From 229c279d3e6bf6d0ae3bdf677a740b579714c688 Mon Sep 17 00:00:00 2001 From: Jonathan Colon Date: Sat, 22 Jan 2022 00:46:08 -0400 Subject: [PATCH 01/23] Added fix for table caption warning message also added more try/catch statements --- Src/Private/Get-AbrADCAAIA.ps1 | 53 ++-- Src/Private/Get-AbrADCACRLSetting.ps1 | 165 +++++----- Src/Private/Get-AbrADCACryptographyConfig.ps1 | 47 +-- Src/Private/Get-AbrADDomain.ps1 | 70 +++-- Src/Private/Get-AbrADDomainObject.ps1 | 284 ++++++++++-------- Src/Private/Get-AbrADFSMO.ps1 | 63 ++-- Src/Private/Get-AbrADForest.ps1 | 131 ++++---- Src/Private/Get-AbrADSiteReplication.ps1 | 164 +++++----- Src/Private/Get-AbrADTrust.ps1 | 74 +++-- 9 files changed, 576 insertions(+), 475 deletions(-) diff --git a/Src/Private/Get-AbrADCAAIA.ps1 b/Src/Private/Get-AbrADCAAIA.ps1 index 9ffc3c6..20a6b39 100644 --- a/Src/Private/Get-AbrADCAAIA.ps1 +++ b/Src/Private/Get-AbrADCAAIA.ps1 @@ -31,33 +31,38 @@ function Get-AbrADCAAIA { $CAs = Get-CertificationAuthority -Enterprise if ($CAs) {Write-PscriboMessage "Discovered '$(($CAs | Measure-Object).Count)' Active Directory Certification Authority in forest $ForestInfo."} foreach ($CA in $CAs) { - Section -Style Heading5 "$($CA.Name) AIA" { - Paragraph "The following section provides the Certification Authority Authority Information Access information." - BlankLine - $OutObj = @() - Write-PscriboMessage "Collecting AD CA Authority Information Access information on $CA." - $AIA = Get-AuthorityInformationAccess -CertificationAuthority $CA - foreach ($URI in $AIA.URI) { - $inObj = [ordered] @{ - 'Reg URI' = $URI.RegURI - 'Config URI' = $URI.ConfigURI - 'Flags' = ConvertTo-EmptyToFiller ($URI.Flags -join ", ") - 'Server Publish' = ConvertTo-TextYN $URI.ServerPublish - 'Include To Extension' = ConvertTo-TextYN $URI.IncludeToExtension - 'OCSP' = ConvertTo-TextYN $URI.OCSP + try { + Section -Style Heading5 "$($CA.Name) AIA" { + Paragraph "The following section provides the Certification Authority Authority Information Access information." + BlankLine + $OutObj = @() + Write-PscriboMessage "Collecting AD CA Authority Information Access information on $CA." + $AIA = Get-AuthorityInformationAccess -CertificationAuthority $CA + foreach ($URI in $AIA.URI) { + $inObj = [ordered] @{ + 'Reg URI' = $URI.RegURI + 'Config URI' = $URI.ConfigURI + 'Flags' = ConvertTo-EmptyToFiller ($URI.Flags -join ", ") + 'Server Publish' = ConvertTo-TextYN $URI.ServerPublish + 'Include To Extension' = ConvertTo-TextYN $URI.IncludeToExtension + 'OCSP' = ConvertTo-TextYN $URI.OCSP + } + $OutObj += [pscustomobject]$inobj } - $OutObj += [pscustomobject]$inobj - } - $TableParams = @{ - Name = "Authority Information Access - $($CA.Name)" - List = $true - ColumnWidths = 40, 60 - } - if ($Report.ShowTableCaptions) { - $TableParams['Caption'] = "- $($TableParams.Name)" + $TableParams = @{ + Name = "Authority Information Access - $($CA.Name)" + List = $true + ColumnWidths = 40, 60 + } + if ($Report.ShowTableCaptions) { + $TableParams['Caption'] = "- $($TableParams.Name)" + } + $OutObj | Table @TableParams } - $OutObj | Table @TableParams + } + catch { + Write-PscriboMessage -IsWarning "$($_.Exception.Message) (Authority Information Access)" } } } diff --git a/Src/Private/Get-AbrADCACRLSetting.ps1 b/Src/Private/Get-AbrADCACRLSetting.ps1 index e87b2af..01cb54d 100644 --- a/Src/Private/Get-AbrADCACRLSetting.ps1 +++ b/Src/Private/Get-AbrADCACRLSetting.ps1 @@ -35,17 +35,22 @@ function Get-AbrADCACRLSetting { $CAs = Get-CertificationAuthority -Enterprise if ($CAs) {Write-PscriboMessage "Discovered '$(($CAs | Measure-Object).Count)' Active Directory Certification Authority in forest $ForestInfo."} foreach ($CA in $CAs) { - Write-PscriboMessage "Collecting AD CA CRL Validity Period information on $CA." - $CRLs = Get-CRLValidityPeriod -CertificationAuthority $CA - foreach ($VP in $CRLs) { - $inObj = [ordered] @{ - 'CA Name' = $VP.Name - 'Base CRL' = $VP.BaseCRL - 'Base CRL Overlap' = $VP.BaseCRLOverlap - 'Delta CRL' = $VP.DeltaCRL - 'Delta CRL Overlap' = $VP.DeltaCRLOverlap + try { + Write-PscriboMessage "Collecting AD CA CRL Validity Period information on $CA." + $CRLs = Get-CRLValidityPeriod -CertificationAuthority $CA + foreach ($VP in $CRLs) { + $inObj = [ordered] @{ + 'CA Name' = $VP.Name + 'Base CRL' = $VP.BaseCRL + 'Base CRL Overlap' = $VP.BaseCRLOverlap + 'Delta CRL' = $VP.DeltaCRL + 'Delta CRL Overlap' = $VP.DeltaCRLOverlap + } + $OutObj += [pscustomobject]$inobj } - $OutObj += [pscustomobject]$inobj + } + catch { + Write-PscriboMessage -IsWarning $_.Exception.Message } } @@ -59,77 +64,97 @@ function Get-AbrADCACRLSetting { } $OutObj | Table @TableParams } - Section -Style Heading5 "CRL Flags Settings" { - Paragraph "The following section provides the Certification Authority CRL Flags information." - BlankLine - $OutObj = @() - Write-PscriboMessage "Discovering Active Directory Certification Authority information on $($ForestInfo.toUpper())." - $CAs = Get-CertificationAuthority -Enterprise - if ($CAs) {Write-PscriboMessage "Discovered '$(($CAs | Measure-Object).Count)' Active Directory Certification Authority in forest $ForestInfo."} - foreach ($CA in $CAs) { - Write-PscriboMessage "Collecting AD CA CRL Distribution Point information on $CA." - $CRLs = Get-CertificateRevocationListFlag -CertificationAuthority $CA - foreach ($Flag in $CRLs) { - $inObj = [ordered] @{ - 'CA Name' = $Flag.Name - 'Server Name' = $Flag.ComputerName.ToString().ToUpper().Split(".")[0] - 'CRL Flags' = $Flag.CRLFlags + try { + Section -Style Heading5 "CRL Flags Settings" { + Paragraph "The following section provides the Certification Authority CRL Flags information." + BlankLine + $OutObj = @() + Write-PscriboMessage "Discovering Active Directory Certification Authority information on $($ForestInfo.toUpper())." + $CAs = Get-CertificationAuthority -Enterprise + if ($CAs) {Write-PscriboMessage "Discovered '$(($CAs | Measure-Object).Count)' Active Directory Certification Authority in forest $ForestInfo."} + foreach ($CA in $CAs) { + try { + Write-PscriboMessage "Collecting AD CA CRL Distribution Point information on $CA." + $CRLs = Get-CertificateRevocationListFlag -CertificationAuthority $CA + foreach ($Flag in $CRLs) { + $inObj = [ordered] @{ + 'CA Name' = $Flag.Name + 'Server Name' = $Flag.ComputerName.ToString().ToUpper().Split(".")[0] + 'CRL Flags' = $Flag.CRLFlags + } + $OutObj += [pscustomobject]$inobj + } + } + catch { + Write-PscriboMessage -IsWarning $_.Exception.Message } - $OutObj += [pscustomobject]$inobj } - } - $TableParams = @{ - Name = "CRL Flags - $($ForestInfo.toUpper())" - List = $false - ColumnWidths = 40, 25, 35 - } - if ($Report.ShowTableCaptions) { - $TableParams['Caption'] = "- $($TableParams.Name)" + $TableParams = @{ + Name = "CRL Flags - $($ForestInfo.toUpper())" + List = $false + ColumnWidths = 40, 25, 35 + } + if ($Report.ShowTableCaptions) { + $TableParams['Caption'] = "- $($TableParams.Name)" + } + $OutObj | Table @TableParams } - $OutObj | Table @TableParams } - Section -Style Heading5 "CRL Distribution Point" { - Paragraph "The following section provides the Certification Authority CRL Distribution Point information." - BlankLine - Write-PscriboMessage "Discovering Active Directory Certification Authority information on $($ForestInfo.toUpper())." - $CAs = Get-CertificationAuthority -Enterprise - if ($CAs) {Write-PscriboMessage "Discovered '$(($CAs | Measure-Object).Count)' Active Directory Certification Authority in forest $ForestInfo."} - foreach ($CA in $CAs) { - Section -Style Heading6 "$($CA.Name) Distribution Point" { - Paragraph "The following section provides the Certification Authority CRL Distribution Point information." - BlankLine - $OutObj = @() - Write-PscriboMessage "Collecting AD CA CRL Distribution Point information on $CA." - $CRL = Get-CRLDistributionPoint -CertificationAuthority $CA - foreach ($URI in $CRL.URI) { - $inObj = [ordered] @{ - 'Reg URI' = $URI.RegURI - 'Config URI' = $URI.ConfigURI - 'Url Scheme' = $URI.UrlScheme - 'ProjectedURI' = $URI.ProjectedURI - 'Flags' = ConvertTo-EmptyToFiller ($URI.Flags -join ", ") - 'CRL Publish' = ConvertTo-TextYN $URI.IncludeToExtension - 'Delta CRL Publish' = ConvertTo-TextYN $URI.DeltaCRLPublish - 'Add To Cert CDP' = ConvertTo-TextYN $URI.AddToCertCDP - 'Add To Fresh est CRL' = ConvertTo-TextYN $URI.AddToFreshestCRL - 'Add To Crl cdp' = ConvertTo-TextYN $URI.AddToCrlcdp - } - $OutObj += [pscustomobject]$inobj - } + catch { + Write-PscriboMessage -IsWarning $_.Exception.Message + } + try { + Section -Style Heading5 "CRL Distribution Point" { + Paragraph "The following section provides the Certification Authority CRL Distribution Point information." + BlankLine + Write-PscriboMessage "Discovering Active Directory Certification Authority information on $($ForestInfo.toUpper())." + $CAs = Get-CertificationAuthority -Enterprise + if ($CAs) {Write-PscriboMessage "Discovered '$(($CAs | Measure-Object).Count)' Active Directory Certification Authority in forest $ForestInfo."} + foreach ($CA in $CAs) { + try { + Section -Style Heading6 "$($CA.Name) Distribution Point" { + Paragraph "The following section provides the Certification Authority CRL Distribution Point information." + BlankLine + $OutObj = @() + Write-PscriboMessage "Collecting AD CA CRL Distribution Point information on $CA." + $CRL = Get-CRLDistributionPoint -CertificationAuthority $CA + foreach ($URI in $CRL.URI) { + $inObj = [ordered] @{ + 'Reg URI' = $URI.RegURI + 'Config URI' = $URI.ConfigURI + 'Url Scheme' = $URI.UrlScheme + 'ProjectedURI' = $URI.ProjectedURI + 'Flags' = ConvertTo-EmptyToFiller ($URI.Flags -join ", ") + 'CRL Publish' = ConvertTo-TextYN $URI.IncludeToExtension + 'Delta CRL Publish' = ConvertTo-TextYN $URI.DeltaCRLPublish + 'Add To Cert CDP' = ConvertTo-TextYN $URI.AddToCertCDP + 'Add To Fresh est CRL' = ConvertTo-TextYN $URI.AddToFreshestCRL + 'Add To Crl cdp' = ConvertTo-TextYN $URI.AddToCrlcdp + } + $OutObj += [pscustomobject]$inobj + } - $TableParams = @{ - Name = "CRL Distribution Point - $($CA.Name)" - List = $true - ColumnWidths = 40, 60 + $TableParams = @{ + Name = "CRL Distribution Point - $($CA.Name)" + List = $true + ColumnWidths = 40, 60 + } + if ($Report.ShowTableCaptions) { + $TableParams['Caption'] = "- $($TableParams.Name)" + } + $OutObj | Table @TableParams + } } - if ($Report.ShowTableCaptions) { - $TableParams['Caption'] = "- $($TableParams.Name)" + catch { + Write-PscriboMessage -IsWarning $_.Exception.Message } - $OutObj | Table @TableParams } } } + catch { + Write-PscriboMessage -IsWarning $_.Exception.Message + } } } catch { diff --git a/Src/Private/Get-AbrADCACryptographyConfig.ps1 b/Src/Private/Get-AbrADCACryptographyConfig.ps1 index 6321fc5..bd7f640 100644 --- a/Src/Private/Get-AbrADCACryptographyConfig.ps1 +++ b/Src/Private/Get-AbrADCACryptographyConfig.ps1 @@ -32,29 +32,34 @@ function Get-AbrADCACryptographyConfig { $CAs = Get-CertificationAuthority -Enterprise if ($CAs) {Write-PscriboMessage "Discovered '$(($CAs | Measure-Object).Count)' Active Directory Certification Authority in forest $ForestInfo."} foreach ($CA in $CAs) { - Write-PscriboMessage "Collecting AD Certification Authority Summary information of $CA." - $CryptoConfig = Get-CACryptographyConfig -CertificationAuthority $CA - $inObj = [ordered] @{ - 'CA Name' = $CryptoConfig.Name - 'Server Name' = $CryptoConfig.ComputerName.ToString().ToUpper().Split(".")[0] - 'PublicKey Algorithm' = $CryptoConfig.PublicKeyAlgorithm | Select-Object -ExpandProperty FriendlyName - 'Hashing Algorithm' = ($CryptoConfig.HashingAlgorithm | Select-Object -ExpandProperty FriendlyName).ToUpper() - 'Provider Name' = $CryptoConfig.ProviderName - 'Alternate Signature Algorithm' = ConvertTo-TextYN $CryptoConfig.AlternateSignatureAlgorithm - 'Provider Is CNG' = ConvertTo-TextYN $CryptoConfig.ProviderIsCNG - } - $OutObj += [pscustomobject]$inobj - } + try { + Write-PscriboMessage "Collecting AD Certification Authority Summary information of $CA." + $CryptoConfig = Get-CACryptographyConfig -CertificationAuthority $CA + $inObj = [ordered] @{ + 'CA Name' = $CryptoConfig.Name + 'Server Name' = $CryptoConfig.ComputerName.ToString().ToUpper().Split(".")[0] + 'PublicKey Algorithm' = $CryptoConfig.PublicKeyAlgorithm | Select-Object -ExpandProperty FriendlyName + 'Hashing Algorithm' = ($CryptoConfig.HashingAlgorithm | Select-Object -ExpandProperty FriendlyName).ToUpper() + 'Provider Name' = $CryptoConfig.ProviderName + 'Alternate Signature Algorithm' = ConvertTo-TextYN $CryptoConfig.AlternateSignatureAlgorithm + 'Provider Is CNG' = ConvertTo-TextYN $CryptoConfig.ProviderIsCNG + } + $OutObj = [pscustomobject]$inobj - $TableParams = @{ - Name = "Cryptography Configuration - $($ForestInfo.ToString().ToUpper())" - List = $true - ColumnWidths = 40, 60 - } - if ($Report.ShowTableCaptions) { - $TableParams['Caption'] = "- $($TableParams.Name)" + $TableParams = @{ + Name = "Cryptography Configuration - $($ForestInfo.ToString().ToUpper())" + List = $true + ColumnWidths = 40, 60 + } + if ($Report.ShowTableCaptions) { + $TableParams['Caption'] = "- $($TableParams.Name)" + } + $OutObj | Table @TableParams + } + catch { + Write-PscriboMessage -IsWarning $_.Exception.Message + } } - $OutObj | Table @TableParams } } catch { diff --git a/Src/Private/Get-AbrADDomain.ps1 b/Src/Private/Get-AbrADDomain.ps1 index 79dd36b..dd13315 100644 --- a/Src/Private/Get-AbrADDomain.ps1 +++ b/Src/Private/Get-AbrADDomain.ps1 @@ -33,45 +33,43 @@ function Get-AbrADDomain { process { $OutObj = @() if ($Domain) { - foreach ($Item in $Domain) { - try { - $DomainInfo = Invoke-Command -Session $Session {Get-ADDomain $using:Item -ErrorAction Stop} - Write-PscriboMessage "Discovered Active Directory Domain information of domain $Domain." - if ($DomainInfo) { - Write-PscriboMessage "Collectin Domain information of '$($DomainInfo.Name)'." - $inObj = [ordered] @{ - 'Domain Name' = $DomainInfo.Name - 'NetBIOS Name' = $DomainInfo.NetBIOSName - 'Domain SID' = $DomainInfo.DomainSID - 'Domain Functional Level' = $DomainInfo.DomainMode - 'Domains' = ConvertTo-EmptyToFiller $DomainInfo.Domains - 'Forest' = $DomainInfo.Forest - 'Parent Domain' = ConvertTo-EmptyToFiller $DomainInfo.ParentDomain - 'Replica Directory Servers' = $DomainInfo.ReplicaDirectoryServers - 'Child Domains' = ConvertTo-EmptyToFiller $DomainInfo.ChildDomains - 'Domain Path' = ConvertTo-ADCanonicalName -DN $DomainInfo.DistinguishedName -Credential $Cred -Domain $Item - 'Computers Container' = ConvertTo-ADCanonicalName -DN $DomainInfo.ComputersContainer -Credential $Cred -Domain $Item - 'Domain Controllers Container' = ConvertTo-ADCanonicalName -DN $DomainInfo.DomainControllersContainer -Credential $Cred -Domain $Item - 'Systems Container' = ConvertTo-ADCanonicalName -DN $DomainInfo.SystemsContainer -Credential $Cred -Domain $Item - 'Users Container' = ConvertTo-ADCanonicalName -DN $DomainInfo.UsersContainer -Credential $Cred -Domain $Item - 'ReadOnly Replica Directory Servers' = ConvertTo-EmptyToFiller $DomainInfo.ReadOnlyReplicaDirectoryServers - } - $OutObj += [pscustomobject]$inobj + try { + $DomainInfo = Invoke-Command -Session $Session {Get-ADDomain $using:Domain -ErrorAction Stop} + Write-PscriboMessage "Discovered Active Directory Domain information of domain $Domain." + if ($DomainInfo) { + Write-PscriboMessage "Collecting Domain information of '$($DomainInfo)'." + $inObj = [ordered] @{ + 'Domain Name' = $DomainInfo.Name + 'NetBIOS Name' = $DomainInfo.NetBIOSName + 'Domain SID' = $DomainInfo.DomainSID + 'Domain Functional Level' = $DomainInfo.DomainMode + 'Domains' = ConvertTo-EmptyToFiller $DomainInfo.Domains + 'Forest' = $DomainInfo.Forest + 'Parent Domain' = ConvertTo-EmptyToFiller $DomainInfo.ParentDomain + 'Replica Directory Servers' = $DomainInfo.ReplicaDirectoryServers + 'Child Domains' = ConvertTo-EmptyToFiller $DomainInfo.ChildDomains + 'Domain Path' = ConvertTo-ADCanonicalName -DN $DomainInfo.DistinguishedName -Credential $Cred -Domain $Domain + 'Computers Container' = ConvertTo-ADCanonicalName -DN $DomainInfo.ComputersContainer -Credential $Cred -Domain $Domain + 'Domain Controllers Container' = ConvertTo-ADCanonicalName -DN $DomainInfo.DomainControllersContainer -Credential $Cred -Domain $Domain + 'Systems Container' = ConvertTo-ADCanonicalName -DN $DomainInfo.SystemsContainer -Credential $Cred -Domain $Domain + 'Users Container' = ConvertTo-ADCanonicalName -DN $DomainInfo.UsersContainer -Credential $Cred -Domain $Domain + 'ReadOnly Replica Directory Servers' = ConvertTo-EmptyToFiller $DomainInfo.ReadOnlyReplicaDirectoryServers } - } - catch { - Write-PscriboMessage -IsWarning "$($_.Exception.Message) (AD Domain Summary)" - } + $OutObj += [pscustomobject]$inobj - $TableParams = @{ - Name = "AD Domain Summary Information - $($Domain.ToString().ToUpper())" - List = $true - ColumnWidths = 40, 60 - } - if ($Report.ShowTableCaptions) { - $TableParams['Caption'] = "- $($TableParams.Name)" + $TableParams = @{ + Name = "AD Domain Summary Information - $($Domain.ToString().ToUpper())" + List = $true + ColumnWidths = 40, 60 + } + if ($Report.ShowTableCaptions) { + $TableParams['Caption'] = "- $($TableParams.Name)" + } + $OutObj | Table @TableParams } - if ($OutObj) {$OutObj | Table @TableParams} + } + catch { + Write-PscriboMessage -IsWarning "$($_.Exception.Message) (AD Domain Summary)" } } } diff --git a/Src/Private/Get-AbrADDomainObject.ps1 b/Src/Private/Get-AbrADDomainObject.ps1 index fb95480..769e909 100644 --- a/Src/Private/Get-AbrADDomainObject.ps1 +++ b/Src/Private/Get-AbrADDomainObject.ps1 @@ -5,7 +5,7 @@ function Get-AbrADDomainObject { .DESCRIPTION .NOTES - Version: 0.5.0 + Version: 0.6.2 Author: Jonathan Colon Twitter: @jcolonfzenpr Github: rebelinux @@ -32,21 +32,21 @@ function Get-AbrADDomainObject { process { if ($InfoLevel.Domain -ge 2) { - Section -Style Heading5 'Domain Object Count' { - Paragraph "The following section provides a summary of the Active Directory Object Count on $($Domain.ToString().ToUpper())." - BlankLine - $OutObj = @() - if ($Domain) { - foreach ($Item in $Domain) { - Write-PscriboMessage "Collecting the Active Directory Object Count of domain $Item." + try { + Section -Style Heading5 'Domain Object Count' { + Paragraph "The following section provides a summary of the Active Directory Object Count on $($Domain.ToString().ToUpper())." + BlankLine + $OutObj = @() + if ($Domain) { + Write-PscriboMessage "Collecting the Active Directory Object Count of domain $Domain." try { $DC = Invoke-Command -Session $Session {Get-ADDomain -Identity $using:Domain | Select-Object -ExpandProperty ReplicaDirectoryServers | Select-Object -First 1} $DCPssSession = New-PSSession $DC -Credential $Cred -Authentication Default - $Computers = Invoke-Command -Session $DCPssSession {(Get-ADComputer -Filter * -Searchbase (Get-ADDomain -Identity $using:Item).distinguishedName) | Measure-Object} - $Servers = Invoke-Command -Session $DCPssSession {(Get-ADComputer -Filter { OperatingSystem -like "Windows Ser*"} -Property OperatingSystem -Searchbase (Get-ADDomain -Identity $using:Item).distinguishedName) | Measure-Object} - $Users = Invoke-Command -Session $DCPssSession {(Get-ADUser -filter * -Searchbase (Get-ADDomain -Identity $using:Item).distinguishedName) | Measure-Object} - $PrivilegedUsers = Invoke-Command -Session $DCPssSession {(Get-ADUser -filter {AdminCount -eq "1"} -Properties AdminCount -Searchbase (Get-ADDomain -Identity $using:Item).distinguishedName) | Measure-Object} - $Group = Invoke-Command -Session $DCPssSession {(Get-ADGroup -filter * -Searchbase (Get-ADDomain -Identity $using:Item).distinguishedName) | Measure-Object} + $Computers = Invoke-Command -Session $DCPssSession {(Get-ADComputer -Filter * -Searchbase (Get-ADDomain -Identity $using:Domain).distinguishedName) | Measure-Object} + $Servers = Invoke-Command -Session $DCPssSession {(Get-ADComputer -Filter { OperatingSystem -like "Windows Ser*"} -Property OperatingSystem -Searchbase (Get-ADDomain -Identity $using:Domain).distinguishedName) | Measure-Object} + $Users = Invoke-Command -Session $DCPssSession {(Get-ADUser -filter * -Searchbase (Get-ADDomain -Identity $using:Domain).distinguishedName) | Measure-Object} + $PrivilegedUsers = Invoke-Command -Session $DCPssSession {(Get-ADUser -filter {AdminCount -eq "1"} -Properties AdminCount -Searchbase (Get-ADDomain -Identity $using:Domain).distinguishedName) | Measure-Object} + $Group = Invoke-Command -Session $DCPssSession {(Get-ADGroup -filter * -Searchbase (Get-ADDomain -Identity $using:Domain).distinguishedName) | Measure-Object} $DomainController = Invoke-Command -Session $DCPssSession {(Get-ADDomainController -filter *) | Select-Object name | Measure-Object} $GC = Invoke-Command -Session $DCPssSession {(Get-ADDomainController -filter {IsGlobalCatalog -eq "True"}) | Select-Object name | Measure-Object} Remove-PSSession -Session $DCPssSession @@ -60,111 +60,126 @@ function Get-AbrADDomainObject { 'Groups' = $Group.Count } $OutObj += [pscustomobject]$inobj + + $TableParams = @{ + Name = "Active Directory Object Count - $($Domain.ToString().ToUpper())" + List = $true + ColumnWidths = 40, 60 + } + if ($Report.ShowTableCaptions) { + $TableParams['Caption'] = "- $($TableParams.Name)" + } + $OutObj | Table @TableParams } catch { Write-PscriboMessage -IsWarning "$($_.Exception.Message) (Domain Object Count)" } } - - $TableParams = @{ - Name = "Active Directory Object Count Information - $($Domain.ToString().ToUpper())" - List = $true - ColumnWidths = 40, 60 - } - if ($Report.ShowTableCaptions) { - $TableParams['Caption'] = "- $($TableParams.Name)" - } - if ($OutObj) {$OutObj | Table @TableParams} } } + catch { + Write-PscriboMessage -IsWarning "$($_.Exception.Message) (Domain Object Count)" + } } - Section -Style Heading5 'Default Domain Password Policy' { - Paragraph "The following section provides a summary of the Default Domain Password Policy on $($Domain.ToString().ToUpper())." - BlankLine - $OutObj = @() - if ($Domain) { - foreach ($Item in $Domain) { + try { + Section -Style Heading5 'Default Domain Password Policy' { + Paragraph "The following section provides a summary of the Default Domain Password Policy on $($Domain.ToString().ToUpper())." + BlankLine + $OutObj = @() + if ($Domain) { Write-PscriboMessage "Collecting the Active Directory Default Domain Password Policy of domain $Item." try { - $PasswordPolicy = Invoke-Command -Session $Session {Get-ADDefaultDomainPasswordPolicy -Identity $using:Item} - $inObj = [ordered] @{ - 'Domain Name' = $Item - 'Complexity Enabled' = ConvertTo-TextYN $PasswordPolicy.ComplexityEnabled - 'Path' = ConvertTo-ADCanonicalName -DN $PasswordPolicy.DistinguishedName -Credential $Cred -Domain $Domain - 'Lockout Duration' = $PasswordPolicy.LockoutDuration.toString("dd' days 'hh' hours 'mm' minutes 'ss' seconds'") - 'Lockout Threshold' = $PasswordPolicy.LockoutThreshold - 'Lockout Observation Window' = $PasswordPolicy.LockoutObservationWindow.toString("dd' days 'hh' hours 'mm' minutes 'ss' seconds'") - 'Max Password Age' = $PasswordPolicy.MaxPasswordAge.toString("dd' days 'hh' hours 'mm' minutes 'ss' seconds'") - 'Min Password Age' = $PasswordPolicy.MinPasswordAge.toString("dd' days 'hh' hours 'mm' minutes 'ss' seconds'") - 'Min Password Length' = $PasswordPolicy.MinPasswordLength - 'Password History Count' = $PasswordPolicy.PasswordHistoryCount - 'Reversible Encryption Enabled' = ConvertTo-TextYN $PasswordPolicy.ReversibleEncryptionEnabled + $PasswordPolicy = Invoke-Command -Session $Session {Get-ADDefaultDomainPasswordPolicy -Identity $using:Domain} + if ($PasswordPolicy) { + $inObj = [ordered] @{ + 'Domain Name' = $Item + 'Complexity Enabled' = ConvertTo-TextYN $PasswordPolicy.ComplexityEnabled + 'Path' = ConvertTo-ADCanonicalName -DN $PasswordPolicy.DistinguishedName -Credential $Cred -Domain $Domain + 'Lockout Duration' = $PasswordPolicy.LockoutDuration.toString("dd' days 'hh' hours 'mm' minutes 'ss' seconds'") + 'Lockout Threshold' = $PasswordPolicy.LockoutThreshold + 'Lockout Observation Window' = $PasswordPolicy.LockoutObservationWindow.toString("dd' days 'hh' hours 'mm' minutes 'ss' seconds'") + 'Max Password Age' = $PasswordPolicy.MaxPasswordAge.toString("dd' days 'hh' hours 'mm' minutes 'ss' seconds'") + 'Min Password Age' = $PasswordPolicy.MinPasswordAge.toString("dd' days 'hh' hours 'mm' minutes 'ss' seconds'") + 'Min Password Length' = $PasswordPolicy.MinPasswordLength + 'Password History Count' = $PasswordPolicy.PasswordHistoryCount + 'Reversible Encryption Enabled' = ConvertTo-TextYN $PasswordPolicy.ReversibleEncryptionEnabled + } + $OutObj += [pscustomobject]$inobj + + $TableParams = @{ + Name = "Default Domain Password Policy - $($Domain.ToString().ToUpper())" + List = $true + ColumnWidths = 40, 60 + } + if ($Report.ShowTableCaptions) { + $TableParams['Caption'] = "- $($TableParams.Name)" + } + $OutObj | Table @TableParams } - $OutObj += [pscustomobject]$inobj } catch { Write-PscriboMessage -IsWarning "$($_.Exception.Message) (Default Domain Password Policy)" } } - - $TableParams = @{ - Name = "Default Domain Password Policy Information - $($Domain.ToString().ToUpper())" - List = $true - ColumnWidths = 40, 60 - } - if ($Report.ShowTableCaptions) { - $TableParams['Caption'] = "- $($TableParams.Name)" - } - if ($OutObj) {$OutObj | Table @TableParams} } } + catch { + Write-PscriboMessage -IsWarning $($_.Exception.Message) + } if ($InfoLevel.Domain -ge 2) { try { - Section -Style Heading5 'Fined Grained Password Policies' { - Paragraph "The following section provides a summary of the Fined Grained Password Policies on $($Domain.ToString().ToUpper())." - BlankLine - $OutObj = @() - if ($Domain) { - foreach ($Item in $Domain) { - Write-PscriboMessage "Collecting the Active Directory Fined Grained Password Policies of domain $Item." - $DC = Invoke-Command -Session $Session {Get-ADDomain -Identity $using:Item | Select-Object -ExpandProperty PDCEmulator} - $DCPssSession = New-PSSession $DC -Credential $Cred -Authentication Default - $PasswordPolicy = Invoke-Command -Session $DCPssSession {Get-ADFineGrainedPasswordPolicy -Filter {Name -like "*"} -Properties * -Searchbase (Get-ADDomain -Identity $using:Domain).distinguishedName} - foreach ($FGPP in $PasswordPolicy) { - $Accounts = @() - foreach ($ADObject in $FGPP.AppliesTo) { - $Accounts += Invoke-Command -Session $DCPssSession {Get-ADObject $using:ADObject -Properties * | Select-Object -ExpandProperty sAMAccountName } - } - $inObj = [ordered] @{ - 'Password Setting Name' = $FGPP.Name - 'Domain Name' = $Item - 'Complexity Enabled' = ConvertTo-TextYN $FGPP.ComplexityEnabled - 'Path' = ConvertTo-ADCanonicalName -DN $FGPP.DistinguishedName -Credential $Cred -Domain $Domain - 'Lockout Duration' = $FGPP.LockoutDuration.toString("dd' days 'hh' hours 'mm' minutes 'ss' seconds'") - 'Lockout Threshold' = $FGPP.LockoutThreshold - 'Lockout Observation Window' = $FGPP.LockoutObservationWindow.toString("dd' days 'hh' hours 'mm' minutes 'ss' seconds'") - 'Max Password Age' = $FGPP.MaxPasswordAge.toString("dd' days 'hh' hours 'mm' minutes 'ss' seconds'") - 'Min Password Age' = $FGPP.MinPasswordAge.toString("dd' days 'hh' hours 'mm' minutes 'ss' seconds'") - 'Min Password Length' = $FGPP.MinPasswordLength - 'Password History Count' = $FGPP.PasswordHistoryCount - 'Reversible Encryption Enabled' = ConvertTo-TextYN $FGPP.ReversibleEncryptionEnabled - 'Precedence' = $FGPP.Precedence - 'Applies To' = $Accounts -join ", " + if ($Domain) { + foreach ($Item in $Domain) { + Write-PscriboMessage "Collecting the Active Directory Fined Grained Password Policies of domain $Item." + $DC = Invoke-Command -Session $Session {Get-ADDomain -Identity $using:Item | Select-Object -ExpandProperty PDCEmulator} + $DCPssSession = New-PSSession $DC -Credential $Cred -Authentication Default + $PasswordPolicy = Invoke-Command -Session $DCPssSession {Get-ADFineGrainedPasswordPolicy -Filter {Name -like "*"} -Properties * -Searchbase (Get-ADDomain -Identity $using:Domain).distinguishedName} + if ($PasswordPolicy) { + Section -Style Heading5 'Fined Grained Password Policies' { + Paragraph "The following section provides a summary of the Fined Grained Password Policies on $($Domain.ToString().ToUpper())." + BlankLine + $OutObj = @() + foreach ($FGPP in $PasswordPolicy) { + try { + $Accounts = @() + foreach ($ADObject in $FGPP.AppliesTo) { + $Accounts += Invoke-Command -Session $DCPssSession {Get-ADObject $using:ADObject -Properties * | Select-Object -ExpandProperty sAMAccountName } + } + $inObj = [ordered] @{ + 'Password Setting Name' = $FGPP.Name + 'Domain Name' = $Item + 'Complexity Enabled' = ConvertTo-TextYN $FGPP.ComplexityEnabled + 'Path' = ConvertTo-ADCanonicalName -DN $FGPP.DistinguishedName -Credential $Cred -Domain $Domain + 'Lockout Duration' = $FGPP.LockoutDuration.toString("dd' days 'hh' hours 'mm' minutes 'ss' seconds'") + 'Lockout Threshold' = $FGPP.LockoutThreshold + 'Lockout Observation Window' = $FGPP.LockoutObservationWindow.toString("dd' days 'hh' hours 'mm' minutes 'ss' seconds'") + 'Max Password Age' = $FGPP.MaxPasswordAge.toString("dd' days 'hh' hours 'mm' minutes 'ss' seconds'") + 'Min Password Age' = $FGPP.MinPasswordAge.toString("dd' days 'hh' hours 'mm' minutes 'ss' seconds'") + 'Min Password Length' = $FGPP.MinPasswordLength + 'Password History Count' = $FGPP.PasswordHistoryCount + 'Reversible Encryption Enabled' = ConvertTo-TextYN $FGPP.ReversibleEncryptionEnabled + 'Precedence' = $FGPP.Precedence + 'Applies To' = $Accounts -join ", " + } + $OutObj = [pscustomobject]$inobj + + $TableParams = @{ + Name = "Fined Grained Password Policies - $($FGPP.Name)" + List = $true + ColumnWidths = 40, 60 + } + if ($Report.ShowTableCaptions) { + $TableParams['Caption'] = "- $($TableParams.Name)" + } + $OutObj | Table @TableParams + } + catch { + Write-PscriboMessage -IsWarning $($_.Exception.Message) + } } - $OutObj += [pscustomobject]$inobj } Remove-PSSession -Session $DCPssSession } - - $TableParams = @{ - Name = "Fined Grained Password Policies Information - $($Domain.ToString().ToUpper())" - List = $true - ColumnWidths = 40, 60 - } - if ($Report.ShowTableCaptions) { - $TableParams['Caption'] = "- $($TableParams.Name)" - } - if ($OutObj) {$OutObj | Table @TableParams} } } } @@ -173,10 +188,7 @@ function Get-AbrADDomainObject { } } if ($InfoLevel.Domain -ge 2) { - Section -Style Heading5 'Group Managed Service Accounts (GMSA)' { - Paragraph "The following section provides a summary of the Group Managed Service Accounts on $($Domain.ToString().ToUpper())." - BlankLine - $OutObj = @() + try { if ($Domain) { foreach ($Item in $Domain) { Write-PScriboMessage "Collecting the Active Directory Group Managed Service Accounts for $Item." @@ -185,46 +197,60 @@ function Get-AbrADDomainObject { $DCPssSession = New-PSSession $DC -Credential $Cred -Authentication Default Write-PScriboMessage "Collecting the Active Directory Group Managed Service Accounts from DC $DC." $GMSA = Invoke-Command -Session $DCPssSession {Get-ADServiceAccount -Filter * -Properties *} - foreach ($Account in $GMSA) { - $inObj = [ordered] @{ - 'Name' = $Account.Name - 'SamAccountName' = $Account.SamAccountName - 'Created' = $Account.Created - 'Enabled' = ConvertTo-TextYN $Account.Enabled - 'DNS Host Name' = $Account.DNSHostName - 'Host Computers' = (ConvertTo-ADObjectName -DN $Account.HostComputers -Session $DCPssSession) -join ", " - 'Retrieve Managed Password' = (ConvertTo-ADObjectName $Account.PrincipalsAllowedToRetrieveManagedPassword -Session $DCPssSession) -join ", " - 'Primary Group' = (ConvertTo-ADObjectName $Account.PrimaryGroup -Session $DCPssSession) -join ", " - 'Last Logon Date' = $Account.LastLogonDate - 'Locked Out' = ConvertTo-TextYN $Account.LockedOut - 'Logon Count' = $Account.logonCount - 'Password Expired' = ConvertTo-TextYN $Account.PasswordExpired - 'Password Last Set' = $Account.PasswordLastSet + if ($GMSA) { + Section -Style Heading5 'Group Managed Service Accounts (GMSA)' { + Paragraph "The following section provides a summary of the Group Managed Service Accounts on $($Domain.ToString().ToUpper())." + BlankLine + $OutObj = @() + foreach ($Account in $GMSA) { + try { + $inObj = [ordered] @{ + 'Name' = $Account.Name + 'SamAccountName' = $Account.SamAccountName + 'Created' = $Account.Created + 'Enabled' = ConvertTo-TextYN $Account.Enabled + 'DNS Host Name' = $Account.DNSHostName + 'Host Computers' = (ConvertTo-ADObjectName -DN $Account.HostComputers -Session $DCPssSession) -join ", " + 'Retrieve Managed Password' = (ConvertTo-ADObjectName $Account.PrincipalsAllowedToRetrieveManagedPassword -Session $DCPssSession) -join ", " + 'Primary Group' = (ConvertTo-ADObjectName $Account.PrimaryGroup -Session $DCPssSession) -join ", " + 'Last Logon Date' = $Account.LastLogonDate + 'Locked Out' = ConvertTo-TextYN $Account.LockedOut + 'Logon Count' = $Account.logonCount + 'Password Expired' = ConvertTo-TextYN $Account.PasswordExpired + 'Password Last Set' = $Account.PasswordLastSet + } + $OutObj = [pscustomobject]$inobj + + if ($HealthCheck.Domain.GMSA) { + $OutObj | Where-Object { $_.'Enabled' -notlike 'Yes'} | Set-Style -Style Warning -Property 'Enabled' + } + + $TableParams = @{ + Name = "Group Managed Service Accounts - $($Account.Name)" + List = $true + ColumnWidths = 40, 60 + } + if ($Report.ShowTableCaptions) { + $TableParams['Caption'] = "- $($TableParams.Name)" + } + $OutObj | Table @TableParams + } + catch { + Write-PscriboMessage -IsWarning "$($_.Exception.Message) (Group Managed Service Accounts)" + } + } } - $OutObj += [pscustomobject]$inobj } - Remove-PSSession -Session $DCPssSession } catch { Write-PscriboMessage -IsWarning "$($_.Exception.Message) (Group Managed Service Accounts)" } } - - if ($HealthCheck.Domain.GMSA) { - $OutObj | Where-Object { $_.'Enabled' -notlike 'Yes'} | Set-Style -Style Warning -Property 'Enabled' - } - - $TableParams = @{ - Name = "Group Managed Service Accounts Information - $($Domain.ToString().ToUpper())" - List = $true - ColumnWidths = 40, 60 - } - if ($Report.ShowTableCaptions) { - $TableParams['Caption'] = "- $($TableParams.Name)" - } - if ($OutObj) {$OutObj | Table @TableParams} } } + catch { + Write-PscriboMessage -IsWarning $($_.Exception.Message) + } } } diff --git a/Src/Private/Get-AbrADFSMO.ps1 b/Src/Private/Get-AbrADFSMO.ps1 index b3d1c90..3804033 100644 --- a/Src/Private/Get-AbrADFSMO.ps1 +++ b/Src/Private/Get-AbrADFSMO.ps1 @@ -5,7 +5,7 @@ function Get-AbrADFSMO { .DESCRIPTION .NOTES - Version: 0.5.0 + Version: 0.6.2 Author: Jonathan Colon Twitter: @jcolonfzenpr Github: rebelinux @@ -29,39 +29,44 @@ function Get-AbrADFSMO { } process { - Section -Style Heading5 'Flexible Single Master Operations (FSMO)' { - Paragraph "The following section provides a summary of the Active Directory FSMO for Domain $($Domain.ToString().ToUpper())." - BlankLine - $OutObj = @() - if ($Domain) { - try { - $DomainData = Invoke-Command -Session $Session {Get-ADDomain $using:Domain | Select-Object InfrastructureMaster, RIDMaster, PDCEmulator} - $ForestData = Invoke-Command -Session $Session {Get-ADForest $using:Domain | Select-Object DomainNamingMaster, SchemaMaster} - Write-PscriboMessage "Discovered Active Directory FSMO information of domain $Domain." - $inObj = [ordered] @{ - 'Infrastructure Master Server' = $DomainData.InfrastructureMaster - 'RID Master Server' = $DomainData.RIDMaster - 'PDC Emulator Name' = $DomainData.PDCEmulator - 'Domain Naming Master Server' = $ForestData.DomainNamingMaster - 'Schema Master Server' = $ForestData.SchemaMaster + try { + Section -Style Heading5 'Flexible Single Master Operations (FSMO)' { + Paragraph "The following section provides a summary of the Active Directory FSMO for Domain $($Domain.ToString().ToUpper())." + BlankLine + $OutObj = @() + if ($Domain) { + try { + $DomainData = Invoke-Command -Session $Session {Get-ADDomain $using:Domain | Select-Object InfrastructureMaster, RIDMaster, PDCEmulator} + $ForestData = Invoke-Command -Session $Session {Get-ADForest $using:Domain | Select-Object DomainNamingMaster, SchemaMaster} + Write-PscriboMessage "Discovered Active Directory FSMO information of domain $Domain." + $inObj = [ordered] @{ + 'Infrastructure Master Server' = $DomainData.InfrastructureMaster + 'RID Master Server' = $DomainData.RIDMaster + 'PDC Emulator Name' = $DomainData.PDCEmulator + 'Domain Naming Master Server' = $ForestData.DomainNamingMaster + 'Schema Master Server' = $ForestData.SchemaMaster + } + $OutObj += [pscustomobject]$inobj + } + catch { + Write-PscriboMessage -IsWarning "$($_.Exception.Message) (Flexible Single Master Operations)" } - $OutObj += [pscustomobject]$inobj - } - catch { - Write-PscriboMessage -IsWarning "$($_.Exception.Message) (Flexible Single Master Operations)" - } - $TableParams = @{ - Name = "FSMO Server Information - $($Domain)" - List = $true - ColumnWidths = 40, 60 - } - if ($Report.ShowTableCaptions) { - $TableParams['Caption'] = "- $($TableParams.Name)" + $TableParams = @{ + Name = "FSMO Server Information - $($Domain)" + List = $true + ColumnWidths = 40, 60 + } + if ($Report.ShowTableCaptions) { + $TableParams['Caption'] = "- $($TableParams.Name)" + } + $OutObj | Table @TableParams } - $OutObj | Table @TableParams } } + catch { + Write-PscriboMessage -IsWarning "$($_.Exception.Message) (Flexible Single Master Operations)" + } } end {} diff --git a/Src/Private/Get-AbrADForest.ps1 b/Src/Private/Get-AbrADForest.ps1 index 2ea88ed..6d52c35 100644 --- a/Src/Private/Get-AbrADForest.ps1 +++ b/Src/Private/Get-AbrADForest.ps1 @@ -5,7 +5,7 @@ function Get-AbrADForest { .DESCRIPTION .NOTES - Version: 0.5.0 + Version: 0.6.2 Author: Jonathan Colon Twitter: @jcolonfzenpr Github: rebelinux @@ -27,72 +27,44 @@ function Get-AbrADForest { } process { - $Data = Invoke-Command -Session $Session {Get-ADForest} - $ForestInfo = $Data.RootDomain.toUpper() - Write-PscriboMessage "Discovered Active Directory information of forest $ForestInfo." - $DomainDN = Invoke-Command -Session $Session {(Get-ADDomain -Identity (Get-ADForest | Select-Object -ExpandProperty RootDomain )).DistinguishedName} - $TombstoneLifetime = Invoke-Command -Session $Session {Get-ADObject "CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,$using:DomainDN" -Properties tombstoneLifetime | Select-Object -ExpandProperty tombstoneLifetime} - $ADVersion = Invoke-Command -Session $Session {Get-ADObject (Get-ADRootDSE).schemaNamingContext -property objectVersion | Select-Object -ExpandProperty objectVersion} - If ($ADVersion -eq '88') {$server = 'Windows Server 2019'} - ElseIf ($ADVersion -eq '87') {$server = 'Windows Server 2016'} - ElseIf ($ADVersion -eq '69') {$server = 'Windows Server 2012 R2'} - ElseIf ($ADVersion -eq '56') {$server = 'Windows Server 2012'} - ElseIf ($ADVersion -eq '47') {$server = 'Windows Server 2008 R2'} - ElseIf ($ADVersion -eq '44') {$server = 'Windows Server 2008'} - ElseIf ($ADVersion -eq '31') {$server = 'Windows Server 2003 R2'} - ElseIf ($ADVersion -eq '30') {$server = 'Windows Server 2003'} - $OutObj = @() - if ($Data) { - Write-PscriboMessage "Collecting Active Directory information of forest $ForestInfo." - foreach ($Item in $Data) { - $inObj = [ordered] @{ - 'Forest Name' = $Item.RootDomain - 'Forest Functional Level' = $Item.ForestMode - 'Schema Version' = "ObjectVersion $ADVersion, Correspond to $server" - 'Tombstone Lifetime (days)' = $TombstoneLifetime - 'Domains' = $Item.Domains -join '; ' - 'Global Catalogs' = $Item.GlobalCatalogs -join '; ' - 'Application Partitions' = $Item.ApplicationPartitions - 'PartitionsContainer' = [string]$Item.PartitionsContainer - 'SPN Suffixes' = ConvertTo-EmptyToFiller $Item.SPNSuffixes - 'UPN Suffixes' = ConvertTo-EmptyToFiller $Item.UPNSuffixes - } - $OutObj += [pscustomobject]$inobj - } - - $TableParams = @{ - Name = "AD Forest Summary Information - $($ForestInfo)" - List = $true - ColumnWidths = 40, 60 - } - if ($Report.ShowTableCaptions) { - $TableParams['Caption'] = "- $($TableParams.Name)" - } - $OutObj | Table @TableParams - } - Section -Style Heading5 'Optional Features' { - Paragraph "The following section provides a summary of the enabled Optional Features." - BlankLine - Write-PscriboMessage "Discovering Optional Features enabled on forest $ForestInfo." - $Data = Invoke-Command -Session $Session {Get-ADOptionalFeature -Filter *} + try { + $Data = Invoke-Command -Session $Session {Get-ADForest} + $ForestInfo = $Data.RootDomain.toUpper() + Write-PscriboMessage "Discovered Active Directory information of forest $ForestInfo." + $DomainDN = Invoke-Command -Session $Session {(Get-ADDomain -Identity (Get-ADForest | Select-Object -ExpandProperty RootDomain )).DistinguishedName} + $TombstoneLifetime = Invoke-Command -Session $Session {Get-ADObject "CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,$using:DomainDN" -Properties tombstoneLifetime | Select-Object -ExpandProperty tombstoneLifetime} + $ADVersion = Invoke-Command -Session $Session {Get-ADObject (Get-ADRootDSE).schemaNamingContext -property objectVersion | Select-Object -ExpandProperty objectVersion} + If ($ADVersion -eq '88') {$server = 'Windows Server 2019'} + ElseIf ($ADVersion -eq '87') {$server = 'Windows Server 2016'} + ElseIf ($ADVersion -eq '69') {$server = 'Windows Server 2012 R2'} + ElseIf ($ADVersion -eq '56') {$server = 'Windows Server 2012'} + ElseIf ($ADVersion -eq '47') {$server = 'Windows Server 2008 R2'} + ElseIf ($ADVersion -eq '44') {$server = 'Windows Server 2008'} + ElseIf ($ADVersion -eq '31') {$server = 'Windows Server 2003 R2'} + ElseIf ($ADVersion -eq '30') {$server = 'Windows Server 2003'} $OutObj = @() if ($Data) { - Write-PscriboMessage "Discovered Optional Features enabled on forest $ForestInfo." + Write-PscriboMessage "Collecting Active Directory information of forest $ForestInfo." foreach ($Item in $Data) { - Write-PscriboMessage "Collecting Optional Features '$($Item.Name)'" - $Forest = Invoke-Command -Session $Session {Get-ADForest} $inObj = [ordered] @{ - 'Name' = $Item.Name - 'Required Forest Mode' = $Item.RequiredForestMode - 'Forest' = $Forest.RootDomain.toUpper() + 'Forest Name' = $Item.RootDomain + 'Forest Functional Level' = $Item.ForestMode + 'Schema Version' = "ObjectVersion $ADVersion, Correspond to $server" + 'Tombstone Lifetime (days)' = $TombstoneLifetime + 'Domains' = $Item.Domains -join '; ' + 'Global Catalogs' = $Item.GlobalCatalogs -join '; ' + 'Application Partitions' = $Item.ApplicationPartitions + 'PartitionsContainer' = [string]$Item.PartitionsContainer + 'SPN Suffixes' = ConvertTo-EmptyToFiller $Item.SPNSuffixes + 'UPN Suffixes' = ConvertTo-EmptyToFiller $Item.UPNSuffixes } $OutObj += [pscustomobject]$inobj } $TableParams = @{ - Name = "Active Directory Enabled Optional Features Information - $($ForestInfo)" - List = $false - ColumnWidths = 40, 30, 30 + Name = "AD Forest Summary Information - $($ForestInfo)" + List = $true + ColumnWidths = 40, 60 } if ($Report.ShowTableCaptions) { $TableParams['Caption'] = "- $($TableParams.Name)" @@ -100,6 +72,49 @@ function Get-AbrADForest { $OutObj | Table @TableParams } } + catch { + Write-PscriboMessage -IsWarning $_.Exception.Message + } + try { + Section -Style Heading5 'Optional Features' { + Paragraph "The following section provides a summary of the enabled Optional Features." + BlankLine + Write-PscriboMessage "Discovering Optional Features enabled on forest $ForestInfo." + $Data = Invoke-Command -Session $Session {Get-ADOptionalFeature -Filter *} + $OutObj = @() + if ($Data) { + Write-PscriboMessage "Discovered Optional Features enabled on forest $ForestInfo." + foreach ($Item in $Data) { + try { + Write-PscriboMessage "Collecting Optional Features '$($Item.Name)'" + $Forest = Invoke-Command -Session $Session {Get-ADForest} + $inObj = [ordered] @{ + 'Name' = $Item.Name + 'Required Forest Mode' = $Item.RequiredForestMode + 'Forest' = $Forest.RootDomain.toUpper() + } + $OutObj += [pscustomobject]$inobj + } + catch { + Write-PscriboMessage -IsWarning $_.Exception.Message + } + } + + $TableParams = @{ + Name = "Active Directory Enabled Optional Features Information - $($ForestInfo)" + List = $false + ColumnWidths = 40, 30, 30 + } + if ($Report.ShowTableCaptions) { + $TableParams['Caption'] = "- $($TableParams.Name)" + } + $OutObj | Table @TableParams + } + } + } + catch { + Write-PscriboMessage -IsWarning $_.Exception.Message + } } end {} diff --git a/Src/Private/Get-AbrADSiteReplication.ps1 b/Src/Private/Get-AbrADSiteReplication.ps1 index 2ffdb06..021b77c 100644 --- a/Src/Private/Get-AbrADSiteReplication.ps1 +++ b/Src/Private/Get-AbrADSiteReplication.ps1 @@ -30,99 +30,109 @@ function Get-AbrADSiteReplication { process { Write-PscriboMessage "Collecting AD Domain Sites Replication Summary. (Sites Replication)" - Section -Style Heading5 'Sites Replication' { - Paragraph "The following section provides a summary of the Active Directory Site Replication information." - BlankLine - $OutObj = @() - if ($Domain) { - Write-PscriboMessage "Discovering Active Directory Sites Replication information on $Domain. (Sites Replication)" - foreach ($Item in $Domain) { - try { - # TODO Why is this working? only God knows! (Investigate) - $DCs = Invoke-Command -Session $Session -ScriptBlock {Get-ADDomain -Identity $using:Item | Select-Object -ExpandProperty ReplicaDirectoryServers} - foreach ($DC in $DCs) { + if ($Domain) { + Write-PscriboMessage "Discovering Active Directory Sites Replication information on $Domain. (Sites Replication)" + try { + # TODO Why is this working? only God knows! (Investigate) + Section -Style Heading5 'Sites Replication' { + Paragraph "The following section provides a summary of the Active Directory Site Replication information." + BlankLine + $OutObj = @() + $DCs = Invoke-Command -Session $Session -ScriptBlock {Get-ADDomain -Identity $using:Domain | Select-Object -ExpandProperty ReplicaDirectoryServers} + foreach ($DC in $DCs) { + try { $Replication = Invoke-Command -Session $Session -ScriptBlock {Get-ADReplicationConnection -Server $using:DC -Properties *} - if ($Replication) {Write-PscriboMessage "Collecting Active Directory Sites Replication information on $DC. (Sites Replication)"} - foreach ($Repl in $Replication) { - $inObj = [ordered] @{ - 'DC Name' = $DC.ToString().ToUpper().Split(".")[0] - 'GUID' = $Repl.ObjectGUID - 'Description' = ConvertTo-EmptyToFiller $Repl.Description - 'Replicate From Directory Server' = ConvertTo-ADObjectName $Repl.ReplicateFromDirectoryServer.Split(",", 2)[1] -Session $Session - 'Replicate To Directory Server' = ConvertTo-ADObjectName $Repl.ReplicateToDirectoryServer -Session $Session - 'Replicated Naming Contexts' = $Repl.ReplicatedNamingContexts - 'Transport Protocol' = $Repl.InterSiteTransportProtocol - 'AutoGenerated' = ConvertTo-TextYN $Repl.AutoGenerated - 'Enabled' = ConvertTo-TextYN $Repl.enabledConnection - 'Created' = ($Repl.Created).ToUniversalTime().toString("r") + if ($Replication) { + Write-PscriboMessage "Collecting Active Directory Sites Replication information on $DC. (Sites Replication)" + foreach ($Repl in $Replication) { + $inObj = [ordered] @{ + 'DC Name' = $DC.ToString().ToUpper().Split(".")