Skip to content

Commit

Permalink
Merge pull request #133 from rebelinux/dev
Browse files Browse the repository at this point in the history 
v0.7.15
  • Loading branch information
@rebelinux
rebelinux committed Oct 3, 2023
2 parents 75eeeb8 + 407617c commit c4c118d
Show file tree
Hide file tree
Showing 38 changed files with 775 additions and 463 deletions.
1 change: 1 addition & 0 deletions AsBuiltReport.Microsoft.AD.Style.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ Style -Name 'Title 3' -Size 12 -Color '1F6BCF' -Align Left
Style -Name 'Heading 1' -Size 16 -Color '0078D4'
Style -Name 'Heading 2' -Size 14 -Color '00447C'
Style -Name 'Heading 3' -Size 13 -Color '0081FF'
Style -Name 'NO TOC Heading 3' -Size 13 -Color '0081FF'
Style -Name 'Heading 4' -Size 12 -Color '0077B7'
Style -Name 'NO TOC Heading 4' -Size 12 -Color '0077B7'
Style -Name 'Heading 5' -Size 11 -Color '1A9BA3'
Expand Down
2 changes: 1 addition & 1 deletion AsBuiltReport.Microsoft.AD.psd1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@
RootModule = 'AsBuiltReport.Microsoft.AD.psm1'

# Version number of this module.
ModuleVersion = '0.7.14'
ModuleVersion = '0.7.15'

# Supported PSEditions
# CompatiblePSEditions = @()
Expand Down
7 changes: 7 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,12 @@
# :arrows_clockwise: Microsoft AD As Built Report Changelog

## [0.7.15] - 2023-10-03

### Changed

- Improved verbose logging
- Improved PKI Section

## [0.7.14] - 2023-07-25

### Fixed
Expand Down
4 changes: 2 additions & 2 deletions Src/Private/Get-AbrADCAAIA.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ function Get-AbrADCAAIA {
.DESCRIPTION
.NOTES
Version: 0.7.13
Version: 0.7.15
Author: Jonathan Colon
Twitter: @jcolonfzenpr
Github: rebelinux
Expand All @@ -28,7 +28,7 @@ function Get-AbrADCAAIA {

process {
if ($CA) {
Section -Style Heading4 "Authority Information Access (AIA)" {
Section -Style Heading3 "Authority Information Access (AIA)" {
Paragraph "The following section provides the Certification Authority Authority Information Access information."
BlankLine
try {
Expand Down
12 changes: 6 additions & 6 deletions Src/Private/Get-AbrADCACRLSetting.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ function Get-AbrADCACRLSetting {
.DESCRIPTION
.NOTES
Version: 0.7.13
Version: 0.7.15
Author: Jonathan Colon
Twitter: @jcolonfzenpr
Github: rebelinux
Expand All @@ -28,10 +28,10 @@ function Get-AbrADCACRLSetting {

process {
try {
Section -Style Heading4 "Certificate Revocation List (CRL)" {
Section -Style Heading3 "Certificate Revocation List (CRL)" {
Paragraph "The following section provides the Certification Authority CRL Distribution Point information."
BlankLine
Section -Style Heading5 "CRL Validity Period" {
Section -Style Heading4 "CRL Validity Period" {
$OutObj = @()
try {
Write-PscriboMessage "Collecting AD CA CRL Validity Period information on $($CA.Name)."
Expand Down Expand Up @@ -67,7 +67,7 @@ function Get-AbrADCACRLSetting {
$OutObj | Sort-Object -Property 'CA Name' | Table @TableParams
}
try {
Section -Style Heading5 "CRL Flags Settings" {
Section -Style Heading4 "CRL Flags Settings" {
$OutObj = @()
try {
Write-PscriboMessage "Collecting AD CA CRL Distribution Point information on $($CA.Name)."
Expand Down Expand Up @@ -105,7 +105,7 @@ function Get-AbrADCACRLSetting {
Write-PscriboMessage -IsWarning "CRL Validity Period Section: $($_.Exception.Message)"
}
try {
Section -Style Heading5 "CRL Distribution Point" {
Section -Style Heading4 "CRL Distribution Point" {
Paragraph "The following section provides the Certification Authority CRL Distribution Point information."
BlankLine
try {
Expand Down Expand Up @@ -157,7 +157,7 @@ function Get-AbrADCACRLSetting {
Write-PscriboMessage -IsWarning "$($_.Exception.Message) (CRL Distribution Point)"
}
try {
Section -Style Heading4 "AIA and CDP Health Status" {
Section -Style Heading3 "AIA and CDP Health Status" {
Paragraph "The following section is intended to perform Certification Authority health status checking by CA certificate chain status and validating all CRL Distribution Point (CDP) and Authority Information Access (AIA) URLs for each certificate in the chain."
BlankLine
$OutObj = @()
Expand Down
4 changes: 2 additions & 2 deletions Src/Private/Get-AbrADCACryptographyConfig.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ function Get-AbrADCACryptographyConfig {
.DESCRIPTION
.NOTES
Version: 0.7.9
Version: 0.7.15
Author: Jonathan Colon
Twitter: @jcolonfzenpr
Github: rebelinux
Expand All @@ -30,7 +30,7 @@ function Get-AbrADCACryptographyConfig {
if ($CA) {
$CryptoConfig = Get-CACryptographyConfig -CertificationAuthority $CA
if ($CryptoConfig) {
Section -Style Heading4 "Cryptography Configuration" {
Section -Style Heading3 "Cryptography Configuration" {
Paragraph "The following section provides the Certification Authority Cryptography Configuration information."
BlankLine
$OutObj = @()
Expand Down
5 changes: 2 additions & 3 deletions Src/Private/Get-AbrADCAKeyRecoveryAgent.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ function Get-AbrADCAKeyRecoveryAgent {
.DESCRIPTION
.NOTES
Version: 0.7.9
Version: 0.7.15
Author: Jonathan Colon
Twitter: @jcolonfzenpr
Github: rebelinux
Expand All @@ -31,7 +31,6 @@ function Get-AbrADCAKeyRecoveryAgent {
try {
$KRA = Get-CAKRACertificate -CertificationAuthority $CA
if ($KRA.Certificate) {
Write-PscriboMessage "Collecting Key Recovery Agent Certificate Certificate information of $($KRA.DisplayName)."
$inObj = [ordered] @{
'CA Name' = $KRA.DisplayName
'Server Name' = $KRA.ComputerName.ToString().ToUpper().Split(".")[0]
Expand All @@ -45,7 +44,7 @@ function Get-AbrADCAKeyRecoveryAgent {
}

