Merge pull request #145 from AsBuiltReport/dev

v0.8.0 public release

.github/workflows/PSScriptAnalyzer.yml

@@ -5,7 +5,7 @@ jobs:
     name: Run PSScriptAnalyzer
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v4
     - name: lint
       uses: devblackops/github-action-psscriptanalyzer@master
       with:
@@ -14,4 +14,4 @@ jobs:
         failOnWarnings: false
         failOnInfos: false
         repoToken: ${{ secrets.GITHUB_TOKEN }}
-        settingsPath: .github/workflows/PSScriptAnalyzerSettings.psd1
+        settingsPath: .github/workflows/PSScriptAnalyzerSettings.psd1

.github/workflows/Release.yml

@@ -8,7 +8,7 @@ jobs:
   publish-to-gallery:
     runs-on: windows-2019
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Set PSRepository to Trusted for PowerShell Gallery
         shell: pwsh
         run: |
@@ -25,6 +25,10 @@ jobs:
         shell: pwsh
         run: |
           Install-Module -Name PScriboCharts -Repository PSGallery -Force
+      - name: Install Diagrammer.Microsoft.AD module
+        shell: pwsh
+        run: |
+          Install-Module -Name Diagrammer.Microsoft.AD -Repository PSGallery -Force
       - name: Test Module Manifest
         shell: pwsh
         run: |

.github/workflows/codeql.yml

@@ -0,0 +1,49 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+#
+# https://github.com/microsoft/action-psscriptanalyzer
+# For more information on PSScriptAnalyzer in general, see
+# https://github.com/PowerShell/PSScriptAnalyzer
+
+name: CodeQL
+
+on:
+  push:
+    branches: [ "dev" ]
+  pull_request:
+    branches: [ "dev" ]
+  schedule:
+    - cron: '20 14 * * 1'
+
+permissions:
+  contents: read
+
+jobs:
+  build:
+    permissions:
+      contents: read # for actions/checkout to fetch code
+      security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
+      actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
+    name: PSScriptAnalyzer
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Run PSScriptAnalyzer
+        uses: microsoft/[email protected]
+        with:
+          # Check https://github.com/microsoft/action-psscriptanalyzer for more info about the options.
+          # The below set up runs PSScriptAnalyzer to your entire repository and runs some basic security rules.
+          path: .\
+          recurse: true
+          # Include your own basic security rules. Removing this option will run all the rules
+          excludeRule: '"PSAvoidUsingPlainTextForPassword", "PSAvoidUsingUsernameAndPasswordParams", "PSAvoidUsingConvertToSecureStringWithPlainText"'
+          output: results.sarif
+
+      # Upload the SARIF file generated in the previous step
+      - name: Upload SARIF results file
+        uses: github/codeql-action/upload-sarif@v2
+        with:
+          sarif_file: results.sarif

AsBuiltReport.Microsoft.AD.Style.ps1

@@ -101,6 +101,13 @@ Table -Name 'Cover Page' -List -Style Borderless -Width 0 -Hashtable ([Ordered]
     })
 PageBreak
 
+if ($Global:BuitReportParams.EnableHealthCheck) {
+    Section -Style TOC -ExcludeFromTOC 'DISCLAIMER' {
+        Paragraph "The information contained in this report has been obtained through automation and observations. Opinions, recommendations and conclusions are disseminated using insight, knowledge, training and experience. This assessment was not intended to be exhaustive. However, we have done our best to capture the most relevant opportunities for improvement. It is expected that responsibility for the implementation of these recommendations will be reviewed and implemented by a person with the necessary knowledge, experience or expertise. In no event shall the author(s) be liable for damages of any kind (including, but not limited to, damages for loss of business profits, business interruption, loss of business information, or other pecuniary loss) arising out of the use or inability to use these recommendations or the statements made in this documentation."
+    }
+    PageBreak
+}
+
 if ($ReportConfig.Report.ShowTableOfContents) {
     # Add Table of Contents
     TOC -Name 'Table of Contents'