[0] + 'GUID' = $Repl.ObjectGUID + 'Description' = ConvertTo-EmptyToFiller $Repl.Description + 'Replicate From Directory Server' = ConvertTo-ADObjectName $Repl.ReplicateFromDirectoryServer.Split(",", 2)[1] -Session $Session + 'Replicate To Directory Server' = ConvertTo-ADObjectName $Repl.ReplicateToDirectoryServer -Session $Session + 'Replicated Naming Contexts' = $Repl.ReplicatedNamingContexts + 'Transport Protocol' = $Repl.InterSiteTransportProtocol + 'AutoGenerated' = ConvertTo-TextYN $Repl.AutoGenerated + 'Enabled' = ConvertTo-TextYN $Repl.enabledConnection + 'Created' = ($Repl.Created).ToUniversalTime().toString("r") + } + $OutObj = [pscustomobject]$inobj + + if ($HealthCheck.Site.Replication) { + $OutObj | Where-Object { $_.'Enabled' -ne 'Yes'} | Set-Style -Style Warning -Property 'Enabled' + } + + $TableParams = @{ + Name = "Site Replication Information - $($DC.ToString().ToUpper().Split(".")[0])" + List = $true + ColumnWidths = 40, 60 + } + if ($Report.ShowTableCaptions) { + $TableParams['Caption'] = "- $($TableParams.Name)" + } + $OutObj | Table @TableParams } } - $OutObj += [pscustomobject]$inobj + } + catch { + Write-PscriboMessage -IsWarning "$($_.Exception.Message) (Site Replication)" } } - catch { - Write-PscriboMessage -IsWarning "$($_.Exception.Message) (Site Replication)" - } - } - - if ($HealthCheck.Site.Replication) { - $OutObj | Where-Object { $_.'Enabled' -ne 'Yes'} | Set-Style -Style Warning -Property 'Enabled' } - - $TableParams = @{ - Name = "Site Replication Information - $($Domain.ToString().ToUpper())" - List = $true - ColumnWidths = 40, 60 - } - if ($Report.ShowTableCaptions) { - $TableParams['Caption'] = "- $($TableParams.Name)" - } - $OutObj | Table @TableParams + } + catch { + Write-PscriboMessage -IsWarning "$($_.Exception.Message) (Site Replication)" } } - if (($HealthCheck.Site.Replication) -and (Invoke-Command -Session $Session -ScriptBlock {Get-ADReplicationFailure -Target $using:Domain -Scope Domain})) { - Write-PscriboMessage "Discovering Active Directory Sites Replication Failure on $Domain. (Sites Replication Failure)" - Section -Style Heading5 'Sites Replication Failure' { - Paragraph "The following section provides a summary of the Active Directory Site Replication Failure information." - BlankLine + try { + if (($HealthCheck.Site.Replication) -and (Invoke-Command -Session $Session -ScriptBlock {Get-ADReplicationFailure -Target $using:Domain -Scope Domain})) { + Write-PscriboMessage "Discovering Active Directory Sites Replication Failure on $Domain. (Sites Replication Failure)" $OutObj = @() - foreach ($Item in $Domain) { - try { - Write-PscriboMessage "Discovered Active Directory Sites Replication Failure on $Item. (Sites Replication Failure)" - $Failures = Invoke-Command -Session $Session -ScriptBlock {Get-ADReplicationFailure -Target $using:Domain -Scope Domain} + Write-PscriboMessage "Discovered Active Directory Sites Replication Failure on $Domain. (Sites Replication Failure)" + $Failures = Invoke-Command -Session $Session -ScriptBlock {Get-ADReplicationFailure -Target $using:Domain -Scope Domain} + if ($Failures) { + Section -Style Heading5 'Sites Replication Failure' { + Paragraph "The following section provides a summary of the Active Directory Site Replication Failure information." + BlankLine foreach ($Fails in $Failures) { - Write-PscriboMessage "Collecting Active Directory Sites Replication Failure on '$($Fails.Server)'. (Sites Replication Failure)" - $inObj = [ordered] @{ - 'Server Name' = $Fails.Server.Split(".", 2)[0] - 'Partner' = ConvertTo-ADObjectName $Fails.Partner.Split(",", 2)[1] -Session $Session - 'Last Error' = $Fails.LastError - 'Failure Type' = $Fails.FailureType - 'Failure Count' = $Fails.FailureCount - 'First Failure Time' = ($Fails.FirstFailureTime).ToUniversalTime().toString("r") + try { + Write-PscriboMessage "Collecting Active Directory Sites Replication Failure on '$($Fails.Server)'. (Sites Replication Failure)" + $inObj = [ordered] @{ + 'Server Name' = $Fails.Server.Split(".", 2)[0] + 'Partner' = ConvertTo-ADObjectName $Fails.Partner.Split(",", 2)[1] -Session $Session + 'Last Error' = $Fails.LastError + 'Failure Type' = $Fails.FailureType + 'Failure Count' = $Fails.FailureCount + 'First Failure Time' = ($Fails.FirstFailureTime).ToUniversalTime().toString("r") + } + $OutObj = [pscustomobject]$inobj + + if ($HealthCheck.Site.Replication) { + $OutObj | Where-Object {$NULL -notlike $_.'Last Error'} | Set-Style -Style Warning -Property 'Last Error', 'Failure Type', 'Failure Count', 'First Failure Time' } - $OutObj += [pscustomobject]$inobj + + $TableParams = @{ + Name = "Site Replication Failure Information - $($Fails.Server.ToUpper().Split(".", 2)[0])" + List = $true + ColumnWidths = 40, 60 + } + if ($Report.ShowTableCaptions) { + $TableParams['Caption'] = "- $($TableParams.Name)" + } + $OutObj | Table @TableParams + } + catch { + Write-PscriboMessage -IsWarning "$($_.Exception.Message) (Site Replication Failure)" + } } } - catch { - Write-PscriboMessage -IsWarning "$($_.Exception.Message) (Site Replication Failure)" - } } - - if ($HealthCheck.Site.Replication) { - $OutObj | Where-Object {$NULL -notlike $_.'Last Error'} | Set-Style -Style Warning -Property 'Last Error', 'Failure Type', 'Failure Count', 'First Failure Time' - } - - $TableParams = @{ - Name = "Site Replication Failure Information - $($Domain.ToString().ToUpper())" - List = $true - ColumnWidths = 40, 60 - } - if ($Report.ShowTableCaptions) { - $TableParams['Caption'] = "- $($TableParams.Name)" - } - $OutObj | Table @TableParams } } + catch { + Write-PscriboMessage -IsWarning "$($_.Exception.Message) (Site Replication Failure)" + } } end {} diff --git a/Src/Private/Get-AbrADTrust.ps1 b/Src/Private/Get-AbrADTrust.ps1 index 0370808..f61c551 100644 --- a/Src/Private/Get-AbrADTrust.ps1 +++ b/Src/Private/Get-AbrADTrust.ps1 @@ -5,7 +5,7 @@ function Get-AbrADTrust { .DESCRIPTION .NOTES - Version: 0.5.0 + Version: 0.6.2 Author: Jonathan Colon Twitter: @jcolonfzenpr Github: rebelinux @@ -31,9 +31,7 @@ function Get-AbrADTrust { } process { - Section -Style Heading5 'Domain and Trusts' { - Paragraph "The following section provides a summary of Active Directory Trust information on $($Domain.ToString().ToUpper())." - BlankLine + try { $OutObj = @() if ($Domain) { try { @@ -41,40 +39,54 @@ function Get-AbrADTrust { Write-PScriboMessage "Discovered '$(($DC | Measure-Object).Count)' Active Directory Domain Controller in domain $Domain." $DCPssSession = New-PSSession $DC -Credential $Cred -Authentication Default $Trusts = Invoke-Command -Session $DCPssSession {Get-ADTrust -Filter *} - if ($Trusts) {Write-PScriboMessage "Discovered created trusts in domain $Domain"} - foreach ($Trust in $Trusts) { - Write-PscriboMessage "Collecting Active Directory Domain Trust information from $($Trust.Name)" - $inObj = [ordered] @{ - 'Name' = $Trust.Name - 'Path' = ConvertTo-ADCanonicalName -DN $Trust.DistinguishedName -Credential $Cred -Domain $Domain - 'Source' = ConvertTo-ADObjectName $Trust.Source -Session $DCPssSession - 'Target' = $Trust.Target - 'Direction' = $Trust.Direction - 'IntraForest' = ConvertTo-TextYN $Trust.IntraForest - 'Selective Authentication' = ConvertTo-TextYN $Trust.SelectiveAuthentication - 'SID Filtering Forest Aware' = ConvertTo-TextYN $Trust.SIDFilteringForestAware - 'SID Filtering Quarantined' = ConvertTo-TextYN $Trust.SIDFilteringQuarantined - 'Trust Type' = $Trust.TrustType - 'Uplevel Only' = ConvertTo-TextYN $Trust.UplevelOnly + if ($Trusts) { + Section -Style Heading5 'Domain and Trusts' { + Paragraph "The following section provides a summary of Active Directory Trust information on $($Domain.ToString().ToUpper())." + BlankLine + Write-PScriboMessage "Discovered created trusts in domain $Domain" + foreach ($Trust in $Trusts) { + try { + Write-PscriboMessage "Collecting Active Directory Domain Trust information from $($Trust.Name)" + $inObj = [ordered] @{ + 'Name' = $Trust.Name + 'Path' = ConvertTo-ADCanonicalName -DN $Trust.DistinguishedName -Credential $Cred -Domain $Domain + 'Source' = ConvertTo-ADObjectName $Trust.Source -Session $DCPssSession + 'Target' = $Trust.Target + 'Direction' = $Trust.Direction + 'IntraForest' = ConvertTo-TextYN $Trust.IntraForest + 'Selective Authentication' = ConvertTo-TextYN $Trust.SelectiveAuthentication + 'SID Filtering Forest Aware' = ConvertTo-TextYN $Trust.SIDFilteringForestAware + 'SID Filtering Quarantined' = ConvertTo-TextYN $Trust.SIDFilteringQuarantined + 'Trust Type' = $Trust.TrustType + 'Uplevel Only' = ConvertTo-TextYN $Trust.UplevelOnly + } + $OutObj = [pscustomobject]$inobj + + $TableParams = @{ + Name = "Active Directory Trusts Information - $($Domain.ToString().ToUpper())" + List = $true + ColumnWidths = 40, 60 + } + if ($Report.ShowTableCaptions) { + $TableParams['Caption'] = "- $($TableParams.Name)" + } + $OutObj | Table @TableParams + } + catch { + Write-PscriboMessage -IsWarning "$($_.Exception.Message) (Trust Summary)" + } + } } - $OutObj += [pscustomobject]$inobj + Remove-PSSession -Session $DCPssSession } - Remove-PSSession -Session $DCPssSession } catch { Write-PscriboMessage -IsWarning "$($_.Exception.Message) (Trust Summary)" - } } - - $TableParams = @{ - Name = "Active Directory Trusts Information - $($Domain.ToString().ToUpper())" - List = $true - ColumnWidths = 40, 60 } - if ($Report.ShowTableCaptions) { - $TableParams['Caption'] = "- $($TableParams.Name)" - } - $OutObj | Table @TableParams + } + catch { + Write-PscriboMessage -IsWarning "$($_.Exception.Message) (Trust Summary)" } } From c2074a22963ab7ba45c0af0abd351845c94de492 Mon Sep 17 00:00:00 2001 From: Jonathan Colon Date: Sat, 22 Jan 2022 21:47:06 -0400 Subject: [PATCH 02/23] Added a bunch of error catching --- Src/Private/Get-AbrADDCDiag.ps1 | 49 ++- Src/Private/Get-AbrADDCRoleFeature.ps1 | 21 +- Src/Private/Get-AbrADDomainController.ps1 | 212 +++++----- Src/Private/Get-AbrADDomainObject.ps1 | 3 +- Src/Private/Get-AbrADGPO.ps1 | 368 ++++++++++-------- .../Get-AbrADInfrastructureService.ps1 | 23 +- Src/Private/Get-AbrADOU.ps1 | 161 ++++---- Src/Private/Get-AbrADSite.ps1 | 165 ++++---- Src/Private/Get-AbrADSiteReplication.ps1 | 60 +-- Src/Private/Get-AbrADTrust.ps1 | 2 +- 10 files changed, 575 insertions(+), 489 deletions(-) diff --git a/Src/Private/Get-AbrADDCDiag.ps1 b/Src/Private/Get-AbrADDCDiag.ps1 index e530cb0..50b0d05 100644 --- a/Src/Private/Get-AbrADDCDiag.ps1 +++ b/Src/Private/Get-AbrADDCDiag.ps1 @@ -5,7 +5,7 @@ function Get-AbrADDCDiag { .DESCRIPTION .NOTES - Version: 0.5.0 + Version: 0.6.2 Author: Jonathan Colon Twitter: @jcolonfzenpr Github: rebelinux @@ -36,28 +36,35 @@ function Get-AbrADDCDiag { try { Write-PscriboMessage "Discovering Active Directory DCDiag information for DC $DC." $DCDIAG = Invoke-DcDiag -DomainController $DC - Write-PscriboMessage "Discovered Active Directory DCDiag information for DC $DC." - foreach ($Result in $DCDIAG) { - Write-PscriboMessage "Collecting Active Directory DCDiag test '$($Result.TestName)' for DC $DC." - $inObj = [ordered] @{ - 'DC Name' = $DC - 'Test Name' = $Result.TestName - 'Result' = $Result.TestResult + if ($DCDIAG) { + Write-PscriboMessage "Discovered Active Directory DCDiag information for DC $DC." + foreach ($Result in $DCDIAG) { + try { + Write-PscriboMessage "Collecting Active Directory DCDiag test '$($Result.TestName)' for DC $DC." + $inObj = [ordered] @{ + 'DC Name' = $DC + 'Test Name' = $Result.TestName + 'Result' = $Result.TestResult + } + $OutObj += [pscustomobject]$inobj + } + catch { + Write-PscriboMessage -IsWarning $_.Exception.Message + } } - $OutObj += [pscustomobject]$inobj - } - if ($HealthCheck.DomainController.Diagnostic) { - $OutObj | Where-Object { $_.'Result' -like 'failed'} | Set-Style -Style Critical -Property 'Result' - } - $TableParams = @{ - Name = "AD Domain Controller DCDiag Information - $($Domain.ToString().ToUpper())" - List = $false - ColumnWidths = 35, 35, 30 - } - if ($Report.ShowTableCaptions) { - $TableParams['Caption'] = "- $($TableParams.Name)" + if ($HealthCheck.DomainController.Diagnostic) { + $OutObj | Where-Object { $_.'Result' -like 'failed'} | Set-Style -Style Critical -Property 'Result' + } + $TableParams = @{ + Name = "AD Domain Controller DCDiag Information - $($Domain.ToString().ToUpper())" + List = $false + ColumnWidths = 35, 35, 30 + } + if ($Report.ShowTableCaptions) { + $TableParams['Caption'] = "- $($TableParams.Name)" + } + $OutObj | Table @TableParams } - $OutObj | Table @TableParams } catch { Write-PscriboMessage -IsWarning $_.Exception.Message diff --git a/Src/Private/Get-AbrADDCRoleFeature.ps1 b/Src/Private/Get-AbrADDCRoleFeature.ps1 index 313c19a..3631164 100644 --- a/Src/Private/Get-AbrADDCRoleFeature.ps1 +++ b/Src/Private/Get-AbrADDCRoleFeature.ps1 @@ -5,7 +5,7 @@ function Get-AbrADDCRoleFeature { .DESCRIPTION .NOTES - Version: 0.5.0 + Version: 0.6.2 Author: Jonathan Colon Twitter: @jcolonfzenpr Github: rebelinux @@ -42,13 +42,18 @@ function Get-AbrADDCRoleFeature { $Features = Invoke-Command -Session $DCPssSession -ScriptBlock {Get-WindowsFeature | Where-Object {$_.installed -eq "True"}} Remove-PSSession -Session $DCPssSession foreach ($Feature in $Features) { - Write-PscriboMessage "Collecting DC Role & Features: $($Feature.DisplayName) on $DC." - $inObj = [ordered] @{ - 'Name' = $Feature.DisplayName - 'Parent' = $Feature.FeatureType - 'InstallState' = $Feature.Description + try { + Write-PscriboMessage "Collecting DC Role & Features: $($Feature.DisplayName) on $DC." + $inObj = [ordered] @{ + 'Name' = $Feature.DisplayName + 'Parent' = $Feature.FeatureType + 'InstallState' = $Feature.Description + } + $OutObj += [pscustomobject]$inobj + } + catch { + Write-PscriboMessage -IsWarning "$($_.Exception.Message) (Role & Features Item)" } - $OutObj += [pscustomobject]$inobj } $TableParams = @{ @@ -64,7 +69,7 @@ function Get-AbrADDCRoleFeature { } } catch { - Write-PscriboMessage -IsWarning "$($_.Exception.Message) (Role & Features)" + Write-PscriboMessage -IsWarning "$($_.Exception.Message) (Role & Features Section)" } } diff --git a/Src/Private/Get-AbrADDomainController.ps1 b/Src/Private/Get-AbrADDomainController.ps1 index 9cda877..5a354cd 100644 --- a/Src/Private/Get-AbrADDomainController.ps1 +++ b/Src/Private/Get-AbrADDomainController.ps1 @@ -5,7 +5,7 @@ function Get-AbrADDomainController { .DESCRIPTION .NOTES - Version: 0.5.0 + Version: 0.6.2 Author: Jonathan Colon Twitter: @jcolonfzenpr Github: rebelinux @@ -31,11 +31,11 @@ function Get-AbrADDomainController { } process { - $OutObj = @() - if ($Domain) { - foreach ($Item in $Domain) { - Write-PscriboMessage "Discovering Active Directory Domain Controller information in $Domain." - $DCs = Invoke-Command -Session $Session {Get-ADDomain -Identity $using:Item | Select-Object -ExpandProperty ReplicaDirectoryServers} + try { + $OutObj = @() + Write-PscriboMessage "Discovering Active Directory Domain Controller information from $Domain." + $DCs = Invoke-Command -Session $Session {Get-ADDomain -Identity $using:Domain | Select-Object -ExpandProperty ReplicaDirectoryServers} + if ($DCs) { foreach ($DC in $DCs) { Write-PscriboMessage "Discovered '$(($DCs | Measure-Object).Count)' Active Directory Domain Controller in domain $Domain." try { @@ -57,29 +57,32 @@ function Get-AbrADDomainController { Write-PscriboMessage -IsWarning "$($_.Exception.Message) (Domain Controller Summary)" } } - } - $TableParams = @{ - Name = "AD Domain Controller Summary Information - $($Domain.ToString().ToUpper())" - List = $false - ColumnWidths = 25, 25, 15, 10, 10, 15 - } - if ($Report.ShowTableCaptions) { - $TableParams['Caption'] = "- $($TableParams.Name)" + $TableParams = @{ + Name = "Domain Controller Summary - $($Domain.ToString().ToUpper())" + List = $false + ColumnWidths = 25, 25, 15, 10, 10, 15 + } + if ($Report.ShowTableCaptions) { + $TableParams['Caption'] = "- $($TableParams.Name)" + } + $OutObj | Table @TableParams } - $OutObj | Table @TableParams + } + catch { + Write-PscriboMessage -IsWarning "$($_.Exception.Message) (Domain Controller Summary)" } if ($InfoLevel.Domain -ge 2) { - Write-PscriboMessage "Collecting AD Domain Controller Hardware information for domain $Domain" - Section -Style Heading6 'Hardware Inventory' { - Paragraph "The following section provides a summary of the Domain Controller Hardware for $($Domain.ToString().ToUpper())." - BlankLine - $OutObj = @() - if ($Domain) { - foreach ($Item in $Domain) { - Write-PscriboMessage "Discovering Active Directory Domain Controller information in $Domain." - $DCs = Invoke-Command -Session $Session {Get-ADDomain -Identity $using:Item | Select-Object -ExpandProperty ReplicaDirectoryServers} + try { + Write-PscriboMessage "Collecting AD Domain Controller Hardware information for domain $Domain" + Section -Style Heading6 'Hardware Inventory' { + Paragraph "The following section provides a summary of the Domain Controller Hardware for $($Domain.ToString().ToUpper())." + BlankLine + $OutObj = @() + Write-PscriboMessage "Discovering Active Directory Domain Controller information in $Domain." + $DCs = Invoke-Command -Session $Session {Get-ADDomain -Identity $using:Domain | Select-Object -ExpandProperty ReplicaDirectoryServers} + if ($DCs) { Write-PscriboMessage "Discovered '$(($DCs | Measure-Object).Count)' Active Directory Domain Controller in domain $Domain." foreach ($DC in $DCs) { try { @@ -116,7 +119,17 @@ function Get-AbrADDomainController { 'Number of Logical Cores' = $HWCPU[0].NumberOfLogicalProcessors 'Physical Memory (GB)' = ConvertTo-FileSizeString $HW.CsTotalPhysicalMemory } - $OutObj += [pscustomobject]$inobj + $OutObj = [pscustomobject]$inobj + + $TableParams = @{ + Name = "Domain Controller Hardware - $($HW.CsDNSHostName.ToString().ToUpper())" + List = $true + ColumnWidths = 40, 60 + } + if ($Report.ShowTableCaptions) { + $TableParams['Caption'] = "- $($TableParams.Name)" + } + $OutObj | Table @TableParams } } catch { @@ -124,28 +137,21 @@ function Get-AbrADDomainController { } } } - - $TableParams = @{ - Name = "AD Domain Controller Hardware Information - $($Domain.ToString().ToUpper())" - List = $true - ColumnWidths = 40, 60 - } - if ($Report.ShowTableCaptions) { - $TableParams['Caption'] = "- $($TableParams.Name)" - } - $OutObj | Table @TableParams } } + catch { + Write-PscriboMessage -IsWarning "$($_.Exception.Message) (Domain Controller Summary)" + } } - Write-PscriboMessage "Collecting AD Domain Controller NTDS information." - Section -Style Heading6 'NTDS Information' { - Paragraph "The following section provides a summary of the Domain Controller NTDS file size on $($Domain.ToString().ToUpper())." - BlankLine - $OutObj = @() - if ($Domain) { - foreach ($Item in $Domain) { - Write-PscriboMessage "Discovering Active Directory Domain Controller information in $Domain." - $DCs = Invoke-Command -Session $Session {Get-ADDomain -Identity $using:Item | Select-Object -ExpandProperty ReplicaDirectoryServers} + try { + Write-PscriboMessage "Collecting AD Domain Controller NTDS information." + Section -Style Heading6 'NTDS Information' { + Paragraph "The following section provides a summary of the Domain Controller NTDS file size on $($Domain.ToString().ToUpper())." + BlankLine + $OutObj = @() + Write-PscriboMessage "Discovering Active Directory Domain Controller information in $Domain." + $DCs = Invoke-Command -Session $Session {Get-ADDomain -Identity $using:Domain | Select-Object -ExpandProperty ReplicaDirectoryServers} + if ($DCs) { Write-PscriboMessage "Discovered '$(($DCs | Measure-Object).Count)' Active Directory Domain Controller in domain $Domain." foreach ($DC in $DCs) { try { @@ -171,29 +177,31 @@ function Get-AbrADDomainController { Write-PscriboMessage -IsWarning "$($_.Exception.Message) (NTDS Summary)" } } - } - $TableParams = @{ - Name = "Domain Controller NTDS Database File Usage Information - $($Domain.ToString().ToUpper())" - List = $false - ColumnWidths = 20, 22, 14, 22, 22 - } - if ($Report.ShowTableCaptions) { - $TableParams['Caption'] = "- $($TableParams.Name)" + $TableParams = @{ + Name = "NTDS Database File Usage - $($Domain.ToString().ToUpper())" + List = $false + ColumnWidths = 20, 22, 14, 22, 22 + } + if ($Report.ShowTableCaptions) { + $TableParams['Caption'] = "- $($TableParams.Name)" + } + $OutObj | Table @TableParams } - $OutObj | Table @TableParams } } - - Write-PscriboMessage "Collecting AD Domain Controller Time Source information." - Section -Style Heading6 'Time Source Information' { - Paragraph "The following section provides a summary of the Domain Controller Time Source configuration on $($Domain.ToString().ToUpper())." - BlankLine - $OutObj = @() - if ($Domain) { - foreach ($Item in $Domain) { - Write-PscriboMessage "Discovering Active Directory Domain Controller information in $Domain." - $DCs = Invoke-Command -Session $Session {Get-ADDomain -Identity $using:Item | Select-Object -ExpandProperty ReplicaDirectoryServers} + catch { + Write-PscriboMessage -IsWarning "$($_.Exception.Message) (NTDS Summary)" + } + try { + Write-PscriboMessage "Collecting AD Domain Controller Time Source information." + Section -Style Heading6 'Time Source Information' { + Paragraph "The following section provides a summary of the Domain Controller Time Source configuration on $($Domain.ToString().ToUpper())." + BlankLine + $OutObj = @() + Write-PscriboMessage "Discovering Active Directory Domain Controller information in $Domain." + $DCs = Invoke-Command -Session $Session {Get-ADDomain -Identity $using:Domain | Select-Object -ExpandProperty ReplicaDirectoryServers} + if ($DCs) { Write-PscriboMessage "Discovered '$(($DCs | Measure-Object).Count)' Active Directory Domain Controller in domain $Domain." foreach ($DC in $DCs) { try { @@ -224,58 +232,61 @@ function Get-AbrADDomainController { Write-PscriboMessage -IsWarning "$($_.Exception.Message) (Time Source)" } } - } - $TableParams = @{ - Name = "Domain Controller Time Source Configuration - $($Domain.ToString().ToUpper())" - List = $false - ColumnWidths = 30, 50, 20 - } - if ($Report.ShowTableCaptions) { - $TableParams['Caption'] = "- $($TableParams.Name)" + $TableParams = @{ + Name = "Time Source Configuration - $($Domain.ToString().ToUpper())" + List = $false + ColumnWidths = 30, 50, 20 + } + if ($Report.ShowTableCaptions) { + $TableParams['Caption'] = "- $($TableParams.Name)" + } + $OutObj | Table @TableParams } - $OutObj | Table @TableParams } } + catch { + Write-PscriboMessage -IsWarning "$($_.Exception.Message) (Time Source)" + } if ($HealthCheck.DomainController.Software) { - Write-PscriboMessage "Collecting additional software running on the Domain Controller ." - Section -Style Heading6 'HealthCheck - Installed Software on DC' { - Paragraph "The following section provides a summary of additional software running on $($Domain.ToString().ToUpper())." - BlankLine - if ($Domain) { - foreach ($Item in $Domain) { - Write-PscriboMessage "Discovering Active Directory Domain Controller information in $Domain." - $DCs = Invoke-Command -Session $Session {Get-ADDomain -Identity $using:Item | Select-Object -ExpandProperty ReplicaDirectoryServers} + try { + Write-PscriboMessage "Collecting additional software running on the Domain Controller." + Section -Style Heading6 'HealthCheck - Installed Software on DC' { + Paragraph "The following section provides a summary of additional software running on $($Domain.ToString().ToUpper())." + BlankLine + Write-PscriboMessage "Discovering Active Directory Domain Controller information in $Domain." + $DCs = Invoke-Command -Session $Session {Get-ADDomain -Identity $using:Domain | Select-Object -ExpandProperty ReplicaDirectoryServers} + if ($DCs) { Write-PscriboMessage "Discovered '$(($DCs | Measure-Object).Count)' Active Directory Domain Controller in domain $Domain." foreach ($DC in $DCs) { try { - Section -Style Heading6 "$($DC.ToString().ToUpper().Split(".")[0]) additional software" { - Paragraph "The following section provides a summary of additional software running on $($DC.ToString().ToUpper().Split(".")[0])." - BlankLine - $OutObj = @() - Write-PscriboMessage "Collecting AD Domain Controller installed software information for $DC." - $DCPssSession = New-PSSession $DC -Credential $Cred -Authentication Default - $Software = Invoke-Command -Session $DCPssSession -ScriptBlock {Get-ItemProperty HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\* | Where-Object {($_.Publisher -notlike "Microsoft*" -and $_.DisplayName -notlike "VMware*") -and ($Null -ne $_.Publisher -or $Null -ne $_.DisplayName)} | Select-Object -Property DisplayName,Publisher,InstallDate | Sort-Object -Property DisplayName} - Remove-PSSession -Session $DCPssSession - if ( $Software ) { + $OutObj = @() + Write-PscriboMessage "Collecting AD Domain Controller installed software information for $DC." + $DCPssSession = New-PSSession $DC -Credential $Cred -Authentication Default + $Software = Invoke-Command -Session $DCPssSession -ScriptBlock {Get-ItemProperty HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\* | Where-Object {($_.Publisher -notlike "Microsoft*" -and $_.DisplayName -notlike "VMware*") -and ($Null -ne $_.Publisher -or $Null -ne $_.DisplayName)} | Select-Object -Property DisplayName,Publisher,InstallDate | Sort-Object -Property DisplayName} + Remove-PSSession -Session $DCPssSession + if ( $Software ) { + Section -Style Heading6 "$($DC.ToString().ToUpper().Split(".")[0]) additional software" { + Paragraph "The following section provides a summary of additional software running on $($DC.ToString().ToUpper().Split(".")[0])." + BlankLine foreach ($APP in $Software) { $inObj = [ordered] @{ 'Name' = $APP.DisplayName 'Publisher' = $APP.Publisher 'Install Date' = $APP.InstallDate } - $OutObj += [pscustomobject]$inobj + $OutObj = [pscustomobject]$inobj } + $TableParams = @{ + Name = "Installed Software - $($DC.ToString().ToUpper().Split(".")[0])" + List = $false + ColumnWidths = 34, 33, 33 + } + if ($Report.ShowTableCaptions) { + $TableParams['Caption'] = "- $($TableParams.Name)" + } + $OutObj | Table @TableParams } - $TableParams = @{ - Name = "Installed Software - $($DC.ToString().ToUpper().Split(".")[0])" - List = $false - ColumnWidths = 34, 33, 33 - } - if ($Report.ShowTableCaptions) { - $TableParams['Caption'] = "- $($TableParams.Name)" - } - $OutObj | Table @TableParams } } catch { @@ -285,6 +296,9 @@ function Get-AbrADDomainController { } } } + catch { + Write-PscriboMessage -IsWarning $($_.Exception.Message) + } } } diff --git a/Src/Private/Get-AbrADDomainObject.ps1 b/Src/Private/Get-AbrADDomainObject.ps1 index 769e909..7b29013 100644 --- a/Src/Private/Get-AbrADDomainObject.ps1 +++ b/Src/Private/Get-AbrADDomainObject.ps1 @@ -178,8 +178,8 @@ function Get-AbrADDomainObject { } } } - Remove-PSSession -Session $DCPssSession } + Remove-PSSession -Session $DCPssSession } } } @@ -241,6 +241,7 @@ function Get-AbrADDomainObject { } } } + Remove-PSSession -Session $DCPssSession } catch { Write-PscriboMessage -IsWarning "$($_.Exception.Message) (Group Managed Service Accounts)" diff --git a/Src/Private/Get-AbrADGPO.ps1 b/Src/Private/Get-AbrADGPO.ps1 index 8c4aa65..1ba9359 100644 --- a/Src/Private/Get-AbrADGPO.ps1 +++ b/Src/Private/Get-AbrADGPO.ps1 @@ -5,7 +5,7 @@ function Get-AbrADGPO { .DESCRIPTION .NOTES - Version: 0.5.0 + Version: 0.6.2 Author: Jonathan Colon Twitter: @jcolonfzenpr Github: rebelinux @@ -35,100 +35,133 @@ function Get-AbrADGPO { Paragraph "The following section provides a summary of the Group Policy Objects for domain $($Domain.ToString().ToUpper())." BlankLine $OutObj = @() - if ($Domain) { - try { - $GPOs = Invoke-Command -Session $Session -ScriptBlock {Get-GPO -Domain $using:Domain -All} - Write-PscriboMessage "Discovered Active Directory Group Policy Objects information on $Domain. (Group Policy Objects)" - foreach ($GPO in $GPOs) { - Write-PscriboMessage "Collecting Active Directory Group Policy Objects '$($GPO.DisplayName)'. (Group Policy Objects)" - $inObj = [ordered] @{ - 'GPO Name' = $GPO.DisplayName - 'GPO Status' = ($GPO.GpoStatus -creplace '([A-Z\W_]|\d+)(? Date: Sun, 23 Jan 2022 00:06:47 -0400 Subject: [PATCH 03/23] Added Logo and fix colors --- AsBuiltReport.Microsoft.AD.Style.ps1 | 35 ++++++++++++---------------- 1 file changed, 15 insertions(+), 20 deletions(-) diff --git a/AsBuiltReport.Microsoft.AD.Style.ps1 b/AsBuiltReport.Microsoft.AD.Style.ps1 index 123e44f..38c5d34 100644 --- a/AsBuiltReport.Microsoft.AD.Style.ps1 +++ b/AsBuiltReport.Microsoft.AD.Style.ps1 @@ -4,26 +4,25 @@ DocumentOption -EnableSectionNumbering -PageSize A4 -DefaultFont 'Arial' -MarginLeftAndRight 71 -MarginTopAndBottom 71 -Orientation $Orientation # Configure Heading and Font Styles -Style -Name 'Title' -Size 24 -Color '737373' -Align Center -Style -Name 'Title 2' -Size 18 -Color '00A4EF' -Align Center -Style -Name 'Title 3' -Size 12 -Color '00A4EF' -Align Left -Style -Name 'Heading 1' -Size 16 -Color '00A4EF' -Style -Name 'Heading 2' -Size 15 -Color '00A4EF' -Style -Name 'Heading 3' -Size 14 -Color '00A4EF' -Style -Name 'Heading 4' -Size 13 -Color '00A4EF' -Style -Name 'Heading 5' -Size 12 -Color '00A4EF' -Style -Name 'Heading 6' -Size 11 -Color '00A4EF' -Style -Name 'Heading 7' -Size 10 -Color '00A4EF' +Style -Name 'Title' -Size 24 -Color '018aef' -Align Center +Style -Name 'Title 2' -Size 18 -Color '01a4ef' -Align Center +Style -Name 'Title 3' -Size 12 -Color '01a4ef' -Align Left +Style -Name 'Heading 1' -Size 16 -Color '018aef' +Style -Name 'Heading 2' -Size 14 -Color '018aef' +Style -Name 'Heading 3' -Size 12 -Color '018aef' +Style -Name 'Heading 4' -Size 11 -Color '018aef' +Style -Name 'Heading 5' -Size 11 -Color '018aef' +Style -Name 'Heading 6' -Size 11 -Color '018aef' Style -Name 'Normal' -Size 10 -Color '565656' -Default Style -Name 'Caption' -Size 10 -Color '565656' -Italic -Align Center Style -Name 'Header' -Size 10 -Color '565656' -Align Center Style -Name 'Footer' -Size 10 -Color '565656' -Align Center -Style -Name 'TOC' -Size 16 -Color '00A4EF' -Style -Name 'TableDefaultHeading' -Size 10 -Color 'FAFAFA' -BackgroundColor '00A4EF' +Style -Name 'TOC' -Size 16 -Color '018aef' +Style -Name 'TableDefaultHeading' -Size 10 -Color 'FAFAFA' -BackgroundColor '018aef' Style -Name 'TableDefaultRow' -Size 10 -Color '565656' Style -Name 'Critical' -Size 10 -BackgroundColor 'F25022' Style -Name 'Warning' -Size 10 -BackgroundColor 'FFB900' -Style -Name 'Info' -Size 10 -BackgroundColor '00A4EF' +Style -Name 'Info' -Size 10 -BackgroundColor '018aef' Style -Name 'OK' -Size 10 -BackgroundColor '7FBA00' # Configure Table Styles @@ -31,7 +30,7 @@ $TableDefaultProperties = @{ Id = 'TableDefault' HeaderStyle = 'TableDefaultHeading' RowStyle = 'TableDefaultRow' - BorderColor = '00A4EF' + BorderColor = '018aef' Align = 'Left' CaptionStyle = 'Caption' CaptionLocation = 'Below' @@ -71,16 +70,12 @@ if ($Orientation -eq 'Portrait') { # Microsoft Logo Image if ($ReportConfig.Report.ShowCoverPageImage) { - # Always check the vendor's branding guidelines to ensure the use of their company logo is allowed. - # Convert a vendor's logo image to Base64 using https://base64.guru/converter/encode/image/jpg. - # Specify Base64 code using the `Base64` parameter below. Size image accordingly using the `Percent` parameter. Align image to center. - <# Try { - # Image -Text 'Microsoft Logo' -Align 'Center' -Percent 5 -Base64 "" + Image -Text 'Microsoft Logo' -Align 'Center' -Percent 20 -Base64 "iVBORw0KGgoAAAANSUhEUgAAAfQAAAH0CAYAAADL1t+KAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAgY0hSTQAAeiYAAICEAAD6AAAAgOgAAHUwAADqYAAAOpgAABdwnLpRPAAAABp0RVh0U29mdHdhcmUAUGFpbnQuTkVUIHYzLjUuMTAw9HKhAAAdYklEQVR4Xu3Ysa5ldR0F4IPDREho0GCMRBon4W3GgpKejkcwYaisLG5lN4VMZUc114mZB6GlFUjQ+rgb6GjI2SvrLj6SWzrZWa67vvv7Xy7+k4AEJCABCUhAAhKQgAQkIAEJSEACEpCABCQgAQlIQAISkIAEJCABCUhAAhKQgAQkIAEJSEACEpCABCQgAQlIQAISkIAEJCABCUhAAhKQgAQkIAEJSEACEpCABCQgAQlIQAISkIAEJCABCUhAAhKQgAQkIAEJSEACEpCABCQgAQlIQAISkIAEJCABCUhAAhKQgAQkIAEJSEACEpCABCQgAQlIQAISkIAEJCABCUhAAhKQgAQkIAEJSEACEpCABCQgAQlIQAISkIAEJCABCUhAAhKQgAQkIAEJSEACEpCABCQgAQlIQAISkMAvMoH/Pn3yl+PnKz8y0IHTOvCP758++cOtB+bZy8tvnt1f/n78fOVHBjpwWgf++tmry69v/ft7yr93jPjd8XP1IwMdOK0Drw/QP7j1L/AB+nvHiH95/Fz9yEAHTuvA8wP0t2/9+3vKvwf000bcH0n+UPyhA0D3R4c/uh5uB4Du2vOHgg782AGgP9wxB7H/74BuzIGuA0D3DHzaM7A/NHJ/aADdmANdB4AOdKAPdADoxhzoOgD0gTF3Cecu4dasgW7Mga4DQAe6C32gA0A35kDXAaAPjHnr1ei7ci8HQDfmQNcBoAPdhT7QAaAbc6DrANAHxtwlnLuEW7MGujEHug4AHegu9IEOAN2YA10HgD4w5q1Xo+/KvRwA3ZgDXQeADnQX+kAHgG7Mga4DQB8Yc5dw7hJuzRroxhzoOgB0oLvQBzoAdGMOdB0A+sCYt16Nviv3cgB0Yw50HQA60F3oAx0AujEHug4AfWDMXcK5S7g1a6Abc6DrANCB7kIf6ADQjTnQdQDoA2PeejX6rtzLAdCNOdB1AOhAd6EPdADoxhzoOgD0gTF3Cecu4dasgW7Mga4DQAe6C32gA0A35kDXAaAPjHnr1ei7ci8HQDfmQNcBoAPdhT7QAaAbc6DrANAHxtwlnLuEW7MGujEHug4AHegu9IEOAN2YA10HgD4w5q1Xo+/KvRwA3ZgDXQeADnQX+kAHgG7Mga4DQB8Yc5dw7hJuzRroxhzoOgB0oLvQBzoAdGMOdB0A+sCYt16Nviv3cgB0Yw50HQA60F3oAx0AujEHug4AfWDMXcK5S7g1a6Abc6DrANCB7kIf6ADQjTnQdQDoA2PeejX6rtzLAdCNOdB1AOhAd6EPdADoxhzoOgD0gTF3Cecu4dasgW7Mga4DQAe6C32gA0A35kDXAaAPjHnr1ei7ci8HQDfmQNcBoAPdhT7QAaAbc6DrANAHxtwlnLuEW7MGujEHug4AHegu9IEOAN2YA10HgD4w5q1Xo+/KvRwA3ZgDXQeADnQX+kAHgG7Mga4DQB8Yc5dw7hJuzRroxhzoOgB0oLvQBzoAdGMOdB0A+sCYt16Nviv3cgB0Yw50HQA60F3oAx0AujEHug4AfWDMXcK5S7g1a6Abc6DrANCB7kIf6ADQjTnQdQDoA2PeejX6rtzLAdCNOdB1AOhAd6EPdADoxhzoOgD0gTF3Cecu4dasgW7Mga4DQAe6C32gA0A35kDXAaAPjHnr1ei7ci8HQDfmQNcBoAPdhT7QAaAbc6DrANAHxtwlnLuEW7MGujEHug4AHegu9IEOAN2YA10HgD4w5q1Xo+/KvRwA3ZgDXQeADnQX+kAHgG7Mga4DQB8Yc5dw7hJuzRroxhzoOgB0oLvQBzoAdGMOdB0A+sCYt16Nviv3cgB0Yw50HQA60F3oAx0AujEHug4AfWDMXcK5S7g1a6Abc6DrANCB7kIf6ADQjTnQdQDoA2PeejX6rtzLAdCNOdB1AOhAd6EPdADoxhzoOgD0gTF3Cecu4dasgW7Mga4DQAe6C32gA0A35kDXAaAPjHnr1ei7ci8HQDfmQNcBoAPdhT7QAaAbc6DrANAHxtwlnLuEW7MGujEHug4AHegu9IEOAN2YA10HgD4w5q1Xo+/KvRwA3ZgDXQeADnQX+kAHgG7Mga4DQB8Yc5dw7hJuzRroxhzoOgB0oLvQBzoAdGMOdB0A+sCYt16Nviv3cgB0Yw50HQA60F3oAx0AujEHug4AfWDMXcK5S7g1a6Abc6DrANCB7kIf6ADQjTnQdQDoA2PeejX6rtzLAdCNOdB1AOhAd6EPdADoxhzoOgD0gTF3Cecu4dasgW7Mga4DQAe6C32gA0A35kDXAaAPjHnr1ei7ci8HQDfmQNcBoAPdhT7QAaAbc6DrANAHxtwlnLuEW7MGujEHug4AHegu9IEOAN2YA10HgD4w5q1Xo+/KvRwA3ZgDXQeADnQX+kAHgG7Mga4DQB8Yc5dw7hJuzRroxhzoOgB0oLvQBzoAdGMOdB0A+sCYt16Nviv3cgB0Yw50HQA60F3oAx0AujEHug4AfWDMXcK5S7g1a6Abc6DrANCB7kIf6ADQjTnQdQDoA2PeejX6rtzLAdCNOdB1AOhAd6EPdADoxhzoOgD0gTF3Cecu4dasgW7Mga4DQAe6C32gA0A35kDXAaAPjHnr1ei7ci8HQDfmQNcBoAPdhT7QAaAbc6DrANAHxtwlnLuEW7MGujEHug4AHegu9IEOAN2YA10HgD4w5q1Xo+/KvRwA3ZgDXQeADnQX+kAHgG7Mga4DQB8Yc5dw7hJuzRroxhzoOgB0oLvQBzoAdGMOdB0A+sCYt16Nviv3cgB0Yw50HQA60F3oAx0AujEHug4AfWDMXcK5S7g1a6Abc6DrANCB7kIf6ADQjTnQdQDoA2PeejX6rtzLAdCNOdB1AOhAd6EPdADoxhzoOgD0gTF3Cecu4dasgW7Mga4DQAe6C32gA0A35kDXAaAPjHnr1ei7ci8HQDfmQNcBoAPdhT7QAaAbc6DrANAHxtwlnLuEW7MGujEHug4AHegu9IEOAN2YA10HgD4w5q1Xo+/KvRwA3ZgDXQeADnQX+kAHgG7Mga4DQB8Yc5dw7hJuzRroxhzoOgB0oLvQBzoAdGMOdB0A+sCYt16Nviv3cgB0Yw50HQA60F3oAx0AujEHug4AfWDMXcK5S7g1a6Abc6DrANCB7kIf6ADQjTnQdQDoA2PeejX6rtzLAdCNOdB1AOhAd6EPdADoxhzoOgD0gTF3Cecu4dasgW7Mga4DQAe6C32gA0A35kDXAaAPjHnr1ei7ci8HQDfmQNcBoAPdhT7QAaAbc6DrANAHxtwlnLuEW7MGujEHug4AHegu9IEOAN2YA10HgD4w5q1Xo+/KvRwA3ZgDXQeADnQX+kAHgG7Mga4DQB8Yc5dw7hJuzRroxhzoOgB0oLvQBzoAdGMOdB0A+sCYt16Nviv3cgB0Yw50HQA60F3oAx0AujEHug4AfWDMXcK5S7g1a6Abc6DrANCB7kIf6ADQjTnQdQDoA2PeejX6rtzLAdCNOdB1AOhAd6EPdADoxhzoOgD0gTF3Cecu4dasgW7Mga4DQAe6C32gA0A35kDXAaAPjHnr1ei7ci8HQDfmQNcBoAPdhT7QAaAbc6DrANAHxtwlnLuEW7MGujEHug4AHegu9IEOAN2YA10HgD4w5q1Xo+/KvRwA3ZgDXQeADnQX+kAHgG7Mga4DQB8Yc5dw7hJuzRroxhzoOgB0oLvQBzoAdGMOdB0A+sCYt16Nviv3cgB0Yw50HQA60F3oAx0AujEHug4AfWDMXcK5S7g1a6Abc6DrANCB7kIf6ADQjTnQdQDoA2PeejX6rtzLAdCNOdB1AOhAd6EPdADoxhzoOgD0gTF3Cecu4dasgW7Mga4DQAe6C32gA0A35kDXAaAPjHnr1ei7ci8HQDfmQNcBoAPdhT7QAaAbc6DrANAHxtwlnLuEW7MGujEHug4AHegu9IEOAN2YA10HgD4w5q1Xo+/KvRwA3ZgDXQeADnQX+kAHgG7Mga4DQB8Yc5dw7hJuzRroxhzoOgB0oLvQBzoAdGMOdB0A+sCYt16Nviv3cgB0Yw50HQA60F3oAx0AujEHug4AfWDMXcK5S7g1a6Abc6DrANCB7kIf6ADQjTnQdQDoA2PeejX6rtzLAdCNOdB1AOhAd6EPdADoxhzoOgD0gTF3Cecu4dasgW7Mga4DQAe6C32gA0A35kDXAaAPjHnr1ei7ci8HQDfmQNcBoAPdhT7QAaAbc6DrANAHxtwlnLuEW7MGujEHug4AHegu9IEOAN2YA10HgD4w5q1Xo+/KvRwA3ZgDXQeADnQX+kAHgG7Mga4DQB8Yc5dw7hJuzRroxhzoOgB0oLvQBzoAdGMOdB0A+sCYt16Nviv3cgB0Yw50HQA60F3oAx0AujEHug4AfWDMXcK5S7g1a6Abc6DrANCB7kIf6ADQjTnQdQDoA2PeejX6rtzLAdCNOdB1AOhAd6EPdADoxhzoOgD0gTF3Cecu4dasgW7Mga4DQAe6C32gA0A35kDXAaAPjHnr1ei7ci8HQDfmQNcBoAPdhT7QAaAbc6DrANAHxtwlnLuEW7MGujEHug4AHegu9IEOAN2YA10HgD4w5q1Xo+/KvRwA3ZgDXQeADnQX+kAHgG7Mga4DQB8Yc5dw7hJuzRroxhzoOgB0oLvQBzoAdGMOdB0A+sCYt16Nviv3cgB0Yw50HQA60F3oAx0AujEHug4AfWDMXcK5S7g1a6Abc6DrANCB7kIf6ADQjTnQdQDoA2PeejX6rtzLAdCNOdB1AOhAd6EPdADoxhzoOgD0gTF3Cecu4dasgW7Mga4DQAe6C32gA0A35kDXAaAPjHnr1ei7ci8HDwf0/z3900fHz50fGejAOR04/rD59Ps/P3n3cuP/nv3r8s4B5ief31/u/MhAB87pwPE79vFn/748vvGvr39OAhKQgAQkIAEJSEACEpCABCQgAQlIQAISkIAEJCABCUhAAhKQgAQkIAEJSEACEpCABCQgAQlIQAISkIAEJCABCUhAAhKQgAQkIAEJSEACEpCABCQgAQlIQAISkIAEJCABCUhAAhKQgAQkIAEJSEACEpCABCQgAQlIQAISkIAEJCABCUhAAhKQgAQkIAEJSEACEpCABCQgAQlIQAISkIAEJCABCUhAAhKQgAQkIAEJSEACEpCABCQgAQlIQAISkIAEJCABCUhAAhKQgAQkIAEJSEACEpCABCQgAQlIQAIS+HkJvPjud5cX333oRwY6cFYHvv3j5Yv/PP55v6A//b+6vr48ut4/ev/68s0P/chAB07qwP2bvz9+19649e/vKf/eG198+/nx87UfGejAaR345+XFN+/f+hf4+vLRb6/3v3p+/HztRwY6cFoH/nZ9dXnr1r+/p/x7x4jfHT9XPzLQgdM68PoA/YNb/wIfoL93jPiXx8/Vjwx04LQOPD9Af/vWv7+n/HtAP23E/ZHkD8UfOgB0f3T4o+vhdgDorj1/KOjAjx0A+sMdcxD7/w7oxhzoOgB0z8CnPQP7QyP3hwbQjTnQdQDoQAf6QAeAbsyBrgNAHxhzl3DuEm7NGujGHOg6AHSgu9AHOgB0Yw50HQD6wJi3Xo2+K/dyAHRjDnQdADrQXegDHQC6MQe6DgB9YMxdwrlLuDVroBtzoOsA0IHuQh/oANCNOdB1AOgDY956Nfqu3MsB0I050HUA6EB3oQ90AOjGHOg6APSBMXcJ5y7h1qyBbsyBrgNAB7oLfaADQDfmQNcBoA+MeevV6LtyLwdAN+ZA1wGgA92FPtABoBtzoOsA0AfG3CWcu4Rbswa6MQe6DgAd6C70gQ4A3ZgDXQeAPjDmrVej78q9HADdmANdB4AOdBf6QAeAbsyBrgNAHxhzl3DuEm7NGujGHOg6AHSgu9AHOgB0Yw50HQD6wJi3Xo2+K/dyAHRjDnQdADrQXegDHQC6MQe6DgB9YMxdwrlLuDVroBtzoOsA0IHuQh/oANCNOdB1AOgDY956Nfqu3MsB0I050HUA6EB3oQ90AOjGHOg6APSBMXcJ5y7h1qyBbsyBrgNAB7oLfaADQDfmQNcBoA+MeevV6LtyLwdAN+ZA1wGgA92FPtABoBtzoOsA0AfG3CWcu4Rbswa6MQe6DgAd6C70gQ4A3ZgDXQeAPjDmrVej78q9HADdmANdB4AOdBf6QAeAbsyBrgNAHxhzl3DuEm7NGujGHOg6AHSgu9AHOgB0Yw50HQD6wJi3Xo2+K/dyAHRjDnQdADrQXegDHQC6MQe6DgB9YMxdwrlLuDVroBtzoOsA0IHuQh/oANCNOdB1AOgDY956Nfqu3MsB0I050HUA6EB3oQ90AOjGHOg6APSBMXcJ5y7h1qyBbsyBrgNAB7oLfaADQDfmQNcBoA+MeevV6LtyLwdAN+ZA1wGgA92FPtABoBtzoOsA0AfG3CWcu4Rbswa6MQe6DgAd6C70gQ4A3ZgDXQeAPjDmrVej78q9HADdmANdB4AOdBf6QAeAbsyBrgNAHxhzl3DuEm7NGujGHOg6AHSgu9AHOgB0Yw50HQD6wJi3Xo2+K/dyAHRjDnQdADrQXegDHQC6MQe6DgB9YMxdwrlLuDVroBtzoOsA0IHuQh/oANCNOdB1AOgDY956Nfqu3MsB0I050HUA6EB3oQ90AOjGHOg6APSBMXcJ5y7h1qyBbsyBrgNAB7oLfaADQDfmQNcBoA+MeevV6LtyLwdAN+ZA1wGgA92FPtABoBtzoOsA0AfG3CWcu4Rbswa6MQe6DgAd6C70gQ4A3ZgDXQeAPjDmrVej78q9HADdmANdB4AOdBf6QAeAbsyBrgNAHxhzl3DuEm7NGujGHOg6AHSgu9AHOgB0Yw50HQD6wJi3Xo2+K/dyAHRjDnQdADrQXegDHQC6MQe6DgB9YMxdwrlLuDVroBtzoOsA0IHuQh/oANCNOdB1AOgDY956Nfqu3MsB0I050HUA6EB3oQ90AOjGHOg6APSBMXcJ5y7h1qyBbsyBrgNAB7oLfaADQDfmQNcBoA+MeevV6LtyLwdAN+ZA1wGgA92FPtABoBtzoOsA0AfG3CWcu4Rbswa6MQe6DgAd6C70gQ4A3ZgDXQeAPjDmrVej78q9HADdmANdB4AOdBf6QAeAbsyBrgNAHxhzl3DuEm7NGujGHOg6AHSgu9AHOgB0Yw50HQD6wJi3Xo2+K/dyAHRjDnQdADrQXegDHQC6MQe6DgB9YMxdwrlLuDVroBtzoOsA0IHuQh/oANCNOdB1AOgDY956Nfqu3MsB0I050HUA6EB3oQ90AOjGHOg6APSBMXcJ5y7h1qyBbsyBrgNAB7oLfaADQDfmQNcBoA+MeevV6LtyLwdAN+ZA1wGgA92FPtABoBtzoOsA0AfG3CWcu4Rbswa6MQe6DgAd6C70gQ4A3ZgDXQeAPjDmrVej78q9HADdmANdB4AOdBf6QAeAbsyBrgNAHxhzl3DuEm7NGujGHOg6AHSgu9AHOgB0Yw50HQD6wJi3Xo2+K/dyAHRjDnQdADrQXegDHQC6MQe6DgB9YMxdwrlLuDVroBtzoOsA0IHuQh/oANCNOdB1AOgDY956Nfqu3MsB0I050HUA6EB3oQ90AOjGHOg6APSBMXcJ5y7h1qyBbsyBrgNAB7oLfaADQDfmQNcBoA+MeevV6LtyLwdAN+ZA1wGgA92FPtABoBtzoOsA0AfG3CWcu4Rbswa6MQe6DgAd6C70gQ4A3ZgDXQeAPjDmrVej78q9HADdmANdB4AOdBf6QAeAbsyBrgNAHxhzl3DuEm7NGujGHOg6AHSgu9AHOgB0Yw50HQD6wJi3Xo2+K/dyAHRjDnQdADrQXegDHQC6MQe6DgB9YMxdwrlLuDVroBtzoOsA0IHuQh/oANCNOdB1AOgDY956Nfqu3MsB0I050HUA6EB3oQ90AOjGHOg6APSBMXcJ5y7h1qyBbsyBrgNAB7oLfaADQDfmQNcBoA+MeevV6LtyLwdAN+ZA1wGgA92FPtABoBtzoOsA0AfG3CWcu4Rbswa6MQe6DgAd6C70gQ4A3ZgDXQeAPjDmrVej78q9HADdmANdB4AOdBf6QAeAbsyBrgNAHxhzl3DuEm7NGujGHOg6AHSgu9AHOgB0Yw50HQD6wJi3Xo2+K/dyAHRjDnQdADrQXegDHQC6MQe6DgB9YMxdwrlLuDVroBtzoOsA0IHuQh/oANCNOdB1AOgDY956Nfqu3MsB0I050HUA6EB3oQ90AOjGHOg6APSBMXcJ5y7h1qyBbsyBrgNAB7oLfaADQDfmQNcBoA+MeevV6LtyLwdAN+ZA1wGgA92FPtABoBtzoOsA0AfG3CWcu4Rbswa6MQe6DgAd6C70gQ4A3ZgDXQeAPjDmrVej78q9HADdmANdB4AOdBf6QAeAbsyBrgNAHxhzl3DuEm7NGujGHOg6AHSgu9AHOgB0Yw50HQD6wJi3Xo2+K/dyAHRjDnQdADrQXegDHQC6MQe6DgB9YMxdwrlLuDVroBtzoOsA0IHuQh/oANCNOdB1AOgDY956Nfqu3MsB0I050HUA6EB3oQ90AOjGHOg6APSBMXcJ5y7h1qyBbsyBrgNAB7oLfaADQDfmQNcBoA+MeevV6LtyLwdAN+ZA1wGgA92FPtABoBtzoOsA0AfG3CWcu4Rbswa6MQe6DgAd6C70gQ4A3ZgDXQeAPjDmrVej78q9HADdmANdB4AOdBf6QAeAbsyBrgNAHxhzl3DuEm7NGujGHOg6AHSgu9AHOgB0Yw50HQD6wJi3Xo2+K/dyAHRjDnQdADrQXegDHQC6MQe6DgB9YMxdwrlLuDVroBtzoOsA0IHuQh/oANCNOdB1AOgDY956Nfqu3MsB0I050HUA6EB3oQ90AOjGHOg6APSBMXcJ5y7h1qyBbsyBrgNAB7oLfaADQDfmQNcBoA+MeevV6LtyLwdAN+ZA1wGgA92FPtABoBtzoOsA0AfG3CWcu4Rbswa6MQe6DgAd6C70gQ4A3ZgDXQeAPjDmrVej78q9HADdmANdB4AOdBf6QAeAbsyBrgNAHxhzl3DuEm7NGujGHOg6AHSgu9AHOgB0Yw50HQD6wJi3Xo2+K/dyAHRjDnQdADrQXegDHQC6MQe6DgB9YMxdwrlLuDVroBtzoOsA0IHuQh/oANCNOdB1AOgDY956Nfqu3MsB0I050HUA6EB3oQ90AOjGHOg6APSBMXcJ5y7h1qyBbsyBrgNAB7oLfaADQDfmQNcBoA+MeevV6LtyLwdAN+ZA1wGgA92FPtABoBtzoOsA0AfG3CWcu4Rbswa6MQe6DgAd6C70gQ4A3ZgDXQeAPjDmrVej78q9HADdmANdB4AOdBf6QAeAbsyBrgNAHxhzl3DuEm7NGujGHOg6AHSgu9AHOgB0Yw50HQD6wJi3Xo2+K/dyAHRjDnQdADrQXegDHQC6MQe6DgB9YMxdwrlLuDVroBtzoOsA0IHuQh/oANCNOdB1AOgDY956Nfqu3MsB0I050HUA6EB3oQ90AOjGHOg6APSBMXcJ5y7h1qyBbsyBrgNAB7oLfaADQDfmQNcBoA+MeevV6LtyLwdAN+ZA1wGgA92FPtABoBtzoOsA0AfG3CWcu4Rbswa6MQe6DgAd6C70gQ4A3ZgDXQeAPjDmrVej78q9HADdmANdB4AOdBf6QAeAbsyBrgNAHxhzl3DuEm7NGujGHOg6AHSgu9AHOvCgQP/oGN47PzLQgdM68OnlxTfvXm783/Xlo3eOsfzk+LnzIwMdOK0DH19fXR7f+NfXPycBCUhAAhKQgAQkIAEJSEACEpCABCQgAQlIQAISkIAEJCABCUhAAhKQgAQkIAEJSEACEpCABCQgAQlIQAISkIAEJCABCUhAAhKQgAQkIAEJSEACEpCABCQgAQlIQAISkIAEJCABCUhAAhKQgAQkIAEJSEACEpCABCQgAQlIQAISkIAEJCABCUhAAhKQgAQkIAEJSEACEpCABCQgAQlIQAISkIAEJCABCUhAAhKQgAQkIAEJSEACEpCABCQgAQlIQAISkIAEJCABCUhAAhKQgAQkIAEJSEACEpCABCQggf0E/g88lj3XdE5uYgAAAABJRU5ErkJggg==" + BlankLine -Count 2 } Catch { Write-PScriboMessage -Message ".NET Core is required for cover page image support. Please install .NET Core or disable 'ShowCoverPageImage' in the report JSON configuration file." } - #> } # Add Report Name From a37d5e14de09b3ae9fca5489f4a867233b8af565 Mon Sep 17 00:00:00 2001 From: Jonathan Colon Date: Sun, 23 Jan 2022 00:07:33 -0400 Subject: [PATCH 04/23] Chenged default Infolevel 2 on DNS Zone Section --- Src/Public/Invoke-AsBuiltReport.Microsoft.AD.ps1 | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/Src/Public/Invoke-AsBuiltReport.Microsoft.AD.ps1 b/Src/Public/Invoke-AsBuiltReport.Microsoft.AD.ps1 index bb5d149..53698fd 100644 --- a/Src/Public/Invoke-AsBuiltReport.Microsoft.AD.ps1 +++ b/Src/Public/Invoke-AsBuiltReport.Microsoft.AD.ps1 @@ -184,11 +184,9 @@ function Invoke-AsBuiltReport.Microsoft.AD { Paragraph "The following section provides a configuration summary of the DNS service." BlankLine Get-AbrADDNSInfrastructure -Domain $Domain -Session $TempPssSession - if ($InfoLevel.DNS -ge 2) { - $DCs = Invoke-Command -Session $TempPssSession {Get-ADDomain $using:Domain | Select-Object -ExpandProperty ReplicaDirectoryServers} - foreach ($DC in $DCs){ - Get-AbrADDNSZone -Domain $Domain -DC $DC -Cred $Credential - } + $DCs = Invoke-Command -Session $TempPssSession {Get-ADDomain $using:Domain | Select-Object -ExpandProperty ReplicaDirectoryServers} + foreach ($DC in $DCs){ + Get-AbrADDNSZone -Domain $Domain -DC $DC -Cred $Credential } } } From 7aa9f87b252ae29e040016ed76451c9f623f430b Mon Sep 17 00:00:00 2001 From: Jonathan Colon Date: Sun, 23 Jan 2022 00:09:16 -0400 Subject: [PATCH 05/23] Added a bunch of error catchings statements --- Src/Private/Get-AbrADDNSInfrastructure.ps1 | 494 +++++++++++---------- Src/Private/Get-AbrADDNSZone.ps1 | 402 +++++++++-------- 2 files changed, 480 insertions(+), 416 deletions(-) diff --git a/Src/Private/Get-AbrADDNSInfrastructure.ps1 b/Src/Private/Get-AbrADDNSInfrastructure.ps1 index 289be88..011c545 100644 --- a/Src/Private/Get-AbrADDNSInfrastructure.ps1 +++ b/Src/Private/Get-AbrADDNSInfrastructure.ps1 @@ -5,7 +5,7 @@ function Get-AbrADDNSInfrastructure { .DESCRIPTION .NOTES - Version: 0.6.1 + Version: 0.6.2 Author: Jonathan Colon Twitter: @jcolonfzenpr Github: rebelinux @@ -59,7 +59,7 @@ function Get-AbrADDNSInfrastructure { } $TableParams = @{ - Name = "DNS Infrastructure Setting Information." + Name = "Infrastructure Setting -$($Domain.ToString().ToUpper())" List = $false ColumnWidths = 30, 10, 9, 10, 11, 30 } @@ -70,146 +70,213 @@ function Get-AbrADDNSInfrastructure { } if ($InfoLevel.DNS -ge 2) { - Section -Style Heading6 "Domain Controller DNS IP Configuration" { - Paragraph "The following section provides information of the DNS IP Configuration." - BlankLine - if ($Domain) { - $OutObj = @() - $DCs = Invoke-Command -Session $Session {Get-ADDomain -Identity $using:Domain | Select-Object -ExpandProperty ReplicaDirectoryServers} - if ($DCs) {Write-PscriboMessage "Discovered '$(($DCs | Measure-Object).Count)' Active Directory Domain Controller on $Domain"} - foreach ($DC in $DCs) { - $DCPssSession = New-PSSession $DC -Credential $Cred -Authentication Default - Write-PscriboMessage "Collecting DNS IP Configuration information from '$($DC)'." - try { - $DNSSettings = Invoke-Command -Session $DCPssSession {Get-NetAdapter | Get-DnsClientServerAddress -AddressFamily IPv4} - foreach ($DNSSetting in $DNSSettings) { - $inObj = [ordered] @{ - 'DC Name' = $DC.ToString().ToUpper().Split(".")[0] - 'Interface' = $DNSSetting.InterfaceAlias - 'DNS IP 1' = ConvertTo-EmptyToFiller $DNSSetting.ServerAddresses[0] - 'DNS IP 2' = ConvertTo-EmptyToFiller $DNSSetting.ServerAddresses[1] - 'DNS IP 3' = ConvertTo-EmptyToFiller $DNSSetting.ServerAddresses[2] - 'DNS IP 4' = ConvertTo-EmptyToFiller $DNSSetting.ServerAddresses[3] + try { + $DCs = Invoke-Command -Session $Session {Get-ADDomain -Identity $using:Domain | Select-Object -ExpandProperty ReplicaDirectoryServers} + if ($DCs) { + Section -Style Heading6 "Domain Controller DNS IP Configuration" { + $OutObj = @() + Write-PscriboMessage "Discovered '$(($DCs | Measure-Object).Count)' Active Directory Domain Controller on $Domain" + foreach ($DC in $DCs) { + $DCPssSession = New-PSSession $DC -Credential $Cred -Authentication Default + Write-PscriboMessage "Collecting DNS IP Configuration information from '$($DC)'." + try { + $DNSSettings = Invoke-Command -Session $DCPssSession {Get-NetAdapter | Get-DnsClientServerAddress -AddressFamily IPv4} + foreach ($DNSSetting in $DNSSettings) { + $inObj = [ordered] @{ + 'DC Name' = $DC.ToString().ToUpper().Split(".")