if ($OutObj) {
Section -Style Heading4 "Key Recovery Agent Certificate" {
Section -Style Heading3 "Key Recovery Agent Certificate" {
Paragraph "The following section provides the Key Recovery Agent certificate used to encrypt user's certificate private key and store it in CA database. In the case when user cannot access his or her certificate private key it is possible to recover it by Key Recovery Agent if Key Archival procedure was taken against particular certificate."
BlankLine
foreach ($Item in $OutObj) {
Expand Down
10 changes: 6 additions & 4 deletions Src/Private/Get-AbrADCARoot.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ function Get-AbrADCARoot {
.DESCRIPTION
.NOTES
Version: 0.7.9
Version: 0.7.15
Author: Jonathan Colon
Twitter: @jcolonfzenpr
Github: rebelinux
Expand All @@ -24,10 +24,8 @@ function Get-AbrADCARoot {

process {
try {
Write-PscriboMessage "Discovering Active Directory Certification Authority information in $($ForestInfo.toUpper())."
Write-PscriboMessage "Discovered '$(($CAs | Measure-Object).Count)' Active Directory Certification Authority in domain $ForestInfo."
if ($CAs | Where-Object {$_.IsRoot -like 'True'}) {
Section -Style Heading3 "Enterprise Root Certificate Authority" {
Section -Style Heading2 "Enterprise Root Certificate Authority" {
Paragraph "The following section provides the Enterprise Root CA information."
BlankLine
$OutObj = @()
Expand All @@ -40,13 +38,17 @@ function Get-AbrADCARoot {
'Config String' = $CA.ConfigString
'Operating System' = $CA.OperatingSystem
'Certificate' = $CA.Certificate
'Auditing' = &{
(Find-AuditingIssue -ADCSObjects (Get-ADCSObject $ForestInfo) | Where-Object {$_.Name -eq $CA.DisplayName}).Issue
}
'Status' = $CA.ServiceStatus
}
$OutObj += [pscustomobject]$inobj
}

if ($HealthCheck.CA.Status) {
$OutObj | Where-Object { $_.'Service Status' -notlike 'Running'} | Set-Style -Style Critical -Property 'Service Status'
$OutObj | Where-Object { $_.'Auditing' -notlike 'Running'} | Set-Style -Style Critical -Property 'Auditing'
}