AsBuiltReport.Microsoft.AD.json

@@ -12,6 +12,7 @@
         "ShowDefinitionInfo": false,
         "PSDefaultAuthentication": "Negotiate",
         "EnableCharts": false,
+        "EnableDiagrams": true,
         "Exclude": {
             "Domains": [],
             "DCs": []

AsBuiltReport.Microsoft.AD.psd1

@@ -12,7 +12,7 @@
 RootModule = 'AsBuiltReport.Microsoft.AD.psm1'
 
 # Version number of this module.
-ModuleVersion = '0.7.15'
+ModuleVersion = '0.8.0'
 
 # Supported PSEditions
 # CompatiblePSEditions = @()
@@ -27,7 +27,7 @@ Author = 'Jonathan Colon'
 # CompanyName = 'Unknown'
 
 # Copyright statement for this module
-Copyright = '(c) 2023 Jonathan Colon. All rights reserved.'
+Copyright = '(c) 2024 Jonathan Colon. All rights reserved.'
 
 # Description of the functionality provided by this module
 Description = 'A PowerShell module to generate an as built report on the configuration of Microsoft AD.'
@@ -63,6 +63,10 @@ RequiredModules = @(
     @{
         ModuleName = 'PScriboCharts';
         ModuleVersion = '0.9.0'
+    },
+    @{
+        ModuleName = 'Diagrammer.Microsoft.AD';
+        ModuleVersion = '0.1.3'
     }
 )
 

CHANGELOG.md

@@ -1,5 +1,24 @@
 # :arrows_clockwise: Microsoft AD As Built Report Changelog
 
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [0.8.0] - 2024-01-24
+
+### Added
+
+- Added initial diagram support:
+  - Forest Diagram
+- Added disclaimer section if the EnableHealthCheck option is used.
+
+### Fixed
+
+- Fix [#137](https://github.com/AsBuiltReport/AsBuiltReport.Microsoft.AD/issues/137)
+- Fix [#138](https://github.com/AsBuiltReport/AsBuiltReport.Microsoft.AD/issues/138)
+- Fix [#143](https://github.com/AsBuiltReport/AsBuiltReport.Microsoft.AD/issues/143)
+
 ## [0.7.15] - 2023-10-03
 
 ### Changed

README.md

@@ -171,6 +171,8 @@ The **Options** schema allows certain options within the report to be toggled on
 | Exclude.DCs | Array List  | Empty    | Allow to filter on AD Domain Controller Server FQDN. |
 | Include.Domains | Array List  | Empty    | Allow only a list of Active Directory Domain Controller FQDN to document. |
 | Include.DCs | Array List  | Empty    | Allow only a list of Active Directory Domain FQDN to document. |
+| EnableDiagrams          | true / false       | false                          | Toggle to enable/disable of Infrastructure Diagrams|
+
 
 ### InfoLevel
 

Src/Private/Get-AbrADCACRLSetting.ps1

@@ -5,7 +5,7 @@ function Get-AbrADCACRLSetting {
     .DESCRIPTION
 
     .NOTES
-        Version:        0.7.15
+        Version:        0.8.0
         Author:         Jonathan Colon
         Twitter:        @jcolonfzenpr
         Github:         rebelinux
@@ -23,7 +23,7 @@ function Get-AbrADCACRLSetting {
     )
 
     begin {
-        Write-PscriboMessage "Collecting AD Certification Authority Certificate Revocation List information."
+        Write-PscriboMessage "Collecting AD Certification Authority Certificate Revocation List information from $($CA.Name)."
     }
 
     process {
@@ -161,7 +161,6 @@ function Get-AbrADCACRLSetting {
                 Paragraph "The following section is intended to perform Certification Authority health status checking by CA certificate chain status and validating all CRL Distribution Point (CDP) and Authority Information Access (AIA) URLs for each certificate in the chain."
                 BlankLine
                 $OutObj = @()
-                Write-PscriboMessage "Discovered '$(($CAs | Measure-Object).Count)' Active Directory Certification Authority in domain $ForestInfo."
                 try {
                     $CAHealth = Get-EnterprisePKIHealthStatus -CertificateAuthority $CA
                     foreach ($Health in $CAHealth) {