[0] + 'Interface' = $DNSSetting.InterfaceAlias + 'DNS IP 1' = ConvertTo-EmptyToFiller $DNSSetting.ServerAddresses[0] + 'DNS IP 2' = ConvertTo-EmptyToFiller $DNSSetting.ServerAddresses[1] + 'DNS IP 3' = ConvertTo-EmptyToFiller $DNSSetting.ServerAddresses[2] + 'DNS IP 4' = ConvertTo-EmptyToFiller $DNSSetting.ServerAddresses[3] + } + $OutObj += [pscustomobject]$inobj } - $OutObj += [pscustomobject]$inobj + } + catch { + Write-PscriboMessage -IsWarning "$($_.Exception.Message) (DNS IP Configuration Item)" } } - catch { - Write-PscriboMessage -IsWarning "$($_.Exception.Message) (DNS IP Configuration)" - } - } - if ($HealthCheck.DNS.DP) { - $OutObj | Where-Object { $_.'DNS IP 1' -eq "127.0.0.1"} | Set-Style -Style Warning -Property 'DNS IP 1' - } + Remove-PSSession -Session $DCPssSession - $TableParams = @{ - Name = "DNS IP Configuration information." - List = $false - ColumnWidths = 20, 20, 15, 15, 15, 15 - } - if ($Report.ShowTableCaptions) { - $TableParams['Caption'] = "- $($TableParams.Name)" + if ($HealthCheck.DNS.DP) { + $OutObj | Where-Object { $_.'DNS IP 1' -eq "127.0.0.1"} | Set-Style -Style Warning -Property 'DNS IP 1' + } + + $TableParams = @{ + Name = "IP Configuration -$($Domain.ToString().ToUpper())" + List = $false + ColumnWidths = 20, 20, 15, 15, 15, 15 + } + if ($Report.ShowTableCaptions) { + $TableParams['Caption'] = "- $($TableParams.Name)" + } + $OutObj | Table @TableParams } - $OutObj | Table @TableParams } } + catch { + Write-PscriboMessage -IsWarning "$($_.Exception.Message) (DNS IP Configuration Table)" + } } if ($InfoLevel.DNS -ge 2) { - Section -Style Heading6 "Application Directory Partition" { - Paragraph "The following section provides a summary of the DNS Application Directory Partition information." - BlankLine - if ($Domain) { - foreach ($Item in $Domain) { - $DCs = Invoke-Command -Session $Session {Get-ADDomain -Identity $using:Item | Select-Object -ExpandProperty ReplicaDirectoryServers} - if ($DCs) {Write-PscriboMessage "Discovered '$(($DCs | Measure-Object).Count)' Active Directory Domain Controller on $Domain"} - foreach ($DC in $DCs) { - Section -Style Heading7 "$($DC.ToString().ToUpper().Split(".")[0]) Directory Partition" { - Paragraph "The following section provides $($DC.ToString().ToUpper().Split(".")[0]) Directory Partition information." - BlankLine - $OutObj = @() - Write-PscriboMessage "Collecting Domain Name System Directory Partition information on '$($DC)'." - try { - $DNSSetting = Invoke-Command -Session $Session {Get-DnsServerDirectoryPartition -ComputerName $using:DC} - foreach ($Partition in $DNSSetting) { - $inObj = [ordered] @{ - 'Name' = $Partition.DirectoryPartitionName - 'State' = ConvertTo-EmptyToFiller $Partition.State - 'Flags' = $Partition.Flags - 'Zone Count' = $Partition.ZoneCount + try { + Section -Style Heading6 "Application Directory Partition" { + if ($Domain) { + foreach ($Item in $Domain) { + $DCs = Invoke-Command -Session $Session {Get-ADDomain -Identity $using:Item | Select-Object -ExpandProperty ReplicaDirectoryServers} + if ($DCs) {Write-PscriboMessage "Discovered '$(($DCs | Measure-Object).Count)' Active Directory Domain Controller on $Domain"} + foreach ($DC in $DCs) { + Section -Style Heading6 "$($DC.ToString().ToUpper().Split(".")[0]) Directory Partition" { + Paragraph "The following section provides $($DC.ToString().ToUpper().Split(".")[0]) Directory Partition information." + BlankLine + $OutObj = @() + Write-PscriboMessage "Collecting Domain Name System Directory Partition information on '$($DC)'." + try { + $DNSSetting = Invoke-Command -Session $Session {Get-DnsServerDirectoryPartition -ComputerName $using:DC} + foreach ($Partition in $DNSSetting) { + $inObj = [ordered] @{ + 'Name' = $Partition.DirectoryPartitionName + 'State' = ConvertTo-EmptyToFiller $Partition.State + 'Flags' = $Partition.Flags + 'Zone Count' = $Partition.ZoneCount + } + $OutObj += [pscustomobject]$inobj } - $OutObj += [pscustomobject]$inobj } - } - catch { - Write-PscriboMessage -IsWarning "$($_.Exception.Message) (Directory Partitions Summary)" - } - if ($HealthCheck.DNS.DP) { - $OutObj | Where-Object { $_.'State' -ne 0 -and $_.'State' -ne "-"} | Set-Style -Style Warning -Property 'Name','State','Flags','Zone Count' - } + catch { + Write-PscriboMessage -IsWarning "$($_.Exception.Message) (Directory Partitions Item)" + } + if ($HealthCheck.DNS.DP) { + $OutObj | Where-Object { $_.'State' -ne 0 -and $_.'State' -ne "-"} | Set-Style -Style Warning -Property 'Name','State','Flags','Zone Count' + } - $TableParams = @{ - Name = "DNS Directory Partitions information." - List = $false - ColumnWidths = 50, 15, 25, 10 - } - if ($Report.ShowTableCaptions) { - $TableParams['Caption'] = "- $($TableParams.Name)" + $TableParams = @{ + Name = "Directory Partitions - $($Domain.ToString().ToUpper())" + List = $false + ColumnWidths = 50, 15, 25, 10 + } + if ($Report.ShowTableCaptions) { + $TableParams['Caption'] = "- $($TableParams.Name)" + } + $OutObj | Sort-Object -Property Name | Table @TableParams } - $OutObj | Sort-Object -Property Name | Table @TableParams } } } } } + catch { + Write-PscriboMessage -IsWarning "$($_.Exception.Message) (Directory Partitions Table)" + } } if ($InfoLevel.DNS -ge 2) { - Section -Style Heading6 "Response Rate Limiting (RRL)" { - Paragraph "The following section provides a summary of the DNS Response Rate Limiting configuration." - BlankLine - $OutObj = @() - if ($Domain) { - foreach ($Item in $Domain) { - $DCs = Invoke-Command -Session $Session {Get-ADDomain -Identity $using:Item | Select-Object -ExpandProperty ReplicaDirectoryServers} - if ($DCs) {Write-PscriboMessage "Discovered '$(($DCs | Measure-Object).Count)' Active Directory Domain Controller on $Domain"} - foreach ($DC in $DCs) { - Write-PscriboMessage "Collecting Domain Name System Infrastructure information on '$($DC)'." - try { - $DNSSetting = Invoke-Command -Session $Session {Get-DnsServerResponseRateLimiting -ComputerName $using:DC} - $inObj = [ordered] @{ - 'DC Name' = $($DC.ToString().ToUpper().Split(".")[0]) - 'Status' = ConvertTo-EmptyToFiller $DNSSetting.Mode - 'Responses Per Sec' = ConvertTo-EmptyToFiller $DNSSetting.ResponsesPerSec - 'Errors Per Sec' = ConvertTo-EmptyToFiller $DNSSetting.ErrorsPerSec - 'Window In Sec' = ConvertTo-EmptyToFiller $DNSSetting.WindowInSec - 'Leak Rate' = ConvertTo-EmptyToFiller $DNSSetting.LeakRate - 'Truncate Rate' = ConvertTo-EmptyToFiller $DNSSetting.TruncateRate + try { + Section -Style Heading6 "Response Rate Limiting (RRL)" { + Paragraph "The following section provides a summary of the DNS Response Rate Limiting configuration." + BlankLine + $OutObj = @() + if ($Domain) { + foreach ($Item in $Domain) { + $DCs = Invoke-Command -Session $Session {Get-ADDomain -Identity $using:Item | Select-Object -ExpandProperty ReplicaDirectoryServers} + if ($DCs) {Write-PscriboMessage "Discovered '$(($DCs | Measure-Object).Count)' Active Directory Domain Controller on $Domain"} + foreach ($DC in $DCs) { + Write-PscriboMessage "Collecting Domain Name System Infrastructure information on '$($DC)'." + try { + $DNSSetting = Invoke-Command -Session $Session {Get-DnsServerResponseRateLimiting -ComputerName $using:DC} + $inObj = [ordered] @{ + 'DC Name' = $($DC.ToString().ToUpper().Split(".")[0]) + 'Status' = ConvertTo-EmptyToFiller $DNSSetting.Mode + 'Responses Per Sec' = ConvertTo-EmptyToFiller $DNSSetting.ResponsesPerSec + 'Errors Per Sec' = ConvertTo-EmptyToFiller $DNSSetting.ErrorsPerSec + 'Window In Sec' = ConvertTo-EmptyToFiller $DNSSetting.WindowInSec + 'Leak Rate' = ConvertTo-EmptyToFiller $DNSSetting.LeakRate + 'Truncate Rate' = ConvertTo-EmptyToFiller $DNSSetting.TruncateRate + } + $OutObj += [pscustomobject]$inobj + } + catch { + Write-PscriboMessage -IsWarning "$($_.Exception.Message) (Response Rate Limiting (RRL) Item)" } - $OutObj += [pscustomobject]$inobj - } - catch { - Write-PscriboMessage -IsWarning "$($_.Exception.Message) (Response Rate Limiting (RRL) Summary)" } } - } - $TableParams = @{ - Name = "DNS Response Rate Limiting configuration." - List = $false - ColumnWidths = 30, 10, 12, 12, 12, 12, 12 - } - if ($Report.ShowTableCaptions) { - $TableParams['Caption'] = "- $($TableParams.Name)" + $TableParams = @{ + Name = "Response Rate Limiting - $($Domain.ToString().ToUpper())" + List = $false + ColumnWidths = 30, 10, 12, 12, 12, 12, 12 + } + if ($Report.ShowTableCaptions) { + $TableParams['Caption'] = "- $($TableParams.Name)" + } + $OutObj | Table @TableParams } - $OutObj | Table @TableParams } } + catch { + Write-PscriboMessage -IsWarning "$($_.Exception.Message) (Response Rate Limiting (RRL) Table)" + } } if ($InfoLevel.DNS -ge 2) { - Section -Style Heading6 "Scavenging Options" { - Paragraph "The following section provides a summary of the DNS Scavenging configuration." + try { + Section -Style Heading6 "Scavenging Options" { + Paragraph "The following section provides a summary of the DNS Scavenging configuration." + BlankLine + $OutObj = @() + if ($Domain) { + foreach ($Item in $Domain) { + $DCs = Invoke-Command -Session $Session {Get-ADDomain -Identity $using:Item | Select-Object -ExpandProperty ReplicaDirectoryServers} + if ($DCs) {Write-PscriboMessage "Discovered '$(($DCs | Measure-Object).Count)' Active Directory Domain Controller on $Domain"} + foreach ($DC in $DCs) { + Write-PscriboMessage "Collecting Domain Name System Infrastructure information on '$($DC)'." + try { + $DNSSetting = Invoke-Command -Session $Session {Get-DnsServerScavenging -ComputerName $using:DC} + $inObj = [ordered] @{ + 'DC Name' = $($DC.ToString().ToUpper().Split(".")[0]) + 'NoRefresh Interval' = ConvertTo-EmptyToFiller $DNSSetting.NoRefreshInterval + 'Refresh Interval' = ConvertTo-EmptyToFiller $DNSSetting.RefreshInterval + 'Scavenging Interval' = ConvertTo-EmptyToFiller $DNSSetting.ScavengingInterval + 'Last Scavenge Time' = Switch ($DNSSetting.LastScavengeTime) { + "" {"-"; break} + $Null {"-"; break} + default {ConvertTo-EmptyToFiller ($DNSSetting.LastScavengeTime.ToString("MM/dd/yyyy"))} + } + 'Scavenging State' = Switch ($DNSSetting.ScavengingState) { + "True" {"Enabled"} + "False" {"Disabled"} + default {ConvertTo-EmptyToFiller $DNSSetting.ScavengingState} + } + } + $OutObj += [pscustomobject]$inobj + } + catch { + Write-PscriboMessage -IsWarning "$($_.Exception.Message) (Scavenging Item)" + } + } + } + + $TableParams = @{ + Name = "Scavenging - $($Domain.ToString().ToUpper())" + List = $false + ColumnWidths = 25, 15, 15, 15, 15, 15 + } + if ($Report.ShowTableCaptions) { + $TableParams['Caption'] = "- $($TableParams.Name)" + } + $OutObj | Table @TableParams + } + } + } + catch { + Write-PscriboMessage -IsWarning "$($_.Exception.Message) (Scavenging Table)" + } + } + try { + Section -Style Heading6 "Forwarder Options" { + Paragraph "The following section provides a summary of the DNS Forwarder configuration." BlankLine $OutObj = @() if ($Domain) { @@ -217,37 +284,29 @@ function Get-AbrADDNSInfrastructure { $DCs = Invoke-Command -Session $Session {Get-ADDomain -Identity $using:Item | Select-Object -ExpandProperty ReplicaDirectoryServers} if ($DCs) {Write-PscriboMessage "Discovered '$(($DCs | Measure-Object).Count)' Active Directory Domain Controller on $Domain"} foreach ($DC in $DCs) { - Write-PscriboMessage "Collecting Domain Name System Infrastructure information on '$($DC)'." + Write-PscriboMessage "Collecting Domain Name System Infrastructure information on '$($DC)' (Forwarder Summary)." try { - $DNSSetting = Invoke-Command -Session $Session {Get-DnsServerScavenging -ComputerName $using:DC} + $DNSSetting = Invoke-Command -Session $Session {Get-DnsServerForwarder -ComputerName $using:DC} + $Recursion = Invoke-Command -Session $Session {Get-DnsServerRecursion -ComputerName $using:DC | Select-Object -ExpandProperty Enable} $inObj = [ordered] @{ 'DC Name' = $($DC.ToString().ToUpper().Split(".")[0]) - 'NoRefresh Interval' = ConvertTo-EmptyToFiller $DNSSetting.NoRefreshInterval - 'Refresh Interval' = ConvertTo-EmptyToFiller $DNSSetting.RefreshInterval - 'Scavenging Interval' = ConvertTo-EmptyToFiller $DNSSetting.ScavengingInterval - 'Last Scavenge Time' = Switch ($DNSSetting.LastScavengeTime) { - "" {"-"; break} - $Null {"-"; break} - default {ConvertTo-EmptyToFiller ($DNSSetting.LastScavengeTime.ToString("MM/dd/yyyy"))} - } - 'Scavenging State' = Switch ($DNSSetting.ScavengingState) { - "True" {"Enabled"} - "False" {"Disabled"} - default {ConvertTo-EmptyToFiller $DNSSetting.ScavengingState} - } + 'IP Address' = $DNSSetting.IPAddress + 'Timeout' = ("$($DNSSetting.Timeout)/s") + 'Use Root Hint' = ConvertTo-EmptyToFiller (ConvertTo-TextYN $DNSSetting.UseRootHint) + 'Use Recursion' = ConvertTo-EmptyToFiller (ConvertTo-TextYN $Recursion) } $OutObj += [pscustomobject]$inobj } catch { - Write-PscriboMessage -IsWarning "$($_.Exception.Message) (Scavenging Summary)" + Write-PscriboMessage -IsWarning "$($_.Exception.Message) (Forwarder Item)" } } } $TableParams = @{ - Name = "DNS Scavenging configuration." + Name = "Infrastructure Forwarder - $($Domain.ToString().ToUpper())" List = $false - ColumnWidths = 25, 15, 15, 15, 15, 15 + ColumnWidths = 35, 15, 15, 15, 20 } if ($Report.ShowTableCaptions) { $TableParams['Caption'] = "- $($TableParams.Name)" @@ -256,130 +315,103 @@ function Get-AbrADDNSInfrastructure { } } } - - Section -Style Heading6 "Forwarder Options" { - Paragraph "The following section provides a summary of the DNS Forwarder configuration." - BlankLine - $OutObj = @() - if ($Domain) { - foreach ($Item in $Domain) { - $DCs = Invoke-Command -Session $Session {Get-ADDomain -Identity $using:Item | Select-Object -ExpandProperty ReplicaDirectoryServers} - if ($DCs) {Write-PscriboMessage "Discovered '$(($DCs | Measure-Object).Count)' Active Directory Domain Controller on $Domain"} - foreach ($DC in $DCs) { - Write-PscriboMessage "Collecting Domain Name System Infrastructure information on '$($DC)' (Forwarder Summary)." - try { - $DNSSetting = Invoke-Command -Session $Session {Get-DnsServerForwarder -ComputerName $using:DC} - $Recursion = Invoke-Command -Session $Session {Get-DnsServerRecursion -ComputerName $using:DC | Select-Object -ExpandProperty Enable} - $inObj = [ordered] @{ - 'DC Name' = $($DC.ToString().ToUpper().Split(".")[0]) - 'IP Address' = $DNSSetting.IPAddress - 'Timeout' = ("$($DNSSetting.Timeout)/s") - 'Use Root Hint' = ConvertTo-EmptyToFiller (ConvertTo-TextYN $DNSSetting.UseRootHint) - 'Use Recursion' = ConvertTo-EmptyToFiller (ConvertTo-TextYN $Recursion) - } - $OutObj += [pscustomobject]$inobj - } - catch { - Write-PscriboMessage -IsWarning "$($_.Exception.Message) (Forwarder Summary)" - } - } - } - - $TableParams = @{ - Name = "DNS Infrastructure Forwarder configuration." - List = $false - ColumnWidths = 35, 15, 15, 15, 20 - } - if ($Report.ShowTableCaptions) { - $TableParams['Caption'] = "- $($TableParams.Name)" - } - $OutObj | Table @TableParams - } + catch { + Write-PscriboMessage -IsWarning "$($_.Exception.Message) (Forwarder Table)" } if ($InfoLevel.DNS -ge 2) { - Section -Style Heading6 "Root Hints" { - Paragraph "The following section provides a summary of the DNS Root Hints information." - BlankLine - if ($Domain) { - foreach ($Item in $Domain) { - $DCs = Invoke-Command -Session $Session {Get-ADDomain -Identity $using:Item | Select-Object -ExpandProperty ReplicaDirectoryServers} - if ($DCs) {Write-PscriboMessage "Discovered '$(($DCs | Measure-Object).Count)' Active Directory Domain Controller on $Domain"} - foreach ($DC in $DCs) { - Section -Style Heading7 "$($DC.ToString().ToUpper().Split(".")[0]) Root Hints" { - Paragraph "The following section provides $($DC.ToString().ToUpper().Split(".")[0]) Root Hints information." - BlankLine - $OutObj = @() - Write-PscriboMessage "Collecting Domain Name System Root Hint information on '$($DC)'." - try { - $DNSSetting = Invoke-Command -Session $Session {Get-DnsServerRootHint -ComputerName $using:DC | Select-Object @{Name="Name"; E={$_.NameServer.RecordData.Nameserver}},@{Name="IPAddress"; E={$_.IPAddress.RecordData.IPv6Address.IPAddressToString,$_.IPAddress.RecordData.IPv4Address.IPAddressToString} }} - foreach ($Hints in $DNSSetting) { - $inObj = [ordered] @{ - 'Name' = $Hints.Name - 'IP Address' = (($Hints.IPAddress).Where({ $_ -ne $Null })) -join ", " + try { + Section -Style Heading6 "Root Hints" { + Paragraph "The following section provides a summary of the DNS Root Hints information." + BlankLine + if ($Domain) { + foreach ($Item in $Domain) { + $DCs = Invoke-Command -Session $Session {Get-ADDomain -Identity $using:Item | Select-Object -ExpandProperty ReplicaDirectoryServers} + if ($DCs) {Write-PscriboMessage "Discovered '$(($DCs | Measure-Object).Count)' Active Directory Domain Controller on $Domain"} + foreach ($DC in $DCs) { + Section -Style Heading6 "$($DC.ToString().ToUpper().Split(".")[0]) Root Hints" { + Paragraph "The following section provides $($DC.ToString().ToUpper().Split(".")[0]) Root Hints information." + BlankLine + $OutObj = @() + Write-PscriboMessage "Collecting Domain Name System Root Hint information on '$($DC)'." + try { + $DNSSetting = Invoke-Command -Session $Session {Get-DnsServerRootHint -ComputerName $using:DC | Select-Object @{Name="Name"; E={$_.NameServer.RecordData.Nameserver}},@{Name="IPAddress"; E={$_.IPAddress.RecordData.IPv6Address.IPAddressToString,$_.IPAddress.RecordData.IPv4Address.IPAddressToString} }} + foreach ($Hints in $DNSSetting) { + $inObj = [ordered] @{ + 'Name' = $Hints.Name + 'IP Address' = (($Hints.IPAddress).Where({ $_ -ne $Null })) -join ", " + } + $OutObj += [pscustomobject]$inobj } - $OutObj += [pscustomobject]$inobj } - } - catch { - Write-PscriboMessage -IsWarning "$($_.Exception.Message) (Root Hints Summary)" - } + catch { + Write-PscriboMessage -IsWarning "$($_.Exception.Message) (Root Hints Item)" + } - $TableParams = @{ - Name = "DNS Root Hints information." - List = $false - ColumnWidths = 50, 50 - } - if ($Report.ShowTableCaptions) { - $TableParams['Caption'] = "- $($TableParams.Name)" + $TableParams = @{ + Name = "DNS Root Hints - $($Domain.ToString().ToUpper())" + List = $false + ColumnWidths = 50, 50 + } + if ($Report.ShowTableCaptions) { + $TableParams['Caption'] = "- $($TableParams.Name)" + } + $OutObj | Sort-Object -Property Name | Table @TableParams } - $OutObj | Sort-Object -Property Name | Table @TableParams } } } } } + catch { + Write-PscriboMessage -IsWarning "$($_.Exception.Message) (Root Hints Table)" + } } if ($InfoLevel.DNS -ge 2) { - Section -Style Heading6 "Zone Scope Recursion" { - Paragraph "The following section provides a summary of the DNS Zone Scope Recursion configuration." - BlankLine - $OutObj = @() - if ($Domain) { - foreach ($Item in $Domain) { - $DCs = Invoke-Command -Session $Session {Get-ADDomain -Identity $using:Item | Select-Object -ExpandProperty ReplicaDirectoryServers} - if ($DCs) {Write-PscriboMessage "Discovered '$(($DCs | Measure-Object).Count)' Active Directory Domain Controller on $Domain"} - foreach ($DC in $DCs) { - Write-PscriboMessage "Collecting Domain Name System Infrastructure information on '$($DC)'." - try { - $DNSSetting = Invoke-Command -Session $Session {Get-DnsServerRecursionScope -ComputerName $using:DC} - $inObj = [ordered] @{ - 'DC Name' = $($DC.ToString().ToUpper().Split(".")[0]) - 'Zone Name' = Switch ($DNSSetting.Name) { - "." {"Root"} - default {ConvertTo-EmptyToFiller $DNSSetting.Name} + try { + Section -Style Heading6 "Zone Scope Recursion" { + Paragraph "The following section provides a summary of the DNS Zone Scope Recursion configuration." + BlankLine + $OutObj = @() + if ($Domain) { + foreach ($Item in $Domain) { + $DCs = Invoke-Command -Session $Session {Get-ADDomain -Identity $using:Item | Select-Object -ExpandProperty ReplicaDirectoryServers} + if ($DCs) {Write-PscriboMessage "Discovered '$(($DCs | Measure-Object).Count)' Active Directory Domain Controller on $Domain"} + foreach ($DC in $DCs) { + Write-PscriboMessage "Collecting Domain Name System Infrastructure information on '$($DC)'." + try { + $DNSSetting = Invoke-Command -Session $Session {Get-DnsServerRecursionScope -ComputerName $using:DC} + $inObj = [ordered] @{ + 'DC Name' = $($DC.ToString().ToUpper().Split(".")[0]) + 'Zone Name' = Switch ($DNSSetting.Name) { + "." {"Root"} + default {ConvertTo-EmptyToFiller $DNSSetting.Name} + } + 'Forwarder' = $DNSSetting.Forwarder + 'Use Recursion' = ConvertTo-EmptyToFiller (ConvertTo-TextYN $DNSSetting.EnableRecursion) } - 'Forwarder' = $DNSSetting.Forwarder - 'Use Recursion' = ConvertTo-EmptyToFiller (ConvertTo-TextYN $DNSSetting.EnableRecursion) + $OutObj += [pscustomobject]$inobj + } + catch { + Write-PscriboMessage -IsWarning "$($_.Exception.Message) (Zone Scope Recursion Item)" } - $OutObj += [pscustomobject]$inobj - } - catch { - Write-PscriboMessage -IsWarning "$($_.Exception.Message) (Zone Scope Recursion Summary)" } } - } - $TableParams = @{ - Name = "DNS Zone Scope Recursion configuration." - List = $false - ColumnWidths = 35, 25, 20, 20 - } - if ($Report.ShowTableCaptions) { - $TableParams['Caption'] = "- $($TableParams.Name)" + $TableParams = @{ + Name = "Zone Scope Recursion - $($Domain.ToString().ToUpper())" + List = $false + ColumnWidths = 35, 25, 20, 20 + } + if ($Report.ShowTableCaptions) { + $TableParams['Caption'] = "- $($TableParams.Name)" + } + $OutObj | Table @TableParams } - $OutObj | Table @TableParams } } + catch { + Write-PscriboMessage -IsWarning "$($_.Exception.Message) (Zone Scope Recursion Table)" + } } } } diff --git a/Src/Private/Get-AbrADDNSZone.ps1 b/Src/Private/Get-AbrADDNSZone.ps1 index 559fa18..ed2b840 100644 --- a/Src/Private/Get-AbrADDNSZone.ps1 +++ b/Src/Private/Get-AbrADDNSZone.ps1 @@ -5,7 +5,7 @@ function Get-AbrADDNSZone { .DESCRIPTION .NOTES - Version: 0.5.0 + Version: 0.6.2 Author: Jonathan Colon Twitter: @jcolonfzenpr Github: rebelinux @@ -33,16 +33,16 @@ function Get-AbrADDNSZone { process { try { - Section -Style Heading5 "$($DC.ToString().ToUpper().Split(".")[0]) DNS Zone Configuration" { - Paragraph "The following section provides a summary of the DNS Zone Configuration information." - BlankLine - $OutObj = @() - if ($DC) { - try { - Write-PscriboMessage "Discovered Actve Directory Domain Controller: $DC. (Domain Name System Zone)" - $DCPssSession = New-PSSession $DC -Credential $Cred -Authentication Default - $DNSSetting = Invoke-Command -Session $DCPssSession {Get-DnsServerZone | Where-Object {$_.IsReverseLookupZone -like "False" -and $_.ZoneType -notlike "Forwarder"}} - foreach ($Zones in $DNSSetting) { + $DCPssSession = New-PSSession $DC -Credential $Cred -Authentication Default + $DNSSetting = Invoke-Command -Session $DCPssSession {Get-DnsServerZone | Where-Object {$_.IsReverseLookupZone -like "False" -and $_.ZoneType -notlike "Forwarder"}} + if ($DNSSetting) { + Section -Style Heading5 "$($DC.ToString().ToUpper().Split(".")[0]) DNS Zone Configuration" { + Paragraph "The following section provides a summary of the DNS Zone Configuration information." + BlankLine + $OutObj = @() + Write-PscriboMessage "Discovered Actve Directory Domain Controller: $DC. (Domain Name System Zone)" + foreach ($Zones in $DNSSetting) { + try { Write-PscriboMessage "Collecting Actve Directory DNS Zone: '$($Zones.ZoneName)' on $DC" $inObj = [ordered] @{ 'Zone Name' = ConvertTo-EmptyToFiller $Zones.ZoneName @@ -55,14 +55,14 @@ function Get-AbrADDNSZone { } $OutObj += [pscustomobject]$inobj } - Remove-PSSession -Session $DCPssSession - } - catch { - Write-PscriboMessage -IsWarning "$($_.Exception.Message) (Domain Name System Zone)" + catch { + Write-PscriboMessage -IsWarning "$($_.Exception.Message) (Domain Name System Zone Item)" + } } + Remove-PSSession -Session $DCPssSession $TableParams = @{ - Name = "DNS Zone Information." + Name = "DNS Zone - $($Domain.ToString().ToUpper())" List = $false ColumnWidths = 25, 15, 12, 12, 12, 12, 12 } @@ -70,219 +70,251 @@ function Get-AbrADDNSZone { $TableParams['Caption'] = "- $($TableParams.Name)" } $OutObj | Table @TableParams - } - - if ($InfoLevel.DNS -ge 2) { - try { - $DCPssSession = New-PSSession $DC -Credential $Cred -Authentication Default - Write-PscriboMessage "Discovered Actve Directory Domain Controller: $DC. (Domain Name System Zone)" - $DNSSetting = Invoke-Command -Session $DCPssSession {Get-DnsServerZone | Where-Object {$_.IsReverseLookupZone -like "False" -and ($_.ZoneName -ne "_msdcs.pharmax.local" -and $_.ZoneName -ne "TrustAnchors") -and ($_.ZoneType -like "Primary" -or $_.ZoneType -like "Secondary")} | Select-Object -ExpandProperty ZoneName } - if ($DNSSetting) { - Section -Style Heading6 "$($DC.ToString().ToUpper().Split(".")[0]) Zone Delegation" { - Paragraph "The following section provides a summary of the DNS Zone Delegation information." - BlankLine + if ($InfoLevel.DNS -ge 2) { + try { + $DCPssSession = New-PSSession $DC -Credential $Cred -Authentication Default + Write-PscriboMessage "Discovered Actve Directory Domain Controller: $DC. (Domain Name System Zone)" + $DNSSetting = Invoke-Command -Session $DCPssSession {Get-DnsServerZone | Where-Object {$_.IsReverseLookupZone -like "False" -and ($_.ZoneName -ne "_msdcs.pharmax.local" -and $_.ZoneName -ne "TrustAnchors") -and ($_.ZoneType -like "Primary" -or $_.ZoneType -like "Secondary")} | Select-Object -ExpandProperty ZoneName } + if ($DNSSetting) { $OutObj = @() foreach ($Zone in $DNSSetting) { - $Delegations = Invoke-Command -Session $DCPssSession {Get-DnsServerZoneDelegation -Name $using:Zone} - if ($Delegations) { - foreach ($Delegation in $Delegations) { - Write-PscriboMessage "Collecting Actve Directory DNS Zone: '$($Delegation.ZoneName)' on $DC" - $inObj = [ordered] @{ - 'Zone Name' = $Delegation.ZoneName - 'Child Zone' = $Delegation.ChildZoneName - 'Name Server' = $Delegation.NameServer.RecordData.NameServer - 'IP Address' = $Delegation.IPaddress.RecordData.IPv4Address.ToString() + try { + $Delegations = Invoke-Command -Session $DCPssSession {Get-DnsServerZoneDelegation -Name $using:Zone} + if ($Delegations) { + foreach ($Delegation in $Delegations) { + try { + Write-PscriboMessage "Collecting Actve Directory DNS Zone: '$($Delegation.ZoneName)' on $DC" + $inObj = [ordered] @{ + 'Zone Name' = $Delegation.ZoneName + 'Child Zone' = $Delegation.ChildZoneName + 'Name Server' = $Delegation.NameServer.RecordData.NameServer + 'IP Address' = $Delegation.IPaddress.RecordData.IPv4Address.ToString() + } + $OutObj += [pscustomobject]$inobj + } + catch { + Write-PscriboMessage -IsWarning $($_.Exception.Message) + } } - $OutObj += [pscustomobject]$inobj } } + catch { + Write-PscriboMessage -IsWarning "$($_.Exception.Message) (Zone Delegation Item)" + } } - Remove-PSSession -Session $DCPssSession - - $TableParams = @{ - Name = "DNS Zone Delegation Information." - List = $false - ColumnWidths = 25, 25, 32, 18 } - if ($Report.ShowTableCaptions) { - $TableParams['Caption'] = "- $($TableParams.Name)" - } - $OutObj | Table @TableParams + + if ($OutObj) { + Section -Style Heading6 "$($DC.ToString().ToUpper().Split(".")[0]) Zone Delegation" { + Paragraph "The following section provides a summary of the DNS Zone Delegation information." + BlankLine + + $TableParams = @{ + Name = "Zone Delegations - $($Domain.ToString().ToUpper())" + List = $false + ColumnWidths = 25, 25, 32, 18 + } + if ($Report.ShowTableCaptions) { + $TableParams['Caption'] = "- $($TableParams.Name)" + } + $OutObj | Table @TableParams + } } + Remove-PSSession -Session $DCPssSession + } + catch { + Write-PscriboMessage -IsWarning "$($_.Exception.Message) (Zone Delegation Table)" } } - catch { - Write-PscriboMessage -IsWarning "$($_.Exception.Message) (Zone Delegation)" - } - } - if ($InfoLevel.DNS -ge 2) { + if ($InfoLevel.DNS -ge 2) { + try { + $DCPssSession = New-PSSession $DC -Credential $Cred -Authentication Default + Write-PscriboMessage "Discovered Actve Directory Domain Controller: $DC. (Domain Name System Zone)" + $DNSSetting = Invoke-Command -Session $DCPssSession {Get-ChildItem -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\DNS Server\Zones\*" | Get-ItemProperty | Where-Object {$_ -match 'SecondaryServers'}} + if ($DNSSetting) { + Section -Style Heading6 "$($DC.ToString().ToUpper().Split(".")[0]) Zone Transfers" { + Paragraph "The following section provides a summary of the DNS Zone Transfer information." + BlankLine + $OutObj = @() + foreach ($Zone in $DNSSetting) { + try { + Write-PscriboMessage "Collecting Actve Directory DNS Zone: '$($Zone.PSChildName)' on $DC" + $inObj = [ordered] @{ + 'Zone Name' = $Zone.PSChildName + 'Secondary Servers' = ConvertTo-EmptyToFiller $Zone.SecondaryServers + 'Notify Servers' = ConvertTo-EmptyToFiller $Zone.NotifyServers + 'Secure Secondaries' = Switch ($Zone.SecureSecondaries) { + "0" {"Send zone transfers to all secondary servers that request them."} + "1" {"Send zone transfers only to name servers that are authoritative for the zone."} + "2" {"Send zone transfers only to servers you specify in Secondary Servers."} + "3" {"Do not send zone transfers."} + default {$Zone.SecureSecondaries} + } + } + $OutObj += [pscustomobject]$inobj + } + catch { + Write-PscriboMessage -IsWarning "$($_.Exception.Message) (Zone Transfers Item)" + } + } + Remove-PSSession -Session $DCPssSession + + $TableParams = @{ + Name = "Zone Transfers - $($Domain.ToString().ToUpper())" + List = $true + ColumnWidths = 40, 60 + } + if ($Report.ShowTableCaptions) { + $TableParams['Caption'] = "- $($TableParams.Name)" + } + $OutObj | Table @TableParams + } + } + Remove-PSSession -Session $DCPssSession + } + catch { + Write-PscriboMessage -IsWarning "$($_.Exception.Message) (Zone Transfers Table)" + } + } try { $DCPssSession = New-PSSession $DC -Credential $Cred -Authentication Default - Write-PscriboMessage "Discovered Actve Directory Domain Controller: $DC. (Domain Name System Zone)" - $DNSSetting = Invoke-Command -Session $DCPssSession {Get-ChildItem -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\DNS Server\Zones\*" | Get-ItemProperty | Where-Object {$_ -match 'SecondaryServers'}} + $DNSSetting = Invoke-Command -Session $DCPssSession {Get-DnsServerZone | Where-Object {$_.IsReverseLookupZone -like "True"}} if ($DNSSetting) { - Section -Style Heading6 "$($DC.ToString().ToUpper().Split(".")[0]) Zone Transfers" { - Paragraph "The following section provides a summary of the DNS Zone Transfer information." + Section -Style Heading6 "$($DC.ToString().ToUpper().Split(".")[0]) Reverse Lookup Zone Configuration" { + Paragraph "The following section provides a summary of the DNS Reverse Lookup Zone Configuration information." BlankLine $OutObj = @() - foreach ($Zone in $DNSSetting) { - Write-PscriboMessage "Collecting Actve Directory DNS Zone: '$($Zone.PSChildName)' on $DC" - $inObj = [ordered] @{ - 'Zone Name' = $Zone.PSChildName - 'Secondary Servers' = ConvertTo-EmptyToFiller $Zone.SecondaryServers - 'Notify Servers' = ConvertTo-EmptyToFiller $Zone.NotifyServers - 'Secure Secondaries' = Switch ($Zone.SecureSecondaries) { - "0" {"Send zone transfers to all secondary servers that request them."} - "1" {"Send zone transfers only to name servers that are authoritative for the zone."} - "2" {"Send zone transfers only to servers you specify in Secondary Servers."} - "3" {"Do not send zone transfers."} - default {$Zone.SecureSecondaries} + Write-PscriboMessage "Discovered Actve Directory Domain Controller: $DC (Domain Name System Zone)" + foreach ($Zones in $DNSSetting) { + try { + Write-PscriboMessage "Collecting Actve Directory DNS Zone: '$($Zones.ZoneName)' on $DC" + $inObj = [ordered] @{ + 'Zone Name' = ConvertTo-EmptyToFiller $Zones.ZoneName + 'Zone Type' = ConvertTo-EmptyToFiller $Zones.ZoneType + 'Replication Scope' = ConvertTo-EmptyToFiller $Zones.ReplicationScope + 'Dynamic Update' = ConvertTo-EmptyToFiller $Zones.DynamicUpdate + 'DS Integrated' = ConvertTo-EmptyToFiller (ConvertTo-TextYN $Zones.IsDsIntegrated) + 'Read Only' = ConvertTo-EmptyToFiller (ConvertTo-TextYN $Zones.IsReadOnly) + 'Signed' = ConvertTo-EmptyToFiller (ConvertTo-TextYN $Zones.IsSigned) } + $OutObj += [pscustomobject]$inobj + } + catch { + Write-PscriboMessage -IsWarning "$($_.Exception.Message) (Reverse Lookup Zone Configuration Item)" } - $OutObj += [pscustomobject]$inobj } - Remove-PSSession -Session $DCPssSession - $TableParams = @{ - Name = "DNS Zone Transfer Information." - List = $true - ColumnWidths = 40, 60 - } - if ($Report.ShowTableCaptions) { - $TableParams['Caption'] = "- $($TableParams.Name)" - } - $OutObj | Table @TableParams + $TableParams = @{ + Name = "Zones - $($Domain.ToString().ToUpper())" + List = $false + ColumnWidths = 25, 15, 12, 12, 12, 12, 12 + } + if ($Report.ShowTableCaptions) { + $TableParams['Caption'] = "- $($TableParams.Name)" + } + $OutObj | Table @TableParams } } Remove-PSSession -Session $DCPssSession } catch { - Write-PscriboMessage -IsWarning "$($_.Exception.Message) (Zone Transfers)" + Write-PscriboMessage -IsWarning "$($_.Exception.Message) (Reverse Lookup Zone Configuration Table)" } - } - Section -Style Heading6 "$($DC.ToString().ToUpper().Split(".")[0]) Reverse Lookup Zone Configuration" { - Paragraph "The following section provides a summary of the DNS Reverse Lookup Zone Configuration information." - BlankLine - $OutObj = @() - if ($DC) { - try { - Write-PscriboMessage "Discovered Actve Directory Domain Controller: $DC (Domain Name System Zone)" - $DCPssSession = New-PSSession $DC -Credential $Cred -Authentication Default - $DNSSetting = Invoke-Command -Session $DCPssSession {Get-DnsServerZone | Where-Object {$_.IsReverseLookupZone -like "True"}} - foreach ($Zones in $DNSSetting) { - Write-PscriboMessage "Collecting Actve Directory DNS Zone: '$($Zones.ZoneName)' on $DC" - $inObj = [ordered] @{ - 'Zone Name' = ConvertTo-EmptyToFiller $Zones.ZoneName - 'Zone Type' = ConvertTo-EmptyToFiller $Zones.ZoneType - 'Replication Scope' = ConvertTo-EmptyToFiller $Zones.ReplicationScope - 'Dynamic Update' = ConvertTo-EmptyToFiller $Zones.DynamicUpdate - 'DS Integrated' = ConvertTo-EmptyToFiller (ConvertTo-TextYN $Zones.IsDsIntegrated) - 'Read Only' = ConvertTo-EmptyToFiller (ConvertTo-TextYN $Zones.IsReadOnly) - 'Signed' = ConvertTo-EmptyToFiller (ConvertTo-TextYN $Zones.IsSigned) + try { + $DCPssSession = New-PSSession $DC -Credential $Cred -Authentication Default + $DNSSetting = Invoke-Command -Session $DCPssSession {Get-DnsServerZone | Where-Object {$_.IsReverseLookupZone -like "False" -and $_.ZoneType -like "Forwarder"}} + if ($DNSSetting) { + Section -Style Heading5 "$($DC.ToString().ToUpper().Split(".")[0]) Conditional Forwarder" { + Paragraph "The following section provides a summary of the DNS Conditional Forwarder information." + BlankLine + $OutObj = @() + Write-PscriboMessage "Discovered Actve Directory Domain Controller: $DC. (Domain Name System Conditional Forwarder )" + foreach ($Zones in $DNSSetting) { + try { + Write-PscriboMessage "Collecting Actve Directory DNS Zone: '$($Zones.ZoneName)' on $DC" + $inObj = [ordered] @{ + 'Zone Name' = $Zones.ZoneName + 'Zone Type' = $Zones.ZoneType + 'Replication Scope' = $Zones.ReplicationScope + 'Master Servers' = $Zones.MasterServers + 'DS Integrated' = $Zones.IsDsIntegrated + } + $OutObj += [pscustomobject]$inobj + } + catch { + Write-PscriboMessage -IsWarning "$($_.Exception.Message) (Conditional Forwarder Item)" + } } - $OutObj += [pscustomobject]$inobj - } - Remove-PSSession -Session $DCPssSession - } - catch { - Write-PscriboMessage -IsWarning "$($_.Exception.Message) (Reverse Lookup Zone Configuration)" - } - $TableParams = @{ - Name = "DNS Zone Information." - List = $false - ColumnWidths = 25, 15, 12, 12, 12, 12, 12 - } - if ($Report.ShowTableCaptions) { - $TableParams['Caption'] = "- $($TableParams.Name)" - } - $OutObj | Table @TableParams - } - } - - Section -Style Heading5 "$($DC.ToString().ToUpper().Split(".")[0]) Conditional Forwarder" { - Paragraph "The following section provides a summary of the DNS Conditional Forwarder information." - BlankLine - $OutObj = @() - if ($DC) { - try { - Write-PscriboMessage "Discovered Actve Directory Domain Controller: $DC. (Domain Name System Conditional Forwarder )" - $DCPssSession = New-PSSession $DC -Credential $Cred -Authentication Default - $DNSSetting = Invoke-Command -Session $DCPssSession {Get-DnsServerZone | Where-Object {$_.IsReverseLookupZone -like "False" -and $_.ZoneType -like "Forwarder"}} - foreach ($Zones in $DNSSetting) { - Write-PscriboMessage "Collecting Actve Directory DNS Zone: '$($Zones.ZoneName)' on $DC" - $inObj = [ordered] @{ - 'Zone Name' = $Zones.ZoneName - 'Zone Type' = $Zones.ZoneType - 'Replication Scope' = $Zones.ReplicationScope - 'Master Servers' = $Zones.MasterServers - 'DS Integrated' = $Zones.IsDsIntegrated + $TableParams = @{ + Name = "Conditional Forwarders - $($Domain.ToString().ToUpper())" + List = $false + ColumnWidths = 25, 20, 20, 20, 15 } - $OutObj += [pscustomobject]$inobj + if ($Report.ShowTableCaptions) { + $TableParams['Caption'] = "- $($TableParams.Name)" + } + $OutObj | Table @TableParams } - Remove-PSSession -Session $DCPssSession - } - catch { - Write-PscriboMessage -IsWarning "$($_.Exception.Message) (Conditional Forwarder)" - } - - $TableParams = @{ - Name = "DNS Conditional Forwarder Information." - List = $false - ColumnWidths = 25, 20, 20, 20, 15 } - if ($Report.ShowTableCaptions) { - $TableParams['Caption'] = "- $($TableParams.Name)" - } - $OutObj | Table @TableParams + Remove-PSSession -Session $DCPssSession } - Remove-PSSession -Session $DCPssSession - } - if ($InfoLevel.DNS -ge 2) { - Section -Style Heading6 "$($DC.ToString().ToUpper().Split(".")[0]) Zone Scope Aging Properties" { - Paragraph "The following section provides a summary of the DNS Zone Aging properties information." - BlankLine - $OutObj = @() + catch { + Write-PscriboMessage -IsWarning "$($_.Exception.Message) (Conditional Forwarder Table)" + } + if ($InfoLevel.DNS -ge 2) { try { $DCPssSession = New-PSSession $DC -Credential $Cred -Authentication Default Write-PscriboMessage "Discovered Actve Directory Domain Controller: $DC. (Domain Name System Zone)" $DNSSetting = Invoke-Command -Session $DCPssSession {Get-DnsServerZone | Where-Object {$_.IsReverseLookupZone -like "False" -and $_.ZoneType -eq "Primary"} | Select-Object -ExpandProperty ZoneName } $Zones = Invoke-Command -Session $DCPssSession {Get-DnsServerZoneAging -Name $using:DNSSetting} - foreach ($Settings in $Zones) { - Write-PscriboMessage "Collecting Actve Directory DNS Zone: '$($Settings.ZoneName)' on $DC" - $inObj = [ordered] @{ - 'Zone Name' = ConvertTo-EmptyToFiller $Settings.ZoneName - 'Aging Enabled' = ConvertTo-EmptyToFiller (ConvertTo-TextYN $Settings.AgingEnabled) - 'Refresh Interval' = ConvertTo-EmptyToFiller $Settings.RefreshInterval - 'NoRefresh Interval' = ConvertTo-EmptyToFiller $Settings.NoRefreshInterval - 'Available For Scavenge' = Switch ($Settings.AvailForScavengeTime) { - "" {"-"; break} - $Null {"-"; break} - default {(ConvertTo-EmptyToFiller ($Settings.AvailForScavengeTime).ToUniversalTime().toString("r")); break} + if ($Zones) { + Section -Style Heading6 "$($DC.ToString().ToUpper().Split(".")[0]) Zone Scope Aging Properties" { + Paragraph "The following section provides a summary of the DNS Zone Aging properties information." + BlankLine + $OutObj = @() + foreach ($Settings in $Zones) { + try { + Write-PscriboMessage "Collecting Actve Directory DNS Zone: '$($Settings.ZoneName)' on $DC" + $inObj = [ordered] @{ + 'Zone Name' = ConvertTo-EmptyToFiller $Settings.ZoneName + 'Aging Enabled' = ConvertTo-EmptyToFiller (ConvertTo-TextYN $Settings.AgingEnabled) + 'Refresh Interval' = ConvertTo-EmptyToFiller $Settings.RefreshInterval + 'NoRefresh Interval' = ConvertTo-EmptyToFiller $Settings.NoRefreshInterval + 'Available For Scavenge' = Switch ($Settings.AvailForScavengeTime) { + "" {"-"; break} + $Null {"-"; break} + default {(ConvertTo-EmptyToFiller ($Settings.AvailForScavengeTime).ToUniversalTime().toString("r")); break} + } + } + $OutObj += [pscustomobject]$inobj + } + catch { + Write-PscriboMessage -IsWarning "$($_.Exception.Message) (Zone Scope Aging Item)" + } + } + + if ($HealthCheck.DNS.Aging) { + $OutObj | Where-Object { $_.'Aging Enabled' -ne 'Yes'} | Set-Style -Style Warning -Property 'Aging Enabled' + } + + $TableParams = @{ + Name = "Zone Aging Properties - $($Domain.ToString().ToUpper())" + List = $false + ColumnWidths = 25, 10, 15, 15, 35 + } + if ($Report.ShowTableCaptions) { + $TableParams['Caption'] = "- $($TableParams.Name)" } + $OutObj | Table @TableParams } - $OutObj += [pscustomobject]$inobj } Remove-PSSession -Session $DCPssSession } catch { - Write-PscriboMessage -IsWarning "$($_.Exception.Message) (Zone Scope Aging)" - } - - if ($HealthCheck.DNS.Aging) { - $OutObj | Where-Object { $_.'Aging Enabled' -ne 'Yes'} | Set-Style -Style Warning -Property 'Aging Enabled' - } - - $TableParams = @{ - Name = "DNS Zone Aging properties Information." - List = $false - ColumnWidths = 25, 10, 15, 15, 35 - } - if ($Report.ShowTableCaptions) { - $TableParams['Caption'] = "- $($TableParams.Name)" + Write-PscriboMessage -IsWarning "$($_.Exception.Message) (Zone Scope Aging Table)" } - $OutObj | Table @TableParams } } } From aede1149fae67702548e9fbde740c586da729587 Mon Sep 17 00:00:00 2001 From: Jonathan Colon Date: Sun, 23 Jan 2022 00:09:47 -0400 Subject: [PATCH 06/23] Removed unused paragraph section --- Src/Private/Get-AbrADForest.ps1 | 6 ++---- Src/Private/Get-AbrADSite.ps1 | 12 +++--------- 2 files changed, 5 insertions(+), 13 deletions(-) diff --git a/Src/Private/Get-AbrADForest.ps1 b/Src/Private/Get-AbrADForest.ps1 index 6d52c35..55df2c1 100644 --- a/Src/Private/Get-AbrADForest.ps1 +++ b/Src/Private/Get-AbrADForest.ps1 @@ -62,7 +62,7 @@ function Get-AbrADForest { } $TableParams = @{ - Name = "AD Forest Summary Information - $($ForestInfo)" + Name = "Forest Summary - $($ForestInfo)" List = $true ColumnWidths = 40, 60 } @@ -77,8 +77,6 @@ function Get-AbrADForest { } try { Section -Style Heading5 'Optional Features' { - Paragraph "The following section provides a summary of the enabled Optional Features." - BlankLine Write-PscriboMessage "Discovering Optional Features enabled on forest $ForestInfo." $Data = Invoke-Command -Session $Session {Get-ADOptionalFeature -Filter *} $OutObj = @() @@ -101,7 +99,7 @@ function Get-AbrADForest { } $TableParams = @{ - Name = "Active Directory Enabled Optional Features Information - $($ForestInfo)" + Name = "Optional Features - $($ForestInfo)" List = $false ColumnWidths = 40, 30, 30 } diff --git a/Src/Private/Get-AbrADSite.ps1 b/Src/Private/Get-AbrADSite.ps1 index 6773b44..c976dd0 100644 --- a/Src/Private/Get-AbrADSite.ps1 +++ b/Src/Private/Get-AbrADSite.ps1 @@ -31,8 +31,6 @@ function Get-AbrADSite { $Site = Invoke-Command -Session $Session {Get-ADReplicationSite -Filter * -Properties *} if ($Site) { Section -Style Heading3 'Domain Sites' { - Paragraph "The following section provides a summary of the Active Directory Sites." - BlankLine $OutObj = @() Write-PscriboMessage "Discovered Active Directory Sites information of forest $ForestInfo" foreach ($Item in $Site) { @@ -61,7 +59,7 @@ function Get-AbrADSite { } $TableParams = @{ - Name = "Domain Site Information - $($ForestInfo)" + Name = "Sites - $($ForestInfo)" List = $false ColumnWidths = 25, 30, 25, 20 } @@ -73,8 +71,6 @@ function Get-AbrADSite { $Subnet = Invoke-Command -Session $Session {Get-ADReplicationSubnet -Filter * -Properties *} if ($Subnet) { Section -Style Heading4 'Site Subnets' { - Paragraph "The following section provides a summary of the Active Directory Site Subnets information." - BlankLine $OutObj = @() Write-PscriboMessage "Discovered Active Directory Sites Subnets information of forest $ForestInfo" foreach ($Item in $Subnet) { @@ -94,7 +90,7 @@ function Get-AbrADSite { } $TableParams = @{ - Name = "Site Subnets Information - $($ForestInfo)" + Name = "Site Subnets - $($ForestInfo)" List = $false ColumnWidths = 20, 30, 35, 15 } @@ -112,8 +108,6 @@ function Get-AbrADSite { $Link = Invoke-Command -Session $Session {Get-ADReplicationSiteLink -Filter * -Properties *} if ($Link) { Section -Style Heading4 'Site Links' { - Paragraph "The following section provides a summary of the Active Directory Site Link information." - BlankLine $OutObj = @() Write-PscriboMessage "Discovered Active Directory Sites Link information of forest $ForestInfo" foreach ($Item in $Link) { @@ -140,7 +134,7 @@ function Get-AbrADSite { } $TableParams = @{ - Name = "Site Links Information - $($ForestInfo)" + Name = "Site Links - $($ForestInfo)" List = $false ColumnWidths = 30, 15, 15, 15, 25 } From a92b06172e0eebb16c161bb519daf9a1b3ea983f Mon Sep 17 00:00:00 2001 From: Jonathan Colon Date: Sun, 23 Jan 2022 00:10:00 -0400 Subject: [PATCH 07/23] Bump fie version --- Src/Public/Invoke-AsBuiltReport.Microsoft.AD.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Src/Public/Invoke-AsBuiltReport.Microsoft.AD.ps1 b/Src/Public/Invoke-AsBuiltReport.Microsoft.AD.ps1 index 53698fd..f0f4f2f 100644 --- a/Src/Public/Invoke-AsBuiltReport.Microsoft.AD.ps1 +++ b/Src/Public/Invoke-AsBuiltReport.Microsoft.AD.ps1 @@ -5,7 +5,7 @@ function Invoke-AsBuiltReport.Microsoft.AD { .DESCRIPTION Documents the configuration of Microsoft AD in Word/HTML/Text formats using PScribo. .NOTES - Version: 0.6.1 + Version: 0.6.2 Author: Jonathan Colon Twitter: @jcolonfzenpr Github: rebelinux From b6777c394ff884ab9597a879f12770b3acab16d6 Mon Sep 17 00:00:00 2001 From: Jonathan Colon Date: Sun, 23 Jan 2022 10:52:17 -0400 Subject: [PATCH 08/23] Added simple documenting text --- Src/Private/Get-AbrADDNSInfrastructure.ps1 | 36 +++++++++++++--------- 1 file changed, 22 insertions(+), 14 deletions(-) diff --git a/Src/Private/Get-AbrADDNSInfrastructure.ps1 b/Src/Private/Get-AbrADDNSInfrastructure.ps1 index 011c545..5c5e649 100644 --- a/Src/Private/Get-AbrADDNSInfrastructure.ps1 +++ b/Src/Private/Get-AbrADDNSInfrastructure.ps1 @@ -68,7 +68,9 @@ function Get-AbrADDNSInfrastructure { } $OutObj | Table @TableParams } - + #---------------------------------------------------------------------------------------------# + # DNS IP Section # + #---------------------------------------------------------------------------------------------# if ($InfoLevel.DNS -ge 2) { try { $DCs = Invoke-Command -Session $Session {Get-ADDomain -Identity $using:Domain | Select-Object -ExpandProperty ReplicaDirectoryServers} @@ -81,6 +83,7 @@ function Get-AbrADDNSInfrastructure { Write-PscriboMessage "Collecting DNS IP Configuration information from '$($DC)'." try { $DNSSettings = Invoke-Command -Session $DCPssSession {Get-NetAdapter | Get-DnsClientServerAddress -AddressFamily IPv4} + Remove-PSSession -Session $DCPssSession foreach ($DNSSetting in $DNSSettings) { $inObj = [ordered] @{ 'DC Name' = $DC.ToString().ToUpper().Split(".")