$TableParams = @{
Expand Down
8 changes: 4 additions & 4 deletions Src/Private/Get-AbrADCASecurity.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ function Get-AbrADCASecurity {
.DESCRIPTION
.NOTES
Version: 0.7.9
Version: 0.7.15
Author: Jonathan Colon
Twitter: @jcolonfzenpr
Github: rebelinux
Expand All @@ -31,7 +31,7 @@ function Get-AbrADCASecurity {
try {
$CFP = Get-CertificateValidityPeriod -CertificationAuthority $CA
if ($CFP) {
Section -Style Heading4 "Certificate Validity Period" {
Section -Style Heading3 "Certificate Validity Period" {
Paragraph "The following section provides the Certification Authority Certificate Validity Period information."
BlankLine
$OutObj = @()
Expand Down Expand Up @@ -66,7 +66,7 @@ function Get-AbrADCASecurity {
try {
$ACLs = Get-CertificationAuthorityAcl -CertificationAuthority $CA
if ($ACLs) {
Section -Style Heading5 "Access Control List (ACL)" {
Section -Style Heading4 "Access Control List (ACL)" {
$OutObj = @()
try {
Write-PscriboMessage "Collecting Certification Authority Access Control List information of $($CA.Name)."
Expand Down Expand Up @@ -98,7 +98,7 @@ function Get-AbrADCASecurity {
}
$OutObj | Sort-Object -Property 'DC Name' | Table @TableParams
try {
Section -Style Heading6 "Access Rights" {
Section -Style Heading5 "Access Rights" {
$OutObj = @()
Write-PscriboMessage "Collecting AD Certification Authority Access Control List information of $($CA.Name)."
foreach ($ACL in $ACLs.Access) {
Expand Down
10 changes: 7 additions & 3 deletions Src/Private/Get-AbrADCASubordinate.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ function Get-AbrADCASubordinate {
.DESCRIPTION
.NOTES
Version: 0.7.9
Version: 0.7.15
Author: Jonathan Colon
Twitter: @jcolonfzenpr
Github: rebelinux
Expand All @@ -24,10 +24,10 @@ function Get-AbrADCASubordinate {

process {
try {
Write-PscriboMessage "Discovering Active Directory Certification Authority information in $($ForestInfo.toUpper())."
Write-PscriboMessage "Discovering Active Directory CA Enterprise Subordinate information in $($ForestInfo.toUpper())."
if ($CAs | Where-Object {$_.IsRoot -like 'False'}) {
Write-PscriboMessage "Discovered '$(($CAs | Measure-Object).Count)' Active Directory Certification Authority in domain $ForestInfo."
Section -Style Heading3 "Enterprise Subordinate Certificate Authority" {
Section -Style Heading2 "Enterprise Subordinate Certificate Authority" {
Paragraph "The following section provides the Enterprise Subordinate CA information."
BlankLine
$OutObj = @()
Expand All @@ -41,12 +41,16 @@ function Get-AbrADCASubordinate {
'Config String' = $CA.ConfigString
'Operating System' = $CA.OperatingSystem
'Certificate' = $CA.Certificate
'Auditing' = &{
(Find-AuditingIssue -ADCSObjects (Get-ADCSObject $ForestInfo) | Where-Object {$_.Name -eq $CA.DisplayName}).Issue
}
'Status' = $CA.ServiceStatus
}
$OutObj = [pscustomobject]$inobj

if ($HealthCheck.CA.Status) {
$OutObj | Where-Object { $_.'Service Status' -notlike 'Running'} | Set-Style -Style Critical -Property 'Service Status'
$OutObj | Where-Object { $_.'Auditing' -notlike 'Running'} | Set-Style -Style Critical -Property 'Auditing'
}