Src/Private/Get-AbrADCASubordinate.ps1

@@ -5,7 +5,7 @@ function Get-AbrADCASubordinate {
     .DESCRIPTION
 
     .NOTES
-        Version:        0.7.15
+        Version:        0.8.0
         Author:         Jonathan Colon
         Twitter:        @jcolonfzenpr
         Github:         rebelinux
@@ -26,7 +26,6 @@ function Get-AbrADCASubordinate {
         try {
             Write-PscriboMessage "Discovering Active Directory CA Enterprise Subordinate information in $($ForestInfo.toUpper())."
             if ($CAs | Where-Object {$_.IsRoot -like 'False'}) {
-                Write-PscriboMessage "Discovered '$(($CAs | Measure-Object).Count)' Active Directory Certification Authority in domain $ForestInfo."
                 Section -Style Heading2 "Enterprise Subordinate Certificate Authority" {
                     Paragraph "The following section provides the Enterprise Subordinate CA information."
                     BlankLine

Src/Private/Get-AbrADCATemplate.ps1

@@ -5,7 +5,7 @@ function Get-AbrADCATemplate {
     .DESCRIPTION
 
     .NOTES
-        Version:        0.7.15
+        Version:        0.8.0
         Author:         Jonathan Colon
         Twitter:        @jcolonfzenpr
         Github:         rebelinux
@@ -27,7 +27,7 @@ function Get-AbrADCATemplate {
     }
 
     process {
-        $Templates = Get-CATemplate -CertificationAuthority $CA.ComputerName | Select-Object -ExpandProperty Templates
+        $Templates = Get-CATemplate -CertificationAuthority $CA | Select-Object -ExpandProperty Templates
         if ($Templates) {
             try {
                 Section -Style Heading3 "Certificate Template Summary" {
@@ -66,7 +66,7 @@ function Get-AbrADCATemplate {
                                 BlankLine
                                 foreach ($Template in $Templates) {
                                     try {
-                                        $Rights = Get-CertificateTemplateAcl -Template $Template.Name | Select-Object -ExpandProperty Access
+                                        $Rights = Get-CertificateTemplateAcl -Template $Template | Select-Object -ExpandProperty Access
                                         if ($Rights) {
                                             Section -ExcludeFromTOC -Style NOTOCHeading5 "$($Template.DisplayName)" {
                                                 $OutObj = @()

Src/Private/Get-AbrADDomainController.ps1

@@ -96,7 +96,6 @@ function Get-AbrADDomainController {
                             $HW = Invoke-Command -Session $DCPssSession -ScriptBlock { Get-ComputerInfo }
                             $License =  Get-CimInstance -Query 'Select * from SoftwareLicensingProduct' -CimSession $CimSession | Where-Object { $_.LicenseStatus -eq 1 }
                             $HWCPU = Get-CimInstance -Class Win32_Processor -CimSession $CimSession
-                            $HWBIOS = Get-CimInstance -Class Win32_Bios -CimSession $CimSession
                             Remove-PSSession -Session $DCPssSession
                             Remove-CimSession $CimSession
                             if ($HW) {
@@ -562,7 +561,7 @@ function Get-AbrADDomainController {
                         BlankLine
                         Paragraph {
                             Text "Best Practice:" -Bold
-                            Text "Only netlogon, sysvol and the default administrative shares should exist on a Domain Controller. If possible, non default file shares should be moved to another server, preferably a dedicated file server. "
+                            Text "Only netlogon, sysvol and the default administrative shares should exist on a Domain Controller. If possible, non default file shares should be moved to another server, preferably a dedicated file server."
                         }
                     }
                 }