[0] @@ -98,8 +101,6 @@ function Get-AbrADDNSInfrastructure { } } - Remove-PSSession -Session $DCPssSession - if ($HealthCheck.DNS.DP) { $OutObj | Where-Object { $_.'DNS IP 1' -eq "127.0.0.1"} | Set-Style -Style Warning -Property 'DNS IP 1' } @@ -120,6 +121,9 @@ function Get-AbrADDNSInfrastructure { Write-PscriboMessage -IsWarning "$($_.Exception.Message) (DNS IP Configuration Table)" } } + #---------------------------------------------------------------------------------------------# + # DNS Aplication Partitions Section # + #---------------------------------------------------------------------------------------------# if ($InfoLevel.DNS -ge 2) { try { Section -Style Heading6 "Application Directory Partition" { @@ -171,12 +175,12 @@ function Get-AbrADDNSInfrastructure { Write-PscriboMessage -IsWarning "$($_.Exception.Message) (Directory Partitions Table)" } } - + #---------------------------------------------------------------------------------------------# + # DNS RRL Section # + #---------------------------------------------------------------------------------------------# if ($InfoLevel.DNS -ge 2) { try { Section -Style Heading6 "Response Rate Limiting (RRL)" { - Paragraph "The following section provides a summary of the DNS Response Rate Limiting configuration." - BlankLine $OutObj = @() if ($Domain) { foreach ($Item in $Domain) { @@ -220,11 +224,12 @@ function Get-AbrADDNSInfrastructure { Write-PscriboMessage -IsWarning "$($_.Exception.Message) (Response Rate Limiting (RRL) Table)" } } + #---------------------------------------------------------------------------------------------# + # DNS Scanvenging Section # + #---------------------------------------------------------------------------------------------# if ($InfoLevel.DNS -ge 2) { try { Section -Style Heading6 "Scavenging Options" { - Paragraph "The following section provides a summary of the DNS Scavenging configuration." - BlankLine $OutObj = @() if ($Domain) { foreach ($Item in $Domain) { @@ -274,10 +279,11 @@ function Get-AbrADDNSInfrastructure { Write-PscriboMessage -IsWarning "$($_.Exception.Message) (Scavenging Table)" } } + #---------------------------------------------------------------------------------------------# + # DNS Forwarder Section # + #---------------------------------------------------------------------------------------------# try { Section -Style Heading6 "Forwarder Options" { - Paragraph "The following section provides a summary of the DNS Forwarder configuration." - BlankLine $OutObj = @() if ($Domain) { foreach ($Item in $Domain) { @@ -318,11 +324,12 @@ function Get-AbrADDNSInfrastructure { catch { Write-PscriboMessage -IsWarning "$($_.Exception.Message) (Forwarder Table)" } + #---------------------------------------------------------------------------------------------# + # DNS Root Hints Section # + #---------------------------------------------------------------------------------------------# if ($InfoLevel.DNS -ge 2) { try { Section -Style Heading6 "Root Hints" { - Paragraph "The following section provides a summary of the DNS Root Hints information." - BlankLine if ($Domain) { foreach ($Item in $Domain) { $DCs = Invoke-Command -Session $Session {Get-ADDomain -Identity $using:Item | Select-Object -ExpandProperty ReplicaDirectoryServers} @@ -366,11 +373,12 @@ function Get-AbrADDNSInfrastructure { Write-PscriboMessage -IsWarning "$($_.Exception.Message) (Root Hints Table)" } } + #---------------------------------------------------------------------------------------------# + # DNS Zone Scope Section # + #---------------------------------------------------------------------------------------------# if ($InfoLevel.DNS -ge 2) { try { Section -Style Heading6 "Zone Scope Recursion" { - Paragraph "The following section provides a summary of the DNS Zone Scope Recursion configuration." - BlankLine $OutObj = @() if ($Domain) { foreach ($Item in $Domain) { From 15dbecb0e1376126245521cc7ade7d868b3c4c8d Mon Sep 17 00:00:00 2001 From: Jonathan Colon Date: Sun, 23 Jan 2022 10:52:55 -0400 Subject: [PATCH 09/23] Removed some paragraph section also fix zone transfer table caption --- Src/Private/Get-AbrADDNSZone.ps1 | 37 +++++++++++--------------------- 1 file changed, 12 insertions(+), 25 deletions(-) diff --git a/Src/Private/Get-AbrADDNSZone.ps1 b/Src/Private/Get-AbrADDNSZone.ps1 index ed2b840..540a8f9 100644 --- a/Src/Private/Get-AbrADDNSZone.ps1 +++ b/Src/Private/Get-AbrADDNSZone.ps1 @@ -37,8 +37,6 @@ function Get-AbrADDNSZone { $DNSSetting = Invoke-Command -Session $DCPssSession {Get-DnsServerZone | Where-Object {$_.IsReverseLookupZone -like "False" -and $_.ZoneType -notlike "Forwarder"}} if ($DNSSetting) { Section -Style Heading5 "$($DC.ToString().ToUpper().Split(".")[0]) DNS Zone Configuration" { - Paragraph "The following section provides a summary of the DNS Zone Configuration information." - BlankLine $OutObj = @() Write-PscriboMessage "Discovered Actve Directory Domain Controller: $DC. (Domain Name System Zone)" foreach ($Zones in $DNSSetting) { @@ -106,8 +104,6 @@ function Get-AbrADDNSZone { if ($OutObj) { Section -Style Heading6 "$($DC.ToString().ToUpper().Split(".")[0]) Zone Delegation" { - Paragraph "The following section provides a summary of the DNS Zone Delegation information." - BlankLine $TableParams = @{ Name = "Zone Delegations - $($Domain.ToString().ToUpper())" @@ -134,15 +130,13 @@ function Get-AbrADDNSZone { $DNSSetting = Invoke-Command -Session $DCPssSession {Get-ChildItem -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\DNS Server\Zones\*" | Get-ItemProperty | Where-Object {$_ -match 'SecondaryServers'}} if ($DNSSetting) { Section -Style Heading6 "$($DC.ToString().ToUpper().Split(".")[0]) Zone Transfers" { - Paragraph "The following section provides a summary of the DNS Zone Transfer information." - BlankLine $OutObj = @() foreach ($Zone in $DNSSetting) { try { Write-PscriboMessage "Collecting Actve Directory DNS Zone: '$($Zone.PSChildName)' on $DC" $inObj = [ordered] @{ 'Zone Name' = $Zone.PSChildName - 'Secondary Servers' = ConvertTo-EmptyToFiller $Zone.SecondaryServers + 'Secondary Servers' = ConvertTo-EmptyToFiller ($Zone.SecondaryServers -join ", ") 'Notify Servers' = ConvertTo-EmptyToFiller $Zone.NotifyServers 'Secure Secondaries' = Switch ($Zone.SecureSecondaries) { "0" {"Send zone transfers to all secondary servers that request them."} @@ -152,23 +146,22 @@ function Get-AbrADDNSZone { default {$Zone.SecureSecondaries} } } - $OutObj += [pscustomobject]$inobj + $OutObj = [pscustomobject]$inobj + + $TableParams = @{ + Name = "Zone Transfers - $($Zone.PSChildName)" + List = $true + ColumnWidths = 40, 60 + } + if ($Report.ShowTableCaptions) { + $TableParams['Caption'] = "- $($TableParams.Name)" + } + $OutObj | Table @TableParams } catch { Write-PscriboMessage -IsWarning "$($_.Exception.Message) (Zone Transfers Item)" } } - Remove-PSSession -Session $DCPssSession - - $TableParams = @{ - Name = "Zone Transfers - $($Domain.ToString().ToUpper())" - List = $true - ColumnWidths = 40, 60 - } - if ($Report.ShowTableCaptions) { - $TableParams['Caption'] = "- $($TableParams.Name)" - } - $OutObj | Table @TableParams } } Remove-PSSession -Session $DCPssSession @@ -182,8 +175,6 @@ function Get-AbrADDNSZone { $DNSSetting = Invoke-Command -Session $DCPssSession {Get-DnsServerZone | Where-Object {$_.IsReverseLookupZone -like "True"}} if ($DNSSetting) { Section -Style Heading6 "$($DC.ToString().ToUpper().Split(".")[0]) Reverse Lookup Zone Configuration" { - Paragraph "The following section provides a summary of the DNS Reverse Lookup Zone Configuration information." - BlankLine $OutObj = @() Write-PscriboMessage "Discovered Actve Directory Domain Controller: $DC (Domain Name System Zone)" foreach ($Zones in $DNSSetting) { @@ -226,8 +217,6 @@ function Get-AbrADDNSZone { $DNSSetting = Invoke-Command -Session $DCPssSession {Get-DnsServerZone | Where-Object {$_.IsReverseLookupZone -like "False" -and $_.ZoneType -like "Forwarder"}} if ($DNSSetting) { Section -Style Heading5 "$($DC.ToString().ToUpper().Split(".")[0]) Conditional Forwarder" { - Paragraph "The following section provides a summary of the DNS Conditional Forwarder information." - BlankLine $OutObj = @() Write-PscriboMessage "Discovered Actve Directory Domain Controller: $DC. (Domain Name System Conditional Forwarder )" foreach ($Zones in $DNSSetting) { @@ -271,8 +260,6 @@ function Get-AbrADDNSZone { $Zones = Invoke-Command -Session $DCPssSession {Get-DnsServerZoneAging -Name $using:DNSSetting} if ($Zones) { Section -Style Heading6 "$($DC.ToString().ToUpper().Split(".")[0]) Zone Scope Aging Properties" { - Paragraph "The following section provides a summary of the DNS Zone Aging properties information." - BlankLine $OutObj = @() foreach ($Settings in $Zones) { try { From c96e0137ef6f9be08ddfb4e4b198246a71ff010b Mon Sep 17 00:00:00 2001 From: Jonathan Colon Date: Sun, 23 Jan 2022 11:08:44 -0400 Subject: [PATCH 10/23] Update the Readme with more Known limitation --- README.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/README.md b/README.md index 3158ed9..b7dbe0f 100644 --- a/README.md +++ b/README.md @@ -209,3 +209,6 @@ PS C:\> New-AsBuiltReport -Report Microsoft.AD -Target 'admin-dc-01v.contoso.loc - Issues with WinRM when using the IP address instead of the "Fully Qualified Domain Name". - No Linux/Mac support until Microsoft migrates the ActiveDirectory/GroupPolicy modules to PowerShell Core. +- This project relies heavily on the remote connection function through WinRM. For this reason the use of a Windows 10 client is specifically used as a jumpbox. +- The report provides the ability to extract the configuration of the DHCP/DNS services. In order to obtain this information it is required that the servers running these services have powershell modules installed for each service (RSAT-DHCP, RSAT-DNS-Server, RSAT-AD-PowerShell). +- This report assumes that the DNS Server service is running on the same server where Domain Controller is running (Cohost). \ No newline at end of file From d24e8c356f9bc325143e808613bc260792321575 Mon Sep 17 00:00:00 2001 From: Jonathan Colon Date: Sun, 23 Jan 2022 11:11:27 -0400 Subject: [PATCH 11/23] Known Issues fixes --- README.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/README.md b/README.md index b7dbe0f..233ba68 100644 --- a/README.md +++ b/README.md @@ -208,7 +208,6 @@ PS C:\> New-AsBuiltReport -Report Microsoft.AD -Target 'admin-dc-01v.contoso.loc ## :x: Known Issues - Issues with WinRM when using the IP address instead of the "Fully Qualified Domain Name". -- No Linux/Mac support until Microsoft migrates the ActiveDirectory/GroupPolicy modules to PowerShell Core. - This project relies heavily on the remote connection function through WinRM. For this reason the use of a Windows 10 client is specifically used as a jumpbox. - The report provides the ability to extract the configuration of the DHCP/DNS services. In order to obtain this information it is required that the servers running these services have powershell modules installed for each service (RSAT-DHCP, RSAT-DNS-Server, RSAT-AD-PowerShell). -- This report assumes that the DNS Server service is running on the same server where Domain Controller is running (Cohost). \ No newline at end of file +- This report assumes that the DNS Server service is running on the same server where Domain Controller is running (Cohost). From fc161d131486bd0f95ddce05235167cef3474ee8 Mon Sep 17 00:00:00 2001 From: Jonathan Colon Date: Sun, 23 Jan 2022 12:11:45 -0400 Subject: [PATCH 12/23] Updated Table Caption info --- Src/Private/Get-AbrADCACRLSetting.ps1 | 4 ++-- Src/Private/Get-AbrADCAForest.ps1 | 4 ++-- Src/Private/Get-AbrADCARoot.ps1 | 4 ++-- Src/Private/Get-AbrADCASubordinate.ps1 | 4 ++-- Src/Private/Get-AbrADCASummary.ps1 | 4 ++-- Src/Private/Get-AbrADDCDiag.ps1 | 2 +- Src/Private/Get-AbrADDCRoleFeature.ps1 | 2 +- Src/Private/Get-AbrADDHCPInfrastructure.ps1 | 8 ++++---- Src/Private/Get-AbrADDHCPv4PerScopeSetting.ps1 | 4 ++-- Src/Private/Get-AbrADDHCPv4Scope.ps1 | 10 +++++----- Src/Private/Get-AbrADDHCPv4ScopeServerSetting.ps1 | 6 +++--- Src/Private/Get-AbrADDHCPv4Statistic.ps1 | 4 ++-- Src/Private/Get-AbrADDHCPv6PerScopeSetting.ps1 | 4 ++-- Src/Private/Get-AbrADDHCPv6Scope.ps1 | 8 ++++---- Src/Private/Get-AbrADDHCPv6ScopeServerSetting.ps1 | 6 +++--- Src/Private/Get-AbrADDHCPv6Statistic.ps1 | 4 ++-- Src/Private/Get-AbrADDNSInfrastructure.ps1 | 2 +- Src/Private/Get-AbrADDNSZone.ps1 | 2 +- Src/Private/Get-AbrADDomain.ps1 | 4 ++-- Src/Private/Get-AbrADDomainObject.ps1 | 2 +- Src/Private/Get-AbrADFSMO.ps1 | 2 +- Src/Private/Get-AbrADGPO.ps1 | 4 ++-- Src/Private/Get-AbrADOU.ps1 | 4 ++-- Src/Private/Get-AbrADSiteReplication.ps1 | 4 ++-- Src/Private/Get-AbrADTrust.ps1 | 2 +- 25 files changed, 52 insertions(+), 52 deletions(-) diff --git a/Src/Private/Get-AbrADCACRLSetting.ps1 b/Src/Private/Get-AbrADCACRLSetting.ps1 index 01cb54d..d280bf0 100644 --- a/Src/Private/Get-AbrADCACRLSetting.ps1 +++ b/Src/Private/Get-AbrADCACRLSetting.ps1 @@ -5,7 +5,7 @@ function Get-AbrADCACRLSetting { .DESCRIPTION .NOTES - Version: 0.5.0 + Version: 0.6.2 Author: Jonathan Colon Twitter: @jcolonfzenpr Github: rebelinux @@ -193,7 +193,7 @@ function Get-AbrADCACRLSetting { } $TableParams = @{ - Name = "Certification Authority Health Information - $($ForestInfo.ToString().ToUpper())" + Name = "Certification Authority Health - $($ForestInfo.ToString().ToUpper())" List = $false ColumnWidths = 40, 40, 20 } diff --git a/Src/Private/Get-AbrADCAForest.ps1 b/Src/Private/Get-AbrADCAForest.ps1 index 60b66f7..42c47ae 100644 --- a/Src/Private/Get-AbrADCAForest.ps1 +++ b/Src/Private/Get-AbrADCAForest.ps1 @@ -5,7 +5,7 @@ function Get-AbrADCAForest { .DESCRIPTION .NOTES - Version: 0.4.0 + Version: 0.6.2 Author: Jonathan Colon Twitter: @jcolonfzenpr Github: rebelinux @@ -53,7 +53,7 @@ function Get-AbrADCAForest { } $TableParams = @{ - Name = "FSMO Server Information - $($Domain)" + Name = "FSMO Server - $($Domain)" List = $true ColumnWidths = 40, 60 } diff --git a/Src/Private/Get-AbrADCARoot.ps1 b/Src/Private/Get-AbrADCARoot.ps1 index d21dd59..69e815d 100644 --- a/Src/Private/Get-AbrADCARoot.ps1 +++ b/Src/Private/Get-AbrADCARoot.ps1 @@ -5,7 +5,7 @@ function Get-AbrADCARoot { .DESCRIPTION .NOTES - Version: 0.5.0 + Version: 0.6.2 Author: Jonathan Colon Twitter: @jcolonfzenpr Github: rebelinux @@ -50,7 +50,7 @@ function Get-AbrADCARoot { } $TableParams = @{ - Name = "Enterprise Root CA Information - $($ForestInfo.ToString().ToUpper())" + Name = "Enterprise Root CA - $($ForestInfo.ToString().ToUpper())" List = $true ColumnWidths = 40, 60 } diff --git a/Src/Private/Get-AbrADCASubordinate.ps1 b/Src/Private/Get-AbrADCASubordinate.ps1 index 0caa823..f84a8b7 100644 --- a/Src/Private/Get-AbrADCASubordinate.ps1 +++ b/Src/Private/Get-AbrADCASubordinate.ps1 @@ -5,7 +5,7 @@ function Get-AbrADCASubordinate { .DESCRIPTION .NOTES - Version: 0.5.0 + Version: 0.6.2 Author: Jonathan Colon Twitter: @jcolonfzenpr Github: rebelinux @@ -50,7 +50,7 @@ function Get-AbrADCASubordinate { } $TableParams = @{ - Name = "Enterprise Subordinate CA Information - $($ForestInfo.ToString().ToUpper())" + Name = "Enterprise Subordinate CA - $($ForestInfo.ToString().ToUpper())" List = $true ColumnWidths = 40, 60 } diff --git a/Src/Private/Get-AbrADCASummary.ps1 b/Src/Private/Get-AbrADCASummary.ps1 index ab2d0ab..aad449f 100644 --- a/Src/Private/Get-AbrADCASummary.ps1 +++ b/Src/Private/Get-AbrADCASummary.ps1 @@ -5,7 +5,7 @@ function Get-AbrADCASummary { .DESCRIPTION .NOTES - Version: 0.5.0 + Version: 0.6.2 Author: Jonathan Colon Twitter: @jcolonfzenpr Github: rebelinux @@ -50,7 +50,7 @@ function Get-AbrADCASummary { } $TableParams = @{ - Name = "Certification Authority Summary Information - $($ForestInfo.ToString().ToUpper())" + Name = "Certification Authority Summary - $($ForestInfo.ToString().ToUpper())" List = $false ColumnWidths = 33, 33, 22, 12 } diff --git a/Src/Private/Get-AbrADDCDiag.ps1 b/Src/Private/Get-AbrADDCDiag.ps1 index 50b0d05..9fc7a2d 100644 --- a/Src/Private/Get-AbrADDCDiag.ps1 +++ b/Src/Private/Get-AbrADDCDiag.ps1 @@ -56,7 +56,7 @@ function Get-AbrADDCDiag { $OutObj | Where-Object { $_.'Result' -like 'failed'} | Set-Style -Style Critical -Property 'Result' } $TableParams = @{ - Name = "AD Domain Controller DCDiag Information - $($Domain.ToString().ToUpper())" + Name = "Domain Controller DCDiag - $($DC.ToString().split('.')[0].ToUpper())" List = $false ColumnWidths = 35, 35, 30 } diff --git a/Src/Private/Get-AbrADDCRoleFeature.ps1 b/Src/Private/Get-AbrADDCRoleFeature.ps1 index 3631164..821c894 100644 --- a/Src/Private/Get-AbrADDCRoleFeature.ps1 +++ b/Src/Private/Get-AbrADDCRoleFeature.ps1 @@ -57,7 +57,7 @@ function Get-AbrADDCRoleFeature { } $TableParams = @{ - Name = "Domain Controller Role & Features Information." + Name = "Role & Features - $($DC.ToString().split('.')[0].ToUpper())" List = $false ColumnWidths = 20, 10, 70 } diff --git a/Src/Private/Get-AbrADDHCPInfrastructure.ps1 b/Src/Private/Get-AbrADDHCPInfrastructure.ps1 index fab966b..a80317c 100644 --- a/Src/Private/Get-AbrADDHCPInfrastructure.ps1 +++ b/Src/Private/Get-AbrADDHCPInfrastructure.ps1 @@ -5,7 +5,7 @@ function Get-AbrADDHCPInfrastructure { .DESCRIPTION .NOTES - Version: 0.6.1 + Version: 0.6.2 Author: Jonathan Colon Twitter: @jcolonfzenpr Github: rebelinux @@ -65,7 +65,7 @@ function Get-AbrADDHCPInfrastructure { } $TableParams = @{ - Name = "DHCP Servers In Active Directory Information - $($Domain.ToString().ToUpper())" + Name = "DHCP Servers In Active Directory - $($Domain.ToString().ToUpper())" List = $false ColumnWidths = 20, 15, 20, 15, 15 ,15 } @@ -112,7 +112,7 @@ function Get-AbrADDHCPInfrastructure { } $TableParams = @{ - Name = "DHCP Servers Database Information - $($Domain.ToString().ToUpper())" + Name = "DHCP Servers Database - $($Domain.ToString().ToUpper())" List = $false ColumnWidths = 20, 28, 28, 12, 12 } @@ -153,7 +153,7 @@ function Get-AbrADDHCPInfrastructure { } $TableParams = @{ - Name = "DHCP Servers Dynamic DNS Credentials Information - $($Domain.ToString().ToUpper())" + Name = "DHCP Servers Dynamic DNS Credentials - $($Domain.ToString().ToUpper())" List = $false ColumnWidths = 30, 30, 40 } diff --git a/Src/Private/Get-AbrADDHCPv4PerScopeSetting.ps1 b/Src/Private/Get-AbrADDHCPv4PerScopeSetting.ps1 index 902ee2f..5c8b2d5 100644 --- a/Src/Private/Get-AbrADDHCPv4PerScopeSetting.ps1 +++ b/Src/Private/Get-AbrADDHCPv4PerScopeSetting.ps1 @@ -5,7 +5,7 @@ function Get-AbrADDHCPv4PerScopeSetting { .DESCRIPTION .NOTES - Version: 0.5.0 + Version: 0.6.2 Author: Jonathan Colon Twitter: @jcolonfzenpr Github: rebelinux @@ -58,7 +58,7 @@ function Get-AbrADDHCPv4PerScopeSetting { } $TableParams = @{ - Name = "IPv4 Scopes Options Information - $Scope" + Name = "IPv4 Scopes Options - $Scope" List = $false ColumnWidths = 40, 15, 20, 25 } diff --git a/Src/Private/Get-AbrADDHCPv4Scope.ps1 b/Src/Private/Get-AbrADDHCPv4Scope.ps1 index 81b10c6..a294f3c 100644 --- a/Src/Private/Get-AbrADDHCPv4Scope.ps1 +++ b/Src/Private/Get-AbrADDHCPv4Scope.ps1 @@ -5,7 +5,7 @@ function Get-AbrADDHCPv4Scope { .DESCRIPTION .NOTES - Version: 0.5.0 + Version: 0.6.2 Author: Jonathan Colon Twitter: @jcolonfzenpr Github: rebelinux @@ -61,7 +61,7 @@ function Get-AbrADDHCPv4Scope { } $TableParams = @{ - Name = "IPv4 Scopes Information - $($Server.split(".", 2).ToUpper()[0])" + Name = "IPv4 Scopes - $($Server.split(".", 2).ToUpper()[0])" List = $false ColumnWidths = 20, 20, 35, 15, 10 } @@ -95,7 +95,7 @@ function Get-AbrADDHCPv4Scope { } $TableParams = @{ - Name = "IPv4 Scope Statistics Information - $($Server.split(".", 2).ToUpper()[0])" + Name = "IPv4 Scope Statistics - $($Server.split(".", 2).ToUpper()[0])" List = $false ColumnWidths = 20, 20, 20, 20, 20 } @@ -141,7 +141,7 @@ function Get-AbrADDHCPv4Scope { } $TableParams = @{ - Name = "IPv4 Scope Failover Cofiguration Information - $($Server.split(".", 2).ToUpper()[0])" + Name = "IPv4 Scope Failover Cofiguration - $($Server.split(".", 2).ToUpper()[0])" List = $true ColumnWidths = 40, 60 } @@ -182,7 +182,7 @@ function Get-AbrADDHCPv4Scope { } $TableParams = @{ - Name = "IPv4 Network Interface binding Information - $($Server.split(".", 2).ToUpper()[0])" + Name = "IPv4 Network Interface binding - $($Server.split(".", 2).ToUpper()[0])" List = $false ColumnWidths = 25, 25, 25, 25 } diff --git a/Src/Private/Get-AbrADDHCPv4ScopeServerSetting.ps1 b/Src/Private/Get-AbrADDHCPv4ScopeServerSetting.ps1 index 3de43f7..ee89217 100644 --- a/Src/Private/Get-AbrADDHCPv4ScopeServerSetting.ps1 +++ b/Src/Private/Get-AbrADDHCPv4ScopeServerSetting.ps1 @@ -5,7 +5,7 @@ function Get-AbrADDHCPv4ScopeServerSetting { .DESCRIPTION .NOTES - Version: 0.5.0 + Version: 0.6.2 Author: Jonathan Colon Twitter: @jcolonfzenpr Github: rebelinux @@ -53,7 +53,7 @@ function Get-AbrADDHCPv4ScopeServerSetting { } $TableParams = @{ - Name = "IPv4 Scopes Server Options Information - $($Server.split(".", 2).ToUpper()[0])" + Name = "IPv4 Scopes Server Options - $($Server.split(".", 2).ToUpper()[0])" List = $false ColumnWidths = 40, 15, 20, 25 } @@ -84,7 +84,7 @@ function Get-AbrADDHCPv4ScopeServerSetting { } $TableParams = @{ - Name = "IPv4 Scopes DNS Setting Information - $($Server.split(".", 2)[0])" + Name = "IPv4 Scopes DNS Setting - $($Server.split(".", 2)[0])" List = $true ColumnWidths = 40, 60 } diff --git a/Src/Private/Get-AbrADDHCPv4Statistic.ps1 b/Src/Private/Get-AbrADDHCPv4Statistic.ps1 index 701636a..4c8a087 100644 --- a/Src/Private/Get-AbrADDHCPv4Statistic.ps1 +++ b/Src/Private/Get-AbrADDHCPv4Statistic.ps1 @@ -5,7 +5,7 @@ function Get-AbrADDHCPv4Statistic { .DESCRIPTION .NOTES - Version: 0.5.0 + Version: 0.6.2 Author: Jonathan Colon Twitter: @jcolonfzenpr Github: rebelinux @@ -58,7 +58,7 @@ function Get-AbrADDHCPv4Statistic { } $TableParams = @{ - Name = "DHCP Server IPv4 Statistics Information - $($Domain.ToString().ToUpper())" + Name = "DHCP Server IPv4 Statistics - $($Domain.ToString().ToUpper())" List = $false ColumnWidths = 20, 13, 13, 13, 14 ,13, 14 } diff --git a/Src/Private/Get-AbrADDHCPv6PerScopeSetting.ps1 b/Src/Private/Get-AbrADDHCPv6PerScopeSetting.ps1 index f64d6ad..babd34a 100644 --- a/Src/Private/Get-AbrADDHCPv6PerScopeSetting.ps1 +++ b/Src/Private/Get-AbrADDHCPv6PerScopeSetting.ps1 @@ -5,7 +5,7 @@ function Get-AbrADDHCPv6PerScopeSetting { .DESCRIPTION .NOTES - Version: 0.5.0 + Version: 0.6.2 Author: Jonathan Colon Twitter: @jcolonfzenpr Github: rebelinux @@ -57,7 +57,7 @@ function Get-AbrADDHCPv6PerScopeSetting { } $TableParams = @{ - Name = "IPv6 Scopes Options Information - $Scope" + Name = "IPv6 Scopes Options - $Scope" List = $false ColumnWidths = 40, 15, 20, 25 } diff --git a/Src/Private/Get-AbrADDHCPv6Scope.ps1 b/Src/Private/Get-AbrADDHCPv6Scope.ps1 index 463611e..1eb6529 100644 --- a/Src/Private/Get-AbrADDHCPv6Scope.ps1 +++ b/Src/Private/Get-AbrADDHCPv6Scope.ps1 @@ -5,7 +5,7 @@ function Get-AbrADDHCPv6Scope { .DESCRIPTION .NOTES - Version: 0.5.0 + Version: 0.6.2 Author: Jonathan Colon Twitter: @jcolonfzenpr Github: rebelinux @@ -59,7 +59,7 @@ function Get-AbrADDHCPv6Scope { } $TableParams = @{ - Name = "IPv6 Scopes Information - $($Server.split(".", 2).ToUpper()[0])" + Name = "IPv6 Scopes - $($Server.split(".", 2).ToUpper()[0])" List = $false ColumnWidths = 30, 30, 20, 20 } @@ -93,7 +93,7 @@ function Get-AbrADDHCPv6Scope { } $TableParams = @{ - Name = "IPv6 Scope Statistics Information - $($Server.split(".", 2).ToUpper()[0])" + Name = "IPv6 Scope Statistics - $($Server.split(".", 2).ToUpper()[0])" List = $false ColumnWidths = 20, 20, 20, 20, 20 } @@ -132,7 +132,7 @@ function Get-AbrADDHCPv6Scope { } $TableParams = @{ - Name = "IPv6 Network Interface binding Information - $($Server.split(".", 2).ToUpper()[0])" + Name = "IPv6 Network Interface binding - $($Server.split(".", 2).ToUpper()[0])" List = $false ColumnWidths = 30, 40, 30 } diff --git a/Src/Private/Get-AbrADDHCPv6ScopeServerSetting.ps1 b/Src/Private/Get-AbrADDHCPv6ScopeServerSetting.ps1 index d3fc6cd..2e06e86 100644 --- a/Src/Private/Get-AbrADDHCPv6ScopeServerSetting.ps1 +++ b/Src/Private/Get-AbrADDHCPv6ScopeServerSetting.ps1 @@ -5,7 +5,7 @@ function Get-AbrADDHCPv6ScopeServerSetting { .DESCRIPTION .NOTES - Version: 0.5.0 + Version: 0.6.2 Author: Jonathan Colon Twitter: @jcolonfzenpr Github: rebelinux @@ -53,7 +53,7 @@ function Get-AbrADDHCPv6ScopeServerSetting { } $TableParams = @{ - Name = "IPv6 Scopes Server Options Information - $($Server.split(".", 2).ToUpper()[0])" + Name = "IPv6 Scopes Server Options - $($Server.split(".", 2).ToUpper()[0])" List = $false ColumnWidths = 40, 15, 20, 25 } @@ -81,7 +81,7 @@ function Get-AbrADDHCPv6ScopeServerSetting { } $TableParams = @{ - Name = "IPv6 Scopes DNS Setting Information - $($Server.split(".", 2)[0])" + Name = "IPv6 Scopes DNS Setting - $($Server.split(".", 2)[0])" List = $true ColumnWidths = 40, 60 } diff --git a/Src/Private/Get-AbrADDHCPv6Statistic.ps1 b/Src/Private/Get-AbrADDHCPv6Statistic.ps1 index ce8d399..ad3d68d 100644 --- a/Src/Private/Get-AbrADDHCPv6Statistic.ps1 +++ b/Src/Private/Get-AbrADDHCPv6Statistic.ps1 @@ -5,7 +5,7 @@ function Get-AbrADDHCPv6Statistic { .DESCRIPTION .NOTES - Version: 0.5.0 + Version: 0.6.2 Author: Jonathan Colon Twitter: @jcolonfzenpr Github: rebelinux @@ -61,7 +61,7 @@ function Get-AbrADDHCPv6Statistic { $OutObj | Where-Object { $_.'Percentage In Use' -gt 95} | Set-Style -Style Warning -Property 'Percentage Available','Percentage In Use' } $TableParams = @{ - Name = "DHCP Server IPv6 Statistics Information - $($Domain.ToString().ToUpper())" + Name = "DHCP Server IPv6 Statistics - $($Domain.ToString().ToUpper())" List = $false ColumnWidths = 20, 13, 13, 13, 14 ,13, 14 } diff --git a/Src/Private/Get-AbrADDNSInfrastructure.ps1 b/Src/Private/Get-AbrADDNSInfrastructure.ps1 index 5c5e649..b9565f6 100644 --- a/Src/Private/Get-AbrADDNSInfrastructure.ps1 +++ b/Src/Private/Get-AbrADDNSInfrastructure.ps1 @@ -355,7 +355,7 @@ function Get-AbrADDNSInfrastructure { } $TableParams = @{ - Name = "DNS Root Hints - $($Domain.ToString().ToUpper())" + Name = "Root Hints - $($Domain.ToString().ToUpper())" List = $false ColumnWidths = 50, 50 } diff --git a/Src/Private/Get-AbrADDNSZone.ps1 b/Src/Private/Get-AbrADDNSZone.ps1 index 540a8f9..cc65c59 100644 --- a/Src/Private/Get-AbrADDNSZone.ps1 +++ b/Src/Private/Get-AbrADDNSZone.ps1 @@ -60,7 +60,7 @@ function Get-AbrADDNSZone { Remove-PSSession -Session $DCPssSession $TableParams = @{ - Name = "DNS Zone - $($Domain.ToString().ToUpper())" + Name = "Zones - $($Domain.ToString().ToUpper())" List = $false ColumnWidths = 25, 15, 12, 12, 12, 12, 12 } diff --git a/Src/Private/Get-AbrADDomain.ps1 b/Src/Private/Get-AbrADDomain.ps1 index dd13315..d3442e7 100644 --- a/Src/Private/Get-AbrADDomain.ps1 +++ b/Src/Private/Get-AbrADDomain.ps1 @@ -5,7 +5,7 @@ function Get-AbrADDomain { .DESCRIPTION .NOTES - Version: 0.5.0 + Version: 0.6.2 Author: Jonathan Colon Twitter: @jcolonfzenpr Github: rebelinux @@ -58,7 +58,7 @@ function Get-AbrADDomain { $OutObj += [pscustomobject]$inobj $TableParams = @{ - Name = "AD Domain Summary Information - $($Domain.ToString().ToUpper())" + Name = "Domain Summary - $($Domain.ToString().ToUpper())" List = $true ColumnWidths = 40, 60 } diff --git a/Src/Private/Get-AbrADDomainObject.ps1 b/Src/Private/Get-AbrADDomainObject.ps1 index 7b29013..8215d01 100644 --- a/Src/Private/Get-AbrADDomainObject.ps1 +++ b/Src/Private/Get-AbrADDomainObject.ps1 @@ -62,7 +62,7 @@ function Get-AbrADDomainObject { $OutObj += [pscustomobject]$inobj $TableParams = @{ - Name = "Active Directory Object Count - $($Domain.ToString().ToUpper())" + Name = "Object Count - $($Domain.ToString().ToUpper())" List = $true ColumnWidths = 40, 60 } diff --git a/Src/Private/Get-AbrADFSMO.ps1 b/Src/Private/Get-AbrADFSMO.ps1 index 3804033..8eb7193 100644 --- a/Src/Private/Get-AbrADFSMO.ps1 +++ b/Src/Private/Get-AbrADFSMO.ps1 @@ -53,7 +53,7 @@ function Get-AbrADFSMO { } $TableParams = @{ - Name = "FSMO Server Information - $($Domain)" + Name = "FSMO Server - $($Domain)" List = $true ColumnWidths = 40, 60 } diff --git a/Src/Private/Get-AbrADGPO.ps1 b/Src/Private/Get-AbrADGPO.ps1 index 1ba9359..d145520 100644 --- a/Src/Private/Get-AbrADGPO.ps1 +++ b/Src/Private/Get-AbrADGPO.ps1 @@ -62,7 +62,7 @@ function Get-AbrADGPO { } $TableParams = @{ - Name = "GPO Information - $($Domain.ToString().ToUpper())" + Name = "GPO - $($Domain.ToString().ToUpper())" List = $false ColumnWidths = 45, 25, 15, 15 } @@ -99,7 +99,7 @@ function Get-AbrADGPO { } $TableParams = @{ - Name = "GPO Information - $($GPO.DisplayName)" + Name = "GPO - $($GPO.DisplayName)" List = $true ColumnWidths = 40, 60 } diff --git a/Src/Private/Get-AbrADOU.ps1 b/Src/Private/Get-AbrADOU.ps1 index 1bca607..9a5952b 100644 --- a/Src/Private/Get-AbrADOU.ps1 +++ b/Src/Private/Get-AbrADOU.ps1 @@ -65,7 +65,7 @@ function Get-AbrADOU { Remove-PSSession -Session $DCPssSession $TableParams = @{ - Name = "Active Directory Organizational Unit Information - $($Domain.ToString().ToUpper())" + Name = "Organizational Unit - $($Domain.ToString().ToUpper())" List = $false ColumnWidths = 25, 40, 35 } @@ -113,7 +113,7 @@ function Get-AbrADOU { } $TableParams = @{ - Name = "Blocked Inheritance GPO Information - $($Domain.ToString().ToUpper())" + Name = "Blocked Inheritance GPO - $($Domain.ToString().ToUpper())" List = $false ColumnWidths = 35, 15, 15, 35 } diff --git a/Src/Private/Get-AbrADSiteReplication.ps1 b/Src/Private/Get-AbrADSiteReplication.ps1 index 4d42570..072466a 100644 --- a/Src/Private/Get-AbrADSiteReplication.ps1 +++ b/Src/Private/Get-AbrADSiteReplication.ps1 @@ -64,7 +64,7 @@ function Get-AbrADSiteReplication { } $TableParams = @{ - Name = "Site Replication Information - $($DC.ToString().ToUpper().Split(".")[0])" + Name = "Site Replication - $($DC.ToString().ToUpper().Split(".")[0])" List = $true ColumnWidths = 40, 60 } @@ -117,7 +117,7 @@ function Get-AbrADSiteReplication { } $TableParams = @{ - Name = "Site Replication Failure Information - $($Fails.Server.ToUpper().Split(".", 2)[0])" + Name = "Site Replication Failure - $($Fails.Server.ToUpper().Split(".", 2)[0])" List = $true ColumnWidths = 40, 60 } diff --git a/Src/Private/Get-AbrADTrust.ps1 b/Src/Private/Get-AbrADTrust.ps1 index a3c5891..0655875 100644 --- a/Src/Private/Get-AbrADTrust.ps1 +++ b/Src/Private/Get-AbrADTrust.ps1 @@ -63,7 +63,7 @@ function Get-AbrADTrust { $OutObj = [pscustomobject]$inobj $TableParams = @{ - Name = "Active Directory Trusts Information - $($Domain.ToString().ToUpper())" + Name = "Trusts - $($Domain.ToString().ToUpper())" List = $true ColumnWidths = 40, 60 } From 1f809b746c0191b91096591294a46386b6314630 Mon Sep 17 00:00:00 2001 From: Jonathan Colon Date: Sun, 23 Jan 2022 20:37:46 -0400 Subject: [PATCH 13/23] Complete Code refactoring --- Src/Private/Get-AbrADDHCPInfrastructure.ps1 | 214 ++++---- .../Get-AbrADDHCPv4PerScopeSetting.ps1 | 41 +- Src/Private/Get-AbrADDHCPv4Scope.ps1 | 262 +++++----- .../Get-AbrADDHCPv4ScopeServerSetting.ps1 | 109 ++-- Src/Private/Get-AbrADDHCPv4Statistic.ps1 | 68 +-- .../Get-AbrADDHCPv6PerScopeSetting.ps1 | 41 +- Src/Private/Get-AbrADDHCPv6Scope.ps1 | 180 +++---- .../Get-AbrADDHCPv6ScopeServerSetting.ps1 | 98 ++-- Src/Private/Get-AbrADDHCPv6Statistic.ps1 | 72 +-- Src/Private/Get-AbrADDNSInfrastructure.ps1 | 466 ++++++++---------- Src/Private/Get-AbrADDNSZone.ps1 | 24 +- Src/Private/Get-AbrADDomainController.ps1 | 6 +- Src/Private/Get-AbrADFSMO.ps1 | 14 +- Src/Private/Get-AbrADGPO.ps1 | 4 - Src/Private/Get-AbrADSite.ps1 | 2 +- .../Invoke-AsBuiltReport.Microsoft.AD.ps1 | 87 ++-- 16 files changed, 816 insertions(+), 872 deletions(-) diff --git a/Src/Private/Get-AbrADDHCPInfrastructure.ps1 b/Src/Private/Get-AbrADDHCPInfrastructure.ps1 index a80317c..01b1d23 100644 --- a/Src/Private/Get-AbrADDHCPInfrastructure.ps1 +++ b/Src/Private/Get-AbrADDHCPInfrastructure.ps1 @@ -31,138 +31,132 @@ function Get-AbrADDHCPInfrastructure { } process { - Section -Style Heading5 'DHCP Servers In Active Directory' { - Paragraph "The following section provides a summary of the DHCP servers information on $($Domain.ToString().ToUpper())." - BlankLine - $OutObj = @() - if ($Domain) { - try { - $DHCPinDC = Invoke-Command -Session $Session { Get-DhcpServerInDC | Where-Object {$_.DnsName.split(".", 2)[1] -eq $using:Domain} } - if ($DHCPinDC) {Write-PScriboMessage "Discovered '$(($DHCPinDC | Measure-Object).Count)' DHCP Servers in forest $($Domain)."} - foreach ($DHCPServers in $DHCPinDC) { - Write-PScriboMessage "Collecting DHCP Server Setting information from $($DHCPServers.DnsName.split(".", 2)[0])" - $Setting = Invoke-Command -Session $Session { Get-DhcpServerSetting -ComputerName ($using:DHCPServers).DnsName } - $inObj = [ordered] @{ - 'DC Name' = $DHCPServers.DnsName.Split(".", 2)[0] - 'IP Address' = $DHCPServers.IPAddress - 'Domain Name' = $DHCPServers.DnsName.Split(".", 2)[1] - 'Domain Joined' = ConvertTo-TextYN $Setting.IsDomainJoined - 'Authorized' = ConvertTo-TextYN $Setting.IsAuthorized - 'Conflict Detection Attempts' = $Setting.ConflictDetectionAttempts + try { + $DHCPinDC = Invoke-Command -Session $Session { Get-DhcpServerInDC | Where-Object {$_.DnsName.split(".", 2)[1] -eq $using:Domain} } + if ($DHCPinDC) { + Write-PScriboMessage "Discovered '$(($DHCPinDC | Measure-Object).Count)' DHCP Servers in forest $($Domain)." + Section -Style Heading5 'DHCP Servers In Active Directory' { + Paragraph "The following section provides a summary of the DHCP servers information on $($Domain.ToString().ToUpper())." + BlankLine + $OutObj = @() + foreach ($DHCPServer in $DHCPinDC) { + try { + Write-PScriboMessage "Collecting DHCP Server Setting information from $($DHCPServer.DnsName.split(".", 2)[0])" + $Setting = Invoke-Command -Session $Session { Get-DhcpServerSetting -ComputerName ($using:DHCPServer).DnsName } + $inObj = [ordered] @{ + 'DC Name' = $DHCPServer.DnsName.Split(".", 2)[0] + 'IP Address' = $DHCPServer.IPAddress + 'Domain Name' = $DHCPServer.DnsName.Split(".", 2)[1] + 'Domain Joined' = ConvertTo-TextYN $Setting.IsDomainJoined + 'Authorized' = ConvertTo-TextYN $Setting.IsAuthorized + 'Conflict Detection Attempts' = $Setting.ConflictDetectionAttempts + } + $OutObj += [pscustomobject]$inobj + } + catch { + Write-PscriboMessage -IsWarning "$($_.Exception.Message) (DHCP Servers In Active Directory Item)" } - $OutObj += [pscustomobject]$inobj } - } - catch { - Write-PscriboMessage -IsWarning "$($_.Exception.Message) (DHCP Servers In Active Directory)" - + if ($HealthCheck.DHCP.BP) { + $OutObj | Where-Object { $_.'Conflict Detection Attempts' -eq 0} | Set-Style -Style Warning -Property 'Conflict Detection Attempts' + $OutObj | Where-Object { $_.'Authorized' -eq 'No'} | Set-Style -Style Warning -Property 'Authorized' } - } - - if ($HealthCheck.DHCP.BP) { - $OutObj | Where-Object { $_.'Conflict Detection Attempts' -eq 0} | Set-Style -Style Warning -Property 'Conflict Detection Attempts' - $OutObj | Where-Object { $_.'Authorized' -eq 'No'} | Set-Style -Style Warning -Property 'Authorized' - } - $TableParams = @{ - Name = "DHCP Servers In Active Directory - $($Domain.ToString().ToUpper())" - List = $false - ColumnWidths = 20, 15, 20, 15, 15 ,15 - } - if ($Report.ShowTableCaptions) { - $TableParams['Caption'] = "- $($TableParams.Name)" - } - $OutObj | Table @TableParams - - Section -Style Heading6 'Service Database' { - Paragraph "The following section provides a summary of the DHCP servers service database information on $($Domain.ToString().ToUpper())." - BlankLine - $OutObj = @() - if ($Domain) { + $TableParams = @{ + Name = "DHCP Servers In Active Directory - $($Domain.ToString().ToUpper())" + List = $false + ColumnWidths = 20, 15, 20, 15, 15 ,15 + } + if ($Report.ShowTableCaptions) { + $TableParams['Caption'] = "- $($TableParams.Name)" + } + $OutObj | Table @TableParams try { - Write-PscriboMessage "Discovering Active Directory DHCP Servers information on $($Domain)." - $DHCPinDC = Invoke-Command -Session $Session { Get-DhcpServerInDC | Where-Object {$_.DnsName.split(".", 2)[1] -eq $using:Domain} } - if ($DHCPinDC) {Write-PScriboMessage "Discovered '$(($DHCPinDC | Measure-Object).Count)' DHCP Servers in forest $($Domain)."} - foreach ($DHCPServers in $DHCPinDC) { - Write-PScriboMessage "Collecting DHCP Server database information from $($DHCPServers.DnsName.split(".", 2)[0])" - $Setting = Invoke-Command -Session $Session { Get-DhcpServerDatabase -ComputerName ($using:DHCPServers).DnsName } - $inObj = [ordered] @{ - 'DC Name' = $DHCPServers.DnsName.Split(".", 2)[0] - 'File Path' = ConvertTo-EmptyToFiller $Setting.FileName - 'Backup Path' = ConvertTo-EmptyToFiller $Setting.BackupPath - 'Backup Interval' = switch ($Setting.BackupInterval) { - "" {"-"; break} - $NULL {"-"; break} - default {"$($Setting.BackupInterval) min"} + Section -Style Heading6 'Service Database' { + $OutObj = @() + foreach ($DHCPServer in $DHCPinDC) { + try { + Write-PScriboMessage "Collecting DHCP Server database information from $($DHCPServer.DnsName.split(".", 2)[0])" + $Setting = Invoke-Command -Session $Session { Get-DhcpServerDatabase -ComputerName ($using:DHCPServer).DnsName } + $inObj = [ordered] @{ + 'DC Name' = $DHCPServer.DnsName.Split(".", 2)[0] + 'File Path' = ConvertTo-EmptyToFiller $Setting.FileName + 'Backup Path' = ConvertTo-EmptyToFiller $Setting.BackupPath + 'Backup Interval' = switch ($Setting.BackupInterval) { + "" {"-"; break} + $NULL {"-"; break} + default {"$($Setting.BackupInterval) min"} + } + 'Logging Enabled' = Switch ($Setting.LoggingEnabled) { + "" {"-"; break} + $Null {"-"; break} + default {ConvertTo-TextYN $Setting.LoggingEnabled} + } + } + $OutObj += [pscustomobject]$inobj } - 'Logging Enabled' = Switch ($Setting.LoggingEnabled) { - "" {"-"; break} - $Null {"-"; break} - default {ConvertTo-TextYN $Setting.LoggingEnabled} + catch { + Write-PscriboMessage -IsWarning "$($_.Exception.Message) (Service Database Item)" } } - $OutObj += [pscustomobject]$inobj + + $TableParams = @{ + Name = "DHCP Servers Database - $($Domain.ToString().ToUpper())" + List = $false + ColumnWidths = 20, 28, 28, 12, 12 + } + if ($Report.ShowTableCaptions) { + $TableParams['Caption'] = "- $($TableParams.Name)" + } + $OutObj | Table @TableParams } } catch { - - Write-PscriboMessage -IsWarning "$($_.Exception.Message) (Service Database)" - + Write-PscriboMessage -IsWarning "$($_.Exception.Message) (Service Database Table)" } - } + try { + Section -Style Heading6 'Dynamic DNS credentials' { + $OutObj = @() + foreach ($DHCPServer in $DHCPinDC) { + try{ + Write-PScriboMessage "Collecting DHCP Server Dynamic DNS Credentials information from $($DHCPServer.DnsName.split(".", 2)[0])" + $Setting = Invoke-Command -Session $Session { Get-DhcpServerDnsCredential -ComputerName ($using:DHCPServer).DnsName } + $inObj = [ordered] @{ + 'DC Name' = $DHCPServer.DnsName.Split(".", 2)[0] + 'User Name' = ConvertTo-EmptyToFiller $Setting.UserName + 'Domain Name' = ConvertTo-EmptyToFiller $Setting.DomainName + } + $OutObj += [pscustomobject]$inobj + } + catch { + Write-PscriboMessage -IsWarning "$($_.Exception.Message) (Dynamic DNS credentials Item)" + } + } - $TableParams = @{ - Name = "DHCP Servers Database - $($Domain.ToString().ToUpper())" - List = $false - ColumnWidths = 20, 28, 28, 12, 12 - } - if ($Report.ShowTableCaptions) { - $TableParams['Caption'] = "- $($TableParams.Name)" - } - $OutObj | Table @TableParams - } + if ($HealthCheck.DHCP.BP) { + $OutObj | Where-Object { $_.'User Name' -eq "-"} | Set-Style -Style Warning -Property 'User Name','Domain Name' + } - Section -Style Heading6 'Dynamic DNS credentials' { - Paragraph "The following section provides a summary of the DHCP Servers Dynamic DNS registration credentials information on $($Domain.ToString().ToUpper())." - BlankLine - $OutObj = @() - if ($Domain) { - try { - Write-PscriboMessage "Discovering Active Directory DHCP Servers information on $($Domain)." - $DHCPinDC = Invoke-Command -Session $Session { Get-DhcpServerInDC | Where-Object {$_.DnsName.split(".", 2)[1] -eq $using:Domain} } - if ($DHCPinDC) {Write-PScriboMessage "Discovered '$(($DHCPinDC | Measure-Object).Count)' DHCP Servers in forest $($Domain)."} - foreach ($DHCPServers in $DHCPinDC) { - Write-PScriboMessage "Collecting DHCP Server Dynamic DNS Credentials information from $($DHCPServers.DnsName.split(".", 2)[0])" - $Setting = Invoke-Command -Session $Session { Get-DhcpServerDnsCredential -ComputerName ($using:DHCPServers).DnsName } - $inObj = [ordered] @{ - 'DC Name' = $DHCPServers.DnsName.Split(".", 2)[0] - 'User Name' = ConvertTo-EmptyToFiller $Setting.UserName - 'Domain Name' = ConvertTo-EmptyToFiller $Setting.DomainName + $TableParams = @{ + Name = "DHCP Servers Dynamic DNS Credentials - $($Domain.ToString().ToUpper())" + List = $false + ColumnWidths = 30, 30, 40 } - $OutObj += [pscustomobject]$inobj + if ($Report.ShowTableCaptions) { + $TableParams['Caption'] = "- $($TableParams.Name)" + } + $OutObj | Table @TableParams } } catch { - - Write-PscriboMessage -IsWarning "$($_.Exception.Message) (Dynamic DNS credentials)" - + Write-PscriboMessage -IsWarning "$($_.Exception.Message) (Dynamic DNS credentials Table)" } } - if ($HealthCheck.DHCP.BP) { - $OutObj | Where-Object { $_.'User Name' -eq "-"} | Set-Style -Style Warning -Property 'User Name','Domain Name' - } - - $TableParams = @{ - Name = "DHCP Servers Dynamic DNS Credentials - $($Domain.ToString().ToUpper())" - List = $false - ColumnWidths = 30, 30, 40 - } - if ($Report.ShowTableCaptions) { - $TableParams['Caption'] = "- $($TableParams.Name)" - } - $OutObj | Table @TableParams } } + catch { + Write-PscriboMessage -IsWarning "$($_.Exception.Message) (DHCP Servers In Active Directory Section)" + } } end {} diff --git a/Src/Private/Get-AbrADDHCPv4PerScopeSetting.ps1 b/Src/Private/Get-AbrADDHCPv4PerScopeSetting.ps1 index 5c8b2d5..7ef8d13 100644 --- a/Src/Private/Get-AbrADDHCPv4PerScopeSetting.ps1 +++ b/Src/Private/Get-AbrADDHCPv4PerScopeSetting.ps1 @@ -32,15 +32,14 @@ function Get-AbrADDHCPv4PerScopeSetting { } process { - Section -Style Heading6 "$Scope Scope Options Configuration" { - Paragraph "The following section provides a summary of the DHCP servers IPv4 Scope Server Options information." - BlankLine - $OutObj = @() - if ($Server) { - try { - $DHCPScopeOptions = Invoke-Command -Session $Session { Get-DhcpServerv4OptionValue -ComputerName $using:Server -ScopeId $using:Scope} - Write-PScriboMessage "Discovered '$(($DHCPScopeOptions | Measure-Object).Count)' DHCP scopes server opions on $($Server)." - foreach ($Option in $DHCPScopeOptions) { + $DHCPScopeOptions = Invoke-Command -Session $Session { Get-DhcpServerv4OptionValue -ComputerName $using:Server -ScopeId $using:Scope} + if ($DHCPScopeOptions) { + Section -Style Heading6 "$Scope Scope Options" { + Paragraph "The following section provides a summary of the DHCP servers IPv4 Scope Server Options information." + BlankLine + $OutObj = @() + foreach ($Option in $DHCPScopeOptions) { + try { Write-PscriboMessage "Collecting DHCP Server IPv4 Scope Server Option value $($Option.OptionId) from $($Server.split(".", 2)[0])" $inObj = [ordered] @{ 'Name' = $Option.Name @@ -50,24 +49,22 @@ function Get-AbrADDHCPv4PerScopeSetting { } $OutObj += [pscustomobject]$inobj } + catch { + Write-PscriboMessage -IsWarning "$($_.Exception.Message) (Scope Options Item)" + } } - catch { - Write-PscriboMessage -IsWarning "$($_.Exception.Message) (Scope Options Configuration)" + $TableParams = @{ + Name = "IPv4 Scopes Options - $Scope" + List = $false + ColumnWidths = 40, 15, 20, 25 } + if ($Report.ShowTableCaptions) { + $TableParams['Caption'] = "- $($TableParams.Name)" + } + $OutObj | Table @TableParams } - - $TableParams = @{ - Name = "IPv4 Scopes Options - $Scope" - List = $false - ColumnWidths = 40, 15, 20, 25 - } - if ($Report.ShowTableCaptions) { - $TableParams['Caption'] = "- $($TableParams.Name)" - } - $OutObj | Table @TableParams } - } end {} diff --git a/Src/Private/Get-AbrADDHCPv4Scope.ps1 b/Src/Private/Get-AbrADDHCPv4Scope.ps1 index a294f3c..62cc579 100644 --- a/Src/Private/Get-AbrADDHCPv4Scope.ps1 +++ b/Src/Private/Get-AbrADDHCPv4Scope.ps1 @@ -31,14 +31,14 @@ function Get-AbrADDHCPv4Scope { } process { - Section -Style Heading6 "$($Server.ToUpper().split(".", 2)[0]) IPv4 Scopes" { - Paragraph "The following section provides a summary of the DHCP servers IPv4 Scope information." - BlankLine - $OutObj = @() - if ($Server -and $Domain) { - try { - $DHCPScopes = Invoke-Command -Session $Session { Get-DhcpServerv4Scope -ComputerName $using:Server} - Write-PScriboMessage "Discovered '$(($DHCPScopes | Measure-Object).Count)' DHCP SCopes in $($Server)." + try { + $DHCPScopes = Invoke-Command -Session $Session { Get-DhcpServerv4Scope -ComputerName $using:Server} + Write-PScriboMessage "Discovered '$(($DHCPScopes | Measure-Object).Count)' DHCP SCopes in $($Server)." + if ($DHCPScopes) { + Section -Style Heading6 "$($Server.ToUpper().split(".", 2)[0]) IPv4 Scopes" { + Paragraph "The following section provides detailed information of the IPv4 Scope configuration." + BlankLine + $OutObj = @() foreach ($Scope in $DHCPScopes) { Write-PscriboMessage "Collecting DHCP Server IPv4 $($Scope.ScopeId) Scope from $($Server.split(".", 2)[0])" $SubnetMask = Convert-IpAddressToMaskLength $Scope.SubnetMask @@ -54,150 +54,154 @@ function Get-AbrADDHCPv4Scope { } $OutObj += [pscustomobject]$inobj } - } - catch { - Write-PscriboMessage -IsWarning "$($_.Exception.Message) (IPv4 Scope Summary)" - } - } - - $TableParams = @{ - Name = "IPv4 Scopes - $($Server.split(".", 2).ToUpper()[0])" - List = $false - ColumnWidths = 20, 20, 35, 15, 10 - } - if ($Report.ShowTableCaptions) { - $TableParams['Caption'] = "- $($TableParams.Name)" - } - $OutObj | Table @TableParams - try { - Section -Style Heading6 "$($Server.ToUpper().split(".", 2)[0]) IPv4 Scope Statistics" { - Paragraph "The following section provides a summary of the DHCP servers IPv4 Scope Statistics information." - BlankLine - $OutObj = @() - if ($Server -and $Domain) { - $DHCPScopes = Invoke-Command -Session $Session { Get-DhcpServerv4ScopeStatistics -ComputerName $using:Server} - Write-PScriboMessage "Discovered '$(($DHCPScopes | Measure-Object).Count)' scopes in $($Server)." - foreach ($Scope in $DHCPScopes) { - Write-PscriboMessage "Collecting DHCP Server IPv4 $($Scope.ScopeId) scope statistics from $($Server.split(".", 2)[0])" - $inObj = [ordered] @{ - 'Scope Id' = $Scope.ScopeId - 'Free IP' = $Scope.Free - 'In Use IP' = $Scope.InUse - 'Percentage In Use' = [math]::Round($Scope.PercentageInUse, 0) - 'Reserved IP' = $Scope.Reserved - } - $OutObj += [pscustomobject]$inobj - } - } - - if ($HealthCheck.DHCP.Statistics) { - $OutObj | Where-Object { $_.'Percentage In Use' -gt '95'} | Set-Style -Style Warning -Property 'Percentage In Use' - } $TableParams = @{ - Name = "IPv4 Scope Statistics - $($Server.split(".", 2).ToUpper()[0])" + Name = "IPv4 Scopes - $($Server.split(".", 2).ToUpper()[0])" List = $false - ColumnWidths = 20, 20, 20, 20, 20 + ColumnWidths = 20, 20, 35, 15, 10 } if ($Report.ShowTableCaptions) { $TableParams['Caption'] = "- $($TableParams.Name)" } $OutObj | Table @TableParams - } - } - catch { - Write-PscriboMessage -IsWarning "$($_.Exception.Message) (IPv4 Scope Statistics)" - } - try { - Section -Style Heading6 "$($Server.ToUpper().split(".", 2)[0]) IPv4 Scope Failover" { - Paragraph "The following section provides a summary of the DHCP servers IPv4 Scope Failover information." - BlankLine - $OutObj = @() - if ($Server -and $Domain) { - $DHCPScopes = Invoke-Command -Session $Session { Get-DhcpServerv4Failover -ComputerName $using:Server} - Write-PScriboMessage "Discovered '$(($DHCPScopes | Measure-Object).Count)' failover setting in $($Server)." - foreach ($Scope in $DHCPScopes) { - Write-PscriboMessage "Collecting DHCP Server IPv4 $($Scope.ScopeId) scope failover setting from $($Server.split(".", 2)[0])" - $inObj = [ordered] @{ - 'DHCP Server' = $Server - 'Partner DHCP Server' = $Scope.PartnerServer - 'Mode' = $Scope.Mode - 'LoadBalance Percent' = ConvertTo-EmptyToFiller ([math]::Round($Scope.LoadBalancePercent, 0)) - 'Server Role' = ConvertTo-EmptyToFiller $Scope.ServerRole - 'Reserve Percent' = ConvertTo-EmptyToFiller ([math]::Round($Scope.ReservePercent, 0)) - 'Max Client Lead Time' = ConvertTo-EmptyToFiller $Scope.MaxClientLeadTime - 'State Switch Interval' = ConvertTo-EmptyToFiller $Scope.StateSwitchInterval - 'Scope Ids' = $Scope.ScopeId - 'State' = $Scope.State - 'Auto State Transition' = ConvertTo-TextYN $Scope.AutoStateTransition - 'Authetication Enable' = ConvertTo-TextYN $Scope.EnableAuth + + try { + $DHCPScopes = Invoke-Command -Session $Session { Get-DhcpServerv4ScopeStatistics -ComputerName $using:Server} + if ($DHCPScopes) { + Section -Style Heading6 "IPv4 Scope Statistics" { + $OutObj = @() + foreach ($Scope in $DHCPScopes) { + try { + Write-PscriboMessage "Collecting DHCP Server IPv4 $($Scope.ScopeId) scope statistics from $($Server.split(".", 2)[0])" + $inObj = [ordered] @{ + 'Scope Id' = $Scope.ScopeId + 'Free IP' = $Scope.Free + 'In Use IP' = $Scope.InUse + 'Percentage In Use' = [math]::Round($Scope.PercentageInUse, 0) + 'Reserved IP' = $Scope.Reserved + } + $OutObj += [pscustomobject]$inobj + } + catch { + Write-PscriboMessage -IsWarning "$($_.Exception.Message) (IPv4 Scope Statistics Item)" + } + } + + if ($HealthCheck.DHCP.Statistics) { + $OutObj | Where-Object { $_.'Percentage In Use' -gt '95'} | Set-Style -Style Warning -Property 'Percentage In Use' + } + + $TableParams = @{ + Name = "IPv4 Scope Statistics - $($Server.split(".", 2).ToUpper()[0])" + List = $false + ColumnWidths = 20, 20, 20, 20, 20 + } + if ($Report.ShowTableCaptions) { + $TableParams['Caption'] = "- $($TableParams.Name)" + } + $OutObj | Table @TableParams } - $OutObj += [pscustomobject]$inobj } } - - if ($HealthCheck.DHCP.BP) { - $OutObj | Where-Object { $_.'Authetication Enable' -eq 'No'} | Set-Style -Style Warning -Property 'Authetication Enable' + catch { + Write-PscriboMessage -IsWarning "$($_.Exception.Message) (IPv4 Scope Statistics Table)" } + try { + $DHCPScopes = Invoke-Command -Session $Session { Get-DhcpServerv4Failover -ComputerName $using:Server} + if ($DHCPScopes) { + Section -Style Heading6 "IPv4 Scope Failover" { + $OutObj = @() + Write-PScriboMessage "Discovered '$(($DHCPScopes | Measure-Object).Count)' failover setting in $($Server)." + foreach ($Scope in $DHCPScopes) { + try { + Write-PscriboMessage "Collecting DHCP Server IPv4 $($Scope.ScopeId) scope failover setting from $($Server.split(".", 2)[0])" + $inObj = [ordered] @{ + 'DHCP Server' = $Server + 'Partner DHCP Server' = $Scope.PartnerServer + 'Mode' = $Scope.Mode + 'LoadBalance Percent' = ConvertTo-EmptyToFiller ([math]::Round($Scope.LoadBalancePercent, 0)) + 'Server Role' = ConvertTo-EmptyToFiller $Scope.ServerRole + 'Reserve Percent' = ConvertTo-EmptyToFiller ([math]::Round($Scope.ReservePercent, 0)) + 'Max Client Lead Time' = ConvertTo-EmptyToFiller $Scope.MaxClientLeadTime + 'State Switch Interval' = ConvertTo-EmptyToFiller $Scope.StateSwitchInterval + 'Scope Ids' = $Scope.ScopeId + 'State' = $Scope.State + 'Auto State Transition' = ConvertTo-TextYN $Scope.AutoStateTransition + 'Authetication Enable' = ConvertTo-TextYN $Scope.EnableAuth + } + $OutObj = [pscustomobject]$inobj + } + catch { + Write-PscriboMessage -IsWarning "$($_.Exception.Message) (IPv4 Scope Failover Item)" + } + if ($HealthCheck.DHCP.BP) { + $OutObj | Where-Object { $_.'Authetication Enable' -eq 'No'} | Set-Style -Style Warning -Property 'Authetication Enable' + } - $TableParams = @{ - Name = "IPv4 Scope Failover Cofiguration - $($Server.split(".", 2).ToUpper()[0])" - List = $true - ColumnWidths = 40, 60 + $TableParams = @{ + Name = "IPv4 Scope Failover Cofiguration - $($Server.split(".", 2).ToUpper()[0])" + List = $true + ColumnWidths = 40, 60 + } + if ($Report.ShowTableCaptions) { + $TableParams['Caption'] = "- $($TableParams.Name)" + } + $OutObj | Table @TableParams + } + } + } } - if ($Report.ShowTableCaptions) { - $TableParams['Caption'] = "- $($TableParams.Name)" + catch { + Write-PscriboMessage -IsWarning "$($_.Exception.Message) (IPv4 Scope Failover Table)" } - $OutObj | Table @TableParams - } - } - catch { - Write-PscriboMessage -IsWarning "$($_.Exception.Message) (IPv4 Scope Failover)" - } - try { - Section -Style Heading6 " $($Server.ToUpper().split(".", 2)[0]) IPv4 Network Interface Binding" { - Paragraph "The following section provides a summary of the IPv4 Network Interface binding." - BlankLine - $OutObj = @() - if ($Server -and $Domain) { - $DHCPScopes = Invoke-Command -Session $Session { Get-DhcpServerv4Binding -ComputerName $using:Server} - Write-PScriboMessage "Discovered '$(($DHCPScopes | Measure-Object).Count)' bindings in $($Server)." - foreach ($Scope in $DHCPScopes) { - Write-PscriboMessage "Collecting DHCP Server IPv4 $($Scope.InterfaceAlias) binding from $($Server.split(".", 2)[0])" - $SubnetMask = Convert-IpAddressToMaskLength $Scope.SubnetMask - $inObj = [ordered] @{ - 'Interface Alias' = $Scope.InterfaceAlias - 'IP Address' = $Scope.IPAddress - 'Subnet Mask' = $Scope.SubnetMask - 'State' = Switch ($Scope.BindingState) { - "" {"-"; break} - $Null {"-"; break} - "True" {"Enabled"} - "False" {"Disabled"} - default {$Scope.BindingState} + try { + $DHCPScopes = Invoke-Command -Session $Session {Get-DhcpServerv4Binding -ComputerName $using:Server} + if ($DHCPScopes) { + Section -Style Heading6 "IPv4 Network Interface Binding" { + $OutObj = @() + foreach ($Scope in $DHCPScopes) { + try { + Write-PscriboMessage "Collecting DHCP Server IPv4 $($Scope.InterfaceAlias) binding from $($Server.split(".", 2)[0])" + $SubnetMask = Convert-IpAddressToMaskLength $Scope.SubnetMask + $inObj = [ordered] @{ + 'Interface Alias' = $Scope.InterfaceAlias + 'IP Address' = $Scope.IPAddress + 'Subnet Mask' = $Scope.SubnetMask + 'State' = Switch ($Scope.BindingState) { + "" {"-"; break} + $Null {"-"; break} + "True" {"Enabled"} + "False" {"Disabled"} + default {$Scope.BindingState} + } + } + $OutObj += [pscustomobject]$inobj + } + catch { + Write-PscriboMessage -IsWarning "$($_.Exception.Message) (IPv4 Network Interface binding Item)" + } + } + $TableParams = @{ + Name = "IPv4 Network Interface binding - $($Server.split(".", 2).ToUpper()[0])" + List = $false + ColumnWidths = 25, 25, 25, 25 } + if ($Report.ShowTableCaptions) { + $TableParams['Caption'] = "- $($TableParams.Name)" + } + $OutObj | Table @TableParams } - $OutObj += [pscustomobject]$inobj } } - - $TableParams = @{ - Name = "IPv4 Network Interface binding - $($Server.split(".", 2).ToUpper()[0])" - List = $false - ColumnWidths = 25, 25, 25, 25 - } - if ($Report.ShowTableCaptions) { - $TableParams['Caption'] = "- $($TableParams.Name)" + catch { + Write-PscriboMessage -IsWarning "$($_.Exception.Message) (IPv4 Network Interface binding Table)" } - $OutObj | Table @TableParams } } - catch { - Write-PscriboMessage -IsWarning "$($_.Exception.Message) (IPv4 Network Interface binding)" - } + } + catch { + Write-PscriboMessage -IsWarning "$($_.Exception.Message) (IPv4 Scope Summary)" } } - end {} - } \ No newline at end of file diff --git a/Src/Private/Get-AbrADDHCPv4ScopeServerSetting.ps1 b/Src/Private/Get-AbrADDHCPv4ScopeServerSetting.ps1 index ee89217..f122c78 100644 --- a/Src/Private/Get-AbrADDHCPv4ScopeServerSetting.ps1 +++ b/Src/Private/Get-AbrADDHCPv4ScopeServerSetting.ps1 @@ -31,72 +31,79 @@ function Get-AbrADDHCPv4ScopeServerSetting { } process { - $OutObj = @() - if ($Server) { - try { - $DHCPScopeOptions = Invoke-Command -Session $Session { Get-DhcpServerv4OptionValue -ComputerName $using:Server} - Write-PScriboMessage "Discovered '$(($DHCPScopeOptions | Measure-Object).Count)' DHCP scopes server opions on $($Server)." - foreach ($Option in $DHCPScopeOptions) { - Write-PscriboMessage "Collecting DHCP Server IPv4 Scope Server Option value $($Option.OptionId) from $($Server.split(".", 2)[0])" - $inObj = [ordered] @{ - 'Name' = $Option.Name - 'Option Id' = $Option.OptionId - 'Value' = $Option.Value - 'Policy Name' = ConvertTo-EmptyToFiller $Option.PolicyName - } - $OutObj += [pscustomobject]$inobj - } - } - catch { - Write-PscriboMessage -IsWarning "$($_.Exception.Message) (DHCP scopes server opions)" - } - } - - $TableParams = @{ - Name = "IPv4 Scopes Server Options - $($Server.split(".", 2).ToUpper()[0])" - List = $false - ColumnWidths = 40, 15, 20, 25 - } - if ($Report.ShowTableCaptions) { - $TableParams['Caption'] = "- $($TableParams.Name)" - } - $OutObj | Table @TableParams - try { - Section -Style Heading6 "Scope DNS Setting" { - Paragraph "The following section provides a summary of the DHCP servers IPv4 Scope DNS Setting information." + $DHCPScopeOptions = Invoke-Command -Session $Session { Get-DhcpServerv4OptionValue -ComputerName $using:Server} + if ($DHCPScopeOptions) { + Section -Style Heading6 "$($DHCPServer.ToUpper().split(".", 2)[0]) IPv4 Scope Server Options" { + Paragraph "The following section provides a summary of the DHCP servers IPv4 Scope Server Options information." BlankLine $OutObj = @() - if ($Server) { - $DHCPScopeOptions = Invoke-Command -Session $Session { Get-DhcpServerv4DnsSetting -ComputerName $using:Server} - Write-PScriboMessage "Discovered '$(($DHCPScopeOptions | Measure-Object).Count)' DHCP scopes dns setting from $($Server)." - foreach ($Option in $DHCPScopeOptions) { - Write-PscriboMessage "Collecting DHCP Server IPv4 Scope DNS Setting value from $($Server)." + Write-PScriboMessage "Discovered '$(($DHCPScopeOptions | Measure-Object).Count)' DHCP scopes server opions on $($Server)." + foreach ($Option in $DHCPScopeOptions) { + try { + Write-PscriboMessage "Collecting DHCP Server IPv4 Scope Server Option value $($Option.OptionId) from $($Server.split(".", 2)[0])" $inObj = [ordered] @{ - 'Dynamic Updates' = $Option.DynamicUpdates - 'Dns Suffix' = ConvertTo-EmptyToFiller $Option.DnsSuffix - 'Name Protection' = ConvertTo-EmptyToFiller $Option.NameProtection - 'Update Dns RR For Older Clients' = ConvertTo-EmptyToFiller $Option.UpdateDnsRRForOlderClients - 'Disable Dns Ptr RR Update' = ConvertTo-EmptyToFiller $Option.DisableDnsPtrRRUpdate - 'Delete Dns RR On Lease Expiry' = ConvertTo-EmptyToFiller $Option.DeleteDnsRROnLeaseExpiry + 'Name' = $Option.Name + 'Option Id' = $Option.OptionId + 'Value' = $Option.Value + 'Policy Name' = ConvertTo-EmptyToFiller $Option.PolicyName } $OutObj += [pscustomobject]$inobj } + catch { + Write-PscriboMessage -IsWarning "$($_.Exception.Message) (DHCP scopes server opions item)" + } } - $TableParams = @{ - Name = "IPv4 Scopes DNS Setting - $($Server.split(".", 2)[0])" - List = $true - ColumnWidths = 40, 60 + Name = "IPv4 Scopes Server Options - $($Server.split(".", 2).ToUpper()[0])" + List = $false + ColumnWidths = 40, 15, 20, 25 } if ($Report.ShowTableCaptions) { $TableParams['Caption'] = "- $($TableParams.Name)" } $OutObj | Table @TableParams + try { + $DHCPScopeOptions = Invoke-Command -Session $Session { Get-DhcpServerv4DnsSetting -ComputerName $using:Server} + if ($DHCPScopeOptions) { + Section -Style Heading6 "Scope DNS Setting" { + Paragraph "The following section provides a summary of the DHCP servers IPv4 Scope DNS Setting information." + BlankLine + $OutObj = @() + foreach ($Option in $DHCPScopeOptions) { + try { + Write-PscriboMessage "Collecting DHCP Server IPv4 Scope DNS Setting value from $($Server)." + $inObj = [ordered] @{ + 'Dynamic Updates' = $Option.DynamicUpdates + 'Dns Suffix' = ConvertTo-EmptyToFiller $Option.DnsSuffix + 'Name Protection' = ConvertTo-EmptyToFiller $Option.NameProtection + 'Update Dns RR For Older Clients' = ConvertTo-EmptyToFiller $Option.UpdateDnsRRForOlderClients + 'Disable Dns Ptr RR Update' = ConvertTo-EmptyToFiller $Option.DisableDnsPtrRRUpdate + 'Delete Dns RR On Lease Expiry' = ConvertTo-EmptyToFiller $Option.DeleteDnsRROnLeaseExpiry + } + $OutObj += [pscustomobject]$inobj + } + catch { + Write-PscriboMessage -IsWarning "$($_.Exception.Message) (Scope DNS Setting Item)" + } + } + + $TableParams = @{ + Name = "IPv4 Scopes DNS Setting - $($Server.split(".", 2)[0])" + List = $true + ColumnWidths = 40, 60 + } + if ($Report.ShowTableCaptions) { + $TableParams['Caption'] = "- $($TableParams.Name)" + } + $OutObj | Table @TableParams + } + } + } + catch { + Write-PscriboMessage -IsWarning "$($_.Exception.Message) (Scope DNS Setting Table)" + } } } - catch { - Write-PscriboMessage -IsWarning "$($_.Exception.Message) (Scope DNS Setting)" - } } end {} diff --git a/Src/Private/Get-AbrADDHCPv4Statistic.ps1 b/Src/Private/Get-AbrADDHCPv4Statistic.ps1 index 4c8a087..6d97549 100644 --- a/Src/Private/Get-AbrADDHCPv4Statistic.ps1 +++ b/Src/Private/Get-AbrADDHCPv4Statistic.ps1 @@ -30,46 +30,48 @@ function Get-AbrADDHCPv4Statistic { process { try { - Section -Style Heading6 'IPv4 Service Statistics' { - Paragraph "The following section provides a summary of the DHCP servers IPv4 Statistics information on $($Domain.ToString().ToUpper())." - BlankLine - $OutObj = @() - if ($Domain) { - $DHCPinDC = Invoke-Command -Session $Session { Get-DhcpServerInDC | Where-Object {$_.DnsName.split(".", 2)[1] -eq $using:Domain} } - if ($DHCPinDC) {Write-PScriboMessage "Discovered '$(($DHCPinDC | Measure-Object).Count)' DHCP Servers in forest $($Domain)."} - foreach ($DHCPServers in $DHCPinDC) { - Write-PScriboMessage "Collecting DHCP Server IPv4 Statistics from $($DHCPServers.DnsName.split(".", 2)[0])" - $Setting = Invoke-Command -Session $Session { Get-DhcpServerv4Statistics -ComputerName ($using:DHCPServers).DnsName } - $inObj = [ordered] @{ - 'DC Name' = $DHCPServers.DnsName.Split(".", 2)[0] - 'Total Scopes' = ConvertTo-EmptyToFiller $Setting.TotalScopes - 'Total Addresses' = ConvertTo-EmptyToFiller $Setting.TotalAddresses - 'Addresses In Use' = ConvertTo-EmptyToFiller $Setting.AddressesInUse - 'Addresses Available' = ConvertTo-EmptyToFiller $Setting.AddressesAvailable - 'Percentage In Use' = ConvertTo-EmptyToFiller ([math]::Round($Setting.PercentageInUse, 0)) - 'Percentage Available' = ConvertTo-EmptyToFiller ([math]::Round($Setting.PercentageAvailable, 0)) + $DHCPinDC = Invoke-Command -Session $Session { Get-DhcpServerInDC | Where-Object {$_.DnsName.split(".", 2)[1] -eq $using:Domain} } + if ($DHCPinDC) { + Section -Style Heading6 'IPv4 Service Statistics' { + Write-PScriboMessage "Discovered '$(($DHCPinDC | Measure-Object).Count)' DHCP Servers in forest $($Domain)." + $OutObj = @() + try { + foreach ($DHCPServers in $DHCPinDC) { + Write-PScriboMessage "Collecting DHCP Server IPv4 Statistics from $($DHCPServers.DnsName.split(".", 2)[0])" + $Setting = Invoke-Command -Session $Session { Get-DhcpServerv4Statistics -ComputerName ($using:DHCPServers).DnsName } + $inObj = [ordered] @{ + 'DC Name' = $DHCPServers.DnsName.Split(".", 2)[0] + 'Total Scopes' = ConvertTo-EmptyToFiller $Setting.TotalScopes + 'Total Addresses' = ConvertTo-EmptyToFiller $Setting.TotalAddresses + 'Addresses In Use' = ConvertTo-EmptyToFiller $Setting.AddressesInUse + 'Addresses Available' = ConvertTo-EmptyToFiller $Setting.AddressesAvailable + 'Percentage In Use' = ConvertTo-EmptyToFiller ([math]::Round($Setting.PercentageInUse, 0)) + 'Percentage Available' = ConvertTo-EmptyToFiller ([math]::Round($Setting.PercentageAvailable, 0)) + } + $OutObj += [pscustomobject]$inobj } - $OutObj += [pscustomobject]$inobj } - } - - if ($HealthCheck.DHCP.Statistics) { - $OutObj | Where-Object { $_.'Percentage In Use' -gt 95} | Set-Style -Style Warning -Property 'Percentage Available','Percentage In Use' - } + catch { + Write-PScriboMessage -IsWarning "$($_.Exception.Message) (IPv4 Service Statistics Item)" + } + if ($HealthCheck.DHCP.Statistics) { + $OutObj | Where-Object { $_.'Percentage In Use' -gt 95} | Set-Style -Style Warning -Property 'Percentage Available','Percentage In Use' + } - $TableParams = @{ - Name = "DHCP Server IPv4 Statistics - $($Domain.ToString().ToUpper())" - List = $false - ColumnWidths = 20, 13, 13, 13, 14 ,13, 14 - } - if ($Report.ShowTableCaptions) { - $TableParams['Caption'] = "- $($TableParams.Name)" + $TableParams = @{ + Name = "DHCP Server IPv4 Statistics - $($Domain.ToString().ToUpper())" + List = $false + ColumnWidths = 20, 13, 13, 13, 14 ,13, 14 + } + if ($Report.ShowTableCaptions) { + $TableParams['Caption'] = "- $($TableParams.Name)" + } + $OutObj | Table @TableParams } - $OutObj | Table @TableParams } } catch { - Write-PScriboMessage -IsWarning "$($_.Exception.Message) (IPv4 Service Statistics)" + Write-PScriboMessage -IsWarning "$($_.Exception.Message) (IPv4 Service Statistics Table)" } } diff --git a/Src/Private/Get-AbrADDHCPv6PerScopeSetting.ps1 b/Src/Private/Get-AbrADDHCPv6PerScopeSetting.ps1 index babd34a..cd70701 100644 --- a/Src/Private/Get-AbrADDHCPv6PerScopeSetting.ps1 +++ b/Src/Private/Get-AbrADDHCPv6PerScopeSetting.ps1 @@ -32,15 +32,14 @@ function Get-AbrADDHCPv6PerScopeSetting { } process { - Section -Style Heading6 "$Scope Scope Options" { - Paragraph "The following section provides a summary of the DHCP servers IPv6 Scope Server Options information." - BlankLine - $OutObj = @() - if ($Server) { - try { - $DHCPScopeOptions = Invoke-Command -Session $Session { Get-DhcpServerv6OptionValue -ComputerName $using:Server -Prefix $using:Scope} - Write-PScriboMessage "Discovered '$(($DHCPScopeOptions | Measure-Object).Count)' DHCP scopes server opions on $($Server)." - foreach ($Option in $DHCPScopeOptions) { + $DHCPScopeOptions = Invoke-Command -Session $Session { Get-DhcpServerv6OptionValue -ComputerName $using:Server -Prefix $using:Scope} + if ($DHCPScopeOptions) { + Section -Style Heading6 "$Scope Scope Options" { + Paragraph "The following section provides a summary of the DHCP servers IPv6 Scope Server Options information." + BlankLine + $OutObj = @() + foreach ($Option in $DHCPScopeOptions) { + try { Write-PscriboMessage "Collecting DHCP Server IPv6 Scope Server Option value $($Option.OptionId) from $($Server.split(".", 2)[0])" $inObj = [ordered] @{ 'Name' = $Option.Name @@ -50,23 +49,21 @@ function Get-AbrADDHCPv6PerScopeSetting { } $OutObj += [pscustomobject]$inobj } + catch { + Write-PscriboMessage -IsWarning "$($_.Exception.Message) (IPv6 Scope Options Item)" + } } - catch { - Write-PscriboMessage -IsWarning "$($_.Exception.Message) (IPv6 Scope Options Configuration)" + $TableParams = @{ + Name = "IPv6 Scopes Options - $Scope" + List = $false + ColumnWidths = 40, 15, 20, 25 } + if ($Report.ShowTableCaptions) { + $TableParams['Caption'] = "- $($TableParams.Name)" + } + $OutObj | Table @TableParams } - - $TableParams = @{ - Name = "IPv6 Scopes Options - $Scope" - List = $false - ColumnWidths = 40, 15, 20, 25 - } - if ($Report.ShowTableCaptions) { - $TableParams['Caption'] = "- $($TableParams.Name)" - } - $OutObj | Table @TableParams } - } end {} diff --git a/Src/Private/Get-AbrADDHCPv6Scope.ps1 b/Src/Private/Get-AbrADDHCPv6Scope.ps1 index 1eb6529..3f6c85d 100644 --- a/Src/Private/Get-AbrADDHCPv6Scope.ps1 +++ b/Src/Private/Get-AbrADDHCPv6Scope.ps1 @@ -31,15 +31,14 @@ function Get-AbrADDHCPv6Scope { } process { - Section -Style Heading6 "$($Server.ToUpper().split(".", 2)[0]) IPv6 Scopes" { - Paragraph "The following section provides a summary of the DHCP servers IPv6 Scope Configuration." - BlankLine - $OutObj = @() - if ($Server -and $Domain) { - try { - $DHCPScopes = Invoke-Command -Session $Session { Get-DhcpServerv6Scope -ComputerName $using:Server} - Write-PScriboMessage "Discovered '$(($DHCPScopes | Measure-Object).Count)' DHCP SCopes in $($Server)." - foreach ($Scope in $DHCPScopes) { + $DHCPScopes = Invoke-Command -Session $Session { Get-DhcpServerv6Scope -ComputerName $using:Server} + if ($DHCPScopes) { + Section -Style Heading6 "$($Server.ToUpper().split(".", 2)[0]) IPv6 Scopes" { + Paragraph "The following section provides a summary of the DHCP servers IPv6 Scope Configuration." + BlankLine + $OutObj = @() + foreach ($Scope in $DHCPScopes) { + try { Write-PscriboMessage "Collecting DHCP Server IPv6 $($Scope.ScopeId) Scope from $($Server.split(".", 2)[0])" $inObj = [ordered] @{ 'Scope Id' = "$($Scope.Prefix)/$($Scope.PrefixLength)" @@ -52,98 +51,101 @@ function Get-AbrADDHCPv6Scope { } $OutObj += [pscustomobject]$inobj } + catch { + Write-PscriboMessage -IsWarning "$($_.Exception.Message) (IPv6 Scope Item)" + } } - catch { - Write-PscriboMessage -IsWarning "$($_.Exception.Message) (IPv6 Scope)" + + $TableParams = @{ + Name = "IPv6 Scopes - $($Server.split(".", 2).ToUpper()[0])" + List = $false + ColumnWidths = 30, 30, 20, 20 } - } + if ($Report.ShowTableCaptions) { + $TableParams['Caption'] = "- $($TableParams.Name)" + } + $OutObj | Table @TableParams + try { + $DHCPScopes = Invoke-Command -Session $Session { Get-DhcpServerv6ScopeStatistics -ComputerName $using:Server} + if ($DHCPScopes) { + Section -Style Heading6 "IPv6 Scope Statistics" { + $OutObj = @() + foreach ($Scope in $DHCPScopes) { + try { + Write-PscriboMessage "Collecting DHCP Server IPv6 $($Scope.ScopeId) scope statistics from $($Server.split(".", 2)[0])" + $inObj = [ordered] @{ + 'Scope Id' = $Scope.Prefix + 'Free IP' = $Scope.AddressesFree + 'In Use IP' = $Scope.AddressesInUse + 'Percentage In Use' = [math]::Round($Scope.PercentageInUse, 0) + 'Reserved IP' = $Scope.ReservedAddress + } + $OutObj += [pscustomobject]$inobj + } + catch { + Write-PscriboMessage -IsWarning "$($_.Exception.Message) (IPv6 Scope Statistics Item)" + } + } + if ($HealthCheck.DHCP.Statistics) { + $OutObj | Where-Object { $_.'Percentage In Use' -gt '95'} | Set-Style -Style Warning -Property 'Percentage In Use' + } - $TableParams = @{ - Name = "IPv6 Scopes - $($Server.split(".", 2).ToUpper()[0])" - List = $false - ColumnWidths = 30, 30, 20, 20 - } - if ($Report.ShowTableCaptions) { - $TableParams['Caption'] = "- $($TableParams.Name)" - } - $OutObj | Table @TableParams - try { - Section -Style Heading6 "$($Server.ToUpper().split(".", 2)[0]) IPv6 Scope Statistics" { - Paragraph "The following section provides a summary of the DHCP servers IPv6 Scope Statistics information." - BlankLine - $OutObj = @() - if ($Server -and $Domain) { - $DHCPScopes = Invoke-Command -Session $Session { Get-DhcpServerv6ScopeStatistics -ComputerName $using:Server} - Write-PScriboMessage "Discovered '$(($DHCPScopes | Measure-Object).Count)' scopes in $($Server)." - foreach ($Scope in $DHCPScopes) { - Write-PscriboMessage "Collecting DHCP Server IPv6 $($Scope.ScopeId) scope statistics from $($Server.split(".", 2)[0])" - $inObj = [ordered] @{ - 'Scope Id' = $Scope.Prefix - 'Free IP' = $Scope.AddressesFree - 'In Use IP' = $Scope.AddressesInUse - 'Percentage In Use' = [math]::Round($Scope.PercentageInUse, 0) - 'Reserved IP' = $Scope.ReservedAddress + $TableParams = @{ + Name = "IPv6 Scope Statistics - $($Server.split(".", 2).ToUpper()[0])" + List = $false + ColumnWidths = 20, 20, 20, 20, 20 } - $OutObj += [pscustomobject]$inobj + if ($Report.ShowTableCaptions) { + $TableParams['Caption'] = "- $($TableParams.Name)" + } + $OutObj | Table @TableParams } } - - if ($HealthCheck.DHCP.Statistics) { - $OutObj | Where-Object { $_.'Percentage In Use' -gt '95'} | Set-Style -Style Warning -Property 'Percentage In Use' - } - - $TableParams = @{ - Name = "IPv6 Scope Statistics - $($Server.split(".", 2).ToUpper()[0])" - List = $false - ColumnWidths = 20, 20, 20, 20, 20 - } - if ($Report.ShowTableCaptions) { - $TableParams['Caption'] = "- $($TableParams.Name)" - } - $OutObj | Table @TableParams } - } - catch { - Write-PscriboMessage -IsWarning "$($_.Exception.Message) (IPv6 Scope Statistics)" - } - try { - Section -Style Heading6 "$($Server.ToUpper().split(".", 2)[0]) IPv6 Network Interface Binding" { - Paragraph "The following section provides a summary of the IPv6 Network Interface Binding." - BlankLine - $OutObj = @() - if ($Server -and $Domain) { - $DHCPScopes = Invoke-Command -Session $Session { Get-DhcpServerv6Binding -ComputerName $using:Server} - Write-PScriboMessage "Discovered '$(($DHCPScopes | Measure-Object).Count)' bindings in $($Server)." - foreach ($Scope in $DHCPScopes) { - Write-PscriboMessage "Collecting DHCP Server IPv6 $($Scope.InterfaceAlias) binding from $($Server.split(".", 2)[0])" - $inObj = [ordered] @{ - 'Interface Alias' = $Scope.InterfaceAlias - 'IP Address' = $Scope.IPAddress - 'State' = Switch ($Scope.BindingState) { - "" {"-"; break} - $Null {"-"; break} - "True" {"Enabled"} - "False" {"Disabled"} - default {$Scope.BindingState} + catch { + Write-PscriboMessage -IsWarning "$($_.Exception.Message) (IPv6 Scope Statistics Table)" + } + try { + $DHCPScopes = Invoke-Command -Session $Session { Get-DhcpServerv6Binding -ComputerName $using:Server} + if ($DHCPScopes) { + Section -Style Heading6 "IPv6 Network Interface Binding" { + $OutObj = @() + foreach ($Scope in $DHCPScopes) { + try { + Write-PscriboMessage "Collecting DHCP Server IPv6 $($Scope.InterfaceAlias) binding from $($Server.split(".", 2)[0])" + $inObj = [ordered] @{ + 'Interface Alias' = $Scope.InterfaceAlias + 'IP Address' = $Scope.IPAddress + 'State' = Switch ($Scope.BindingState) { + "" {"-"; break} + $Null {"-"; break} + "True" {"Enabled"} + "False" {"Disabled"} + default {$Scope.BindingState} + } + } + $OutObj += [pscustomobject]$inobj + } + catch { + Write-PscriboMessage -IsWarning "$($_.Exception.Message) (IPv6 Network Interface binding item)" } } - $OutObj += [pscustomobject]$inobj - } - } - $TableParams = @{ - Name = "IPv6 Network Interface binding - $($Server.split(".", 2).ToUpper()[0])" - List = $false - ColumnWidths = 30, 40, 30 - } - if ($Report.ShowTableCaptions) { - $TableParams['Caption'] = "- $($TableParams.Name)" + $TableParams = @{ + Name = "IPv6 Network Interface binding - $($Server.split(".", 2).ToUpper()[0])" + List = $false + ColumnWidths = 30, 40, 30 + } + if ($Report.ShowTableCaptions) { + $TableParams['Caption'] = "- $($TableParams.Name)" + } + $OutObj | Table @TableParams + } } - $OutObj | Table @TableParams } - } - catch { - Write-PscriboMessage -IsWarning "$($_.Exception.Message) (IPv6 Network Interface binding)" + catch { + Write-PscriboMessage -IsWarning "$($_.Exception.Message) (IPv6 Network Interface binding table)" + } } } } diff --git a/Src/Private/Get-AbrADDHCPv6ScopeServerSetting.ps1 b/Src/Private/Get-AbrADDHCPv6ScopeServerSetting.ps1 index 2e06e86..8e8a5bc 100644 --- a/Src/Private/Get-AbrADDHCPv6ScopeServerSetting.ps1 +++ b/Src/Private/Get-AbrADDHCPv6ScopeServerSetting.ps1 @@ -32,68 +32,74 @@ function Get-AbrADDHCPv6ScopeServerSetting { process { $OutObj = @() - if ($Server) { - try { - $DHCPScopeOptions = Invoke-Command -Session $Session { Get-DhcpServerv6OptionValue -ComputerName $using:Server} + $DHCPScopeOptions = Invoke-Command -Session $Session { Get-DhcpServerv6OptionValue -ComputerName $using:Server} + if ($DHCPScopeOptions) { + Section -Style Heading6 "$($DHCPServer.ToUpper().split(".", 2)[0]) IPv6 Scope Server Options" { + Paragraph "The following section provides a summary of the DHCP servers IPv6 Scope Server Options information." + BlankLine Write-PScriboMessage "Discovered '$(($DHCPScopeOptions | Measure-Object).Count)' DHCP scopes server opions on $($Server)." foreach ($Option in $DHCPScopeOptions) { - Write-PscriboMessage "Collecting DHCP Server IPv6 Scope Server Option value $($Option.OptionId) from $($Server.split(".", 2)[0])" - $inObj = [ordered] @{ - 'Name' = $Option.Name - 'Option Id' = $Option.OptionId - 'Type' = ConvertTo-EmptyToFiller $Option.Type - 'Value' = $Option.Value - } - $OutObj += [pscustomobject]$inobj - } - } - catch { - Write-PscriboMessage -IsWarning "$($_.Exception.Message) (IPv6 Scope Server Option)" - } - } - - $TableParams = @{ - Name = "IPv6 Scopes Server Options - $($Server.split(".", 2).ToUpper()[0])" - List = $false - ColumnWidths = 40, 15, 20, 25 - } - if ($Report.ShowTableCaptions) { - $TableParams['Caption'] = "- $($TableParams.Name)" - } - $OutObj | Table @TableParams - try { - Section -Style Heading6 "Scope DNS Settings" { - Paragraph "The following section provides a summary of the DHCP servers IPv6 Scope DNS Setting information." - BlankLine - $OutObj = @() - if ($Server) { - $DHCPScopeOptions = Invoke-Command -Session $Session { Get-DhcpServerv6DnsSetting -ComputerName $using:Server} - Write-PScriboMessage "Discovered '$(($DHCPScopeOptions | Measure-Object).Count)' DHCP scopes dns setting from $($Server)." - foreach ($Option in $DHCPScopeOptions) { - Write-PscriboMessage "Collecting DHCP Server IPv6 Scope DNS Setting value from $($Server)." + try { + Write-PscriboMessage "Collecting DHCP Server IPv6 Scope Server Option value $($Option.OptionId) from $($Server.split(".", 2)[0])" $inObj = [ordered] @{ - 'Dynamic Updates' = $Option.DynamicUpdates - 'Name Protection' = ConvertTo-EmptyToFiller $Option.NameProtection - 'Delete Dns RR On Lease Expiry' = ConvertTo-EmptyToFiller $Option.DeleteDnsRROnLeaseExpiry + 'Name' = $Option.Name + 'Option Id' = $Option.OptionId + 'Type' = ConvertTo-EmptyToFiller $Option.Type + 'Value' = $Option.Value } $OutObj += [pscustomobject]$inobj } + catch { + Write-PscriboMessage -IsWarning "$($_.Exception.Message) (IPv6 Scope Server Option Item)" + } } $TableParams = @{ - Name = "IPv6 Scopes DNS Setting - $($Server.split(".", 2)[0])" - List = $true - ColumnWidths = 40, 60 + Name = "IPv6 Scopes Server Options - $($Server.split(".", 2).ToUpper()[0])" + List = $false + ColumnWidths = 40, 15, 20, 25 } if ($Report.ShowTableCaptions) { $TableParams['Caption'] = "- $($TableParams.Name)" } $OutObj | Table @TableParams + try { + $DHCPScopeOptions = Invoke-Command -Session $Session { Get-DhcpServerv6DnsSetting -ComputerName $using:Server} + if ($DHCPScopeOptions) { + Section -Style Heading6 "Scope DNS Settings" { + $OutObj = @() + foreach ($Option in $DHCPScopeOptions) { + try { + Write-PscriboMessage "Collecting DHCP Server IPv6 Scope DNS Setting value from $($Server)." + $inObj = [ordered] @{ + 'Dynamic Updates' = $Option.DynamicUpdates + 'Name Protection' = ConvertTo-EmptyToFiller $Option.NameProtection + 'Delete Dns RR On Lease Expiry' = ConvertTo-EmptyToFiller $Option.DeleteDnsRROnLeaseExpiry + } + $OutObj += [pscustomobject]$inobj + } + catch { + Write-PscriboMessage -IsWarning "$($_.Exception.Message) (IPv6 Scope DNS Setting Item)" + } + } + + $TableParams = @{ + Name = "IPv6 Scopes DNS Setting - $($Server.split(".", 2)[0])" + List = $true + ColumnWidths = 40, 60 + } + if ($Report.ShowTableCaptions) { + $TableParams['Caption'] = "- $($TableParams.Name)" + } + $OutObj | Table @TableParams + } + } + } + catch { + Write-PscriboMessage -IsWarning "$($_.Exception.Message) (IPv6 Scope DNS Setting Table)" + } } } - catch { - Write-PscriboMessage -IsWarning "$($_.Exception.Message) (IPv6 Scope DNS Setting)" - } } end {} diff --git a/Src/Private/Get-AbrADDHCPv6Statistic.ps1 b/Src/Private/Get-AbrADDHCPv6Statistic.ps1 index ad3d68d..4299e38 100644 --- a/Src/Private/Get-AbrADDHCPv6Statistic.ps1 +++ b/Src/Private/Get-AbrADDHCPv6Statistic.ps1 @@ -29,46 +29,48 @@ function Get-AbrADDHCPv6Statistic { } process { - Section -Style Heading6 'IPv6 Service Statistics' { - Paragraph "The following section provides a summary of the DHCP servers IPv6 Statistics information on $($Domain.ToString().ToUpper())." - BlankLine - $OutObj = @() - if ($Domain) { - try { - $DHCPinDC = Invoke-Command -Session $Session { Get-DhcpServerInDC | Where-Object {$_.DnsName.split(".", 2)[1] -eq $using:Domain} } - if ($DHCPinDC) {Write-PScriboMessage "Discovered '$(($DHCPinDC | Measure-Object).Count)' DHCP Servers in forest $($Domain)."} + try { + $DHCPinDC = Invoke-Command -Session $Session { Get-DhcpServerInDC | Where-Object {$_.DnsName.split(".", 2)[1] -eq $using:Domain} } + if ($DHCPinDC) { + Section -Style Heading6 'IPv6 Service Statistics' { + $OutObj = @() foreach ($DHCPServers in $DHCPinDC) { - Write-PScriboMessage "Collecting DHCP Server IPv6 Statistics from $($DHCPServers.DnsName.split(".", 2)[0])" - $Setting = Invoke-Command -Session $Session { Get-DhcpServerv6Statistics -ComputerName ($using:DHCPServers).DnsName } - $inObj = [ordered] @{ - 'DC Name' = $DHCPServers.DnsName.Split(".", 2)[0] - 'Total Scopes' = ConvertTo-EmptyToFiller $Setting.TotalScopes - 'Total Addresses' = ConvertTo-EmptyToFiller $Setting.TotalAddresses - 'Addresses In Use' = ConvertTo-EmptyToFiller $Setting.AddressesInUse - 'Addresses Available' = ConvertTo-EmptyToFiller $Setting.AddressesAvailable - 'Percentage In Use' = ConvertTo-EmptyToFiller ([math]::Round($Setting.PercentageInUse, 0)) - 'Percentage Available' = ConvertTo-EmptyToFiller ([math]::Round($Setting.PercentageAvailable, 0)) + try { + Write-PScriboMessage "Collecting DHCP Server IPv6 Statistics from $($DHCPServers.DnsName.split(".", 2)[0])" + $Setting = Invoke-Command -Session $Session { Get-DhcpServerv6Statistics -ComputerName ($using:DHCPServers).DnsName } + $inObj = [ordered] @{ + 'DC Name' = $DHCPServers.DnsName.Split(".", 2)[0] + 'Total Scopes' = ConvertTo-EmptyToFiller $Setting.TotalScopes + 'Total Addresses' = ConvertTo-EmptyToFiller $Setting.TotalAddresses + 'Addresses In Use' = ConvertTo-EmptyToFiller $Setting.AddressesInUse + 'Addresses Available' = ConvertTo-EmptyToFiller $Setting.AddressesAvailable + 'Percentage In Use' = ConvertTo-EmptyToFiller ([math]::Round($Setting.PercentageInUse, 0)) + 'Percentage Available' = ConvertTo-EmptyToFiller ([math]::Round($Setting.PercentageAvailable, 0)) + } + $OutObj += [pscustomobject]$inobj + } + catch { + Write-PscriboMessage -IsWarning "$($_.Exception.Message) (IPv6 Service Statistics Item)" } - $OutObj += [pscustomobject]$inobj } - } - catch { - Write-PscriboMessage -IsWarning "$($_.Exception.Message) (IPv6 Service Statistics Summary)" - } - } - if ($HealthCheck.DHCP.Statistics) { - $OutObj | Where-Object { $_.'Percentage In Use' -gt 95} | Set-Style -Style Warning -Property 'Percentage Available','Percentage In Use' - } - $TableParams = @{ - Name = "DHCP Server IPv6 Statistics - $($Domain.ToString().ToUpper())" - List = $false - ColumnWidths = 20, 13, 13, 13, 14 ,13, 14 - } - if ($Report.ShowTableCaptions) { - $TableParams['Caption'] = "- $($TableParams.Name)" + if ($HealthCheck.DHCP.Statistics) { + $OutObj | Where-Object { $_.'Percentage In Use' -gt 95} | Set-Style -Style Warning -Property 'Percentage Available','Percentage In Use' + } + $TableParams = @{ + Name = "DHCP Server IPv6 Statistics - $($Domain.ToString().ToUpper())" + List = $false + ColumnWidths = 20, 13, 13, 13, 14 ,13, 14 + } + if ($Report.ShowTableCaptions) { + $TableParams['Caption'] = "- $($TableParams.Name)" + } + $OutObj | Table @TableParams + } } - $OutObj | Table @TableParams + } + catch { + Write-PscriboMessage -IsWarning "$($_.Exception.Message) (IPv6 Service Statistics Table)" } } diff --git a/Src/Private/Get-AbrADDNSInfrastructure.ps1 b/Src/Private/Get-AbrADDNSInfrastructure.ps1 index b9565f6..a98ad0a 100644 --- a/Src/Private/Get-AbrADDNSInfrastructure.ps1 +++ b/Src/Private/Get-AbrADDNSInfrastructure.ps1 @@ -30,31 +30,29 @@ function Get-AbrADDNSInfrastructure { process { try { - Section -Style Heading5 "Infrastructure Summary" { - Paragraph "The following section provides a summary of the DNS Infrastructure configuration." - BlankLine - if ($Domain) { + $DCs = Invoke-Command -Session $Session {Get-ADDomain -Identity $using:Domain | Select-Object -ExpandProperty ReplicaDirectoryServers} + if ($DCs) { + Section -Style Heading5 "Infrastructure Summary" { + Paragraph "The following section provides a summary of the DNS Infrastructure configuration." + BlankLine $OutObj = @() - foreach ($Item in $Domain) { - $DCs = Invoke-Command -Session $Session {Get-ADDomain -Identity $using:Item | Select-Object -ExpandProperty ReplicaDirectoryServers} - if ($DCs) {Write-PscriboMessage "Discovered '$(($DCs | Measure-Object).Count)' Active Directory Domain Controller on $Domain"} - foreach ($DC in $DCs) { - Write-PscriboMessage "Collecting Domain Name System Infrastructure information on '$($DC)'." - try { - $DNSSetting = Invoke-Command -Session $Session {Get-DnsServerSetting -ComputerName $using:DC} - $inObj = [ordered] @{ - 'DC Name' = $($DC.ToString().ToUpper().Split(".")[0]) - 'Build Number' = ConvertTo-EmptyToFiller $DNSSetting.BuildNumber - 'IPv6' = ConvertTo-EmptyToFiller (ConvertTo-TextYN $DNSSetting.EnableIPv6) - 'DnsSec' = ConvertTo-EmptyToFiller (ConvertTo-TextYN $DNSSetting.EnableDnsSec) - 'ReadOnly DC' = ConvertTo-EmptyToFiller (ConvertTo-TextYN $DNSSetting.IsReadOnlyDC) - 'Listening IP' = $DNSSetting.ListeningIPAddress - } - $OutObj += [pscustomobject]$inobj - } - catch { - Write-PscriboMessage -IsWarning " $($_.Exception.Message) (Infrastructure Summary)" + Write-PscriboMessage "Discovered '$(($DCs | Measure-Object).Count)' Active Directory Domain Controller on $Domain" + foreach ($DC in $DCs) { + Write-PscriboMessage "Collecting Domain Name System Infrastructure information on '$($DC)'." + try { + $DNSSetting = Invoke-Command -Session $Session {Get-DnsServerSetting -ComputerName $using:DC} + $inObj = [ordered] @{ + 'DC Name' = $($DC.ToString().ToUpper().Split(".")[0]) + 'Build Number' = ConvertTo-EmptyToFiller $DNSSetting.BuildNumber + 'IPv6' = ConvertTo-EmptyToFiller (ConvertTo-TextYN $DNSSetting.EnableIPv6) + 'DnsSec' = ConvertTo-EmptyToFiller (ConvertTo-TextYN $DNSSetting.EnableDnsSec) + 'ReadOnly DC' = ConvertTo-EmptyToFiller (ConvertTo-TextYN $DNSSetting.IsReadOnlyDC) + 'Listening IP' = $DNSSetting.ListeningIPAddress } + $OutObj += [pscustomobject]$inobj + } + catch { + Write-PscriboMessage -IsWarning " $($_.Exception.Message) (Infrastructure Summary)" } } @@ -67,20 +65,17 @@ function Get-AbrADDNSInfrastructure { $TableParams['Caption'] = "- $($TableParams.Name)" } $OutObj | Table @TableParams - } - #---------------------------------------------------------------------------------------------# - # DNS IP Section # - #---------------------------------------------------------------------------------------------# - if ($InfoLevel.DNS -ge 2) { - try { - $DCs = Invoke-Command -Session $Session {Get-ADDomain -Identity $using:Domain | Select-Object -ExpandProperty ReplicaDirectoryServers} - if ($DCs) { + #---------------------------------------------------------------------------------------------# + # DNS IP Section # + #---------------------------------------------------------------------------------------------# + if ($InfoLevel.DNS -ge 2) { + try { Section -Style Heading6 "Domain Controller DNS IP Configuration" { $OutObj = @() Write-PscriboMessage "Discovered '$(($DCs | Measure-Object).Count)' Active Directory Domain Controller on $Domain" foreach ($DC in $DCs) { $DCPssSession = New-PSSession $DC -Credential $Cred -Authentication Default - Write-PscriboMessage "Collecting DNS IP Configuration information from '$($DC)'." + Write-PscriboMessage "Collecting DNS IP Configuration information from $($DC)." try { $DNSSettings = Invoke-Command -Session $DCPssSession {Get-NetAdapter | Get-DnsClientServerAddress -AddressFamily IPv4} Remove-PSSession -Session $DCPssSession @@ -116,95 +111,83 @@ function Get-AbrADDNSInfrastructure { $OutObj | Table @TableParams } } + catch { + Write-PscriboMessage -IsWarning "$($_.Exception.Message) (DNS IP Configuration Table)" + } } - catch { - Write-PscriboMessage -IsWarning "$($_.Exception.Message) (DNS IP Configuration Table)" - } - } - #---------------------------------------------------------------------------------------------# - # DNS Aplication Partitions Section # - #---------------------------------------------------------------------------------------------# - if ($InfoLevel.DNS -ge 2) { - try { - Section -Style Heading6 "Application Directory Partition" { - if ($Domain) { - foreach ($Item in $Domain) { - $DCs = Invoke-Command -Session $Session {Get-ADDomain -Identity $using:Item | Select-Object -ExpandProperty ReplicaDirectoryServers} - if ($DCs) {Write-PscriboMessage "Discovered '$(($DCs | Measure-Object).Count)' Active Directory Domain Controller on $Domain"} - foreach ($DC in $DCs) { - Section -Style Heading6 "$($DC.ToString().ToUpper().Split(".")[0]) Directory Partition" { - Paragraph "The following section provides $($DC.ToString().ToUpper().Split(".")[0]) Directory Partition information." - BlankLine - $OutObj = @() - Write-PscriboMessage "Collecting Domain Name System Directory Partition information on '$($DC)'." - try { - $DNSSetting = Invoke-Command -Session $Session {Get-DnsServerDirectoryPartition -ComputerName $using:DC} - foreach ($Partition in $DNSSetting) { - $inObj = [ordered] @{ - 'Name' = $Partition.DirectoryPartitionName - 'State' = ConvertTo-EmptyToFiller $Partition.State - 'Flags' = $Partition.Flags - 'Zone Count' = $Partition.ZoneCount - } - $OutObj += [pscustomobject]$inobj + #---------------------------------------------------------------------------------------------# + # DNS Aplication Partitions Section # + #---------------------------------------------------------------------------------------------# + if ($InfoLevel.DNS -ge 2) { + try { + Section -Style Heading6 "Application Directory Partition" { + foreach ($DC in $DCs) { + Section -Style Heading6 "$($DC.ToString().ToUpper().Split(".")[0]) Directory Partition" { + Paragraph "The following section provides $($DC.ToString().ToUpper().Split(".")[0]) Directory Partition information." + BlankLine + $OutObj = @() + Write-PscriboMessage "Collecting Directory Partition information from $($DC)." + try { + $DNSSetting = Invoke-Command -Session $Session {Get-DnsServerDirectoryPartition -ComputerName $using:DC} + foreach ($Partition in $DNSSetting) { + $inObj = [ordered] @{ + 'Name' = $Partition.DirectoryPartitionName + 'State' = ConvertTo-EmptyToFiller $Partition.State + 'Flags' = $Partition.Flags + 'Zone Count' = $Partition.ZoneCount } + $OutObj += [pscustomobject]$inobj } - catch { - Write-PscriboMessage -IsWarning "$($_.Exception.Message) (Directory Partitions Item)" - } - if ($HealthCheck.DNS.DP) { - $OutObj | Where-Object { $_.'State' -ne 0 -and $_.'State' -ne "-"} | Set-Style -Style Warning -Property 'Name','State','Flags','Zone Count' - } + } + catch { + Write-PscriboMessage -IsWarning "$($_.Exception.Message) (Directory Partitions Item)" + } + if ($HealthCheck.DNS.DP) { + $OutObj | Where-Object { $_.'State' -ne 0 -and $_.'State' -ne "-"} | Set-Style -Style Warning -Property 'Name','State','Flags','Zone Count' + } - $TableParams = @{ - Name = "Directory Partitions - $($Domain.ToString().ToUpper())" - List = $false - ColumnWidths = 50, 15, 25, 10 - } - if ($Report.ShowTableCaptions) { - $TableParams['Caption'] = "- $($TableParams.Name)" - } - $OutObj | Sort-Object -Property Name | Table @TableParams + $TableParams = @{ + Name = "Directory Partitions - $($Domain.ToString().ToUpper())" + List = $false + ColumnWidths = 50, 15, 25, 10 + } + if ($Report.ShowTableCaptions) { + $TableParams['Caption'] = "- $($TableParams.Name)" } + $OutObj | Sort-Object -Property Name | Table @TableParams } } } } + catch { + Write-PscriboMessage -IsWarning "$($_.Exception.Message) (Directory Partitions Table)" + } } - catch { - Write-PscriboMessage -IsWarning "$($_.Exception.Message) (Directory Partitions Table)" - } - } - #---------------------------------------------------------------------------------------------# - # DNS RRL Section # - #---------------------------------------------------------------------------------------------# - if ($InfoLevel.DNS -ge 2) { - try { - Section -Style Heading6 "Response Rate Limiting (RRL)" { - $OutObj = @() - if ($Domain) { - foreach ($Item in $Domain) { - $DCs = Invoke-Command -Session $Session {Get-ADDomain -Identity $using:Item | Select-Object -ExpandProperty ReplicaDirectoryServers} - if ($DCs) {Write-PscriboMessage "Discovered '$(($DCs | Measure-Object).Count)' Active Directory Domain Controller on $Domain"} - foreach ($DC in $DCs) { - Write-PscriboMessage "Collecting Domain Name System Infrastructure information on '$($DC)'." - try { - $DNSSetting = Invoke-Command -Session $Session {Get-DnsServerResponseRateLimiting -ComputerName $using:DC} - $inObj = [ordered] @{ - 'DC Name' = $($DC.ToString().ToUpper().Split(".")[0]) - 'Status' = ConvertTo-EmptyToFiller $DNSSetting.Mode - 'Responses Per Sec' = ConvertTo-EmptyToFiller $DNSSetting.ResponsesPerSec - 'Errors Per Sec' = ConvertTo-EmptyToFiller $DNSSetting.ErrorsPerSec - 'Window In Sec' = ConvertTo-EmptyToFiller $DNSSetting.WindowInSec - 'Leak Rate' = ConvertTo-EmptyToFiller $DNSSetting.LeakRate - 'Truncate Rate' = ConvertTo-EmptyToFiller $DNSSetting.TruncateRate + #---------------------------------------------------------------------------------------------# + # DNS RRL Section # + #---------------------------------------------------------------------------------------------# + if ($InfoLevel.DNS -ge 2) { + try { + Section -Style Heading6 "Response Rate Limiting (RRL)" { + $OutObj = @() + foreach ($DC in $DCs) { + Write-PscriboMessage "Collecting Response Rate Limiting (RRL) information from $($DC)." + try { + $DNSSetting = Invoke-Command -Session $Session {Get-DnsServerResponseRateLimiting -ComputerName $using:DC} + $inObj = [ordered] @{ + 'DC Name' = $($DC.ToString().ToUpper().Split(".")[0]) + 'Status' = ConvertTo-EmptyToFiller $DNSSetting.Mode + 'Responses Per Sec' = ConvertTo-EmptyToFiller $DNSSetting.ResponsesPerSec + 'Errors Per Sec' = ConvertTo-EmptyToFiller $DNSSetting.ErrorsPerSec + 'Window In Sec' = ConvertTo-EmptyToFiller $DNSSetting.WindowInSec + 'Leak Rate' = ConvertTo-EmptyToFiller $DNSSetting.LeakRate + 'Truncate Rate' = ConvertTo-EmptyToFiller $DNSSetting.TruncateRate - } - $OutObj += [pscustomobject]$inobj - } - catch { - Write-PscriboMessage -IsWarning "$($_.Exception.Message) (Response Rate Limiting (RRL) Item)" } + $OutObj += [pscustomobject]$inobj + } + catch { + Write-PscriboMessage -IsWarning "$($_.Exception.Message) (Response Rate Limiting (RRL) Item)" } } @@ -219,47 +202,41 @@ function Get-AbrADDNSInfrastructure { $OutObj | Table @TableParams } } + catch { + Write-PscriboMessage -IsWarning "$($_.Exception.Message) (Response Rate Limiting (RRL) Table)" + } } - catch { - Write-PscriboMessage -IsWarning "$($_.Exception.Message) (Response Rate Limiting (RRL) Table)" - } - } - #---------------------------------------------------------------------------------------------# - # DNS Scanvenging Section # - #---------------------------------------------------------------------------------------------# - if ($InfoLevel.DNS -ge 2) { - try { - Section -Style Heading6 "Scavenging Options" { - $OutObj = @() - if ($Domain) { - foreach ($Item in $Domain) { - $DCs = Invoke-Command -Session $Session {Get-ADDomain -Identity $using:Item | Select-Object -ExpandProperty ReplicaDirectoryServers} - if ($DCs) {Write-PscriboMessage "Discovered '$(($DCs | Measure-Object).Count)' Active Directory Domain Controller on $Domain"} - foreach ($DC in $DCs) { - Write-PscriboMessage "Collecting Domain Name System Infrastructure information on '$($DC)'." - try { - $DNSSetting = Invoke-Command -Session $Session {Get-DnsServerScavenging -ComputerName $using:DC} - $inObj = [ordered] @{ - 'DC Name' = $($DC.ToString().ToUpper().Split(".")[0]) - 'NoRefresh Interval' = ConvertTo-EmptyToFiller $DNSSetting.NoRefreshInterval - 'Refresh Interval' = ConvertTo-EmptyToFiller $DNSSetting.RefreshInterval - 'Scavenging Interval' = ConvertTo-EmptyToFiller $DNSSetting.ScavengingInterval - 'Last Scavenge Time' = Switch ($DNSSetting.LastScavengeTime) { - "" {"-"; break} - $Null {"-"; break} - default {ConvertTo-EmptyToFiller ($DNSSetting.LastScavengeTime.ToString("MM/dd/yyyy"))} - } - 'Scavenging State' = Switch ($DNSSetting.ScavengingState) { - "True" {"Enabled"} - "False" {"Disabled"} - default {ConvertTo-EmptyToFiller $DNSSetting.ScavengingState} - } + #---------------------------------------------------------------------------------------------# + # DNS Scanvenging Section # + #---------------------------------------------------------------------------------------------# + if ($InfoLevel.DNS -ge 2) { + try { + Section -Style Heading6 "Scavenging Options" { + $OutObj = @() + foreach ($DC in $DCs) { + Write-PscriboMessage "Collecting Scavenging Options information from $($DC)." + try { + $DNSSetting = Invoke-Command -Session $Session {Get-DnsServerScavenging -ComputerName $using:DC} + $inObj = [ordered] @{ + 'DC Name' = $($DC.ToString().ToUpper().Split(".")