapshot = @{
ADDS = @{}
Users = @{}
Groups = @{}
GPOs = @{}
Computers = @{}
}
#region: snapshotADDS
$snapshot.ADDS.RootDSE = $(Get-ADRootDSE)
$snapshot.ADDS.Forest = $(Get-ADForest)
$snapshot.ADDS._Forest = [System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest()
$snapshot.ADDS.Domain = $(Get-ADDomain)
$snapshot.ADDS._Domain = [System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()
$snapshot.ADDS.DomainControllers = $(Get-ADDomainController -Filter *)
$snapshot.ADDS.DomainTrusts = (Get-ADTrust -Filter *)
$snapshot.ADDS.DefaultPassWordPoLicy = $(Get-ADDefaultDomainPasswordPolicy)
$snapshot.ADDS.AuthenticationPolicies = $(Get-ADAuthenticationPolicy -LDAPFilter '(name=AuthenticationPolicy*)')
$snapshot.ADDS.AuthenticationPolicySilos = $(Get-ADAuthenticationPolicySilo -Filter 'Name -like "*AuthenticationPolicySilo*"')
$snapshot.ADDS.CentralAccessPolicies = $(Get-ADCentralAccessPolicy -Filter *)
$snapshot.ADDS.CentralAccessRules = $(Get-ADCentralAccessRule -Filter *)
$snapshot.ADDS.ClaimTransformPolicies = $(Get-ADClaimTransformPolicy -Filter *)
$snapshot.ADDS.ClaimTypes = $(Get-ADClaimType -Filter *)
$snapshot.ADDS.DomainAdministrators =$( Get-ADGroup -Identity $('{0}-512' -f (Get-ADDomain).domainSID) | Get-ADGroupMember -Recursive)
$snapshot.ADDS.OrganizationalUnits = $(Get-ADOrganizationalUnit -Filter *)
$snapshot.ADDS.OptionalFeatures = $(Get-ADOptionalFeature -Filter *)
$snapshot.ADDS.Sites = $(Get-ADReplicationSite -Filter *) #Applies To: Windows 8.1, Windows PowerShell 4.0, Windows Server 2012 R2
$snapshot.ADDS.Subnets = $(Get-ADReplicationSubnet -Filter *) #Applies To: Windows 8.1, Windows PowerShell 4.0, Windows Server 2012 R2
$snapshot.ADDS.SiteLinks = $(Get-ADReplicationSiteLink -Filter *) #Applies To: Windows 8.1, Windows PowerShell 4.0, Windows Server 2012 R2
$snapshot.ADDS.ReplicationMetaData = $(Get-ADReplicationPartnerMetadata -Target (Get-ADDomain).DNSRoot -Scope Domain)
$snapshot.ADDS.SitesStats = $(Get-SitesStats) #Courtesy of Ashley McGlone
$snapshot.ADDS.repadmin = $(repadmin.exe /showrepl * /csv | ConvertFrom-CSV) #Courtesy of Ashley McGlone
#endregion
#region snapshotGPOs
$snapshot.GPOs.GPOsSoM = Get-GPOsSoM
$snapshot.GPOs.All = Get-GPO -All | Select-Object '*'
#endregion
#region snapshotUsers
$snapshot.Users.Disabled = Search-ADAccount -AccountDisabled
$snapshot.Users.Expired = Search-ADAccount -AccountExpired
$snapshot.Users.Expiring = Search-ADAccount -AccountExpiring
$snapshot.Users.NoExpireDate = Get-ADUser -LDAPFilter '(|(accountExpires=0)(accountExpires=9223372036854775807))'
$snapshot.Users.Inactive = Search-ADAccount -AccountInactive
$snapshot.Users.NoKerberosPreAuth = get-aduser -filter * -properties DoesNotRequirePreAuth | Where-Object {$_.DoesNotRequirePreAuth}
$snapshot.Users.MustChangePassWord = Get-ADUser -Filter {pwdLastSet -eq 0}
$snapshot.Users.CannotChangePassWord = Get-ADUser -Filter * -Properties CannotChangePassword |Where-Object {$_.CannotChangePassword}
$snapshot.Users.All = Get-ADUser -Filter '*' | Select-Object '*'
#endregion
#region snapshotGroups
$snapshot.Groups.All = Get-ADGroup -Filter '*'
$snapshot.Groups.Privileged = Get-PrivilegedGroups -Domain $(Get-ADDomain)
#endregion
#region snapshotComputers
$snapshot.Computers.All = Get-ADComputer -Filter * -Properties OperatingSystem
$snapshot.Computers.Disabled = Search-ADAccount -AccountDisabled -ComputersOnly
$snapshot.Computers.Expired = Search-ADAccount -AccountExpired -ComputersOnly
$snapshot.Computers.Expiring = Search-ADAccount -AccountExpiring -ComputersOnly
#endregion
#region Export to XML. Change folder to reflect your location
$exportDate = Get-Date -Format ddMMyyyy
$snapshot | Export-Clixml .\export\adds\ADHC-$($exportDate).xml -Encoding UTF8
#endregion
#region Querying snapshot. Try each one seperately!
"`nDisabled users`n"
$snapshot.Users.Disabled | Select-Object Name
"`nExpired users`n"
$snapshot.Users.Expired | Select-Object Name
"`nExpiring users`n"
$snapshot.Users.Expiring | Select-Object Name
"`nPrivilegedGroup`n"
$snapshot.Groups.Privileged.Groups | Select-Object Name
"`nPrivilegedGroup Members count`n"
$snapshot.Groups.Privileged.Groups |
Foreach-object {
[PSCustomObject]@{
Name = $_.Name
MemberCount = @($_.Members).Count
}
} #From here you can do your own filtering
"`nGPOs`n"
$snapshot.GPOs.All | Select-Object DisplayName,ID
"`nGPOs Scope of Management Inheritance blocked`n"
$snapshot.GPOs.GPOsSoM | Select-Object Displayname,BlockInheritance,GUID
"`nMember servers`n"
$snapshot.Computers.All |
Where-Object {
($_.OperatingSystem -like '*server*') -and
(!($_.DistinguishedName -like '*OU=Domain Controllers*'))
} |
Select-Object Name
#endregion
@irwins

This comment has been minimized.

Copy link
Owner Author

commented May 17, 2016

Here's the link to view the HTML formatted

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.