$TableParams = @{
Expand Down
2 changes: 0 additions & 2 deletions Src/Private/Get-AbrADCASummary.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,9 +25,7 @@ function Get-AbrADCASummary {
process {
$OutObj = @()
if ($ForestInfo) {
Write-PscriboMessage "Discovering Active Directory Certification Authority information in $($ForestInfo.toUpper())."
foreach ($CA in $CAs) {
Write-PscriboMessage "Discovered '$(($CAs | Measure-Object).Count)' Active Directory Certification Authority in domain $ForestInfo."
try {
Write-PscriboMessage "Collecting AD Certification Authority Summary information of $($CA.DisplayName)."
$inObj = [ordered] @{
Expand Down
11 changes: 5 additions & 6 deletions Src/Private/Get-AbrADCATemplate.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ function Get-AbrADCATemplate {
.DESCRIPTION
.NOTES
Version: 0.7.9
Version: 0.7.15
Author: Jonathan Colon
Twitter: @jcolonfzenpr
Github: rebelinux
Expand All @@ -30,7 +30,7 @@ function Get-AbrADCATemplate {
$Templates = Get-CATemplate -CertificationAuthority $CA.ComputerName | Select-Object -ExpandProperty Templates
if ($Templates) {
try {
Section -Style Heading4 "Certificate Template Summary" {
Section -Style Heading3 "Certificate Template Summary" {
Paragraph "The following section provides the certificate templates that are assigned to a specified Certification Authority (CA). CA server can issue certificates only based on assigned templates."
BlankLine
$OutObj = @()
Expand Down Expand Up @@ -61,14 +61,14 @@ function Get-AbrADCATemplate {
$OutObj | Sort-Object -Property 'Template Name' | Table @TableParams
if ($InfoLevel.CA -ge 3) {
try {
Section -Style Heading5 "Issued Certificate Template ACLs" {
Section -Style Heading4 "Issued Certificate Template ACLs" {
Paragraph "The following section provides the certificate templates Access Control List that are assigned to a specified Certification Authority (CA)."
BlankLine
foreach ($Template in $Templates) {
try {
$Rights = Get-CertificateTemplateAcl -Template $Template.Name | Select-Object -ExpandProperty Access
if ($Rights) {
Section -ExcludeFromTOC -Style NOTOCHeading6 "$($Template.DisplayName)" {
Section -ExcludeFromTOC -Style NOTOCHeading5 "$($Template.DisplayName)" {
$OutObj = @()
foreach ($Right in $Rights) {
try {
Expand Down Expand Up @@ -110,11 +110,10 @@ function Get-AbrADCATemplate {
try {
$Templates = Get-CertificateTemplate
if ($Templates) {
Section -Style Heading5 "Certificate Template In Active Directory" {
Section -Style Heading4 "Certificate Template In Active Directory" {
Paragraph "The following section provides registered certificate templates from Active Directory."
BlankLine
$OutObj = @()
Write-PscriboMessage "Discovered '$(($Templates | Measure-Object).Count)' Certification Authority Template in domain $ForestInfo."
foreach ($Template in $Templates) {
try {
Write-PscriboMessage "Collecting $($Template.DisplayName) Certificate Template In Active Directory."
Expand Down
7 changes: 4 additions & 3 deletions Src/Private/Get-AbrADDCDiag.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ function Get-AbrADDCDiag {
.DESCRIPTION
.NOTES
Version: 0.7.7
Version: 0.7.15
Author: Jonathan Colon
Twitter: @jcolonfzenpr
Github: rebelinux
Expand All @@ -32,10 +32,9 @@ function Get-AbrADDCDiag {
process {
if ($DC) {
try {
Write-PscriboMessage "Discovering Active Directory DCDiag information for DC $DC."
$DCDIAG = Invoke-DcDiag -DomainController $DC
if ($DCDIAG) {
Section -ExcludeFromTOC -Style NOTOCHeading5 $($DC.ToString().split('.')[0].ToUpper()) {
Section -ExcludeFromTOC -Style NOTOCHeading4 $($DC.ToString().split('.')[0].ToUpper()) {
$OutObj = @()
$Description = @{
"Advertising" = "Validates this Domain Controller can be correctly located through the KDC service. It does not validate the Kerberos tickets answer or the communication through the TCP and UDP port 88.", 'High'
Expand Down Expand Up @@ -90,6 +89,8 @@ function Get-AbrADDCDiag {
}
$OutObj | Sort-Object -Property 'Entity' | Table @TableParams
}
} else {
Write-PscriboMessage "No DCDiag information found, disabling section"
}
}
catch {
Expand Down
8 changes: 2 additions & 6 deletions Src/Private/Get-AbrADDCRoleFeature.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ function Get-AbrADDCRoleFeature {
.DESCRIPTION
.NOTES
Version: 0.7.14
Version: 0.7.15
Author: Jonathan Colon
Twitter: @jcolonfzenpr
Github: rebelinux
Expand All @@ -28,12 +28,10 @@ function Get-AbrADDCRoleFeature {
}

process {
Write-PscriboMessage "Collecting AD Domain Controller Role & Features information for domain $Domain"
try {
$DCPssSession = New-PSSession $DC -Credential $Credential -Authentication $Options.PSDefaultAuthentication -Name 'ADDCRoleFeature'
if ($DCPssSession) {
Write-PscriboMessage "Discovered Active Directory DC Role & Features information of $DC."
Section -ExcludeFromTOC -Style NOTOCHeading6 $($DC.ToString().ToUpper().Split(".")[0]) {
Section -ExcludeFromTOC -Style NOTOCHeading5 $($DC.ToString().ToUpper().Split(".")[0]) {
$OutObj = @()
$Features = Invoke-Command -Session $DCPssSession -ScriptBlock {Get-WindowsFeature | Where-Object {$_.installed -eq "True" -and $_.FeatureType -eq 'Role'}}
Remove-PSSession -Session $DCPssSession
Expand All @@ -53,9 +51,7 @@ function Get-AbrADDCRoleFeature {
}

if ($HealthCheck.DomainController.BestPractice) {

$OutObj | Where-Object {$_.'Name' -notin @('Active Directory Domain Services','DNS Server','File and Storage Services','DHCP Server')} | Set-Style -Style Warning

}

$TableParams = @{
Expand Down
Loading

0 comments on commit c4c118d

Please sign in to comment.