[0]) + 'NoRefresh Interval' = ConvertTo-EmptyToFiller $DNSSetting.NoRefreshInterval + 'Refresh Interval' = ConvertTo-EmptyToFiller $DNSSetting.RefreshInterval + 'Scavenging Interval' = ConvertTo-EmptyToFiller $DNSSetting.ScavengingInterval + 'Last Scavenge Time' = Switch ($DNSSetting.LastScavengeTime) { + "" {"-"; break} + $Null {"-"; break} + default {ConvertTo-EmptyToFiller ($DNSSetting.LastScavengeTime.ToString("MM/dd/yyyy"))} + } + 'Scavenging State' = Switch ($DNSSetting.ScavengingState) { + "True" {"Enabled"} + "False" {"Disabled"} + default {ConvertTo-EmptyToFiller $DNSSetting.ScavengingState} } - $OutObj += [pscustomobject]$inobj - } - catch { - Write-PscriboMessage -IsWarning "$($_.Exception.Message) (Scavenging Item)" } + $OutObj += [pscustomobject]$inobj + } + catch { + Write-PscriboMessage -IsWarning "$($_.Exception.Message) (Scavenging Item)" } } @@ -274,43 +251,36 @@ function Get-AbrADDNSInfrastructure { $OutObj | Table @TableParams } } + catch { + Write-PscriboMessage -IsWarning "$($_.Exception.Message) (Scavenging Table)" + } } - catch { - Write-PscriboMessage -IsWarning "$($_.Exception.Message) (Scavenging Table)" - } - } - #---------------------------------------------------------------------------------------------# - # DNS Forwarder Section # - #---------------------------------------------------------------------------------------------# - try { - Section -Style Heading6 "Forwarder Options" { - $OutObj = @() - if ($Domain) { - foreach ($Item in $Domain) { - $DCs = Invoke-Command -Session $Session {Get-ADDomain -Identity $using:Item | Select-Object -ExpandProperty ReplicaDirectoryServers} - if ($DCs) {Write-PscriboMessage "Discovered '$(($DCs | Measure-Object).Count)' Active Directory Domain Controller on $Domain"} - foreach ($DC in $DCs) { - Write-PscriboMessage "Collecting Domain Name System Infrastructure information on '$($DC)' (Forwarder Summary)." - try { - $DNSSetting = Invoke-Command -Session $Session {Get-DnsServerForwarder -ComputerName $using:DC} - $Recursion = Invoke-Command -Session $Session {Get-DnsServerRecursion -ComputerName $using:DC | Select-Object -ExpandProperty Enable} - $inObj = [ordered] @{ - 'DC Name' = $($DC.ToString().ToUpper().Split(".")[0]) - 'IP Address' = $DNSSetting.IPAddress - 'Timeout' = ("$($DNSSetting.Timeout)/s") - 'Use Root Hint' = ConvertTo-EmptyToFiller (ConvertTo-TextYN $DNSSetting.UseRootHint) - 'Use Recursion' = ConvertTo-EmptyToFiller (ConvertTo-TextYN $Recursion) - } - $OutObj += [pscustomobject]$inobj - } - catch { - Write-PscriboMessage -IsWarning "$($_.Exception.Message) (Forwarder Item)" + #---------------------------------------------------------------------------------------------# + # DNS Forwarder Section # + #---------------------------------------------------------------------------------------------# + try { + Section -Style Heading6 "Forwarder Options" { + $OutObj = @() + foreach ($DC in $DCs) { + Write-PscriboMessage "Collecting Forwarder Options information from $($DC)." + try { + $DNSSetting = Invoke-Command -Session $Session {Get-DnsServerForwarder -ComputerName $using:DC} + $Recursion = Invoke-Command -Session $Session {Get-DnsServerRecursion -ComputerName $using:DC | Select-Object -ExpandProperty Enable} + $inObj = [ordered] @{ + 'DC Name' = $($DC.ToString().ToUpper().Split(".")[0]) + 'IP Address' = $DNSSetting.IPAddress + 'Timeout' = ("$($DNSSetting.Timeout)/s") + 'Use Root Hint' = ConvertTo-EmptyToFiller (ConvertTo-TextYN $DNSSetting.UseRootHint) + 'Use Recursion' = ConvertTo-EmptyToFiller (ConvertTo-TextYN $Recursion) } + $OutObj += [pscustomobject]$inobj + } + catch { + Write-PscriboMessage -IsWarning "$($_.Exception.Message) (Forwarder Item)" } } - $TableParams = @{ - Name = "Infrastructure Forwarder - $($Domain.ToString().ToUpper())" + Name = "Forwarders - $($Domain.ToString().ToUpper())" List = $false ColumnWidths = 35, 15, 15, 15, 20 } @@ -320,88 +290,76 @@ function Get-AbrADDNSInfrastructure { $OutObj | Table @TableParams } } - } - catch { - Write-PscriboMessage -IsWarning "$($_.Exception.Message) (Forwarder Table)" - } - #---------------------------------------------------------------------------------------------# - # DNS Root Hints Section # - #---------------------------------------------------------------------------------------------# - if ($InfoLevel.DNS -ge 2) { - try { - Section -Style Heading6 "Root Hints" { - if ($Domain) { - foreach ($Item in $Domain) { - $DCs = Invoke-Command -Session $Session {Get-ADDomain -Identity $using:Item | Select-Object -ExpandProperty ReplicaDirectoryServers} - if ($DCs) {Write-PscriboMessage "Discovered '$(($DCs | Measure-Object).Count)' Active Directory Domain Controller on $Domain"} - foreach ($DC in $DCs) { - Section -Style Heading6 "$($DC.ToString().ToUpper().Split(".")[0]) Root Hints" { - Paragraph "The following section provides $($DC.ToString().ToUpper().Split(".")[0]) Root Hints information." - BlankLine - $OutObj = @() - Write-PscriboMessage "Collecting Domain Name System Root Hint information on '$($DC)'." - try { - $DNSSetting = Invoke-Command -Session $Session {Get-DnsServerRootHint -ComputerName $using:DC | Select-Object @{Name="Name"; E={$_.NameServer.RecordData.Nameserver}},@{Name="IPAddress"; E={$_.IPAddress.RecordData.IPv6Address.IPAddressToString,$_.IPAddress.RecordData.IPv4Address.IPAddressToString} }} - foreach ($Hints in $DNSSetting) { - $inObj = [ordered] @{ - 'Name' = $Hints.Name - 'IP Address' = (($Hints.IPAddress).Where({ $_ -ne $Null })) -join ", " - } - $OutObj += [pscustomobject]$inobj + catch { + Write-PscriboMessage -IsWarning "$($_.Exception.Message) (Forwarder Table)" + } + #---------------------------------------------------------------------------------------------# + # DNS Root Hints Section # + #---------------------------------------------------------------------------------------------# + if ($InfoLevel.DNS -ge 2) { + try { + Section -Style Heading6 "Root Hints" { + foreach ($DC in $DCs) { + Section -Style Heading6 "$($DC.ToString().ToUpper().Split(".")[0]) Root Hints" { + Paragraph "The following section provides $($DC.ToString().ToUpper().Split(".")[0]) Root Hints information." + BlankLine + $OutObj = @() + Write-PscriboMessage "Collecting Root Hint information from $($DC)." + try { + $DNSSetting = Invoke-Command -Session $Session {Get-DnsServerRootHint -ComputerName $using:DC | Select-Object @{Name="Name"; E={$_.NameServer.RecordData.Nameserver}},@{Name="IPAddress"; E={$_.IPAddress.RecordData.IPv6Address.IPAddressToString,$_.IPAddress.RecordData.IPv4Address.IPAddressToString} }} + foreach ($Hints in $DNSSetting) { + $inObj = [ordered] @{ + 'Name' = $Hints.Name + 'IP Address' = (($Hints.IPAddress).Where({ $_ -ne $Null })) -join ", " } + $OutObj += [pscustomobject]$inobj } - catch { - Write-PscriboMessage -IsWarning "$($_.Exception.Message) (Root Hints Item)" - } + } + catch { + Write-PscriboMessage -IsWarning "$($_.Exception.Message) (Root Hints Item)" + } - $TableParams = @{ - Name = "Root Hints - $($Domain.ToString().ToUpper())" - List = $false - ColumnWidths = 50, 50 - } - if ($Report.ShowTableCaptions) { - $TableParams['Caption'] = "- $($TableParams.Name)" - } - $OutObj | Sort-Object -Property Name | Table @TableParams + $TableParams = @{ + Name = "Root Hints - $($Domain.ToString().ToUpper())" + List = $false + ColumnWidths = 50, 50 + } + if ($Report.ShowTableCaptions) { + $TableParams['Caption'] = "- $($TableParams.Name)" } + $OutObj | Sort-Object -Property Name | Table @TableParams } } } } + catch { + Write-PscriboMessage -IsWarning "$($_.Exception.Message) (Root Hints Table)" + } } - catch { - Write-PscriboMessage -IsWarning "$($_.Exception.Message) (Root Hints Table)" - } - } - #---------------------------------------------------------------------------------------------# - # DNS Zone Scope Section # - #---------------------------------------------------------------------------------------------# - if ($InfoLevel.DNS -ge 2) { - try { - Section -Style Heading6 "Zone Scope Recursion" { - $OutObj = @() - if ($Domain) { - foreach ($Item in $Domain) { - $DCs = Invoke-Command -Session $Session {Get-ADDomain -Identity $using:Item | Select-Object -ExpandProperty ReplicaDirectoryServers} - if ($DCs) {Write-PscriboMessage "Discovered '$(($DCs | Measure-Object).Count)' Active Directory Domain Controller on $Domain"} - foreach ($DC in $DCs) { - Write-PscriboMessage "Collecting Domain Name System Infrastructure information on '$($DC)'." - try { - $DNSSetting = Invoke-Command -Session $Session {Get-DnsServerRecursionScope -ComputerName $using:DC} - $inObj = [ordered] @{ - 'DC Name' = $($DC.ToString().ToUpper().Split(".")[0]) - 'Zone Name' = Switch ($DNSSetting.Name) { - "." {"Root"} - default {ConvertTo-EmptyToFiller $DNSSetting.Name} - } - 'Forwarder' = $DNSSetting.Forwarder - 'Use Recursion' = ConvertTo-EmptyToFiller (ConvertTo-TextYN $DNSSetting.EnableRecursion) + #---------------------------------------------------------------------------------------------# + # DNS Zone Scope Section # + #---------------------------------------------------------------------------------------------# + if ($InfoLevel.DNS -ge 2) { + try { + Section -Style Heading6 "Zone Scope Recursion" { + $OutObj = @() + foreach ($DC in $DCs) { + Write-PscriboMessage "Collecting Zone Scope Recursion information from $($DC)." + try { + $DNSSetting = Invoke-Command -Session $Session {Get-DnsServerRecursionScope -ComputerName $using:DC} + $inObj = [ordered] @{ + 'DC Name' = $($DC.ToString().ToUpper().Split(".")[0]) + 'Zone Name' = Switch ($DNSSetting.Name) { + "." {"Root"} + default {ConvertTo-EmptyToFiller $DNSSetting.Name} } - $OutObj += [pscustomobject]$inobj - } - catch { - Write-PscriboMessage -IsWarning "$($_.Exception.Message) (Zone Scope Recursion Item)" + 'Forwarder' = $DNSSetting.Forwarder + 'Use Recursion' = ConvertTo-EmptyToFiller (ConvertTo-TextYN $DNSSetting.EnableRecursion) } + $OutObj += [pscustomobject]$inobj + } + catch { + Write-PscriboMessage -IsWarning "$($_.Exception.Message) (Zone Scope Recursion Item)" } } @@ -416,15 +374,15 @@ function Get-AbrADDNSInfrastructure { $OutObj | Table @TableParams } } - } - catch { - Write-PscriboMessage -IsWarning "$($_.Exception.Message) (Zone Scope Recursion Table)" + catch { + Write-PscriboMessage -IsWarning "$($_.Exception.Message) (Zone Scope Recursion Table)" + } } } } } catch { - Write-PscriboMessage -IsWarning "$($_.Exception.Message) (Global DNS Infrastructure)" + Write-PscriboMessage -IsWarning "$($_.Exception.Message) (DNS Infrastructure Section)" } } diff --git a/Src/Private/Get-AbrADDNSZone.ps1 b/Src/Private/Get-AbrADDNSZone.ps1 index cc65c59..3d78015 100644 --- a/Src/Private/Get-AbrADDNSZone.ps1 +++ b/Src/Private/Get-AbrADDNSZone.ps1 @@ -57,7 +57,6 @@ function Get-AbrADDNSZone { Write-PscriboMessage -IsWarning "$($_.Exception.Message) (Domain Name System Zone Item)" } } - Remove-PSSession -Session $DCPssSession $TableParams = @{ Name = "Zones - $($Domain.ToString().ToUpper())" @@ -70,8 +69,6 @@ function Get-AbrADDNSZone { $OutObj | Table @TableParams if ($InfoLevel.DNS -ge 2) { try { - $DCPssSession = New-PSSession $DC -Credential $Cred -Authentication Default - Write-PscriboMessage "Discovered Actve Directory Domain Controller: $DC. (Domain Name System Zone)" $DNSSetting = Invoke-Command -Session $DCPssSession {Get-DnsServerZone | Where-Object {$_.IsReverseLookupZone -like "False" -and ($_.ZoneName -ne "_msdcs.pharmax.local" -and $_.ZoneName -ne "TrustAnchors") -and ($_.ZoneType -like "Primary" -or $_.ZoneType -like "Secondary")} | Select-Object -ExpandProperty ZoneName } if ($DNSSetting) { $OutObj = @() @@ -103,7 +100,7 @@ function Get-AbrADDNSZone { } if ($OutObj) { - Section -Style Heading6 "$($DC.ToString().ToUpper().Split(".")[0]) Zone Delegation" { + Section -Style Heading6 "Zone Delegation" { $TableParams = @{ Name = "Zone Delegations - $($Domain.ToString().ToUpper())" @@ -116,7 +113,6 @@ function Get-AbrADDNSZone { $OutObj | Table @TableParams } } - Remove-PSSession -Session $DCPssSession } catch { Write-PscriboMessage -IsWarning "$($_.Exception.Message) (Zone Delegation Table)" @@ -125,11 +121,9 @@ function Get-AbrADDNSZone { if ($InfoLevel.DNS -ge 2) { try { - $DCPssSession = New-PSSession $DC -Credential $Cred -Authentication Default - Write-PscriboMessage "Discovered Actve Directory Domain Controller: $DC. (Domain Name System Zone)" $DNSSetting = Invoke-Command -Session $DCPssSession {Get-ChildItem -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\DNS Server\Zones\*" | Get-ItemProperty | Where-Object {$_ -match 'SecondaryServers'}} if ($DNSSetting) { - Section -Style Heading6 "$($DC.ToString().ToUpper().Split(".")[0]) Zone Transfers" { + Section -Style Heading6 "Zone Transfers" { $OutObj = @() foreach ($Zone in $DNSSetting) { try { @@ -164,17 +158,15 @@ function Get-AbrADDNSZone { } } } - Remove-PSSession -Session $DCPssSession } catch { Write-PscriboMessage -IsWarning "$($_.Exception.Message) (Zone Transfers Table)" } } try { - $DCPssSession = New-PSSession $DC -Credential $Cred -Authentication Default $DNSSetting = Invoke-Command -Session $DCPssSession {Get-DnsServerZone | Where-Object {$_.IsReverseLookupZone -like "True"}} if ($DNSSetting) { - Section -Style Heading6 "$($DC.ToString().ToUpper().Split(".")[0]) Reverse Lookup Zone Configuration" { + Section -Style Heading6 "Reverse Lookup Zone Configuration" { $OutObj = @() Write-PscriboMessage "Discovered Actve Directory Domain Controller: $DC (Domain Name System Zone)" foreach ($Zones in $DNSSetting) { @@ -207,16 +199,14 @@ function Get-AbrADDNSZone { $OutObj | Table @TableParams } } - Remove-PSSession -Session $DCPssSession } catch { Write-PscriboMessage -IsWarning "$($_.Exception.Message) (Reverse Lookup Zone Configuration Table)" } try { - $DCPssSession = New-PSSession $DC -Credential $Cred -Authentication Default $DNSSetting = Invoke-Command -Session $DCPssSession {Get-DnsServerZone | Where-Object {$_.IsReverseLookupZone -like "False" -and $_.ZoneType -like "Forwarder"}} if ($DNSSetting) { - Section -Style Heading5 "$($DC.ToString().ToUpper().Split(".")[0]) Conditional Forwarder" { + Section -Style Heading5 "Conditional Forwarder" { $OutObj = @() Write-PscriboMessage "Discovered Actve Directory Domain Controller: $DC. (Domain Name System Conditional Forwarder )" foreach ($Zones in $DNSSetting) { @@ -247,19 +237,17 @@ function Get-AbrADDNSZone { $OutObj | Table @TableParams } } - Remove-PSSession -Session $DCPssSession } catch { Write-PscriboMessage -IsWarning "$($_.Exception.Message) (Conditional Forwarder Table)" } if ($InfoLevel.DNS -ge 2) { try { - $DCPssSession = New-PSSession $DC -Credential $Cred -Authentication Default Write-PscriboMessage "Discovered Actve Directory Domain Controller: $DC. (Domain Name System Zone)" $DNSSetting = Invoke-Command -Session $DCPssSession {Get-DnsServerZone | Where-Object {$_.IsReverseLookupZone -like "False" -and $_.ZoneType -eq "Primary"} | Select-Object -ExpandProperty ZoneName } $Zones = Invoke-Command -Session $DCPssSession {Get-DnsServerZoneAging -Name $using:DNSSetting} if ($Zones) { - Section -Style Heading6 "$($DC.ToString().ToUpper().Split(".")[0]) Zone Scope Aging Properties" { + Section -Style Heading6 "Zone Scope Aging Properties" { $OutObj = @() foreach ($Settings in $Zones) { try { @@ -297,7 +285,6 @@ function Get-AbrADDNSZone { $OutObj | Table @TableParams } } - Remove-PSSession -Session $DCPssSession } catch { Write-PscriboMessage -IsWarning "$($_.Exception.Message) (Zone Scope Aging Table)" @@ -305,6 +292,7 @@ function Get-AbrADDNSZone { } } } + Remove-PSSession -Session $DCPssSession } catch { Write-PscriboMessage -IsWarning "$($_.Exception.Message) (Global DNS Zone Information)" diff --git a/Src/Private/Get-AbrADDomainController.ps1 b/Src/Private/Get-AbrADDomainController.ps1 index 5a354cd..0fa9687 100644 --- a/Src/Private/Get-AbrADDomainController.ps1 +++ b/Src/Private/Get-AbrADDomainController.ps1 @@ -34,7 +34,7 @@ function Get-AbrADDomainController { try { $OutObj = @() Write-PscriboMessage "Discovering Active Directory Domain Controller information from $Domain." - $DCs = Invoke-Command -Session $Session {Get-ADDomain -Identity $using:Domain | Select-Object -ExpandProperty ReplicaDirectoryServers} + $DCs = Invoke-Command -Session $Session {Get-ADDomain -Identity $using:Domain | Select-Object -ExpandProperty ReplicaDirectoryServers} if ($DCs) { foreach ($DC in $DCs) { Write-PscriboMessage "Discovered '$(($DCs | Measure-Object).Count)' Active Directory Domain Controller in domain $Domain." @@ -81,7 +81,6 @@ function Get-AbrADDomainController { BlankLine $OutObj = @() Write-PscriboMessage "Discovering Active Directory Domain Controller information in $Domain." - $DCs = Invoke-Command -Session $Session {Get-ADDomain -Identity $using:Domain | Select-Object -ExpandProperty ReplicaDirectoryServers} if ($DCs) { Write-PscriboMessage "Discovered '$(($DCs | Measure-Object).Count)' Active Directory Domain Controller in domain $Domain." foreach ($DC in $DCs) { @@ -150,7 +149,6 @@ function Get-AbrADDomainController { BlankLine $OutObj = @() Write-PscriboMessage "Discovering Active Directory Domain Controller information in $Domain." - $DCs = Invoke-Command -Session $Session {Get-ADDomain -Identity $using:Domain | Select-Object -ExpandProperty ReplicaDirectoryServers} if ($DCs) { Write-PscriboMessage "Discovered '$(($DCs | Measure-Object).Count)' Active Directory Domain Controller in domain $Domain." foreach ($DC in $DCs) { @@ -200,7 +198,6 @@ function Get-AbrADDomainController { BlankLine $OutObj = @() Write-PscriboMessage "Discovering Active Directory Domain Controller information in $Domain." - $DCs = Invoke-Command -Session $Session {Get-ADDomain -Identity $using:Domain | Select-Object -ExpandProperty ReplicaDirectoryServers} if ($DCs) { Write-PscriboMessage "Discovered '$(($DCs | Measure-Object).Count)' Active Directory Domain Controller in domain $Domain." foreach ($DC in $DCs) { @@ -255,7 +252,6 @@ function Get-AbrADDomainController { Paragraph "The following section provides a summary of additional software running on $($Domain.ToString().ToUpper())." BlankLine Write-PscriboMessage "Discovering Active Directory Domain Controller information in $Domain." - $DCs = Invoke-Command -Session $Session {Get-ADDomain -Identity $using:Domain | Select-Object -ExpandProperty ReplicaDirectoryServers} if ($DCs) { Write-PscriboMessage "Discovered '$(($DCs | Measure-Object).Count)' Active Directory Domain Controller in domain $Domain." foreach ($DC in $DCs) { diff --git a/Src/Private/Get-AbrADFSMO.ps1 b/Src/Private/Get-AbrADFSMO.ps1 index 8eb7193..49e5cd8 100644 --- a/Src/Private/Get-AbrADFSMO.ps1 +++ b/Src/Private/Get-AbrADFSMO.ps1 @@ -30,14 +30,14 @@ function Get-AbrADFSMO { process { try { - Section -Style Heading5 'Flexible Single Master Operations (FSMO)' { - Paragraph "The following section provides a summary of the Active Directory FSMO for Domain $($Domain.ToString().ToUpper())." - BlankLine - $OutObj = @() - if ($Domain) { + $DomainData = Invoke-Command -Session $Session {Get-ADDomain $using:Domain | Select-Object InfrastructureMaster, RIDMaster, PDCEmulator} + $ForestData = Invoke-Command -Session $Session {Get-ADForest $using:Domain | Select-Object DomainNamingMaster, SchemaMaster} + if ($DomainData -and $ForestData) { + Section -Style Heading5 'Flexible Single Master Operations (FSMO)' { + Paragraph "The following section provides a summary of the Active Directory FSMO for Domain $($Domain.ToString().ToUpper())." + BlankLine + $OutObj = @() try { - $DomainData = Invoke-Command -Session $Session {Get-ADDomain $using:Domain | Select-Object InfrastructureMaster, RIDMaster, PDCEmulator} - $ForestData = Invoke-Command -Session $Session {Get-ADForest $using:Domain | Select-Object DomainNamingMaster, SchemaMaster} Write-PscriboMessage "Discovered Active Directory FSMO information of domain $Domain." $inObj = [ordered] @{ 'Infrastructure Master Server' = $DomainData.InfrastructureMaster diff --git a/Src/Private/Get-AbrADGPO.ps1 b/Src/Private/Get-AbrADGPO.ps1 index d145520..175e9d6 100644 --- a/Src/Private/Get-AbrADGPO.ps1 +++ b/Src/Private/Get-AbrADGPO.ps1 @@ -156,7 +156,6 @@ function Get-AbrADGPO { Write-PscriboMessage -IsWarning "$($_.Exception.Message) (GPO Central Store)" } try { - $GPOs = Invoke-Command -Session $Session -ScriptBlock {Get-GPO -Domain $using:Domain -All} if ($GPOs) { Write-PscriboMessage "Discovered Active Directory Group Policy Objects information on $Domain. (Group Policy Objects)" $OutObj = @() @@ -208,7 +207,6 @@ function Get-AbrADGPO { Write-PscriboMessage -IsWarning "$($_.Exception.Message) (GPO with Logon/Logoff Script Section)" } try { - $GPOs = Invoke-Command -Session $Session -ScriptBlock {Get-GPO -Domain $using:Domain -All} if ($GPOs) { $OutObj = @() Write-PscriboMessage "Discovered Active Directory Group Policy Objects information on $Domain. (Group Policy Objects)" @@ -269,7 +267,6 @@ function Get-AbrADGPO { if ($HealthCheck.Domain.GPO) { try { $OutObj = @() - $GPOs = Invoke-Command -Session $Session -ScriptBlock {Get-GPO -Domain $using:Domain -All} if ($GPOs) { Write-PscriboMessage "Discovered Active Directory Group Policy Objects information on $Domain. (Group Policy Objects)" foreach ($GPO in $GPOs) { @@ -319,7 +316,6 @@ function Get-AbrADGPO { } try { $OutObj = @() - $GPOs = Invoke-Command -Session $Session -ScriptBlock {Get-GPO -Domain $using:Domain -All} if ($GPOs) { Write-PscriboMessage "Discovered Active Directory Group Policy Objects information on $Domain. (Group Policy Objects)" foreach ($GPO in $GPOs) { diff --git a/Src/Private/Get-AbrADSite.ps1 b/Src/Private/Get-AbrADSite.ps1 index c976dd0..db36669 100644 --- a/Src/Private/Get-AbrADSite.ps1 +++ b/Src/Private/Get-AbrADSite.ps1 @@ -105,7 +105,7 @@ function Get-AbrADSite { Write-PscriboMessage -IsWarning "$($_.Exception.Message) (Site Subnets)" } try { - $Link = Invoke-Command -Session $Session {Get-ADReplicationSiteLink -Filter * -Properties *} + $Link = Invoke-Command -Session $Session {Get-ADReplicationSiteLink -Filter * -Properties *} if ($Link) { Section -Style Heading4 'Site Links' { $OutObj = @() diff --git a/Src/Public/Invoke-AsBuiltReport.Microsoft.AD.ps1 b/Src/Public/Invoke-AsBuiltReport.Microsoft.AD.ps1 index f0f4f2f..3321d4f 100644 --- a/Src/Public/Invoke-AsBuiltReport.Microsoft.AD.ps1 +++ b/Src/Public/Invoke-AsBuiltReport.Microsoft.AD.ps1 @@ -213,33 +213,31 @@ function Invoke-AsBuiltReport.Microsoft.AD { } foreach ($Domain in ( Invoke-Command -Session $TempPssSession {Get-ADForest | Select-Object -ExpandProperty Domains | Sort-Object -Descending})) { try { - Section -Style Heading4 "$($Domain.ToString().ToUpper()) Domain DHCP Configuration" { - Paragraph "The following section provides a summary of the Dynamic Host Configuration Protocol." - BlankLine - Get-AbrADDHCPInfrastructure -Domain $Domain -Session $TempPssSession - Section -Style Heading5 "IPv4 Scope Summary" { - Paragraph "The following section provides a IPv4 configuration summary of the Dynamic Host Configuration Protocol." + $DomainDHCPs = Invoke-Command -Session $TempPssSession { Get-DhcpServerInDC | Where-Object {$_.DnsName.split(".", 2)[1] -eq $using:Domain} | Select-Object -ExpandProperty DnsName} + if ($DomainDHCPs) { + Section -Style Heading4 "$($Domain.ToString().ToUpper()) Domain DHCP Configuration" { + Paragraph "The following section provides a summary of the Dynamic Host Configuration Protocol." BlankLine - try { - Get-AbrADDHCPv4Statistic -Domain $Domain -Session $TempPssSession - } - catch { - Write-PScriboMessage -IsWarning "Error: Retreiving DHCP Server IPv4 Statistics from $($Domain.ToString().ToUpper())." - Write-PScriboMessage -IsWarning "$($_.Exception.Message) (IPv4 DHCP Server Statistics)" - } - $DomainDHCPs = Invoke-Command -Session $TempPssSession { Get-DhcpServerInDC | Where-Object {$_.DnsName.split(".", 2)[1] -eq $using:Domain} | Select-Object -ExpandProperty DnsName} - foreach ($DHCPServer in $DomainDHCPs){ + Get-AbrADDHCPInfrastructure -Domain $Domain -Session $TempPssSession + Section -Style Heading5 "IPv4 Scope Configuration" { + Paragraph "The following section provides a IPv4 configuration summary of the Dynamic Host Configuration Protocol." + BlankLine try { - Get-AbrADDHCPv4Scope -Domain $Domain -Server $DHCPServer -Session $TempPssSession + Get-AbrADDHCPv4Statistic -Domain $Domain -Session $TempPssSession } catch { - Write-PScriboMessage -IsWarning "$($_.Exception.Message) (IPv4 DHCP Server Scope information)" + Write-PScriboMessage -IsWarning "Error: Retreiving DHCP Server IPv4 Statistics from $($Domain.ToString().ToUpper())." + Write-PScriboMessage -IsWarning "$($_.Exception.Message) (IPv4 DHCP Server Statistics)" } - if ($InfoLevel.DHCP -ge 2) { + foreach ($DHCPServer in $DomainDHCPs){ try { - Section -Style Heading6 "$($DHCPServer.ToUpper().split(".", 2)[0]) IPv4 Scope Server Options" { - Paragraph "The following section provides a summary of the DHCP servers IPv4 Scope Server Options information." - BlankLine + Get-AbrADDHCPv4Scope -Domain $Domain -Server $DHCPServer -Session $TempPssSession + } + catch { + Write-PScriboMessage -IsWarning "$($_.Exception.Message) (IPv4 DHCP Server Scope information)" + } + if ($InfoLevel.DHCP -ge 2) { + try { Get-AbrADDHCPv4ScopeServerSetting -Domain $Domain -Server $DHCPServer -Session $TempPssSession $DHCPScopes = Invoke-Command -Session $TempPssSession { Get-DhcpServerv4Scope -ComputerName $using:DHCPServer | Select-Object -ExpandProperty ScopeId} foreach ($Scope in $DHCPScopes) { @@ -252,36 +250,33 @@ function Invoke-AsBuiltReport.Microsoft.AD { } } } - } - catch { - Write-PScriboMessage -IsWarning "$($_.Exception.Message) (IPv4 DHCP Scope Server Options)" + catch { + Write-PScriboMessage -IsWarning "$($_.Exception.Message) (IPv4 DHCP Scope Server Options)" + } } } } - } - Section -Style Heading5 "IPv6 Scope Configuration" { - Paragraph "The following section provides a IPv6 configuration summary of the Dynamic Host Configuration Protocol." - BlankLine - try { - Get-AbrADDHCPv6Statistic -Domain $Domain -Session $TempPssSession - } - catch { - Write-PScriboMessage -IsWarning "Error: Retreiving DHCP Server IPv6 Statistics from $($Domain.ToString().ToUpper())." - Write-PScriboMessage -IsDebug "$($_.Exception.Message) (IPv6 DHCP Server IPv6 Statistics)" - } - $DomainDHCPs = Invoke-Command -Session $TempPssSession { Get-DhcpServerInDC | Where-Object {$_.DnsName.split(".", 2)[1] -eq $using:Domain} | Select-Object -ExpandProperty DnsName} - foreach ($DHCPServer in $DomainDHCPs){ + Section -Style Heading5 "IPv6 Scope Configuration" { + Paragraph "The following section provides a IPv6 configuration summary of the Dynamic Host Configuration Protocol." + BlankLine try { - Get-AbrADDHCPv6Scope -Domain $Domain -Server $DHCPServer -Session $TempPssSession + Get-AbrADDHCPv6Statistic -Domain $Domain -Session $TempPssSession } catch { - Write-PscriboMessage -IsWarning "$($_.Exception.Message) (IPv6 DHCP Scope Information)" + Write-PScriboMessage -IsWarning "Error: Retreiving DHCP Server IPv6 Statistics from $($Domain.ToString().ToUpper())." + Write-PScriboMessage -IsWarning "$($_.Exception.Message) (IPv6 DHCP Server IPv6 Statistics)" } - if ($InfoLevel.DHCP -ge 2) { + foreach ($DHCPServer in $DomainDHCPs){ + Write-PScriboMessage "Discovering Dhcp Server IPv6 Scopes from $DHCPServer" + try { - Section -Style Heading6 "$($DHCPServer.ToUpper().split(".", 2)[0]) IPv6 Scope Server Options" { - Paragraph "The following section provides a summary of the DHCP servers IPv6 Scope Server Options information." - BlankLine + Get-AbrADDHCPv6Scope -Domain $Domain -Server $DHCPServer -Session $TempPssSession + } + catch { + Write-PscriboMessage -IsWarning "$($_.Exception.Message) (IPv6 DHCP Scope Information)" + } + if ($InfoLevel.DHCP -ge 2) { + try { Get-AbrADDHCPv6ScopeServerSetting -Domain $Domain -Server $DHCPServer -Session $TempPssSession $DHCPScopes = Invoke-Command -Session $TempPssSession { Get-DhcpServerv6Scope -ComputerName $using:DHCPServer | Select-Object -ExpandProperty Prefix} foreach ($Scope in $DHCPScopes) { @@ -294,9 +289,9 @@ function Invoke-AsBuiltReport.Microsoft.AD { } } } - } - catch { - Write-PScriboMessage -IsWarning "$($_.Exception.Message) (IPv6 DHCP Scope Server Options)" + catch { + Write-PScriboMessage -IsWarning "$($_.Exception.Message) (IPv6 DHCP Scope Server Options)" + } } } } From cd90369eb61d313ffc83d93bab1a8908ac8cea69 Mon Sep 17 00:00:00 2001 From: Jonathan Colon Date: Sun, 23 Jan 2022 20:42:25 -0400 Subject: [PATCH 14/23] Fix for Infolevel settings --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 233ba68..8fda2c7 100644 --- a/README.md +++ b/README.md @@ -162,12 +162,12 @@ The **Options** schema allows certain options within the report to be toggled on The **InfoLevel** schema allows configuration of each section of the report at a granular level. The following sections can be set. -There are 2 levels (0-1) of detail granularity for each section as follows; +There are 4 levels (0-3) of detail granularity for each section as follows; | Setting | InfoLevel | Description | |:-------:|-------------------|--------------------------------------------------------------------------------------------------------------------------------------------| | 0 | Disabled | Does not collect or display any information | -| 1 | Enabled / Summary | Provides summarised information for a collection of objects | +| 1 | Enabled | Provides summarised information for a collection of objects | | 2 | Adv Summary | Provides condensed, detailed information for a collection of objects | | 3 | Detailed | Provides detailed information for individual objects | From 0a9c124521216b769484726b3c51f5b3124ec9bb Mon Sep 17 00:00:00 2001 From: Jonathan Colon Date: Sun, 23 Jan 2022 23:57:39 -0400 Subject: [PATCH 15/23] Updated Infolevel Table --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 8fda2c7..a8ca285 100644 --- a/README.md +++ b/README.md @@ -179,7 +179,7 @@ The table below outlines the default and maximum **InfoLevel** settings for each | Domain | 1 | 3 | | DNS | 1 | 2 | | DHCP | 1 | 2 | -| CA | 2 | 2 | +| CA | 2 | 3 | ### Healthcheck From 0d0ccae402d0515399d2552b0e46eee8e95325f6 Mon Sep 17 00:00:00 2001 From: Jonathan Colon Date: Sun, 23 Jan 2022 23:59:13 -0400 Subject: [PATCH 16/23] Fix for table caption error message --- Src/Private/Get-AbrADCAAIA.ps1 | 59 +++--- Src/Private/Get-AbrADCACRLSetting.ps1 | 104 +++++----- Src/Private/Get-AbrADCACryptographyConfig.ps1 | 12 +- Src/Private/Get-AbrADCAKeyRecoveryAgent.ps1 | 56 +++--- Src/Private/Get-AbrADCARoot.ps1 | 2 +- Src/Private/Get-AbrADCASecurity.ps1 | 148 +++++++------- Src/Private/Get-AbrADCASubordinate.ps1 | 69 ++++--- Src/Private/Get-AbrADCASummary.ps1 | 28 +-- Src/Private/Get-AbrADCATemplate.ps1 | 188 +++++++++--------- Src/Private/Get-AbrADDomainController.ps1 | 3 - .../Invoke-AsBuiltReport.Microsoft.AD.ps1 | 16 +- 11 files changed, 325 insertions(+), 360 deletions(-) diff --git a/Src/Private/Get-AbrADCAAIA.ps1 b/Src/Private/Get-AbrADCAAIA.ps1 index 20a6b39..27dff74 100644 --- a/Src/Private/Get-AbrADCAAIA.ps1 +++ b/Src/Private/Get-AbrADCAAIA.ps1 @@ -5,7 +5,7 @@ function Get-AbrADCAAIA { .DESCRIPTION .NOTES - Version: 0.5.0 + Version: 0.6.2 Author: Jonathan Colon Twitter: @jcolonfzenpr Github: rebelinux @@ -23,53 +23,50 @@ function Get-AbrADCAAIA { } process { - try { + if ($CAs) { Section -Style Heading4 "Authority Information Access (AIA) Summary" { Paragraph "The following section provides the Certification Authority Authority Information Access information." BlankLine - Write-PscriboMessage "Discovering Active Directory Certification Authority information on $($ForestInfo.toUpper())." - $CAs = Get-CertificationAuthority -Enterprise - if ($CAs) {Write-PscriboMessage "Discovered '$(($CAs | Measure-Object).Count)' Active Directory Certification Authority in forest $ForestInfo."} foreach ($CA in $CAs) { try { - Section -Style Heading5 "$($CA.Name) AIA" { - Paragraph "The following section provides the Certification Authority Authority Information Access information." - BlankLine + Section -Style Heading5 "$($CA.Name)" { $OutObj = @() - Write-PscriboMessage "Collecting AD CA Authority Information Access information on $CA." + Write-PscriboMessage "Collecting AD CA Authority Information Access information on $($CA.Name)." $AIA = Get-AuthorityInformationAccess -CertificationAuthority $CA foreach ($URI in $AIA.URI) { - $inObj = [ordered] @{ - 'Reg URI' = $URI.RegURI - 'Config URI' = $URI.ConfigURI - 'Flags' = ConvertTo-EmptyToFiller ($URI.Flags -join ", ") - 'Server Publish' = ConvertTo-TextYN $URI.ServerPublish - 'Include To Extension' = ConvertTo-TextYN $URI.IncludeToExtension - 'OCSP' = ConvertTo-TextYN $URI.OCSP - } - $OutObj += [pscustomobject]$inobj - } + try { + $inObj = [ordered] @{ + 'Reg URI' = $URI.RegURI + 'Config URI' = $URI.ConfigURI + 'Flags' = ConvertTo-EmptyToFiller ($URI.Flags -join ", ") + 'Server Publish' = ConvertTo-TextYN $URI.ServerPublish + 'Include To Extension' = ConvertTo-TextYN $URI.IncludeToExtension + 'OCSP' = ConvertTo-TextYN $URI.OCSP + } + $OutObj = [pscustomobject]$inobj - $TableParams = @{ - Name = "Authority Information Access - $($CA.Name)" - List = $true - ColumnWidths = 40, 60 - } - if ($Report.ShowTableCaptions) { - $TableParams['Caption'] = "- $($TableParams.Name)" + $TableParams = @{ + Name = "Authority Information Access - $($CA.Name)" + List = $true + ColumnWidths = 40, 60 + } + if ($Report.ShowTableCaptions) { + $TableParams['Caption'] = "- $($TableParams.Name)" + } + $OutObj | Table @TableParams + } + catch { + Write-PscriboMessage -IsWarning "$($_.Exception.Message) (Authority Information Access Item)" + } } - $OutObj | Table @TableParams } } catch { - Write-PscriboMessage -IsWarning "$($_.Exception.Message) (Authority Information Access)" + Write-PscriboMessage -IsWarning "$($_.Exception.Message) (Authority Information Access Table)" } } } } - catch { - Write-PscriboMessage -IsWarning "$($_.Exception.Message) (Authority Information Access)" - } } end {} diff --git a/Src/Private/Get-AbrADCACRLSetting.ps1 b/Src/Private/Get-AbrADCACRLSetting.ps1 index d280bf0..96e4f21 100644 --- a/Src/Private/Get-AbrADCACRLSetting.ps1 +++ b/Src/Private/Get-AbrADCACRLSetting.ps1 @@ -28,15 +28,10 @@ function Get-AbrADCACRLSetting { Paragraph "The following section provides the Certification Authority CRL Distribution Point information." BlankLine Section -Style Heading5 "CRL Validity Period" { - Paragraph "The following section provides the Certification Authority CRL Validity Period information." - BlankLine $OutObj = @() - Write-PscriboMessage "Discovering Active Directory Certification Authority information on $($ForestInfo.toUpper())." - $CAs = Get-CertificationAuthority -Enterprise - if ($CAs) {Write-PscriboMessage "Discovered '$(($CAs | Measure-Object).Count)' Active Directory Certification Authority in forest $ForestInfo."} foreach ($CA in $CAs) { try { - Write-PscriboMessage "Collecting AD CA CRL Validity Period information on $CA." + Write-PscriboMessage "Collecting AD CA CRL Validity Period information on $($CA.Name)." $CRLs = Get-CRLValidityPeriod -CertificationAuthority $CA foreach ($VP in $CRLs) { $inObj = [ordered] @{ @@ -66,15 +61,10 @@ function Get-AbrADCACRLSetting { } try { Section -Style Heading5 "CRL Flags Settings" { - Paragraph "The following section provides the Certification Authority CRL Flags information." - BlankLine $OutObj = @() - Write-PscriboMessage "Discovering Active Directory Certification Authority information on $($ForestInfo.toUpper())." - $CAs = Get-CertificationAuthority -Enterprise - if ($CAs) {Write-PscriboMessage "Discovered '$(($CAs | Measure-Object).Count)' Active Directory Certification Authority in forest $ForestInfo."} foreach ($CA in $CAs) { try { - Write-PscriboMessage "Collecting AD CA CRL Distribution Point information on $CA." + Write-PscriboMessage "Collecting AD CA CRL Distribution Point information on $($CA.Name)." $CRLs = Get-CertificateRevocationListFlag -CertificationAuthority $CA foreach ($Flag in $CRLs) { $inObj = [ordered] @{ @@ -108,42 +98,42 @@ function Get-AbrADCACRLSetting { Section -Style Heading5 "CRL Distribution Point" { Paragraph "The following section provides the Certification Authority CRL Distribution Point information." BlankLine - Write-PscriboMessage "Discovering Active Directory Certification Authority information on $($ForestInfo.toUpper())." - $CAs = Get-CertificationAuthority -Enterprise - if ($CAs) {Write-PscriboMessage "Discovered '$(($CAs | Measure-Object).Count)' Active Directory Certification Authority in forest $ForestInfo."} foreach ($CA in $CAs) { try { - Section -Style Heading6 "$($CA.Name) Distribution Point" { - Paragraph "The following section provides the Certification Authority CRL Distribution Point information." - BlankLine + Section -Style Heading6 "$($CA.Name)" { $OutObj = @() - Write-PscriboMessage "Collecting AD CA CRL Distribution Point information on $CA." + Write-PscriboMessage "Collecting AD CA CRL Distribution Point information on $($CA.NAme)." $CRL = Get-CRLDistributionPoint -CertificationAuthority $CA foreach ($URI in $CRL.URI) { - $inObj = [ordered] @{ - 'Reg URI' = $URI.RegURI - 'Config URI' = $URI.ConfigURI - 'Url Scheme' = $URI.UrlScheme - 'ProjectedURI' = $URI.ProjectedURI - 'Flags' = ConvertTo-EmptyToFiller ($URI.Flags -join ", ") - 'CRL Publish' = ConvertTo-TextYN $URI.IncludeToExtension - 'Delta CRL Publish' = ConvertTo-TextYN $URI.DeltaCRLPublish - 'Add To Cert CDP' = ConvertTo-TextYN $URI.AddToCertCDP - 'Add To Fresh est CRL' = ConvertTo-TextYN $URI.AddToFreshestCRL - 'Add To Crl cdp' = ConvertTo-TextYN $URI.AddToCrlcdp - } - $OutObj += [pscustomobject]$inobj - } + try { + $inObj = [ordered] @{ + 'Reg URI' = $URI.RegURI + 'Config URI' = $URI.ConfigURI + 'Url Scheme' = $URI.UrlScheme + 'ProjectedURI' = $URI.ProjectedURI + 'Flags' = ConvertTo-EmptyToFiller ($URI.Flags -join ", ") + 'CRL Publish' = ConvertTo-TextYN $URI.IncludeToExtension + 'Delta CRL Publish' = ConvertTo-TextYN $URI.DeltaCRLPublish + 'Add To Cert CDP' = ConvertTo-TextYN $URI.AddToCertCDP + 'Add To Fresh est CRL' = ConvertTo-TextYN $URI.AddToFreshestCRL + 'Add To Crl cdp' = ConvertTo-TextYN $URI.AddToCrlcdp + } + $OutObj = [pscustomobject]$inobj - $TableParams = @{ - Name = "CRL Distribution Point - $($CA.Name)" - List = $true - ColumnWidths = 40, 60 - } - if ($Report.ShowTableCaptions) { - $TableParams['Caption'] = "- $($TableParams.Name)" + $TableParams = @{ + Name = "CRL Distribution Point - $($CA.Name)" + List = $true + ColumnWidths = 40, 60 + } + if ($Report.ShowTableCaptions) { + $TableParams['Caption'] = "- $($TableParams.Name)" + } + $OutObj | Table @TableParams + } + catch { + Write-PscriboMessage -IsWarning $_.Exception.Message + } } - $OutObj | Table @TableParams } } catch { @@ -165,26 +155,22 @@ function Get-AbrADCACRLSetting { Paragraph "The following section is intended to perform Certification Authority health status checking by CA certificate chain status and validating all CRL Distribution Point (CDP) and Authority Information Access (AIA) URLs for each certificate in the chain." BlankLine $OutObj = @() - if ($ForestInfo) { - Write-PscriboMessage "Discovering Active Directory Certification Authority Health information in $($ForestInfo.toUpper())." - $CAs = Get-CertificationAuthority -Enterprise - foreach ($CA in $CAs) { - Write-PscriboMessage "Discovered '$(($CAs | Measure-Object).Count)' Active Directory Certification Authority in domain $ForestInfo." - try { - Write-PscriboMessage "Collecting AD Certification Authority Health information of $CA." - $CAHealth = Get-EnterprisePKIHealthStatus -CertificateAuthority $CA - foreach ($Health in $CAHealth) { - $inObj = [ordered] @{ - 'CA Name' = $Health.Name - 'Childs' = ($Health.Childs).Name - 'Health' = $Health.Status - } - $OutObj += [pscustomobject]$inobj + foreach ($CA in $CAs) { + Write-PscriboMessage "Discovered '$(($CAs | Measure-Object).Count)' Active Directory Certification Authority in domain $ForestInfo." + try { + $CAHealth = Get-EnterprisePKIHealthStatus -CertificateAuthority $CA + foreach ($Health in $CAHealth) { + Write-PscriboMessage "Collecting AIA and CDP Health Status from $($Health.Name)." + $inObj = [ordered] @{ + 'CA Name' = $Health.Name + 'Childs' = ($Health.Childs).Name + 'Health' = $Health.Status } + $OutObj += [pscustomobject]$inobj } - catch { - Write-PscriboMessage -IsWarning $_.Exception.Message - } + } + catch { + Write-PscriboMessage -IsWarning $_.Exception.Message } } diff --git a/Src/Private/Get-AbrADCACryptographyConfig.ps1 b/Src/Private/Get-AbrADCACryptographyConfig.ps1 index bd7f640..4c05d78 100644 --- a/Src/Private/Get-AbrADCACryptographyConfig.ps1 +++ b/Src/Private/Get-AbrADCACryptographyConfig.ps1 @@ -5,7 +5,7 @@ function Get-AbrADCACryptographyConfig { .DESCRIPTION .NOTES - Version: 0.5.0 + Version: 0.6.2 Author: Jonathan Colon Twitter: @jcolonfzenpr Github: rebelinux @@ -23,18 +23,15 @@ function Get-AbrADCACryptographyConfig { } process { - try { + if ($CAs) { Section -Style Heading4 "Cryptography Configuration" { Paragraph "The following section provides the Certification Authority Cryptography Configuration information." BlankLine $OutObj = @() - Write-PscriboMessage "Discovering Active Directory Certification Authority information on $($ForestInfo.toUpper())." - $CAs = Get-CertificationAuthority -Enterprise - if ($CAs) {Write-PscriboMessage "Discovered '$(($CAs | Measure-Object).Count)' Active Directory Certification Authority in forest $ForestInfo."} foreach ($CA in $CAs) { try { - Write-PscriboMessage "Collecting AD Certification Authority Summary information of $CA." $CryptoConfig = Get-CACryptographyConfig -CertificationAuthority $CA + Write-PscriboMessage "Discovered Cryptography Configuration information from $($CryptoConfig.Name)." $inObj = [ordered] @{ 'CA Name' = $CryptoConfig.Name 'Server Name' = $CryptoConfig.ComputerName.ToString().ToUpper().Split(".")[0] @@ -62,9 +59,6 @@ function Get-AbrADCACryptographyConfig { } } } - catch { - Write-PscriboMessage -IsWarning $_.Exception.Message - } } end {} diff --git a/Src/Private/Get-AbrADCAKeyRecoveryAgent.ps1 b/Src/Private/Get-AbrADCAKeyRecoveryAgent.ps1 index 5dfd075..7c47882 100644 --- a/Src/Private/Get-AbrADCAKeyRecoveryAgent.ps1 +++ b/Src/Private/Get-AbrADCAKeyRecoveryAgent.ps1 @@ -5,7 +5,7 @@ function Get-AbrADCAKeyRecoveryAgent { .DESCRIPTION .NOTES - Version: 0.5.0 + Version: 0.6.2 Author: Jonathan Colon Twitter: @jcolonfzenpr Github: rebelinux @@ -24,37 +24,35 @@ function Get-AbrADCAKeyRecoveryAgent { process { try { - Section -Style Heading4 "Key Recovery Agent Certificate" { - Paragraph "The following section provides the Key Recovery Agent certificate used to encrypt user's certificate private key and store it in CA database. In the case when user cannot access his or her certificate private key it is possible to recover it by Key Recovery Agent if Key Archival procedure was taken against particular certificate." - BlankLine - $OutObj = @() - Write-PscriboMessage "Discovering Active Directory Certification Authority information on $($ForestInfo.toUpper())." - $CAs = Get-CertificationAuthority -Enterprise - if ($CAs) {Write-PscriboMessage "Discovered '$(($CAs | Measure-Object).Count)' Active Directory Certification Authority in forest $ForestInfo."} - foreach ($CA in $CAs) { - Write-PscriboMessage "Collecting AD Certification Authority KRA Certificate information of $CA." - $KRAs = Get-CAKRACertificate -CertificationAuthority $CA - foreach ($KRA in $KRAs) { - if ($KRA.Certificate) { - $inObj = [ordered] @{ - 'CA Name' = $KRA.DisplayName - 'Server Name' = $KRA.ComputerName.ToString().ToUpper().Split(".")[0] - 'Certificate' = $KRA.Certificate - } - $OutObj += [pscustomobject]$inobj - } + $OutObj = @() + foreach ($CA in $CAs) { + $KRA = Get-CAKRACertificate -CertificationAuthority $CA + if ($KRA.Certificate) { + Write-PscriboMessage "Collecting Key Recovery Agent Certificate Certificate information of $($KRA.DisplayName)." + $inObj = [ordered] @{ + 'CA Name' = $KRA.DisplayName + 'Server Name' = $KRA.ComputerName.ToString().ToUpper().Split(".")[0] + 'Certificate' = $KRA.Certificate } + $OutObj += [pscustomobject]$inobj } - - $TableParams = @{ - Name = "Key Recovery Agent Certificate - $($ForestInfo.ToString().ToUpper())" - List = $true - ColumnWidths = 40, 60 - } - if ($Report.ShowTableCaptions) { - $TableParams['Caption'] = "- $($TableParams.Name)" + } + if ($OutObj) { + Section -Style Heading4 "Key Recovery Agent Certificate" { + Paragraph "The following section provides the Key Recovery Agent certificate used to encrypt user's certificate private key and store it in CA database. In the case when user cannot access his or her certificate private key it is possible to recover it by Key Recovery Agent if Key Archival procedure was taken against particular certificate." + BlankLine + foreach ($Item in $OutObj) { + $TableParams = @{ + Name = "Key Recovery Agent Certificate - $($Item.'CA Name')" + List = $true + ColumnWidths = 40, 60 + } + if ($Report.ShowTableCaptions) { + $TableParams['Caption'] = "- $($TableParams.Name)" + } + $Item | Table @TableParams + } } - $OutObj | Table @TableParams } } catch { diff --git a/Src/Private/Get-AbrADCARoot.ps1 b/Src/Private/Get-AbrADCARoot.ps1 index 69e815d..e950892 100644 --- a/Src/Private/Get-AbrADCARoot.ps1 +++ b/Src/Private/Get-AbrADCARoot.ps1 @@ -32,7 +32,7 @@ function Get-AbrADCARoot { $CAs = Get-CertificationAuthority -Enterprise | Where-Object {$_.IsRoot -like 'True'} Write-PscriboMessage "Discovered '$(($CAs | Measure-Object).Count)' Active Directory Certification Authority in domain $ForestInfo." foreach ($CA in $CAs) { - Write-PscriboMessage "Collecting AD Certification Authority Summary information of $CA." + Write-PscriboMessage "Collecting Enterprise Root Certificate Authority information from $($CA.DisplayName)." $inObj = [ordered] @{ 'CA Name' = $CA.DisplayName 'Server Name' = $CA.ComputerName.ToString().ToUpper().Split(".")