laymanstake/Start-ADAssessment.ps1

## Start-ADAssessment.ps1
function Get-UnusedNetlogonScripts {
    [CmdletBinding()]
    Param(
        [Parameter(ValueFromPipeline = $true, Mandatory = $true)]$DomainName,
        [Parameter(ValueFromPipeline = $true, mandatory = $true)][pscredential]$Credential
    )

    $unusedScripts = @()
    $referencedScripts = @()
    $PDC = (Test-Connection -Computername (Get-ADDomainController -Filter *  -Server $DomainName -Credential $Credential).Hostname -count 1 -AsJob | Get-Job | Receive-Job -Wait | Where-Object { $null -ne $_.Responsetime } | sort-object Responsetime | select-Object Address -first 1).Address
    $null = Get-Job | Remove-Job

    $netlogonPath = "\\$DomainName\netlogon"
    try {
        $scriptFiles = Get-ChildItem -Path $netlogonPath -File -Recurse | Select-Object -ExpandProperty FullName
    }
    catch {
        Write-Log -logtext "Could not access Netlogon share to read script files : $($_.Exception.Message)" -logpath $logpath
    }
    $scriptFiles = $scriptfiles -replace $DomainName, $DomainName.Split(".")[0] | Where-Object { $_ -ne $null } | Sort-Object -Unique | Where-Object { $_ } | ForEach-Object { $_.ToLower() }
    $scriptFilesLeaf = $scriptFiles | Split-Path -Leaf

    $scriptFiles = $scriptFiles + $scriptFilesLeaf

    $Filter = "(&(objectCategory=User)(objectClass=User)(scriptPath=*))"
    $referencedScripts = (Get-ADUser -LDAPFilter $Filter -Server $PDC -Credential $Credential -Properties ScriptPath | Select-Object ScriptPath -Unique).ScriptPath

    if ($scriptFiles) {
        $gpos = Get-GPO -All -Domain $DomainName -Server $PDC

        foreach ($gpo in $gpos) {
            $gpoReport = Get-GPOReport -Name $gpo.DisplayName -ReportType Xml -Domain $DomainName -Server $PDC

            $gpoXml = [xml]$gpoReport

            $computerScripts = $gpoXml.GPO.Computer.ExtensionData.Extension.Script | Select-Object -ExpandProperty Command
            $userScripts = $gpoXml.GPO.User.ExtensionData.Extension.Script | Select-Object -ExpandProperty Command

            $referencedScripts += $computerScripts, $userScripts
        }

        $referencedScripts = $referencedScripts -replace $DomainName, $DomainName.Split(".")[0] | Where-Object { $_ -ne $null } | Sort-Object -Unique | Where-Object { $_ } | ForEach-Object { $_.ToLower() }
        $referencedScriptsLeaf = $referencedScripts | Split-Path -Leaf

        $referencedScripts = $referencedScripts + $referencedScriptsLeaf

        if ($null -ne $referencedScripts ) {
            $unused = Compare-Object -ReferenceObject $scriptFiles -DifferenceObject $referencedScripts | Where-Object { $_.SideIndicator -eq '<=' } | Select-Object -ExpandProperty InputObject
        }
        else {
            $unused = $scriptFiles
        }
    }

    $unused = $unused | Where-Object { $_ -ne $null } | Split-Path -Leaf | Sort-Object -Unique

    $unusedScripts = [PSCustomObject]@{
        DomainName    = $DomainName
        UnusedScripts = $unused -join "`n"
    }

    return $unusedScripts
}
	function Get-UnusedNetlogonScripts {
	[CmdletBinding()]
	Param(
	[Parameter(ValueFromPipeline = $true, Mandatory = $true)]$DomainName,
	[Parameter(ValueFromPipeline = $true, mandatory = $true)][pscredential]$Credential
	)

	$unusedScripts = @()
	$referencedScripts = @()
	$PDC = (Test-Connection -Computername (Get-ADDomainController -Filter * -Server $DomainName -Credential $Credential).Hostname -count 1 -AsJob \| Get-Job \| Receive-Job -Wait \| Where-Object { $null -ne $_.Responsetime } \| sort-object Responsetime \| select-Object Address -first 1).Address
	$null = Get-Job \| Remove-Job

	$netlogonPath = "\\$DomainName\netlogon"
	try {
	$scriptFiles = Get-ChildItem -Path $netlogonPath -File -Recurse \| Select-Object -ExpandProperty FullName
	}
	catch {
	Write-Log -logtext "Could not access Netlogon share to read script files : $($_.Exception.Message)" -logpath $logpath
	}
	$scriptFiles = $scriptfiles -replace $DomainName, $DomainName.Split(".")[0] \| Where-Object { $_ -ne $null } \| Sort-Object -Unique \| Where-Object { $_ } \| ForEach-Object { $_.ToLower() }
	$scriptFilesLeaf = $scriptFiles \| Split-Path -Leaf

	$scriptFiles = $scriptFiles + $scriptFilesLeaf

	$Filter = "(&(objectCategory=User)(objectClass=User)(scriptPath=*))"
	$referencedScripts = (Get-ADUser -LDAPFilter $Filter -Server $PDC -Credential $Credential -Properties ScriptPath \| Select-Object ScriptPath -Unique).ScriptPath

	if ($scriptFiles) {
	$gpos = Get-GPO -All -Domain $DomainName -Server $PDC

	foreach ($gpo in $gpos) {
	$gpoReport = Get-GPOReport -Name $gpo.DisplayName -ReportType Xml -Domain $DomainName -Server $PDC

	$gpoXml = [xml]$gpoReport

	$computerScripts = $gpoXml.GPO.Computer.ExtensionData.Extension.Script \| Select-Object -ExpandProperty Command
	$userScripts = $gpoXml.GPO.User.ExtensionData.Extension.Script \| Select-Object -ExpandProperty Command

	$referencedScripts += $computerScripts, $userScripts
	}

	$referencedScripts = $referencedScripts -replace $DomainName, $DomainName.Split(".")[0] \| Where-Object { $_ -ne $null } \| Sort-Object -Unique \| Where-Object { $_ } \| ForEach-Object { $_.ToLower() }
	$referencedScriptsLeaf = $referencedScripts \| Split-Path -Leaf

	$referencedScripts = $referencedScripts + $referencedScriptsLeaf

	if ($null -ne $referencedScripts ) {
	$unused = Compare-Object -ReferenceObject $scriptFiles -DifferenceObject $referencedScripts \| Where-Object { $_.SideIndicator -eq '<=' } \| Select-Object -ExpandProperty InputObject
	}
	else {
	$unused = $scriptFiles
	}
	}

	$unused = $unused \| Where-Object { $_ -ne $null } \| Split-Path -Leaf \| Sort-Object -Unique

	$unusedScripts = [PSCustomObject]@{
	DomainName = $DomainName
	UnusedScripts = $unused -join "`n"
	}

	return $unusedScripts
	}