[0] diff --git a/Src/Private/Get-AbrADCASecurity.ps1 b/Src/Private/Get-AbrADCASecurity.ps1 index 5a44e4e..297a323 100644 --- a/Src/Private/Get-AbrADCASecurity.ps1 +++ b/Src/Private/Get-AbrADCASecurity.ps1 @@ -5,7 +5,7 @@ function Get-AbrADCASecurity { .DESCRIPTION .NOTES - Version: 0.5.0 + Version: 0.6.2 Author: Jonathan Colon Twitter: @jcolonfzenpr Github: rebelinux @@ -23,18 +23,15 @@ function Get-AbrADCASecurity { } process { - Section -Style Heading4 "Certificate Validity Period" { - Paragraph "The following section provides the Certification Authority Certificate Validity Period information." - BlankLine - $OutObj = @() - if ($ForestInfo) { - Write-PscriboMessage "Discovering Active Directory Certification Authority information on $($ForestInfo.toUpper())." - $CAs = Get-CertificationAuthority -Enterprise + if ($CAs) { + Section -Style Heading4 "Certificate Validity Period" { + Paragraph "The following section provides the Certification Authority Certificate Validity Period information." + BlankLine + $OutObj = @() foreach ($CA in $CAs) { - Write-PscriboMessage "Discovered '$(($CAs | Measure-Object).Count)' Active Directory Certification Authority in domain $ForestInfo." try { - Write-PscriboMessage "Collecting AD Certification Authority Certificate Validity Period information of $CA." $CFP = Get-CertificateValidityPeriod -CertificationAuthority $CA + Write-PscriboMessage "Collecting Certificate Validity Period information of $($CFP.Name)." $inObj = [ordered] @{ 'CA Name' = $CFP.Name 'Server Name' = $CFP.ComputerName.ToString().ToUpper().Split(".")[0] @@ -46,97 +43,88 @@ function Get-AbrADCASecurity { Write-PscriboMessage -IsWarning "$($_.Exception.Message) (Certificate Validity Period)" } } - } - - $TableParams = @{ - Name = "Certificate Validity Period - $($ForestInfo.ToString().ToUpper())" - List = $false - ColumnWidths = 40, 40, 20 - } - if ($Report.ShowTableCaptions) { - $TableParams['Caption'] = "- $($TableParams.Name)" - } - $OutObj | Table @TableParams - } - try { - Section -Style Heading4 "Access Control List (ACL) Summary" { - Paragraph "The following section provides the Certification Authority Access Control List (ACL) information." - BlankLine - $OutObj = @() - if ($ForestInfo) { - Write-PscriboMessage "Discovering Active Directory Certification Authority information on $($ForestInfo.toUpper())." - $CAs = Get-CertificationAuthority -Enterprise - if ($CAs) {Write-PscriboMessage "Discovered '$(($CAs | Measure-Object).Count)' Active Directory Certification Authority in domain $ForestInfo."} - foreach ($CA in $CAs) { - try { - Write-PscriboMessage "Collecting AD Certification Authority Access Control List information of $CA." - $ACLs = Get-CertificationAuthorityAcl -CertificationAuthority $CA - foreach ($ACL in $ACLs) { - $inObj = [ordered] @{ - 'DC Name' = $CA.DisplayName - 'Owner' = $ACL.Owner - 'Group' = $ACL.Group - } - $OutObj += [pscustomobject]$inobj - } - } - catch { - Write-PscriboMessage -IsWarning "$($_.Exception.Message) (Access Control List Summary)" - } - } - } $TableParams = @{ - Name = "Access Control List - $($ForestInfo.ToString().ToUpper())" + Name = "Certificate Validity Period - $($ForestInfo.ToString().ToUpper())" List = $false - ColumnWidths = 40, 30, 30 + ColumnWidths = 40, 40, 20 } if ($Report.ShowTableCaptions) { $TableParams['Caption'] = "- $($TableParams.Name)" } $OutObj | Table @TableParams - if ($ForestInfo) { - Write-PscriboMessage "Discovering Active Directory Certification Authority information on $($ForestInfo.toUpper())." - $CAs = Get-CertificationAuthority -Enterprise - if ($CAs) {Write-PscriboMessage "Discovered '$(($CAs | Measure-Object).Count)' Active Directory Certification Authority in domain $ForestInfo."} - foreach ($CA in $CAs) { - try { - Section -Style Heading5 "$($CA.Name) Rights" { - Paragraph "The following section provides the Certification Authority Access Control List information on $($CA.Name)." - BlankLine - $OutObj = @() - Write-PscriboMessage "Collecting AD Certification Authority Access Control List information of $CA." + try { + Section -Style Heading4 "Access Control List (ACL) Summary" { + $OutObj = @() + foreach ($CA in $CAs) { + try { $ACLs = Get-CertificationAuthorityAcl -CertificationAuthority $CA - foreach ($ACL in $ACLs.Access) { + Write-PscriboMessage "Collecting Certification Authority Access Control List information of $($CA.Name)." + foreach ($ACL in $ACLs) { $inObj = [ordered] @{ - 'Identity' = $ACL.IdentityReference - 'Access Control Type' = $ACL.AccessControlType - 'Rights' = $ACL.Rights + 'DC Name' = $CA.DisplayName + 'Owner' = $ACL.Owner + 'Group' = $ACL.Group } $OutObj += [pscustomobject]$inobj } + } + catch { + Write-PscriboMessage -IsWarning "$($_.Exception.Message) (Access Control List Summary)" + } + } - $TableParams = @{ - Name = "ACL Rights - $($CA.Name)" - List = $false - ColumnWidths = 40, 20, 40 - } - if ($Report.ShowTableCaptions) { - $TableParams['Caption'] = "- $($TableParams.Name)" + $TableParams = @{ + Name = "Access Control List - $($ForestInfo.ToString().ToUpper())" + List = $false + ColumnWidths = 40, 30, 30 + } + if ($Report.ShowTableCaptions) { + $TableParams['Caption'] = "- $($TableParams.Name)" + } + $OutObj | Table @TableParams + foreach ($CA in $CAs) { + try { + Section -Style Heading5 "$($CA.Name) Rights" { + $OutObj = @() + Write-PscriboMessage "Collecting AD Certification Authority Access Control List information of $($CA.Name)." + $ACLs = Get-CertificationAuthorityAcl -CertificationAuthority $CA + foreach ($ACL in $ACLs.Access) { + try { + $inObj = [ordered] @{ + 'Identity' = $ACL.IdentityReference + 'Access Control Type' = $ACL.AccessControlType + 'Rights' = $ACL.Rights + } + $OutObj += [pscustomobject]$inobj + } + catch { + Write-PscriboMessage -IsWarning "$($_.Exception.Message) (Access Control List Item)" + } + } + + $TableParams = @{ + Name = "ACL Rights - $($CA.Name)" + List = $false + ColumnWidths = 40, 20, 40 + } + if ($Report.ShowTableCaptions) { + $TableParams['Caption'] = "- $($TableParams.Name)" + } + $OutObj | Table @TableParams } - $OutObj | Table @TableParams } - } - catch { - Write-PscriboMessage -IsWarning "$($_.Exception.Message) (Access Control List Item)" + catch { + Write-PscriboMessage -IsWarning "$($_.Exception.Message) (Access Control List Table)" + } } } } + catch { + Write-PscriboMessage -IsWarning "$($_.Exception.Message) (Access Control List Section)" + } } } - catch { - Write-PscriboMessage -IsWarning "$($_.Exception.Message) (Access Control List Global)" - } } end {} diff --git a/Src/Private/Get-AbrADCASubordinate.ps1 b/Src/Private/Get-AbrADCASubordinate.ps1 index f84a8b7..f37cba9 100644 --- a/Src/Private/Get-AbrADCASubordinate.ps1 +++ b/Src/Private/Get-AbrADCASubordinate.ps1 @@ -24,40 +24,47 @@ function Get-AbrADCASubordinate { process { try { - Section -Style Heading4 "Enterprise Subordinate Certificate Authority" { - Paragraph "The following section provides the Enterprise Subordinate CA information." - BlankLine - $OutObj = @() - Write-PscriboMessage "Discovering Active Directory Certification Authority information in $($ForestInfo.toUpper())." - $CAs = Get-CertificationAuthority -Enterprise | Where-Object {$_.IsRoot -like 'False'} - foreach ($CA in $CAs) { - Write-PscriboMessage "Discovered '$(($CAs | Measure-Object).Count)' Active Directory Certification Authority in domain $ForestInfo." - Write-PscriboMessage "Collecting AD Certification Authority Summary information of $CA." - $inObj = [ordered] @{ - 'CA Name' = $CA.DisplayName - 'Server Name' = $CA.ComputerName.ToString().ToUpper().Split(".")[0] - 'Type' = $CA.Type - 'Config String' = $CA.ConfigString - 'Operating System' = $CA.OperatingSystem - 'Certificate' = $CA.Certificate - 'Status' = $CA.ServiceStatus - } - $OutObj += [pscustomobject]$inobj - } + Write-PscriboMessage "Discovering Active Directory Certification Authority information in $($ForestInfo.toUpper())." + $CAs = Get-CertificationAuthority -Enterprise | Where-Object {$_.IsRoot -like 'False'} + if ($CAs) { + Write-PscriboMessage "Discovered '$(($CAs | Measure-Object).Count)' Active Directory Certification Authority in domain $ForestInfo." + Section -Style Heading4 "Enterprise Subordinate Certificate Authority" { + Paragraph "The following section provides the Enterprise Subordinate CA information." + BlankLine + $OutObj = @() + foreach ($CA in $CAs) { + try { + Write-PscriboMessage "Collecting Enterprise Subordinate Certificate Authority information from $($CA.DisplayName)." + $inObj = [ordered] @{ + 'CA Name' = $CA.DisplayName + 'Server Name' = $CA.ComputerName.ToString().ToUpper().Split(".")[0] + 'Type' = $CA.Type + 'Config String' = $CA.ConfigString + 'Operating System' = $CA.OperatingSystem + 'Certificate' = $CA.Certificate + 'Status' = $CA.ServiceStatus + } + $OutObj = [pscustomobject]$inobj - if ($HealthCheck.CA.Status) { - $OutObj | Where-Object { $_.'Service Status' -notlike 'Running'} | Set-Style -Style Critical -Property 'Service Status' - } + if ($HealthCheck.CA.Status) { + $OutObj | Where-Object { $_.'Service Status' -notlike 'Running'} | Set-Style -Style Critical -Property 'Service Status' + } - $TableParams = @{ - Name = "Enterprise Subordinate CA - $($ForestInfo.ToString().ToUpper())" - List = $true - ColumnWidths = 40, 60 - } - if ($Report.ShowTableCaptions) { - $TableParams['Caption'] = "- $($TableParams.Name)" + $TableParams = @{ + Name = "Enterprise Subordinate CA - $($CA.DisplayName)" + List = $true + ColumnWidths = 40, 60 + } + if ($Report.ShowTableCaptions) { + $TableParams['Caption'] = "- $($TableParams.Name)" + } + $OutObj | Table @TableParams + } + catch { + Write-PscriboMessage -IsWarning $_.Exception.Message + } + } } - $OutObj | Table @TableParams } } catch { diff --git a/Src/Private/Get-AbrADCASummary.ps1 b/Src/Private/Get-AbrADCASummary.ps1 index aad449f..d0e0cae 100644 --- a/Src/Private/Get-AbrADCASummary.ps1 +++ b/Src/Private/Get-AbrADCASummary.ps1 @@ -19,7 +19,7 @@ function Get-AbrADCASummary { ) begin { - Write-PscriboMessage "Collecting AD Certification Authority information." + Write-PscriboMessage "Collecting Certification Authority information." } process { @@ -30,7 +30,7 @@ function Get-AbrADCASummary { foreach ($CA in $CAs) { Write-PscriboMessage "Discovered '$(($CAs | Measure-Object).Count)' Active Directory Certification Authority in domain $ForestInfo." try { - Write-PscriboMessage "Collecting AD Certification Authority Summary information of $CA." + Write-PscriboMessage "Collecting AD Certification Authority Summary information of $($CA.DisplayName)." $inObj = [ordered] @{ 'CA Name' = $CA.DisplayName 'Server Name' = $CA.ComputerName.ToString().ToUpper().Split(".")[0] @@ -43,21 +43,21 @@ function Get-AbrADCASummary { Write-PscriboMessage -IsWarning $_.Exception.Message } } - } - if ($HealthCheck.CA.Status) { - $OutObj | Where-Object { $_.'Service Status' -notlike 'Running'} | Set-Style -Style Critical -Property 'Service Status' - } + if ($HealthCheck.CA.Status) { + $OutObj | Where-Object { $_.'Service Status' -notlike 'Running'} | Set-Style -Style Critical -Property 'Service Status' + } - $TableParams = @{ - Name = "Certification Authority Summary - $($ForestInfo.ToString().ToUpper())" - List = $false - ColumnWidths = 33, 33, 22, 12 - } - if ($Report.ShowTableCaptions) { - $TableParams['Caption'] = "- $($TableParams.Name)" + $TableParams = @{ + Name = "Certification Authority Summary - $($ForestInfo.ToString().ToUpper())" + List = $false + ColumnWidths = 33, 33, 22, 12 + } + if ($Report.ShowTableCaptions) { + $TableParams['Caption'] = "- $($TableParams.Name)" + } + $OutObj | Table @TableParams } - $OutObj | Table @TableParams } end {} diff --git a/Src/Private/Get-AbrADCATemplate.ps1 b/Src/Private/Get-AbrADCATemplate.ps1 index 78ab1e8..69ba4ed 100644 --- a/Src/Private/Get-AbrADCATemplate.ps1 +++ b/Src/Private/Get-AbrADCATemplate.ps1 @@ -5,7 +5,7 @@ function Get-AbrADCATemplate { .DESCRIPTION .NOTES - Version: 0.5.0 + Version: 0.6.2 Author: Jonathan Colon Twitter: @jcolonfzenpr Github: rebelinux @@ -16,73 +16,64 @@ function Get-AbrADCATemplate { #> [CmdletBinding()] param ( + [Parameter ( + Position = 0, + Mandatory)] + $CA ) begin { Write-PscriboMessage "Collecting AD Certification Authority Templates information." + $Templates = Get-CATemplate -CertificationAuthority $CA.ComputerName | Select-Object -ExpandProperty Templates } process { - Section -Style Heading4 "Certificate Template Summary" { - Paragraph "The following section provides the certificate templates that are assigned to a specified Certification Authority (CA). CA server can issue certificates only based on assigned templates." - BlankLine - if ($ForestInfo) { - Write-PscriboMessage "Discovering Active Directory Certification Authority information on $($ForestInfo.toUpper())." - $CAs = Get-CertificationAuthority -Enterprise - Write-PscriboMessage "Discovered '$(($CAs | Measure-Object).Count)' Active Directory Certification Authority in domain $ForestInfo." - foreach ($CA in $CAs) { - Section -Style Heading5 "$($CA.Name) Certificate Template" { - Paragraph "The following section provides the certificate templates that are assigned to a specified Certification Authority (CA). CA server can issue certificates only based on assigned templates." - BlankLine - $OutObj = @() + if ($Templates) { + Section -Style Heading4 "Certificate Template Summary" { + Paragraph "The following section provides the certificate templates that are assigned to a specified Certification Authority (CA). CA server can issue certificates only based on assigned templates." + BlankLine + Section -Style Heading5 "$($CA.Name) Certificate Template" { + $OutObj = @() + foreach ($Template in $Templates) { + Write-PscriboMessage "Collecting $($Template.DisplayName) Issued Certificate Template information from $($CA.Name)." try { - Write-PscriboMessage "Collecting AD Certification Authority Issued Certificate Template information from $CA." - $Templates = Get-CATemplate -CertificationAuthority $CA | Select-Object -ExpandProperty Templates - foreach ($Template in $Templates) { - $inObj = [ordered] @{ - 'Template Name' = $Template.DisplayName - 'Schema Version' = $Template.SchemaVersion - 'Supported CA' = $Template.SupportedCA - 'Autoenrollment' = ConvertTo-TextYN $Template.AutoenrollmentAllowed - } - $OutObj += [pscustomobject]$inobj + $inObj = [ordered] @{ + 'Template Name' = $Template.DisplayName + 'Schema Version' = $Template.SchemaVersion + 'Supported CA' = $Template.SupportedCA + 'Autoenrollment' = ConvertTo-TextYN $Template.AutoenrollmentAllowed } + $OutObj += [pscustomobject]$inobj } catch { Write-PscriboMessage -IsWarning "$($_.Exception.Message) (CA Certificate Templates)" } + } - $TableParams = @{ - Name = "Issued Certificate Template - $($CA.Name)" - List = $false - ColumnWidths = 40, 12, 30, 18 - } - if ($Report.ShowTableCaptions) { - $TableParams['Caption'] = "- $($TableParams.Name)" - } - $OutObj | Sort-Object -Property 'Template Name' | Table @TableParams + $TableParams = @{ + Name = "Issued Certificate Template - $($CA.Name)" + List = $false + ColumnWidths = 40, 12, 30, 18 + } + if ($Report.ShowTableCaptions) { + $TableParams['Caption'] = "- $($TableParams.Name)" } - if ($InfoLevel.CA -ge 3) { + $OutObj | Sort-Object -Property 'Template Name' | Table @TableParams + } + if ($InfoLevel.CA -ge 3) { + try { Section -Style Heading5 "Issued Certificate Template ACLs" { Paragraph "The following section provides the certificate templates Access Control List that are assigned to a specified Certification Authority (CA)." BlankLine - if ($ForestInfo) { - Write-PscriboMessage "Discovering Active Directory Certification Authority information on $($ForestInfo.toUpper())." - $CAs = Get-CertificationAuthority -Enterprise - Write-PscriboMessage "Discovered '$(($CAs | Measure-Object).Count)' Active Directory Certification Authority in domain $ForestInfo." - foreach ($CA in $CAs) { - Section -Style Heading6 "$($CA.Name) Certificate Template ACL" { - Paragraph "The following section provides per CA certificate templates Access Control List." - try { - Write-PscriboMessage "Collecting AD Certification Authority Issued Certificate Template information from $CA." - $Templates = Get-CATemplate -CertificationAuthority $CA | Select-Object -ExpandProperty Templates - foreach ($Template in $Templates) { - Section -Style Heading6 "$($Template.DisplayName) ACL" { - Paragraph "The following section provides $($Template.DisplayName) certificate templates Access Control List." - BlankLine - $OutObj = @() - $Rights = Get-CertificateTemplateAcl -Template $Template.Name | Select-Object -ExpandProperty Access - foreach ($Right in $Rights) { + Section -Style Heading6 "$($CA.Name)" { + foreach ($Template in $Templates) { + try { + $Rights = Get-CertificateTemplateAcl -Template $Template.Name | Select-Object -ExpandProperty Access + if ($Rights) { + Section -Style Heading6 "$($Template.DisplayName)" { + $OutObj = @() + foreach ($Right in $Rights) { + try { $inObj = [ordered] @{ 'Identity' = $Right.IdentityReference 'Access Control Type' = $Right.AccessControlType @@ -91,68 +82,73 @@ function Get-AbrADCATemplate { } $OutObj += [pscustomobject]$inobj } - $TableParams = @{ - Name = "Certificate Template ACL - $($Template.DisplayName)" - List = $false - ColumnWidths = 40, 12, 30, 18 + catch { + Write-PscriboMessage -IsWarning "$($_.Exception.Message) (Certificate Templates ACL Item)" } - if ($Report.ShowTableCaptions) { - $TableParams['Caption'] = "- $($TableParams.Name)" - } - $OutObj | Table @TableParams } + $TableParams = @{ + Name = "Certificate Template ACL - $($Template.DisplayName)" + List = $false + ColumnWidths = 40, 12, 30, 18 + } + if ($Report.ShowTableCaptions) { + $TableParams['Caption'] = "- $($TableParams.Name)" + } + $OutObj | Table @TableParams } } - catch { - Write-PscriboMessage -IsWarning "$($_.Exception.Message) (Certificate Templates ACL)" - } + } + catch { + Write-PscriboMessage -IsWarning "$($_.Exception.Message) (Certificate Templates ACL Table)" } } } } } + catch { + Write-PscriboMessage -IsWarning "$($_.Exception.Message) (Issued Certificate Template ACLs Section)" + } } - } - if ($InfoLevel.CA -ge 2) { - try { - Section -Style Heading5 "Certificate Template In Active Directory" { - Paragraph "The following section provides registered certificate templates from Active Directory." - BlankLine - if ($ForestInfo) { - $OutObj = @() - Write-PscriboMessage "Discovering Active Directory Certification Authority information on $($ForestInfo.toUpper())." - $Templates = Get-CertificateTemplate - Write-PscriboMessage "Discovered '$(($Templates | Measure-Object).Count)' Certification Authority Template in domain $ForestInfo." - foreach ($Template in $Templates) { - try { - Write-PscriboMessage "Collecting AD Certification Authority Certificate Template information from $ForestInfo." - $inObj = [ordered] @{ - 'Template Name' = $Template.DisplayName - 'Schema Version' = $Template.SchemaVersion - 'Supported CA' = $Template.SupportedCA - 'Autoenrollment' = ConvertTo-TextYN $Template.AutoenrollmentAllowed + if ($InfoLevel.CA -ge 2) { + try { + $Templates = Get-CertificateTemplate + if ($Templates) { + Section -Style Heading5 "Certificate Template In Active Directory" { + Paragraph "The following section provides registered certificate templates from Active Directory." + BlankLine + $OutObj = @() + Write-PscriboMessage "Discovered '$(($Templates | Measure-Object).Count)' Certification Authority Template in domain $ForestInfo." + foreach ($Template in $Templates) { + try { + Write-PscriboMessage "Collecting $($Template.DisplayName) Certificate Template In Active Directory." + $inObj = [ordered] @{ + 'Template Name' = $Template.DisplayName + 'Schema Version' = $Template.SchemaVersion + 'Supported CA' = $Template.SupportedCA + 'Autoenrollment' = ConvertTo-TextYN $Template.AutoenrollmentAllowed + } + $OutObj += [pscustomobject]$inobj + } + catch { + Write-PscriboMessage -IsWarning "$($_.Exception.Message) (Certificate Template In Active Directory Item)" } - $OutObj += [pscustomobject]$inobj - } - catch { - Write-PscriboMessage -IsWarning "$($_.Exception.Message) (Certificate Templates in AD)" } - } - $TableParams = @{ - Name = "Certificate Template in AD - $($ForestInfo.toUpper())" - List = $false - ColumnWidths = 40, 12, 30, 18 - } - if ($Report.ShowTableCaptions) { - $TableParams['Caption'] = "- $($TableParams.Name)" + $TableParams = @{ + Name = "Certificate Template in AD - $($ForestInfo.toUpper())" + List = $false + ColumnWidths = 40, 12, 30, 18 + } + if ($Report.ShowTableCaptions) { + $TableParams['Caption'] = "- $($TableParams.Name)" + } + $OutObj | Sort-Object -Property 'Template Name' | Table @TableParams } - $OutObj | Sort-Object -Property 'Template Name' | Table @TableParams } } - } - catch { - Write-PscriboMessage -IsWarning "$($_.Exception.Message) (Access Control List Global)" + catch { + Write-PscriboMessage -IsWarning "$($_.Exception.Message) (Certificate Template In Active Directory Table)" + } } } } diff --git a/Src/Private/Get-AbrADDomainController.ps1 b/Src/Private/Get-AbrADDomainController.ps1 index 0fa9687..2487b2f 100644 --- a/Src/Private/Get-AbrADDomainController.ps1 +++ b/Src/Private/Get-AbrADDomainController.ps1 @@ -82,7 +82,6 @@ function Get-AbrADDomainController { $OutObj = @() Write-PscriboMessage "Discovering Active Directory Domain Controller information in $Domain." if ($DCs) { - Write-PscriboMessage "Discovered '$(($DCs | Measure-Object).Count)' Active Directory Domain Controller in domain $Domain." foreach ($DC in $DCs) { try { Write-PscriboMessage "Collecting AD Domain Controller Hardware information for $DC." @@ -150,7 +149,6 @@ function Get-AbrADDomainController { $OutObj = @() Write-PscriboMessage "Discovering Active Directory Domain Controller information in $Domain." if ($DCs) { - Write-PscriboMessage "Discovered '$(($DCs | Measure-Object).Count)' Active Directory Domain Controller in domain $Domain." foreach ($DC in $DCs) { try { Write-PscriboMessage "Collecting AD Domain Controller NTDS information for $DC." @@ -253,7 +251,6 @@ function Get-AbrADDomainController { BlankLine Write-PscriboMessage "Discovering Active Directory Domain Controller information in $Domain." if ($DCs) { - Write-PscriboMessage "Discovered '$(($DCs | Measure-Object).Count)' Active Directory Domain Controller in domain $Domain." foreach ($DC in $DCs) { try { $OutObj = @() diff --git a/Src/Public/Invoke-AsBuiltReport.Microsoft.AD.ps1 b/Src/Public/Invoke-AsBuiltReport.Microsoft.AD.ps1 index 3321d4f..e1ebf9f 100644 --- a/Src/Public/Invoke-AsBuiltReport.Microsoft.AD.ps1 +++ b/Src/Public/Invoke-AsBuiltReport.Microsoft.AD.ps1 @@ -307,8 +307,8 @@ function Invoke-AsBuiltReport.Microsoft.AD { #---------------------------------------------------------------------------------------------# # Certificate Authority Section # #---------------------------------------------------------------------------------------------# - - if ($InfoLevel.CA -ge 1 -and (Get-CertificationAuthority -Enterprise)) { + $Global:CAs = Get-CertificationAuthority -Enterprise + if ($InfoLevel.CA -ge 1 -and ($CAs)) { try { Section -Style Heading3 "Certificate Authority Summary" { if ($Options.ShowDefinitionInfo) { @@ -356,11 +356,13 @@ function Invoke-AsBuiltReport.Microsoft.AD { } } if ($InfoLevel.CA -ge 2) { - try { - Get-AbrADCATemplate - } - catch { - Write-PscriboMessage -IsWarning $_.Exception.Message + foreach ($CA in $CAs) { + try { + Get-AbrADCATemplate -CA $CA + } + catch { + Write-PscriboMessage -IsWarning $_.Exception.Message + } } } try { From 5b4976108dfad50a582d5ab0bd4022350b405944 Mon Sep 17 00:00:00 2001 From: Jonathan Colon Date: Mon, 24 Jan 2022 00:06:32 -0400 Subject: [PATCH 17/23] Updated URL of Sample Report --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index a8ca285..982637a 100644 --- a/README.md +++ b/README.md @@ -37,7 +37,7 @@ Please refer to the AsBuiltReport [website](https://www.asbuiltreport.com) for m ## Sample Report - Custom Style 1 -Sample Microsoft AD As Built report HTML file: [Sample Microsoft AD As-Built Report.html](https://technomyth.zenprsolutions.net/wp-content/uploads/2021/12/Microsoft-AD-As-Built-Report.html) +Sample Microsoft AD As Built report HTML file: [Sample Microsoft AD As-Built Report.html](https://technomyth.zenprsolutions.net/wp-content/uploads/2022/01/Microsoft-AD-As-Built-Report.html) # :beginner: Getting Started From 79abac41be79e37d276dad13ef00b6822d048341 Mon Sep 17 00:00:00 2001 From: Jonathan Colon Date: Mon, 24 Jan 2022 07:53:31 -0400 Subject: [PATCH 18/23] Update for v0.6.2 release --- AsBuiltReport.Microsoft.AD.psd1 | 4 ++-- CHANGELOG.md | 13 +++++++++++++ 2 files changed, 15 insertions(+), 2 deletions(-) diff --git a/AsBuiltReport.Microsoft.AD.psd1 b/AsBuiltReport.Microsoft.AD.psd1 index 943efdf..6cf44d6 100644 --- a/AsBuiltReport.Microsoft.AD.psd1 +++ b/AsBuiltReport.Microsoft.AD.psd1 @@ -12,7 +12,7 @@ RootModule = 'AsBuiltReport.Microsoft.AD.psm1' # Version number of this module. -ModuleVersion = '0.6.1' +ModuleVersion = '0.6.2' # Supported PSEditions # CompatiblePSEditions = @() @@ -27,7 +27,7 @@ Author = 'Jonathan Colon' # CompanyName = 'Unknown' # Copyright statement for this module -Copyright = '(c) 2021 Jonathan Colon. All rights reserved.' +Copyright = '(c) 2022 Jonathan Colon. All rights reserved.' # Description of the functionality provided by this module Description = 'A PowerShell module to generate an as built report on the configuration of Microsoft AD.' diff --git a/CHANGELOG.md b/CHANGELOG.md index bd00676..731f7b2 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,18 @@ # :arrows_counterclockwise: Microsoft AD As Built Report Changelog +## [0.6.2] - 2021-12-07 + +### Changed + +- Code refactoring to improve performance. +- Implement more try/catch to better handle terminating errors. +- Update ReadMe to include Known limitations. +- Improve Sections title text. + +### Fixed + +- Fix for table caption error messages. + ## [0.6.1] - 2021-12-07 ### Added From 8c611471fbdcce2476df43281e6ea4c533dba39a Mon Sep 17 00:00:00 2001 From: Jonathan Colon Date: Mon, 24 Jan 2022 08:41:45 -0400 Subject: [PATCH 19/23] Added Table Sorting to primary key columns --- Src/Private/Get-AbrADCACRLSetting.ps1 | 6 +++--- Src/Private/Get-AbrADCASecurity.ps1 | 6 +++--- Src/Private/Get-AbrADCASummary.ps1 | 2 +- Src/Private/Get-AbrADCATemplate.ps1 | 2 +- Src/Private/Get-AbrADDHCPInfrastructure.ps1 | 6 +++--- Src/Private/Get-AbrADDHCPv4PerScopeSetting.ps1 | 2 +- Src/Private/Get-AbrADDHCPv4Scope.ps1 | 4 ++-- .../Get-AbrADDHCPv4ScopeServerSetting.ps1 | 2 +- Src/Private/Get-AbrADDHCPv4Statistic.ps1 | 2 +- Src/Private/Get-AbrADDHCPv6PerScopeSetting.ps1 | 2 +- Src/Private/Get-AbrADDHCPv6Scope.ps1 | 4 ++-- .../Get-AbrADDHCPv6ScopeServerSetting.ps1 | 2 +- Src/Private/Get-AbrADDHCPv6Statistic.ps1 | 2 +- Src/Private/Get-AbrADDNSInfrastructure.ps1 | 16 ++++++++-------- Src/Private/Get-AbrADDNSZone.ps1 | 10 +++++----- Src/Private/Get-AbrADDomainController.ps1 | 8 ++++---- Src/Private/Get-AbrADForest.ps1 | 2 +- Src/Private/Get-AbrADGPO.ps1 | 12 ++++++------ Src/Private/Get-AbrADInfrastructureService.ps1 | 2 +- Src/Private/Get-AbrADOU.ps1 | 4 ++-- Src/Private/Get-AbrADSite.ps1 | 6 +++--- 21 files changed, 51 insertions(+), 51 deletions(-) diff --git a/Src/Private/Get-AbrADCACRLSetting.ps1 b/Src/Private/Get-AbrADCACRLSetting.ps1 index 96e4f21..227ae15 100644 --- a/Src/Private/Get-AbrADCACRLSetting.ps1 +++ b/Src/Private/Get-AbrADCACRLSetting.ps1 @@ -57,7 +57,7 @@ function Get-AbrADCACRLSetting { if ($Report.ShowTableCaptions) { $TableParams['Caption'] = "- $($TableParams.Name)" } - $OutObj | Table @TableParams + $OutObj | Sort-Object -Property 'CA Name' | Table @TableParams } try { Section -Style Heading5 "CRL Flags Settings" { @@ -88,7 +88,7 @@ function Get-AbrADCACRLSetting { if ($Report.ShowTableCaptions) { $TableParams['Caption'] = "- $($TableParams.Name)" } - $OutObj | Table @TableParams + $OutObj | Sort-Object -Property 'CA Name' | Table @TableParams } } catch { @@ -186,7 +186,7 @@ function Get-AbrADCACRLSetting { if ($Report.ShowTableCaptions) { $TableParams['Caption'] = "- $($TableParams.Name)" } - $OutObj | Table @TableParams + $OutObj | Sort-Object -Property 'CA Name' | Table @TableParams } } catch { diff --git a/Src/Private/Get-AbrADCASecurity.ps1 b/Src/Private/Get-AbrADCASecurity.ps1 index 297a323..309a016 100644 --- a/Src/Private/Get-AbrADCASecurity.ps1 +++ b/Src/Private/Get-AbrADCASecurity.ps1 @@ -52,7 +52,7 @@ function Get-AbrADCASecurity { if ($Report.ShowTableCaptions) { $TableParams['Caption'] = "- $($TableParams.Name)" } - $OutObj | Table @TableParams + $OutObj | Sort-Object -Property 'CA Name' | Table @TableParams try { Section -Style Heading4 "Access Control List (ACL) Summary" { $OutObj = @() @@ -82,7 +82,7 @@ function Get-AbrADCASecurity { if ($Report.ShowTableCaptions) { $TableParams['Caption'] = "- $($TableParams.Name)" } - $OutObj | Table @TableParams + $OutObj | Sort-Object -Property 'DC Name' | Table @TableParams foreach ($CA in $CAs) { try { Section -Style Heading5 "$($CA.Name) Rights" { @@ -111,7 +111,7 @@ function Get-AbrADCASecurity { if ($Report.ShowTableCaptions) { $TableParams['Caption'] = "- $($TableParams.Name)" } - $OutObj | Table @TableParams + $OutObj | Sort-Object -Property 'Identity' | Table @TableParams } } catch { diff --git a/Src/Private/Get-AbrADCASummary.ps1 b/Src/Private/Get-AbrADCASummary.ps1 index d0e0cae..0f8d78f 100644 --- a/Src/Private/Get-AbrADCASummary.ps1 +++ b/Src/Private/Get-AbrADCASummary.ps1 @@ -56,7 +56,7 @@ function Get-AbrADCASummary { if ($Report.ShowTableCaptions) { $TableParams['Caption'] = "- $($TableParams.Name)" } - $OutObj | Table @TableParams + $OutObj | Sort-Object -Property 'CA Name' | Table @TableParams } } diff --git a/Src/Private/Get-AbrADCATemplate.ps1 b/Src/Private/Get-AbrADCATemplate.ps1 index 69ba4ed..5d91f87 100644 --- a/Src/Private/Get-AbrADCATemplate.ps1 +++ b/Src/Private/Get-AbrADCATemplate.ps1 @@ -94,7 +94,7 @@ function Get-AbrADCATemplate { if ($Report.ShowTableCaptions) { $TableParams['Caption'] = "- $($TableParams.Name)" } - $OutObj | Table @TableParams + $OutObj | Sort-Object -Property 'Identity' | Table @TableParams } } } diff --git a/Src/Private/Get-AbrADDHCPInfrastructure.ps1 b/Src/Private/Get-AbrADDHCPInfrastructure.ps1 index 01b1d23..9eabca0 100644 --- a/Src/Private/Get-AbrADDHCPInfrastructure.ps1 +++ b/Src/Private/Get-AbrADDHCPInfrastructure.ps1 @@ -70,7 +70,7 @@ function Get-AbrADDHCPInfrastructure { if ($Report.ShowTableCaptions) { $TableParams['Caption'] = "- $($TableParams.Name)" } - $OutObj | Table @TableParams + $OutObj | Sort-Object -Property 'DC Name' | Table @TableParams try { Section -Style Heading6 'Service Database' { $OutObj = @() @@ -108,7 +108,7 @@ function Get-AbrADDHCPInfrastructure { if ($Report.ShowTableCaptions) { $TableParams['Caption'] = "- $($TableParams.Name)" } - $OutObj | Table @TableParams + $OutObj | Sort-Object -Property 'DC Name' | Table @TableParams } } catch { @@ -145,7 +145,7 @@ function Get-AbrADDHCPInfrastructure { if ($Report.ShowTableCaptions) { $TableParams['Caption'] = "- $($TableParams.Name)" } - $OutObj | Table @TableParams + $OutObj | Sort-Object -Property 'DC Name' | Table @TableParams } } catch { diff --git a/Src/Private/Get-AbrADDHCPv4PerScopeSetting.ps1 b/Src/Private/Get-AbrADDHCPv4PerScopeSetting.ps1 index 7ef8d13..73075da 100644 --- a/Src/Private/Get-AbrADDHCPv4PerScopeSetting.ps1 +++ b/Src/Private/Get-AbrADDHCPv4PerScopeSetting.ps1 @@ -62,7 +62,7 @@ function Get-AbrADDHCPv4PerScopeSetting { if ($Report.ShowTableCaptions) { $TableParams['Caption'] = "- $($TableParams.Name)" } - $OutObj | Table @TableParams + $OutObj | Sort-Object -Property 'Option Id' | Table @TableParams } } } diff --git a/Src/Private/Get-AbrADDHCPv4Scope.ps1 b/Src/Private/Get-AbrADDHCPv4Scope.ps1 index 62cc579..0437568 100644 --- a/Src/Private/Get-AbrADDHCPv4Scope.ps1 +++ b/Src/Private/Get-AbrADDHCPv4Scope.ps1 @@ -63,7 +63,7 @@ function Get-AbrADDHCPv4Scope { if ($Report.ShowTableCaptions) { $TableParams['Caption'] = "- $($TableParams.Name)" } - $OutObj | Table @TableParams + $OutObj | Sort-Object -Property 'Scope Id' | Table @TableParams try { $DHCPScopes = Invoke-Command -Session $Session { Get-DhcpServerv4ScopeStatistics -ComputerName $using:Server} @@ -99,7 +99,7 @@ function Get-AbrADDHCPv4Scope { if ($Report.ShowTableCaptions) { $TableParams['Caption'] = "- $($TableParams.Name)" } - $OutObj | Table @TableParams + $OutObj | Sort-Object -Property 'Scope Id' | Table @TableParams } } } diff --git a/Src/Private/Get-AbrADDHCPv4ScopeServerSetting.ps1 b/Src/Private/Get-AbrADDHCPv4ScopeServerSetting.ps1 index f122c78..f67f0a4 100644 --- a/Src/Private/Get-AbrADDHCPv4ScopeServerSetting.ps1 +++ b/Src/Private/Get-AbrADDHCPv4ScopeServerSetting.ps1 @@ -61,7 +61,7 @@ function Get-AbrADDHCPv4ScopeServerSetting { if ($Report.ShowTableCaptions) { $TableParams['Caption'] = "- $($TableParams.Name)" } - $OutObj | Table @TableParams + $OutObj | Sort-Object -Property 'Option Id' | Table @TableParams try { $DHCPScopeOptions = Invoke-Command -Session $Session { Get-DhcpServerv4DnsSetting -ComputerName $using:Server} if ($DHCPScopeOptions) { diff --git a/Src/Private/Get-AbrADDHCPv4Statistic.ps1 b/Src/Private/Get-AbrADDHCPv4Statistic.ps1 index 6d97549..c3dfc74 100644 --- a/Src/Private/Get-AbrADDHCPv4Statistic.ps1 +++ b/Src/Private/Get-AbrADDHCPv4Statistic.ps1 @@ -66,7 +66,7 @@ function Get-AbrADDHCPv4Statistic { if ($Report.ShowTableCaptions) { $TableParams['Caption'] = "- $($TableParams.Name)" } - $OutObj | Table @TableParams + $OutObj | Sort-Object -Property 'DC Name' | Table @TableParams } } } diff --git a/Src/Private/Get-AbrADDHCPv6PerScopeSetting.ps1 b/Src/Private/Get-AbrADDHCPv6PerScopeSetting.ps1 index cd70701..f6e0154 100644 --- a/Src/Private/Get-AbrADDHCPv6PerScopeSetting.ps1 +++ b/Src/Private/Get-AbrADDHCPv6PerScopeSetting.ps1 @@ -61,7 +61,7 @@ function Get-AbrADDHCPv6PerScopeSetting { if ($Report.ShowTableCaptions) { $TableParams['Caption'] = "- $($TableParams.Name)" } - $OutObj | Table @TableParams + $OutObj | Sort-Object -Property 'Option Id' | Table @TableParams } } } diff --git a/Src/Private/Get-AbrADDHCPv6Scope.ps1 b/Src/Private/Get-AbrADDHCPv6Scope.ps1 index 3f6c85d..b2cd336 100644 --- a/Src/Private/Get-AbrADDHCPv6Scope.ps1 +++ b/Src/Private/Get-AbrADDHCPv6Scope.ps1 @@ -64,7 +64,7 @@ function Get-AbrADDHCPv6Scope { if ($Report.ShowTableCaptions) { $TableParams['Caption'] = "- $($TableParams.Name)" } - $OutObj | Table @TableParams + $OutObj | Sort-Object -Property 'Scope Id' | Table @TableParams try { $DHCPScopes = Invoke-Command -Session $Session { Get-DhcpServerv6ScopeStatistics -ComputerName $using:Server} if ($DHCPScopes) { @@ -98,7 +98,7 @@ function Get-AbrADDHCPv6Scope { if ($Report.ShowTableCaptions) { $TableParams['Caption'] = "- $($TableParams.Name)" } - $OutObj | Table @TableParams + $OutObj | Sort-Object -Property 'Scope Id' | Table @TableParams } } } diff --git a/Src/Private/Get-AbrADDHCPv6ScopeServerSetting.ps1 b/Src/Private/Get-AbrADDHCPv6ScopeServerSetting.ps1 index 8e8a5bc..5f98537 100644 --- a/Src/Private/Get-AbrADDHCPv6ScopeServerSetting.ps1 +++ b/Src/Private/Get-AbrADDHCPv6ScopeServerSetting.ps1 @@ -62,7 +62,7 @@ function Get-AbrADDHCPv6ScopeServerSetting { if ($Report.ShowTableCaptions) { $TableParams['Caption'] = "- $($TableParams.Name)" } - $OutObj | Table @TableParams + $OutObj | Sort-Object -Property 'Option Id' | Table @TableParams try { $DHCPScopeOptions = Invoke-Command -Session $Session { Get-DhcpServerv6DnsSetting -ComputerName $using:Server} if ($DHCPScopeOptions) { diff --git a/Src/Private/Get-AbrADDHCPv6Statistic.ps1 b/Src/Private/Get-AbrADDHCPv6Statistic.ps1 index 4299e38..5c6c19c 100644 --- a/Src/Private/Get-AbrADDHCPv6Statistic.ps1 +++ b/Src/Private/Get-AbrADDHCPv6Statistic.ps1 @@ -65,7 +65,7 @@ function Get-AbrADDHCPv6Statistic { if ($Report.ShowTableCaptions) { $TableParams['Caption'] = "- $($TableParams.Name)" } - $OutObj | Table @TableParams + $OutObj | Sort-Object -Property 'DC Name' | Table @TableParams } } } diff --git a/Src/Private/Get-AbrADDNSInfrastructure.ps1 b/Src/Private/Get-AbrADDNSInfrastructure.ps1 index a98ad0a..e4b9966 100644 --- a/Src/Private/Get-AbrADDNSInfrastructure.ps1 +++ b/Src/Private/Get-AbrADDNSInfrastructure.ps1 @@ -64,7 +64,7 @@ function Get-AbrADDNSInfrastructure { if ($Report.ShowTableCaptions) { $TableParams['Caption'] = "- $($TableParams.Name)" } - $OutObj | Table @TableParams + $OutObj | Sort-Object -Property 'DC Name' | Table @TableParams #---------------------------------------------------------------------------------------------# # DNS IP Section # #---------------------------------------------------------------------------------------------# @@ -108,7 +108,7 @@ function Get-AbrADDNSInfrastructure { if ($Report.ShowTableCaptions) { $TableParams['Caption'] = "- $($TableParams.Name)" } - $OutObj | Table @TableParams + $OutObj | Sort-Object -Property 'DC Name' | Table @TableParams } } catch { @@ -154,7 +154,7 @@ function Get-AbrADDNSInfrastructure { if ($Report.ShowTableCaptions) { $TableParams['Caption'] = "- $($TableParams.Name)" } - $OutObj | Sort-Object -Property Name | Table @TableParams + $OutObj | Sort-Object -Property 'Name' | Table @TableParams } } } @@ -199,7 +199,7 @@ function Get-AbrADDNSInfrastructure { if ($Report.ShowTableCaptions) { $TableParams['Caption'] = "- $($TableParams.Name)" } - $OutObj | Table @TableParams + $OutObj | Sort-Object -Property 'DC Name' | Table @TableParams } } catch { @@ -248,7 +248,7 @@ function Get-AbrADDNSInfrastructure { if ($Report.ShowTableCaptions) { $TableParams['Caption'] = "- $($TableParams.Name)" } - $OutObj | Table @TableParams + $OutObj | Sort-Object -Property 'DC Name' | Table @TableParams } } catch { @@ -287,7 +287,7 @@ function Get-AbrADDNSInfrastructure { if ($Report.ShowTableCaptions) { $TableParams['Caption'] = "- $($TableParams.Name)" } - $OutObj | Table @TableParams + $OutObj | Sort-Object -Property 'DC Name' | Table @TableParams } } catch { @@ -327,7 +327,7 @@ function Get-AbrADDNSInfrastructure { if ($Report.ShowTableCaptions) { $TableParams['Caption'] = "- $($TableParams.Name)" } - $OutObj | Sort-Object -Property Name | Table @TableParams + $OutObj | Sort-Object -Property 'Name' | Table @TableParams } } } @@ -371,7 +371,7 @@ function Get-AbrADDNSInfrastructure { if ($Report.ShowTableCaptions) { $TableParams['Caption'] = "- $($TableParams.Name)" } - $OutObj | Table @TableParams + $OutObj | Sort-Object -Property 'DC Name' | Table @TableParams } } catch { diff --git a/Src/Private/Get-AbrADDNSZone.ps1 b/Src/Private/Get-AbrADDNSZone.ps1 index 3d78015..49b17ea 100644 --- a/Src/Private/Get-AbrADDNSZone.ps1 +++ b/Src/Private/Get-AbrADDNSZone.ps1 @@ -66,7 +66,7 @@ function Get-AbrADDNSZone { if ($Report.ShowTableCaptions) { $TableParams['Caption'] = "- $($TableParams.Name)" } - $OutObj | Table @TableParams + $OutObj | Sort-Object -Property 'Zone Name' | Table @TableParams if ($InfoLevel.DNS -ge 2) { try { $DNSSetting = Invoke-Command -Session $DCPssSession {Get-DnsServerZone | Where-Object {$_.IsReverseLookupZone -like "False" -and ($_.ZoneName -ne "_msdcs.pharmax.local" -and $_.ZoneName -ne "TrustAnchors") -and ($_.ZoneType -like "Primary" -or $_.ZoneType -like "Secondary")} | Select-Object -ExpandProperty ZoneName } @@ -110,7 +110,7 @@ function Get-AbrADDNSZone { if ($Report.ShowTableCaptions) { $TableParams['Caption'] = "- $($TableParams.Name)" } - $OutObj | Table @TableParams + $OutObj | Sort-Object -Property 'Zone Name' | Table @TableParams } } } @@ -196,7 +196,7 @@ function Get-AbrADDNSZone { if ($Report.ShowTableCaptions) { $TableParams['Caption'] = "- $($TableParams.Name)" } - $OutObj | Table @TableParams + $OutObj | Sort-Object -Property 'Zone Name' | Table @TableParams } } } @@ -234,7 +234,7 @@ function Get-AbrADDNSZone { if ($Report.ShowTableCaptions) { $TableParams['Caption'] = "- $($TableParams.Name)" } - $OutObj | Table @TableParams + $OutObj | Sort-Object -Property 'Zone Name' | Table @TableParams } } } @@ -282,7 +282,7 @@ function Get-AbrADDNSZone { if ($Report.ShowTableCaptions) { $TableParams['Caption'] = "- $($TableParams.Name)" } - $OutObj | Table @TableParams + $OutObj | Sort-Object -Property 'Zone Name' | Table @TableParams } } } diff --git a/Src/Private/Get-AbrADDomainController.ps1 b/Src/Private/Get-AbrADDomainController.ps1 index 2487b2f..177ced5 100644 --- a/Src/Private/Get-AbrADDomainController.ps1 +++ b/Src/Private/Get-AbrADDomainController.ps1 @@ -66,7 +66,7 @@ function Get-AbrADDomainController { if ($Report.ShowTableCaptions) { $TableParams['Caption'] = "- $($TableParams.Name)" } - $OutObj | Table @TableParams + $OutObj | Sort-Object -Property 'DC Name' | Table @TableParams } } catch { @@ -182,7 +182,7 @@ function Get-AbrADDomainController { if ($Report.ShowTableCaptions) { $TableParams['Caption'] = "- $($TableParams.Name)" } - $OutObj | Table @TableParams + $OutObj | Sort-Object -Property 'DC Name' | Table @TableParams } } } @@ -236,7 +236,7 @@ function Get-AbrADDomainController { if ($Report.ShowTableCaptions) { $TableParams['Caption'] = "- $($TableParams.Name)" } - $OutObj | Table @TableParams + $OutObj | Sort-Object -Property 'DC Name' | Table @TableParams } } } @@ -278,7 +278,7 @@ function Get-AbrADDomainController { if ($Report.ShowTableCaptions) { $TableParams['Caption'] = "- $($TableParams.Name)" } - $OutObj | Table @TableParams + $OutObj | Sort-Object -Property 'Name' | Table @TableParams } } } diff --git a/Src/Private/Get-AbrADForest.ps1 b/Src/Private/Get-AbrADForest.ps1 index 55df2c1..f0864e3 100644 --- a/Src/Private/Get-AbrADForest.ps1 +++ b/Src/Private/Get-AbrADForest.ps1 @@ -106,7 +106,7 @@ function Get-AbrADForest { if ($Report.ShowTableCaptions) { $TableParams['Caption'] = "- $($TableParams.Name)" } - $OutObj | Table @TableParams + $OutObj | Sort-Object -Property 'Name' | Table @TableParams } } } diff --git a/Src/Private/Get-AbrADGPO.ps1 b/Src/Private/Get-AbrADGPO.ps1 index 175e9d6..d0d8f7c 100644 --- a/Src/Private/Get-AbrADGPO.ps1 +++ b/Src/Private/Get-AbrADGPO.ps1 @@ -70,7 +70,7 @@ function Get-AbrADGPO { if ($Report.ShowTableCaptions) { $TableParams['Caption'] = "- $($TableParams.Name)" } - $OutObj | Table @TableParams + $OutObj | Sort-Object -Property 'GPO Name' | Table @TableParams } catch { Write-PscriboMessage -IsWarning "$($_.Exception.Message) (Group Policy Objects Summary)" @@ -199,7 +199,7 @@ function Get-AbrADGPO { if ($Report.ShowTableCaptions) { $TableParams['Caption'] = "- $($TableParams.Name)" } - $OutObj | Table @TableParams + $OutObj | Sort-Object -Property 'GPO Name' | Table @TableParams } } } @@ -255,7 +255,7 @@ function Get-AbrADGPO { if ($Report.ShowTableCaptions) { $TableParams['Caption'] = "- $($TableParams.Name)" } - $OutObj | Table @TableParams + $OutObj | Sort-Object -Property 'GPO Name' | Table @TableParams } } @@ -307,7 +307,7 @@ function Get-AbrADGPO { if ($Report.ShowTableCaptions) { $TableParams['Caption'] = "- $($TableParams.Name)" } - $OutObj | Table @TableParams + $OutObj | Sort-Object -Property 'GPO Name' | Table @TableParams } } } @@ -355,7 +355,7 @@ function Get-AbrADGPO { if ($Report.ShowTableCaptions) { $TableParams['Caption'] = "- $($TableParams.Name)" } - $OutObj | Table @TableParams + $OutObj | Sort-Object -Property 'GPO Name' | Table @TableParams } } } @@ -410,7 +410,7 @@ function Get-AbrADGPO { if ($Report.ShowTableCaptions) { $TableParams['Caption'] = "- $($TableParams.Name)" } - $OutObj | Table @TableParams + $OutObj | Sort-Object -Property 'GPO Name' | Table @TableParams } } } diff --git a/Src/Private/Get-AbrADInfrastructureService.ps1 b/Src/Private/Get-AbrADInfrastructureService.ps1 index 1200572..9b1e904 100644 --- a/Src/Private/Get-AbrADInfrastructureService.ps1 +++ b/Src/Private/Get-AbrADInfrastructureService.ps1 @@ -70,7 +70,7 @@ function Get-AbrADInfrastructureService { if ($Report.ShowTableCaptions) { $TableParams['Caption'] = "- $($TableParams.Name)" } - $OutObj | Table @TableParams + $OutObj | Sort-Object -Property 'Display Name' | Table @TableParams } Remove-PSSession -Session $DCPssSession } diff --git a/Src/Private/Get-AbrADOU.ps1 b/Src/Private/Get-AbrADOU.ps1 index 9a5952b..2a0d409 100644 --- a/Src/Private/Get-AbrADOU.ps1 +++ b/Src/Private/Get-AbrADOU.ps1 @@ -72,7 +72,7 @@ function Get-AbrADOU { if ($Report.ShowTableCaptions) { $TableParams['Caption'] = "- $($TableParams.Name)" } - $OutObj | Table @TableParams + $OutObj | Sort-Object -Property 'Name' | Table @TableParams if ($HealthCheck.Domain.GPO) { try { $OutObj = @() @@ -121,7 +121,7 @@ function Get-AbrADOU { if ($Report.ShowTableCaptions) { $TableParams['Caption'] = "- $($TableParams.Name)" } - $OutObj | Table @TableParams + $OutObj | Sort-Object -Property 'OU Name' | Table @TableParams } } diff --git a/Src/Private/Get-AbrADSite.ps1 b/Src/Private/Get-AbrADSite.ps1 index db36669..252dc17 100644 --- a/Src/Private/Get-AbrADSite.ps1 +++ b/Src/Private/Get-AbrADSite.ps1 @@ -66,7 +66,7 @@ function Get-AbrADSite { if ($Report.ShowTableCaptions) { $TableParams['Caption'] = "- $($TableParams.Name)" } - $OutObj | Table @TableParams + $OutObj | Sort-Object -Property 'Site Name' | Table @TableParams try { $Subnet = Invoke-Command -Session $Session {Get-ADReplicationSubnet -Filter * -Properties *} if ($Subnet) { @@ -97,7 +97,7 @@ function Get-AbrADSite { if ($Report.ShowTableCaptions) { $TableParams['Caption'] = "- $($TableParams.Name)" } - $OutObj | Table @TableParams + $OutObj | Sort-Object -Property 'Subnet' | Table @TableParams } } } @@ -141,7 +141,7 @@ function Get-AbrADSite { if ($Report.ShowTableCaptions) { $TableParams['Caption'] = "- $($TableParams.Name)" } - $OutObj | Table @TableParams + $OutObj | Sort-Object -Property 'Site Link Name' | Table @TableParams } } } From db5143960a904b1e9ff8df32bbc6dc24d7bf5a95 Mon Sep 17 00:00:00 2001 From: Jonathan Colon Date: Mon, 24 Jan 2022 08:47:02 -0400 Subject: [PATCH 20/23] More Table Sorts --- Src/Private/Get-AbrADDCDiag.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Src/Private/Get-AbrADDCDiag.ps1 b/Src/Private/Get-AbrADDCDiag.ps1 index 9fc7a2d..9263fab 100644 --- a/Src/Private/Get-AbrADDCDiag.ps1 +++ b/Src/Private/Get-AbrADDCDiag.ps1 @@ -63,7 +63,7 @@ function Get-AbrADDCDiag { if ($Report.ShowTableCaptions) { $TableParams['Caption'] = "- $($TableParams.Name)" } - $OutObj | Table @TableParams + $OutObj | Sort-Object -Property 'Test Name' | Table @TableParams } } catch { From a55ae9d321b55dd5906aeaa4dd82d9ff5c746cc8 Mon Sep 17 00:00:00 2001 From: Jonathan Colon Date: Mon, 24 Jan 2022 08:51:33 -0400 Subject: [PATCH 21/23] Added table sorting to changelog --- CHANGELOG.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 731f7b2..8e62f71 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,6 @@ # :arrows_counterclockwise: Microsoft AD As Built Report Changelog -## [0.6.2] - 2021-12-07 +## [0.6.2] - 2022-01-24 ### Changed @@ -8,6 +8,7 @@ - Implement more try/catch to better handle terminating errors. - Update ReadMe to include Known limitations. - Improve Sections title text. +- Improve table sorting. ### Fixed From 8f868e05b205b224190a57102314911c84a7945f Mon Sep 17 00:00:00 2001 From: Jonathan Colon Date: Mon, 24 Jan 2022 08:52:48 -0400 Subject: [PATCH 22/23] Updated sample report --- .../Sample Microsoft AD As Built Report.html | 2291 ++++++++++++----- 1 file changed, 1600 insertions(+), 691 deletions(-) diff --git a/Samples/Sample Microsoft AD As Built Report.html b/Samples/Sample Microsoft AD As Built Report.html index 98569eb..998ce35 100644 --- a/Samples/Sample Microsoft AD As Built Report.html +++ b/Samples/Sample Microsoft AD As Built Report.html @@ -1,4 +1,4 @@ - + Microsoft AD As Built Report
-











Microsoft AD As Built Report


Zen Pr Solutions
































+











+Microsoft Logo +
+

Microsoft AD As Built Report


Zen Pr Solutions
































- +
Author:Jonathan Colon
Date:Friday, October 29, 2021
Date:Monday, January 24, 2022
Version:1.0

-
Microsoft AD As Built Report - v1.0

Table of Contents

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +
Microsoft AD As Built Report - v1.0

Table of Contents

1ZENPR.LOCAL Active Directory Report
1.1   Forest Information.
1.1.1      Optional Features
1.1.2      Domain Sites
1.1.3      Site Links
1.2   Active Directory Domain Information
1.2.1      ZENPR.LOCAL Domain Configuration
1.2.1.1         Flexible Single Master Operations (FSMO)
1.2.1.2         Domain and Trusts
1.2.1.3         Domain Object Count
1.2.1.4         Default Domain Password Policy
1.2.1.5         Fined Grained Password Policies
1.2.1.6         Group Managed Service Accounts (GMSA)
1.2.1.7         Domain Controller Summary
1.2.1.7.1            Hardware Inventory
1.2.1.7.2            NTDS Information
1.2.1.7.3            Time Source Information
1.2.1.7.4            DC Diagnostic
1.2.1.7.5            SERVER-DC-01V Infrastructure Services Status
1.2.1.7.6            CAYEY-DC-01V Infrastructure Services Status
1.2.1.7.7            Sites Replication
1.2.1.7.8            Sites Replication Failure
1.2.1.7.9            Group Policy Objects Summary
1.2.1.7.9.1               GPO with User Logon/Logoff Script
1.2.1.7.9.2               GPO with Computer Startup/Shutdown Script
1.2.1.7.9.3               Health Check - Unlinked GPO
1.2.1.7.9.4               Health Check - Empty GPOs
1.2.1.7.9.5               Health Check - Enforced GPO
1.2.1.7.10            Organizational Units
1.2.1.7.10.1               Health Check - OU with GPO Blocked Inheritance
1.2.2      ACAD.ZENPR.LOCAL Domain Configuration
1.2.2.1         Flexible Single Master Operations (FSMO)
1.2.2.2         Domain and Trusts
1.2.2.3         Domain Object Count
1.2.2.4         Default Domain Password Policy
1.2.2.5         Fined Grained Password Policies
1.2.2.6         Group Managed Service Accounts (GMSA)
1.2.2.7         Domain Controller Summary
1.2.2.7.1            Hardware Inventory
1.2.2.7.2            NTDS Information
1.2.2.7.3            Time Source Information
1.2.2.7.4            DC Diagnostic
1.2.2.7.5            ACADE-DC-01V Infrastructure Services Status
1.2.2.7.6            Sites Replication
1.2.2.7.7            Group Policy Objects Summary
1.2.2.7.7.1               GPO with User Logon/Logoff Script
1.2.2.7.7.2               Health Check - Unlinked GPO
1.2.2.7.7.3               Health Check - Empty GPOs
1.2.2.7.7.4               Health Check - Enforced GPO
1.2.2.7.8            Organizational Units
1.2.2.7.8.1               Health Check - OU with GPO Blocked Inheritance
1.3   ZENPR.LOCAL Domain Name System Summary
1.3.1      ZENPR.LOCAL DNS Configuration
1.3.1.1         Infrastructure Summary
1.3.1.1.1            Response Rate Limiting (RRL)
1.3.1.1.2            Scavenging Options
1.3.1.1.3            Forwarder Options
1.3.1.1.4            Zone Scope Recursion
1.3.1.2         SERVER-DC-01V DNS Zone Configuration
1.3.1.2.1            SERVER-DC-01V Zone Delegation
1.3.1.2.2            SERVER-DC-01V Reverse Lookup Zone Configuration
1.3.1.2.3            SERVER-DC-01V Conditional Forwarder
1.3.1.2.4            SERVER-DC-01V Zone Scope Aging Properties
1.3.1.3         CAYEY-DC-01V DNS Zone Configuration
1.3.1.3.1            CAYEY-DC-01V Zone Delegation
1.3.1.3.2            CAYEY-DC-01V Reverse Lookup Zone Configuration
1.3.1.3.3            CAYEY-DC-01V Conditional Forwarder
1.3.1.3.4            CAYEY-DC-01V Zone Scope Aging Properties
1.3.2      ACAD.ZENPR.LOCAL DNS Configuration
1.3.2.1         Infrastructure Summary
1.3.2.1.1            Response Rate Limiting (RRL)
1.3.2.1.2            Scavenging Options
1.3.2.1.3            Forwarder Options
1.3.2.1.4            Zone Scope Recursion
1.4   ZENPR.LOCAL Dynamic Host Configuration Protocol Summary
1.4.1      ZENPR.LOCAL Domain DHCP Configuration
1.4.1.1         DHCP Servers In Active Directory
1.4.1.1.1            Service Database
1.4.1.1.2            Dynamic DNS credentials
1.4.1.2         IPv4 Scope Summary
1.4.1.2.1            IPv4 Service Statistics
1.4.1.2.2            CAYEY-DC-01V IPv4 Scopes
1.4.1.2.2.1               CAYEY-DC-01V IPv4 Scope Statistics
1.4.1.2.2.2               CAYEY-DC-01V IPv4 Scope Failover
1.4.1.2.2.3                CAYEY-DC-01V IPv4 Network Interface Binding
1.4.1.2.3            CAYEY-DC-01V IPv4 Scope Server Options
1.4.1.2.3.1               Scope DNS Setting
1.4.1.2.3.2               10.10.33.0 Scope Options Configuration
1.4.1.2.3.3               10.10.34.0 Scope Options Configuration
1.4.1.2.4            SERVER-DC-01V IPv4 Scopes
1.4.1.2.4.1               SERVER-DC-01V IPv4 Scope Statistics
1.4.1.2.4.2               SERVER-DC-01V IPv4 Scope Failover
1.4.1.2.4.3                SERVER-DC-01V IPv4 Network Interface Binding
1.4.1.2.5            SERVER-DC-01V IPv4 Scope Server Options
1.4.1.2.5.1               Scope DNS Setting
1.4.1.2.5.2               10.10.32.0 Scope Options Configuration
1.4.1.2.5.3               10.10.33.0 Scope Options Configuration
1.4.1.2.5.4               10.10.34.0 Scope Options Configuration
1.4.1.2.5.5               10.10.35.0 Scope Options Configuration
1.4.1.2.5.6               192.168.2.0 Scope Options Configuration
1.4.1.2.5.7               192.168.4.0 Scope Options Configuration
1.4.1.2.5.8               192.168.6.0 Scope Options Configuration
1.4.1.2.5.9               192.168.7.0 Scope Options Configuration
1.4.1.2.5.10               192.168.12.0 Scope Options Configuration
1.4.1.3         ZENPR.LOCAL IPv6 Scope Configuration
1.4.1.3.1            IPv6 Service Statistics
1.4.2      ACAD.ZENPR.LOCAL Domain DHCP Configuration
1.4.2.1         DHCP Servers In Active Directory
1.4.2.1.1            Service Database
1.4.2.1.2            Dynamic DNS credentials
1.4.2.2         IPv4 Scope Summary
1.4.2.2.1            IPv4 Service Statistics
1.4.2.2.2            ACADE-DC-01V IPv4 Scopes
1.4.2.2.2.1               ACADE-DC-01V IPv4 Scope Statistics
1.4.2.2.2.2                ACADE-DC-01V IPv4 Network Interface Binding
1.4.2.2.3            ACADE-DC-01V IPv4 Scope Server Options
1.4.2.2.3.1               Scope DNS Setting
1.4.2.2.3.2               172.23.5.0 Scope Options Configuration
1.4.2.3         ACAD.ZENPR.LOCAL IPv6 Scope Configuration
1.4.2.3.1            IPv6 Service Statistics
1.4.2.3.2            ACADE-DC-01V IPv6 Scopes
1.4.2.3.2.1               ACADE-DC-01V IPv6 Scope Statistics
1.4.2.3.2.2               ACADE-DC-01V IPv6 Network Interface Binding
1.4.2.3.3            ACADE-DC-01V IPv6 Scope Server Options
1.4.2.3.3.1               Scope DNS Settings
1.4.2.3.3.2               fd99:9971:: Scope Options
1.5   ZENPR.LOCAL Certificate Authority Summary
1.5.1      ZENPR.LOCAL Enterprise Root Certificate Authority
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
1PHARMAX.LOCAL Active Directory Report
1.1   Forest Information.
1.1.1      Optional Features
1.1.2      Domain Sites
1.1.2.1         Site Subnets
1.1.2.2         Site Links
1.2   Active Directory Domain Information
1.2.1      PHARMAX.LOCAL Domain Configuration
1.2.1.1         Flexible Single Master Operations (FSMO)
1.2.1.2         Domain and Trusts
1.2.1.3         Domain Object Count
1.2.1.4         Default Domain Password Policy
1.2.1.5         Fined Grained Password Policies
1.2.1.6         Group Managed Service Accounts (GMSA)
1.2.1.7         Domain Controller Summary
1.2.1.7.1            Hardware Inventory
1.2.1.7.2            NTDS Information
1.2.1.7.3            Time Source Information
1.2.1.7.4            HealthCheck - Installed Software on DC
1.2.1.7.4.1               SERVER-DC-01V additional software
1.2.1.7.4.2               CAYEY-DC-01V additional software
1.2.1.7.5            DC Diagnostic
1.2.1.7.6            SERVER-DC-01V Infrastructure Services Status
1.2.1.7.7            CAYEY-DC-01V Infrastructure Services Status
1.2.1.7.8            Sites Replication
1.2.1.7.9            Sites Replication Failure
1.2.1.7.10            Group Policy Objects Summary
1.2.1.7.10.1               GPO Central Store Repository
1.2.1.7.10.2               GPO with User Logon/Logoff Script
1.2.1.7.10.3               GPO with Computer Startup/Shutdown Script
1.2.1.7.10.4               Health Check - Unlinked GPO
1.2.1.7.10.5               Health Check - Empty GPOs
1.2.1.7.10.6               Health Check - Enforced GPO
1.2.1.7.11            Organizational Units
1.2.1.7.11.1               Health Check - OU with GPO Blocked Inheritance
1.2.2      ACAD.PHARMAX.LOCAL Domain Configuration
1.2.2.1         Flexible Single Master Operations (FSMO)
1.2.2.2         Domain and Trusts
1.2.2.3         Domain Object Count
1.2.2.4         Default Domain Password Policy
1.2.2.5         Fined Grained Password Policies
1.2.2.6         Group Managed Service Accounts (GMSA)
1.2.2.7         Domain Controller Summary
1.2.2.7.1            Hardware Inventory
1.2.2.7.2            NTDS Information
1.2.2.7.3            Time Source Information
1.2.2.7.4            HealthCheck - Installed Software on DC
1.2.2.7.5            DC Diagnostic
1.2.2.7.6            ACADE-DC-01V Infrastructure Services Status
1.2.2.7.7            Sites Replication
1.2.2.7.8            Group Policy Objects Summary
1.2.2.7.8.1               GPO Central Store Repository
1.2.2.7.8.2               GPO with User Logon/Logoff Script
1.2.2.7.8.3               Health Check - Unlinked GPO
1.2.2.7.8.4               Health Check - Empty GPOs
1.2.2.7.8.5               Health Check - Enforced GPO
1.2.2.7.9            Organizational Units
1.2.2.7.9.1               Health Check - OU with GPO Blocked Inheritance
1.3   Domain Name System Summary
1.3.1      PHARMAX.LOCAL DNS Configuration
1.3.1.1         Infrastructure Summary
1.3.1.1.1            Domain Controller DNS IP Configuration
1.3.1.1.2            Application Directory Partition
1.3.1.1.2.1               SERVER-DC-01V Directory Partition
1.3.1.1.2.2               CAYEY-DC-01V Directory Partition
1.3.1.1.3            Response Rate Limiting (RRL)
1.3.1.1.4            Scavenging Options
1.3.1.1.5            Forwarder Options
1.3.1.1.6            Root Hints
1.3.1.1.6.1               SERVER-DC-01V Root Hints
1.3.1.1.6.2               CAYEY-DC-01V Root Hints
1.3.1.1.7            Zone Scope Recursion
1.3.1.2         SERVER-DC-01V DNS Zone Configuration
1.3.1.2.1            Zone Delegation
1.3.1.2.2            Zone Transfers
1.3.1.2.3            Reverse Lookup Zone Configuration
1.3.1.2.4            Conditional Forwarder
1.3.1.2.5            Zone Scope Aging Properties
1.3.1.3         CAYEY-DC-01V DNS Zone Configuration
1.3.1.3.1            Zone Delegation
1.3.1.3.2            Reverse Lookup Zone Configuration
1.3.1.3.3            Conditional Forwarder
1.3.1.3.4            Zone Scope Aging Properties
1.3.2      ACAD.PHARMAX.LOCAL DNS Configuration
1.3.2.1         Infrastructure Summary
1.3.2.1.1            Domain Controller DNS IP Configuration
1.3.2.1.2            Application Directory Partition
1.3.2.1.2.1               ACADE-DC-01V Directory Partition
1.3.2.1.3            Response Rate Limiting (RRL)
1.3.2.1.4            Scavenging Options
1.3.2.1.5            Forwarder Options
1.3.2.1.6            Root Hints
1.3.2.1.6.1               ACADE-DC-01V Root Hints
1.3.2.1.7            Zone Scope Recursion
1.3.2.2         ACADE-DC-01V DNS Zone Configuration
1.3.2.2.1            Zone Transfers
1.3.2.2.2            Reverse Lookup Zone Configuration
1.3.2.2.3            Conditional Forwarder
1.3.2.2.4            Zone Scope Aging Properties
1.4   Dynamic Host Configuration Protocol Summary
1.4.1      PHARMAX.LOCAL Domain DHCP Configuration
1.4.1.1         DHCP Servers In Active Directory
1.4.1.1.1            Service Database
1.4.1.1.2            Dynamic DNS credentials
1.4.1.2         IPv4 Scope Configuration
1.4.1.2.1            IPv4 Service Statistics
1.4.1.2.2            CAYEY-DC-01V IPv4 Scopes
1.4.1.2.2.1               IPv4 Scope Statistics
1.4.1.2.2.2               IPv4 Scope Failover
1.4.1.2.2.3               IPv4 Network Interface Binding
1.4.1.2.3            CAYEY-DC-01V IPv4 Scope Server Options
1.4.1.2.3.1               Scope DNS Setting
1.4.1.2.4            10.10.33.0 Scope Options
1.4.1.2.5            10.10.34.0 Scope Options
1.4.1.2.6            SERVER-DC-01V IPv4 Scopes
1.4.1.2.6.1               IPv4 Scope Statistics
1.4.1.2.6.2               IPv4 Scope Failover
1.4.1.2.6.3               IPv4 Network Interface Binding
1.4.1.2.7            SERVER-DC-01V IPv4 Scope Server Options
1.4.1.2.7.1               Scope DNS Setting
1.4.1.2.8            10.10.32.0 Scope Options
1.4.1.2.9            10.10.33.0 Scope Options
1.4.1.2.10            10.10.34.0 Scope Options
1.4.1.2.11            10.10.35.0 Scope Options
1.4.1.2.12            192.168.2.0 Scope Options
1.4.1.2.13            192.168.4.0 Scope Options
1.4.1.2.14            192.168.6.0 Scope Options
1.4.1.2.15            192.168.7.0 Scope Options
1.4.1.2.16            192.168.12.0 Scope Options
1.4.1.3         IPv6 Scope Configuration
1.4.1.3.1            IPv6 Service Statistics
1.4.2      ACAD.PHARMAX.LOCAL Domain DHCP Configuration
1.4.2.1         DHCP Servers In Active Directory
1.4.2.1.1            Service Database
1.4.2.1.2            Dynamic DNS credentials
1.4.2.2         IPv4 Scope Configuration
1.4.2.2.1            IPv4 Service Statistics
1.4.2.2.2            ACADE-DC-01V IPv4 Scopes
1.4.2.2.2.1               IPv4 Scope Statistics
1.4.2.2.2.2               IPv4 Network Interface Binding
1.4.2.2.3            ACADE-DC-01V IPv4 Scope Server Options
1.4.2.2.3.1               Scope DNS Setting
1.4.2.2.4            172.23.5.0 Scope Options
1.4.2.3         IPv6 Scope Configuration
1.4.2.3.1            IPv6 Service Statistics
1.4.2.3.2            ACADE-DC-01V IPv6 Scopes
1.4.2.3.2.1               IPv6 Scope Statistics
1.4.2.3.3            ACADE-DC-01V IPv6 Scope Server Options
1.4.2.3.3.1               Scope DNS Settings
1.4.2.3.4            fd99:9971:: Scope Options
1.5   Certificate Authority Summary
1.5.1      Enterprise Root Certificate Authority
1.5.2      Enterprise Subordinate Certificate Authority
1.5.3      Certificate Validity Period
1.5.3.1         Access Control List (ACL) Summary
1.5.3.1.1            pharmax-SERVER-DC-01V-CA Rights
1.5.3.1.2            acad-ACADE-DC-01V-CA Rights
1.5.3.1.3            pharmax-CAYEY-DC-01V-CA Rights
1.5.4      Cryptography Configuration
1.5.5      Authority Information Access (AIA) Summary
1.5.5.1         pharmax-SERVER-DC-01V-CA
1.5.5.2         acad-ACADE-DC-01V-CA
1.5.5.3         pharmax-CAYEY-DC-01V-CA
1.5.6      Certificate Revocation List (CRL) Configuration
1.5.6.1         CRL Validity Period
1.5.6.2         CRL Flags Settings
1.5.6.3         CRL Distribution Point
1.5.6.3.1            pharmax-SERVER-DC-01V-CA
1.5.6.3.2            acad-ACADE-DC-01V-CA
1.5.6.3.3            pharmax-CAYEY-DC-01V-CA
1.5.7      AIA and CDP Health Status
1.5.8      Certificate Template Summary
1.5.8.1         pharmax-SERVER-DC-01V-CA Certificate Template
1.5.8.2         Certificate Template In Active Directory
1.5.9      Certificate Template Summary
1.5.9.1         acad-ACADE-DC-01V-CA Certificate Template
1.5.9.2         Certificate Template In Active Directory
1.5.10      Certificate Template Summary
1.5.10.1         pharmax-CAYEY-DC-01V-CA Certificate Template
1.5.10.2         Certificate Template In Active Directory
1.5.11      Key Recovery Agent Certificate

Page 2
-
Microsoft AD As Built Report - v1.0

1 ZENPR.LOCAL Active Directory Report

The following section provides a summary of the Active Directory Infrastructure configuration for ZENPR.LOCAL.

1.1 Forest Information.

The Active Directory framework that holds the objects can be viewed at a number of levels. The forest, tree, and domain are the logical divisions in an Active Directory network. At the top of the structure is the forest. A forest is a collection of trees that share a common global catalog, directory schema, logical structure, and directory configuration. The forest represents the security boundary within which users, computers, groups, and other objects are accessible.

+
Microsoft AD As Built Report - v1.0

1 PHARMAX.LOCAL Active Directory Report

The following section provides a summary of the Active Directory Infrastructure configuration for PHARMAX.LOCAL.

1.1 Forest Information.

The Active Directory framework that holds the objects can be viewed at a number of levels. The forest, tree, and domain are the logical divisions in an Active Directory network. At the top of the structure is the forest. A forest is a collection of trees that share a common global catalog, directory schema, logical structure, and directory configuration. The forest represents the security boundary within which users, computers, groups, and other objects are accessible.

- + - - - - + + + +
Forest Namezenpr.local
Forest Namepharmax.local
Forest Functional LevelWindows2016Forest
Schema VersionObjectVersion 88, Correspond to Windows Server 2019
Tombstone Lifetime (days)180
Domainsacad.zenpr.local; zenpr.local
Global CatalogsServer-DC-01V.zenpr.local; acade-dc-01v.acad.zenpr.local
Application PartitionsDC=DomainDnsZones,DC=acad,DC=zenpr,DC=local
DC=ForestDnsZones,DC=zenpr,DC=local
DC=DomainDnsZones,DC=zenpr,DC=local
PartitionsContainerCN=Partitions,CN=Configuration,DC=zenpr,DC=local
Domainsacad.pharmax.local; pharmax.local
Global CatalogsServer-DC-01V.pharmax.local; acade-dc-01v.acad.pharmax.local
Application PartitionsDC=DomainDnsZones,DC=acad,DC=pharmax,DC=local
DC=ForestDnsZones,DC=pharmax,DC=local
DC=DomainDnsZones,DC=pharmax,DC=local
PartitionsContainerCN=Partitions,CN=Configuration,DC=pharmax,DC=local
SPN Suffixes-
UPN Suffixes-
-
Table 1 - AD Forest Summary Information - ZENPR.LOCAL

-

1.1.1 Optional Features

The following section provides a summary of the enabled Optional Features.

+
Table 1 - Forest Summary - PHARMAX.LOCAL

+

1.1.1 Optional Features

- - -
NameRequired Forest ModeForest
Recycle Bin FeatureWindows2008R2ForestZENPR.LOCAL
Privileged Access Management FeatureWindows2016ForestZENPR.LOCAL
-
Table 2 - Active Directory Enabled Optional Features Information - ZENPR.LOCAL

-

1.1.2 Domain Sites

The following section provides a summary of the Active Directory Sites.

- - - - -
Site NameDescriptionCreation DateSubnets
Zenpr-HQSite of San Juan, PR HQMon, 11 Jun 2018 00:59:59 GMT10.9.1.0/24
192.168.0.0/16
Cayey-BranchSite of Cayey, PR BranchSat, 04 Sep 2021 00:35:15 GMT10.10.0.0/16
ACAD-Sun, 05 Sep 2021 16:13:51 GMT172.23.0.0/16
-
Table 3 - Domain Site Information - ZENPR.LOCAL

-

1.1.3 Site Links

The following section provides a summary of the Active Directory Site Link information.

+ + +
Privileged Access Management FeatureWindows2016ForestPHARMAX.LOCAL
Recycle Bin FeatureWindows2008R2ForestPHARMAX.LOCAL
+
Table 2 - Optional Features - PHARMAX.LOCAL

+

1.1.2 Domain Sites

+ + + + + +
Site NameDescriptionSubnetsCreation Date
ACAD-172.23.0.0/169/5/2021
Cayey-BranchSite of Cayey, PR Branch10.10.0.0/169/3/2021
Dead-Site--1/22/2022
Pharmax-HQSite of San Juan, PR HQ10.9.1.0/24
192.168.0.0/16		6/10/2018
+
Table 3 - Sites - PHARMAX.LOCAL

+

1.1.2.1 Site Subnets

+ + + + + +
SubnetDescriptionSitesCreation Date
10.10.0.0/16Cayey-NetworksCayey-Branch9/12/2020
10.9.1.0/24-Pharmax-HQ9/14/2021
172.23.0.0/16-ACAD9/5/2021
192.168.0.0/16-Pharmax-HQ9/12/2020
+
Table 4 - Site Subnets - PHARMAX.LOCAL

+

1.1.2.2 Site Links

- - + +
Site Link NameCostReplication FrequencyTransport ProtocolSites
Zenpr-to-All10015 minIPACAD
Cayey-Branch
Zenpr-HQ
ZENPR-to-ACAD10015 minIPACAD
Zenpr-HQ
PHARMAX-to-ACAD10015 minIPACAD
Pharmax-HQ
Pharmax-to-All10015 minIPDead-Site
ACAD
Cayey-Branch
Pharmax-HQ
-
Table 4 - Site Links Information - ZENPR.LOCAL

-

1.2 Active Directory Domain Information

An Active Directory domain is a collection of objects within a Microsoft Active Directory network. An object can be a single user or a group or it can be a hardware component, such as a computer or printer.Each domain holds a database containing object identity information. Active Directory domains can be identified using a DNS name, which can be the same as an organization's public domain name, a sub-domain or an alternate version (which may end in .local).

1.2.1 ZENPR.LOCAL Domain Configuration

The following section provides a summary of the Active Directory Domain Information.

+
Table 5 - Site Links - PHARMAX.LOCAL

+

1.2 Active Directory Domain Information

An Active Directory domain is a collection of objects within a Microsoft Active Directory network. An object can be a single user or a group or it can be a hardware component, such as a computer or printer.Each domain holds a database containing object identity information. Active Directory domains can be identified using a DNS name, which can be the same as an organization's public domain name, a sub-domain or an alternate version (which may end in .local).

1.2.1 PHARMAX.LOCAL Domain Configuration

The following section provides a summary of the Active Directory Domain Information.

- - + + - + - - - - - - - + + + + + + +
Domain Namezenpr
NetBIOS NameZENPR
Domain Namepharmax
NetBIOS NamePHARMAX
Domain SIDS-1-5-21-2867495315-1194516362-180967319
Domain Functional LevelWindows2016Domain
Domains-
Forestzenpr.local
Forestpharmax.local
Parent Domain-
Replica Directory ServersServer-DC-01V.zenpr.local
cayey-dc-01v.zenpr.local
Child Domainsacad.zenpr.local
Domain Pathzenpr.local/
Computers Containerzenpr.local/Computers
Domain Controllers Containerzenpr.local/Domain Controllers
Systems Containerzenpr.local/System
Users Containerzenpr.local/Users
Replica Directory ServersServer-DC-01V.pharmax.local
cayey-dc-01v.pharmax.local
Child Domainsacad.pharmax.local
Domain Pathpharmax.local/
Computers Containerpharmax.local/Computers
Domain Controllers Containerpharmax.local/Domain Controllers
Systems Containerpharmax.local/System
Users Containerpharmax.local/Users
ReadOnly Replica Directory Servers-
-
Table 5 - AD Domain Summary Information - ZENPR.LOCAL

-

1.2.1.1 Flexible Single Master Operations (FSMO)

The following section provides a summary of the Active Directory FSMO for Domain ZENPR.LOCAL.

+
Table 6 - Domain Summary - PHARMAX.LOCAL

+

1.2.1.1 Flexible Single Master Operations (FSMO)

The following section provides a summary of the Active Directory FSMO for Domain PHARMAX.LOCAL.

- - - - - -
Infrastructure Master ServerServer-DC-01V.zenpr.local
RID Master ServerServer-DC-01V.zenpr.local
PDC Emulator NameServer-DC-01V.zenpr.local
Domain Naming Master ServerServer-DC-01V.zenpr.local
Schema Master ServerServer-DC-01V.zenpr.local
-
Table 6 - FSMO Server Information - zenpr.local

-

1.2.1.2 Domain and Trusts

The following section provides a summary of Active Directory Trust information on ZENPR.LOCAL.

+ + + + + +
Infrastructure Master ServerServer-DC-01V.pharmax.local
RID Master ServerServer-DC-01V.pharmax.local
PDC Emulator NameServer-DC-01V.pharmax.local
Domain Naming Master ServerServer-DC-01V.pharmax.local
Schema Master ServerServer-DC-01V.pharmax.local
+
Table 7 - FSMO Server - pharmax.local

+

1.2.1.2 Domain and Trusts

The following section provides a summary of Active Directory Trust information on PHARMAX.LOCAL.

- - - - + + + + @@ -256,23 +320,23 @@
Nameacad.zenpr.local
Pathzenpr.local/System/acad.zenpr.local
Sourcezenpr
Targetacad.zenpr.local
Nameacad.pharmax.local
Pathpharmax.local/System/acad.pharmax.local
Sourcepharmax
Targetacad.pharmax.local
DirectionBiDirectional
IntraForestYes
Selective AuthenticationNo
Trust TypeUplevel
Uplevel OnlyNo
-
Table 7 - Active Directory Trusts Information - ZENPR.LOCAL

-

1.2.1.3 Domain Object Count

The following section provides a summary of the Active Directory Object Count on ZENPR.LOCAL.

+
Table 8 - Trusts - PHARMAX.LOCAL

+

1.2.1.3 Domain Object Count

The following section provides a summary of the Active Directory Object Count on PHARMAX.LOCAL.

- - + + - +
Computers90
Servers54
Computers93
Servers55
Domain Controller2
Global Catalog1
Users22
Users24
Privileged Users4
Groups65
-
Table 8 - Active Directory Object Count Information - ZENPR.LOCAL

-

1.2.1.4 Default Domain Password Policy

The following section provides a summary of the Default Domain Password Policy on ZENPR.LOCAL.

+
Table 9 - Object Count - PHARMAX.LOCAL

+

1.2.1.4 Default Domain Password Policy

The following section provides a summary of the Default Domain Password Policy on PHARMAX.LOCAL.

- + - + @@ -282,13 +346,13 @@
Domain Namezenpr.local
Domain Name 
Complexity EnabledYes
Pathzenpr.local/
Pathpharmax.local/
Lockout Duration00 days 00 hours 30 minutes 00 seconds
Lockout Threshold0
Lockout Observation Window00 days 00 hours 30 minutes 00 seconds
Password History Count24
Reversible Encryption EnabledNo
-
Table 9 - Default Domain Password Policy Information - ZENPR.LOCAL

-

1.2.1.5 Fined Grained Password Policies

The following section provides a summary of the Fined Grained Password Policies on ZENPR.LOCAL.

+
Table 10 - Default Domain Password Policy - PHARMAX.LOCAL

+

1.2.1.5 Fined Grained Password Policies

The following section provides a summary of the Fined Grained Password Policies on PHARMAX.LOCAL.

- + - + @@ -300,8 +364,26 @@
Password Setting NameAdministrators
Domain Namezenpr.local
Domain Namepharmax.local
Complexity EnabledYes
Pathzenpr.local/System/Password Settings Container/Administrators
Pathpharmax.local/System/Password Settings Container/Administrators
Lockout Duration00 days 00 hours 30 minutes 00 seconds
Lockout Threshold0
Lockout Observation Window00 days 00 hours 30 minutes 00 seconds
Precedence1
Applies Tohorizon-ic, dbuser, jocolon
-
Table 10 - Fined Grained Password Policies Information - ZENPR.LOCAL

-

1.2.1.6 Group Managed Service Accounts (GMSA)

The following section provides a summary of the Group Managed Service Accounts on ZENPR.LOCAL.

+
Table 11 - Fined Grained Password Policies - Administrators

+
+ + + + + + + + + + + + + + + +
Password Setting NameTest
Domain Namepharmax.local
Complexity EnabledYes
Pathpharmax.local/System/Password Settings Container/Test
Lockout Duration00 days 00 hours 30 minutes 00 seconds
Lockout Threshold0
Lockout Observation Window00 days 00 hours 30 minutes 00 seconds
Max Password Age42 days 00 hours 00 minutes 00 seconds
Min Password Age01 days 00 hours 00 minutes 00 seconds
Min Password Length7
Password History Count23
Reversible Encryption EnabledNo
Precedence1
Applies Tovmuserro
+
Table 12 - Fined Grained Password Policies - Test

+

1.2.1.6 Group Managed Service Accounts (GMSA)

The following section provides a summary of the Group Managed Service Accounts on PHARMAX.LOCAL.

@@ -317,14 +399,14 @@
NameSQLServer
SamAccountNameSQLServer$
Password ExpiredNo
Password Last Set09/27/2020 14:14:22
-
+
Table 13 - Group Managed Service Accounts - SQLServer

- + @@ -334,21 +416,21 @@
Nameadfsgmsa
SamAccountNameadfsgmsa$
Created10/07/2020 18:36:16
EnabledYes
DNS Host NameADFS.zenpr.local
DNS Host NameADFS.pharmax.local
Host Computers 
Retrieve Managed PasswordSERVER-ADFS-01V, SERVER-ADFS-02V
Primary GroupDomain Computers
Password ExpiredNo
Password Last Set10/07/2020 18:36:16
-
-

1.2.1.7 Domain Controller Summary

A domain controller (DC) is a server computer that responds to security authentication requests within a computer network domain. It is a network server that is responsible for allowing host access to domain resources. It authenticates users, stores user account information and enforces security policy for a domain.

+
Table 14 - Group Managed Service Accounts - adfsgmsa

+

1.2.1.7 Domain Controller Summary

A domain controller (DC) is a server computer that responds to security authentication requests within a computer network domain. It is a network server that is responsible for allowing host access to domain resources. It authenticates users, stores user account information and enforces security policy for a domain.

- - + +
DC NameDomain NameSiteGlobal CatalogRead OnlyIP Address
SERVER-DC-01Vzenpr.localZenpr-HQYesNo192.168.5.1
CAYEY-DC-01Vzenpr.localCayey-BranchNoNo10.10.33.1
CAYEY-DC-01Vpharmax.localCayey-BranchNoNo10.10.33.1
SERVER-DC-01Vpharmax.localPharmax-HQYesNo192.168.5.1
-
Table 11 - AD Domain Controller Summary Information - ZENPR.LOCAL

-
1.2.1.7.1 Hardware Inventory
The following section provides a summary of the Domain Controller Hardware for ZENPR.LOCAL.

+
Table 15 - Domain Controller Summary - PHARMAX.LOCAL

+
1.2.1.7.1 Hardware Inventory
The following section provides a summary of the Domain Controller Hardware for PHARMAX.LOCAL.

- + @@ -360,12 +442,12 @@ - +
NameServer-DC-01V
Windows Product NameWindows Server 2019 Standard Evaluation
Windows Current Version6.3
Windows Build Number10.0.17763
Windows Install TypeServer
AD Domainzenpr.local
AD Domainpharmax.local
Windows Installation Date09/08/2020 21:20:17
Time Zone(UTC-04:00) Georgetown, La Paz, Manaus, San Juan
License TypeRetail:TB:Eval
BIOS Version 
Processor ManufacturerGenuineIntel
Processor ModelIntel(R) Core(TM) i7-6700 CPU @ 3.40GHz
Number of Processors1
Number of Processors 
Number of CPU Cores2
Number of Logical Cores2
Physical Memory (GB)4.00 GB
-
+
Table 16 - Domain Controller Hardware - SERVER-DC-01V

@@ -373,7 +455,7 @@ - + @@ -385,265 +467,294 @@ - +
Namecayey-dc-01v
Windows Current Version6.3
Windows Build Number10.0.17763
Windows Install TypeServer
AD Domainzenpr.local
AD Domainpharmax.local
Windows Installation Date09/03/2021 20:36:55
Time Zone(UTC-04:00) Georgetown, La Paz, Manaus, San Juan
License TypeRetail:TB:Eval
BIOS Version 
Processor ManufacturerGenuineIntel
Processor ModelIntel(R) Core(TM) i7-6700 CPU @ 3.40GHz
Number of Processors1
Number of Processors 
Number of CPU Cores2
Number of Logical Cores2
Physical Memory (GB)4.00 GB
-
-
1.2.1.7.2 NTDS Information
The following section provides a summary of the Domain Controller NTDS file size on ZENPR.LOCAL.

+
Table 17 - Domain Controller Hardware - CAYEY-DC-01V

+
1.2.1.7.2 NTDS Information
The following section provides a summary of the Domain Controller NTDS file size on PHARMAX.LOCAL.

+ -
DC NameDatabase FileDatabase SizeLog PathSysVol Path
CAYEY-DC-01VC:\Windows\NTDS\ntds.dit36.00 MBC:\Windows\NTDSC:\Windows\SYSVOL\sysvol
SERVER-DC-01VC:\Windows\NTDS\ntds.dit54.00 MBC:\Windows\NTDSC:\Windows\SYSVOL\sysvol
CAYEY-DC-01VC:\Windows\NTDS\ntds.dit38.00 MBC:\Windows\NTDSC:\Windows\SYSVOL\sysvol
-
Table 12 - Domain Controller NTDS Database File Usage Information - ZENPR.LOCAL

-
1.2.1.7.3 Time Source Information
The following section provides a summary of the Domain Controller Time Source configuration on ZENPR.LOCAL.

+
Table 18 - NTDS Database File Usage - PHARMAX.LOCAL

+
1.2.1.7.3 Time Source Information
The following section provides a summary of the Domain Controller Time Source configuration on PHARMAX.LOCAL.

- +
NameTime ServerType
SERVER-DC-01V0.pool.ntp.org 1.pool.ntp.org 2.pool.ntp.org 3.pool.ntp.orgMANUAL (NTP)
CAYEY-DC-01VDomain HierarchyDOMHIER
SERVER-DC-01V0.pool.ntp.org 1.pool.ntp.org 2.pool.ntp.org 3.pool.ntp.orgMANUAL (NTP)
-
Table 13 - Domain Controller Time Source Configuration - ZENPR.LOCAL

-
1.2.1.7.4 DC Diagnostic
The following section provides a summary of the Active Directory DC Diagnostic.

+
Table 19 - Time Source Configuration - PHARMAX.LOCAL

+
1.2.1.7.4 HealthCheck - Installed Software on DC
The following section provides a summary of additional software running on PHARMAX.LOCAL.

1.2.1.7.4.1 SERVER-DC-01V additional software
The following section provides a summary of additional software running on SERVER-DC-01V.

+ + +
NamePublisherInstall Date
Veeam Backup VSS IntegrationVeeam Software Group GmbH20220115
+
Table 20 - Installed Software - SERVER-DC-01V

+
1.2.1.7.4.2 CAYEY-DC-01V additional software
The following section provides a summary of additional software running on CAYEY-DC-01V.

+ + +
NamePublisherInstall Date
7-Zip 21.07 (x64 edition)Igor Pavlov20220122
+
Table 21 - Installed Software - CAYEY-DC-01V

+
1.2.1.7.5 DC Diagnostic
The following section provides a summary of the Active Directory DC Diagnostic.

- - - - - - - - - - - - - - - - - - - - - - - - - - -
DC NameTest NameResult
Server-DC-01V.zenpr.localConnectivitypassed
Server-DC-01V.zenpr.localAdvertisingpassed
Server-DC-01V.zenpr.localFrsEventpassed
Server-DC-01V.zenpr.localDFSREventfailed
Server-DC-01V.zenpr.localSysVolCheckpassed
Server-DC-01V.zenpr.localKccEventpassed
Server-DC-01V.zenpr.localKnowsOfRoleHolderspassed
Server-DC-01V.zenpr.localMachineAccountpassed
Server-DC-01V.zenpr.localNCSecDescpassed
Server-DC-01V.zenpr.localNetLogonspassed
Server-DC-01V.zenpr.localObjectsReplicatedpassed
Server-DC-01V.zenpr.localReplicationspassed
Server-DC-01V.zenpr.localRidManagerpassed
Server-DC-01V.zenpr.localServicespassed
Server-DC-01V.zenpr.localSystemLogpassed
Server-DC-01V.zenpr.localVerifyReferencespassed
Server-DC-01V.zenpr.localCheckSDRefDompassed
Server-DC-01V.zenpr.localCheckSDRefDompassed
Server-DC-01V.zenpr.localCheckSDRefDompassed
Server-DC-01V.zenpr.localCrossRefValidationpassed
Server-DC-01V.zenpr.localCheckSDRefDompassed
Server-DC-01V.zenpr.localCrossRefValidationpassed
Server-DC-01V.zenpr.localCheckSDRefDompassed
Server-DC-01V.zenpr.localCrossRefValidationpassed
Server-DC-01V.zenpr.localLocatorCheckpassed
Server-DC-01V.zenpr.localIntersitepassed
-
Table 14 - AD Domain Controller DCDiag Information - ZENPR.LOCAL

+Server-DC-01V.pharmax.localAdvertisingpassed +Server-DC-01V.pharmax.localCheckSDRefDompassed +Server-DC-01V.pharmax.localCheckSDRefDompassed +Server-DC-01V.pharmax.localCheckSDRefDompassed +Server-DC-01V.pharmax.localCheckSDRefDompassed +Server-DC-01V.pharmax.localCheckSDRefDompassed +Server-DC-01V.pharmax.localConnectivitypassed +Server-DC-01V.pharmax.localCrossRefValidationpassed +Server-DC-01V.pharmax.localCrossRefValidationpassed +Server-DC-01V.pharmax.localCrossRefValidationpassed +Server-DC-01V.pharmax.localDFSREventfailed +Server-DC-01V.pharmax.localFrsEventpassed +Server-DC-01V.pharmax.localIntersitepassed +Server-DC-01V.pharmax.localKccEventpassed +Server-DC-01V.pharmax.localKnowsOfRoleHolderspassed +Server-DC-01V.pharmax.localLocatorCheckpassed +Server-DC-01V.pharmax.localMachineAccountpassed +Server-DC-01V.pharmax.localNCSecDescpassed +Server-DC-01V.pharmax.localNetLogonspassed +Server-DC-01V.pharmax.localObjectsReplicatedpassed +Server-DC-01V.pharmax.localReplicationspassed +Server-DC-01V.pharmax.localRidManagerpassed +Server-DC-01V.pharmax.localServicespassed +Server-DC-01V.pharmax.localSystemLogpassed +Server-DC-01V.pharmax.localSysVolCheckpassed +Server-DC-01V.pharmax.localVerifyReferencespassed + +
Table 22 - Domain Controller DCDiag - SERVER-DC-01V

- - - - - - - - - - - - - - - - - - - - - - - - - - -
DC NameTest NameResult
cayey-dc-01v.zenpr.localConnectivitypassed
cayey-dc-01v.zenpr.localAdvertisingpassed
cayey-dc-01v.zenpr.localFrsEventpassed
cayey-dc-01v.zenpr.localDFSREventpassed
cayey-dc-01v.zenpr.localSysVolCheckpassed
cayey-dc-01v.zenpr.localKccEventpassed
cayey-dc-01v.zenpr.localKnowsOfRoleHolderspassed
cayey-dc-01v.zenpr.localMachineAccountpassed
cayey-dc-01v.zenpr.localNCSecDescpassed
cayey-dc-01v.zenpr.localNetLogonspassed
cayey-dc-01v.zenpr.localObjectsReplicatedpassed
cayey-dc-01v.zenpr.localReplicationspassed
cayey-dc-01v.zenpr.localRidManagerpassed
cayey-dc-01v.zenpr.localServicespassed
cayey-dc-01v.zenpr.localSystemLogpassed
cayey-dc-01v.zenpr.localVerifyReferencespassed
cayey-dc-01v.zenpr.localCheckSDRefDompassed
cayey-dc-01v.zenpr.localCheckSDRefDompassed
cayey-dc-01v.zenpr.localCheckSDRefDompassed
cayey-dc-01v.zenpr.localCrossRefValidationpassed
cayey-dc-01v.zenpr.localCheckSDRefDompassed
cayey-dc-01v.zenpr.localCrossRefValidationpassed
cayey-dc-01v.zenpr.localCheckSDRefDompassed
cayey-dc-01v.zenpr.localCrossRefValidationpassed
cayey-dc-01v.zenpr.localLocatorCheckpassed
cayey-dc-01v.zenpr.localIntersitepassed
-
Table 15 - AD Domain Controller DCDiag Information - ZENPR.LOCAL

-
1.2.1.7.5 SERVER-DC-01V Infrastructure Services Status
The following section provides a summary of the Domain Controller Infrastructure services status.

+ + + + + + + + + + + + + + + + + + + + + + + + + + +
cayey-dc-01v.pharmax.localAdvertisingpassed
cayey-dc-01v.pharmax.localCheckSDRefDompassed
cayey-dc-01v.pharmax.localCheckSDRefDompassed
cayey-dc-01v.pharmax.localCheckSDRefDompassed
cayey-dc-01v.pharmax.localCheckSDRefDompassed
cayey-dc-01v.pharmax.localCheckSDRefDompassed
cayey-dc-01v.pharmax.localConnectivitypassed
cayey-dc-01v.pharmax.localCrossRefValidationpassed
cayey-dc-01v.pharmax.localCrossRefValidationpassed
cayey-dc-01v.pharmax.localCrossRefValidationpassed
cayey-dc-01v.pharmax.localDFSREventpassed
cayey-dc-01v.pharmax.localFrsEventpassed
cayey-dc-01v.pharmax.localIntersitepassed
cayey-dc-01v.pharmax.localKccEventpassed
cayey-dc-01v.pharmax.localKnowsOfRoleHolderspassed
cayey-dc-01v.pharmax.localLocatorCheckpassed
cayey-dc-01v.pharmax.localMachineAccountpassed
cayey-dc-01v.pharmax.localNCSecDescpassed
cayey-dc-01v.pharmax.localNetLogonspassed
cayey-dc-01v.pharmax.localObjectsReplicatedpassed
cayey-dc-01v.pharmax.localReplicationspassed
cayey-dc-01v.pharmax.localRidManagerpassed
cayey-dc-01v.pharmax.localServicespassed
cayey-dc-01v.pharmax.localSystemLogfailed
cayey-dc-01v.pharmax.localSysVolCheckpassed
cayey-dc-01v.pharmax.localVerifyReferencespassed
+
Table 23 - Domain Controller DCDiag - CAYEY-DC-01V

+
1.2.1.7.6 SERVER-DC-01V Infrastructure Services Status
The following section provides a summary of the Domain Controller Infrastructure services status.

- + + + - -
Display NameShort NameStatus
DNS ServerDNSRunning
Active Directory Domain ServicesNTDSRunning
Active Directory Web ServicesADWSRunning
DFS ReplicationDFSRRunning
DNS ServerDNSRunning
Intersite MessagingIsmServRunning
Kerberos Key Distribution CenterKdcRunning
NetLogonNetlogonRunning
Active Directory Domain ServicesNTDSRunning
Windows TimeW32TimeRunning
Active Directory Web ServicesADWSRunning
-
Table 16 - Domain Controller Infrastructure Services Status Information.

-
1.2.1.7.6 CAYEY-DC-01V Infrastructure Services Status
The following section provides a summary of the Domain Controller Infrastructure services status.

+
Table 24 - Domain Controller Infrastructure Services Status Information.

+
1.2.1.7.7 CAYEY-DC-01V Infrastructure Services Status
The following section provides a summary of the Domain Controller Infrastructure services status.

- + + + - -
Display NameShort NameStatus
DNS ServerDNSRunning
Active Directory Domain ServicesNTDSRunning
Active Directory Web ServicesADWSRunning
DFS ReplicationDFSRRunning
DNS ServerDNSRunning
Intersite MessagingIsmServRunning
Kerberos Key Distribution CenterKdcRunning
NetLogonNetlogonRunning
Active Directory Domain ServicesNTDSRunning
Windows TimeW32TimeRunning
Active Directory Web ServicesADWSRunning
-
Table 17 - Domain Controller Infrastructure Services Status Information.

-
1.2.1.7.7 Sites Replication
The following section provides a summary of the Active Directory Site Replication information.

+
Table 25 - Domain Controller Infrastructure Services Status Information.

+
1.2.1.7.8 Sites Replication
The following section provides a summary of the Active Directory Site Replication information.

+ + + + + + + + + + + +
DC NameSERVER-DC-01V
GUID9dd36d8c-c157-4886-b411-c316fdf19c86
Description-
Replicate From Directory ServerCAYEY-DC-01V
Replicate To Directory ServerSERVER-DC-01V
Replicated Naming ContextsDC=DomainDnsZones,DC=pharmax,DC=local
DC=ForestDnsZones,DC=pharmax,DC=local
CN=Schema,CN=Configuration,DC=pharmax,DC=local
CN=Configuration,DC=pharmax,DC=local
DC=pharmax,DC=local
Transport ProtocolIP
AutoGeneratedYes
EnabledYes
CreatedTue, 07 Dec 2021 15:52:27 GMT
+
Table 26 - Site Replication - SERVER-DC-01V

+
- +
DC NameSERVER-DC-01V
GUIDd5a28ae4-ee92-47a4-872e-e4115bc8d1a5
Description-
Replicate From Directory ServerACADE-DC-01V
Replicate To Directory ServerSERVER-DC-01V
Replicated Naming ContextsDC=DomainDnsZones,DC=zenpr,DC=local
DC=ForestDnsZones,DC=zenpr,DC=local
CN=Schema,CN=Configuration,DC=zenpr,DC=local
CN=Configuration,DC=zenpr,DC=local
DC=zenpr,DC=local
Replicated Naming ContextsDC=DomainDnsZones,DC=pharmax,DC=local
DC=ForestDnsZones,DC=pharmax,DC=local
CN=Schema,CN=Configuration,DC=pharmax,DC=local
CN=Configuration,DC=pharmax,DC=local
DC=pharmax,DC=local
Transport ProtocolIP
AutoGeneratedYes
EnabledYes
CreatedSun, 05 Sep 2021 16:24:39 GMT
-
+
Table 27 - Site Replication - SERVER-DC-01V

- + - + - +
DC NameCAYEY-DC-01V
GUID9b7cbbe0-7c6f-4add-af4a-7b581a7bf5ca
GUID25644f18-da4e-4c5a-887e-1b17b61e9d53
Description-
Replicate From Directory ServerSERVER-DC-01V
Replicate To Directory ServerCAYEY-DC-01V
Replicated Naming ContextsDC=DomainDnsZones,DC=zenpr,DC=local
DC=ForestDnsZones,DC=zenpr,DC=local
CN=Schema,CN=Configuration,DC=zenpr,DC=local
CN=Configuration,DC=zenpr,DC=local
DC=zenpr,DC=local
Replicated Naming ContextsDC=DomainDnsZones,DC=pharmax,DC=local
DC=ForestDnsZones,DC=pharmax,DC=local
CN=Schema,CN=Configuration,DC=pharmax,DC=local
CN=Configuration,DC=pharmax,DC=local
DC=pharmax,DC=local
Transport ProtocolIP
AutoGeneratedYes
EnabledYes
CreatedSat, 04 Sep 2021 01:35:40 GMT
CreatedTue, 07 Dec 2021 15:55:03 GMT
-
-
1.2.1.7.8 Sites Replication Failure
The following section provides a summary of the Active Directory Site Replication Failure information.

+
Table 28 - Site Replication - CAYEY-DC-01V

+
1.2.1.7.9 Sites Replication Failure
The following section provides a summary of the Active Directory Site Replication Failure information.

- +
Server NameServer-DC-01V
PartnerACADE-DC-01V
Last Error1256
Failure TypeLink
Failure Count0
First Failure TimeFri, 29 Oct 2021 03:45:08 GMT
First Failure TimeMon, 24 Jan 2022 04:01:06 GMT
-
+
Table 29 - Site Replication Failure - SERVER-DC-01V

- + - +
Server NameServer-DC-01V
PartnerCAYEY-DC-01V
Last Error1256
Last Error8524
Failure TypeLink
Failure Count0
First Failure TimeFri, 29 Oct 2021 03:45:08 GMT
First Failure TimeMon, 24 Jan 2022 03:46:06 GMT
-
-
1.2.1.7.9 Group Policy Objects Summary
The following section provides a summary of the Group Policy Objects for domain ZENPR.LOCAL.

+
Table 30 - Site Replication Failure - SERVER-DC-01V

+
1.2.1.7.10 Group Policy Objects Summary
The following section provides a summary of the Group Policy Objects for domain PHARMAX.LOCAL.

- - + + + + + + + + - - - - - -
GPO NameGPO StatusCreatedModified
Assign-ApplicationsAll Settings Enabled03/10/202103/10/2021
Certificate AutoEnrollmentUser Settings Disabled01/25/202006/30/2021
Default Domain PolicyAll Settings Enabled06/10/201809/15/2020
VEEAM_Disable_FirewallAll Settings Enabled12/13/201909/08/2020
Dead PolicyAll Settings Disabled10/05/202101/22/2022
Default Domain Controllers PolicyAll Settings Enabled06/10/201811/01/2020
Default Domain PolicyAll Settings Enabled06/10/201812/19/2021
Horizon-DEMAll Settings Enabled03/01/202009/08/2020
LAPS ConfigurationAll Settings Enabled11/01/202011/01/2020
Linux-Settings-GPOAll Settings Disabled05/22/202101/22/2022
ProfileUnityAll Settings Enabled06/08/202010/05/2021
SCCM - Restricted Group and General SettingsAll Settings Enabled09/12/202009/12/2020
SCEP ConfigurationAll Settings Enabled09/14/202010/04/2020
VEEAM_Disable_FirewallAll Settings Enabled12/13/201909/08/2020
VEEAM_Local_AdministratorsAll Settings Enabled12/13/201909/08/2020
WSUS - Domain PolicyUser Settings Disabled02/23/202003/10/2021
SCEP ConfigurationAll Settings Enabled09/14/202010/04/2020
Dead PolicyAll Settings Disabled10/05/202110/05/2021
Horizon-DEMAll Settings Enabled03/01/202009/08/2020
Linux-Settings-GPOComputer Settings Disabled05/22/202110/05/2021
SCCM - Restricted Group and General SettingsAll Settings Enabled09/12/202009/12/2020
LAPS ConfigurationAll Settings Enabled11/01/202011/01/2020
-
Table 18 - GPO Information - ZENPR.LOCAL

-
1.2.1.7.9.1 GPO with User Logon/Logoff Script
The following section provides a summary of Group Policy Objects with Logon/Logoff Script.

+
Table 31 - GPO - PHARMAX.LOCAL

+
1.2.1.7.10.1 GPO Central Store Repository
The following section provides information of the status of Central Store. Corrective Action: Deploy centralized GPO repository.

+ + +
DomainConfiguredCentral Store Path
PHARMAX.LOCALYes\\pharmax.local\SYSVOL\pharmax.local\Policies\PolicyDefinitions
+
Table 32 - GPO Central Store - PHARMAX.LOCAL

+
1.2.1.7.10.2 GPO with User Logon/Logoff Script
The following section provides a summary of Group Policy Objects with Logon/Logoff Script.

- +
GPO NameGPO StatusTypeScript
ProfileUnityAll Settings EnabledLogoff%systemdrive%\Program Files\ProfileUnity\Client.NET\LwL.ProfileUnity.Client.Logoff.exe
Dead PolicyAll Settings DisabledLogoff%systemdrive%\Program Files\ProfileUnity\Client.NET\LwL.ProfileUnity.Client.Logoff.exe
Horizon-DEMAll Settings EnabledLogoffC:\Program Files\Immidio\Flex Profiles\FlexEngine.exe
ProfileUnityAll Settings EnabledLogoff%systemdrive%\Program Files\ProfileUnity\Client.NET\LwL.ProfileUnity.Client.Logoff.exe
-
Table 19 - GPO with Logon/Logoff Script Information - ZENPR.LOCAL

-
1.2.1.7.9.2 GPO with Computer Startup/Shutdown Script
The following section provides a summary of Group Policy Objects with Startup/Shutdown Script.

+
Table 33 - GPO with Logon/Logoff Script - PHARMAX.LOCAL

+
1.2.1.7.10.3 GPO with Computer Startup/Shutdown Script
The following section provides a summary of Group Policy Objects with Startup/Shutdown Script.

- - + +
GPO NameGPO StatusTypeScript
ProfileUnityAll Settings EnabledStartup\\zenpr.local\netlogon\profileunity\LwL.ProfileUnity.Client.Startup.exe
Dead PolicyAll Settings DisabledStartup\\zenpr.local\netlogon\profileunity\LwL.ProfileUnity.Client.Startup.exe
Dead PolicyAll Settings DisabledStartup\\pharmax.local\netlogon\profileunity\LwL.ProfileUnity.Client.Startup.exe
ProfileUnityAll Settings EnabledStartup\\pharmax.local\netlogon\profileunity\LwL.ProfileUnity.Client.Startup.exe
-
Table 20 - GPO with Startup/Shutdown Script Information - ZENPR.LOCAL

-
1.2.1.7.9.3 Health Check - Unlinked GPO
The following section provides a summary of the Unlinked Group Policy Objects. Corrective Action: Remove Unused GPO.

+
Table 34 - GPO with Startup/Shutdown Script - PHARMAX.LOCAL

+
1.2.1.7.10.4 Health Check - Unlinked GPO
The following section provides a summary of the Unlinked Group Policy Objects. Corrective Action: Remove Unused GPO.

- +
GPO NameCreatedModifiedComputer EnabledUser Enabled
Dead Policy2021-10-052021-10-05NoNo
Dead Policy2021-10-052022-01-22NoNo
-
Table 21 - Unlinked GPO Information - ZENPR.LOCAL

-
1.2.1.7.9.4 Health Check - Empty GPOs
The following section provides a summary of the Empty Group Policy Objects. Corrective Action: No User and Computer parameters are set : Remove Unused GPO.

+
Table 35 - Unlinked GPO - PHARMAX.LOCAL

+
1.2.1.7.10.5 Health Check - Empty GPOs
The following section provides a summary of the Empty Group Policy Objects. Corrective Action: No User and Computer parameters are set : Remove Unused GPO.

- +
GPO NameCreatedModifiedDescription
Linux-Settings-GPO2021-05-232021-10-05-
Linux-Settings-GPO2021-05-232022-01-22-
-
Table 22 - Empty GPO Information - ZENPR.LOCAL

-
1.2.1.7.9.5 Health Check - Enforced GPO
The following section provides a summary of the Enforced Group Policy Objects.

+
Table 36 - Empty GPO - PHARMAX.LOCAL

+
1.2.1.7.10.6 Health Check - Enforced GPO
The following section provides a summary of the Enforced Group Policy Objects.

- +
GPO NameEnforcedOrderTarget
Linux-Settings-GPOYes1zenpr.local/LinuxMachines
Linux-Settings-GPOYes1pharmax.local/LinuxMachines
-
Table 23 - Enforced GPO Information - ZENPR.LOCAL

-
1.2.1.7.10 Organizational Units
The following section provides a summary of Active Directory Organizational Unit information.

+
Table 37 - Enforced GPO - PHARMAX.LOCAL

+
1.2.1.7.11 Organizational Units
The following section provides a summary of Active Directory Organizational Unit information.

- - - - - - - - - - - - - - - - - - - - -
NamePathLinked GPO
Domain Controllerszenpr.local/Domain ControllersDefault Domain Controllers Policy
Member Serverszenpr.local/Member Servers-
EMC NAS serverszenpr.local/EMC NAS servers-
Computerszenpr.local/EMC NAS servers/Computers-
VEEAM Serverszenpr.local/VEEAM ServersVEEAM_Disable_Firewall, VEEAM_Local_Administrators
VEEAM WorkStationszenpr.local/VEEAM WorkStationsVEEAM_Local_Administrators, VEEAM_Disable_Firewall
VDI-Computerszenpr.local/VDI-ComputersHorizon-DEM
Admins PCzenpr.local/Admins PC-
Fortinet EMSzenpr.local/Fortinet EMS-
ProfileUnity VDIzenpr.local/ProfileUnity VDIVEEAM_Local_Administrators, VEEAM_Disable_Firewall
Serverszenpr.local/ProfileUnity VDI/Servers-
Computerszenpr.local/ProfileUnity VDI/ComputersProfileUnity
Configuration Managerzenpr.local/Configuration ManagerSCEP Configuration, SCCM - Restricted Group and General Settings
Marketingzenpr.local/VDI-Computers/Marketing-
Saleszenpr.local/VDI-Computers/Sales-
HRzenpr.local/VDI-Computers/HR-
Financeszenpr.local/VDI-Computers/Finances-
Configuration Manager Computerszenpr.local/Configuration Manager ComputersLAPS Configuration, SCEP Configuration
-zenpr.local/--
LinuxMachineszenpr.local/LinuxMachinesLinux-Settings-GPO
-
Table 24 - Active Directory Organizational Unit Information - ZENPR.LOCAL

-
1.2.1.7.10.1 Health Check - OU with GPO Blocked Inheritance
The following section provides a summary of the Blocked Inheritance Group Policy Objects.

+ + + + + + + + + + + + + + + + + + + +
Admins PCpharmax.local/Admins PC-
Computerspharmax.local/EMC NAS servers/Computers-
Computerspharmax.local/ProfileUnity VDI/ComputersProfileUnity
Configuration Managerpharmax.local/Configuration ManagerSCEP Configuration, SCCM - Restricted Group and General Settings
Configuration Manager Computerspharmax.local/Configuration Manager ComputersLAPS Configuration, SCEP Configuration
Domain Controllerspharmax.local/Domain ControllersDefault Domain Controllers Policy
EMC NAS serverspharmax.local/EMC NAS servers-
Financespharmax.local/VDI-Computers/Finances-
Fortinet EMSpharmax.local/Fortinet EMS-
HRpharmax.local/VDI-Computers/HR-
LinuxMachinespharmax.local/LinuxMachinesLinux-Settings-GPO
Marketingpharmax.local/VDI-Computers/Marketing-
Member Serverspharmax.local/Member Servers-
ProfileUnity VDIpharmax.local/ProfileUnity VDIVEEAM_Local_Administrators, VEEAM_Disable_Firewall
Salespharmax.local/VDI-Computers/Sales-
Serverspharmax.local/ProfileUnity VDI/Servers-
VDI-Computerspharmax.local/VDI-ComputersHorizon-DEM
VEEAM Serverspharmax.local/VEEAM ServersVEEAM_Disable_Firewall, VEEAM_Local_Administrators
VEEAM WorkStationspharmax.local/VEEAM WorkStationsVEEAM_Local_Administrators, VEEAM_Disable_Firewall
+
Table 38 - Organizational Unit - PHARMAX.LOCAL

+
1.2.1.7.11.1 Health Check - OU with GPO Blocked Inheritance
The following section provides a summary of the Blocked Inheritance Group Policy Objects.

- + +
OU NameContainer TypeInheritance BlockedPath
linuxmachinesOUYeszenpr.local/LinuxMachines
fortinet emsOUYespharmax.local/Fortinet EMS
linuxmachinesOUYespharmax.local/LinuxMachines
-
Table 25 - Blocked Inheritance GPO Information - ZENPR.LOCAL

-

1.2.2 ACAD.ZENPR.LOCAL Domain Configuration

The following section provides a summary of the Active Directory Domain Information.

+
Table 39 - Blocked Inheritance GPO - PHARMAX.LOCAL

+

1.2.2 ACAD.PHARMAX.LOCAL Domain Configuration

The following section provides a summary of the Active Directory Domain Information.

- - - + + + - - - - - + + + + +
Domain Nameacad
NetBIOS NameACAD
Domain SIDS-1-5-21-370360276-377477351-3184454278
Domain Functional LevelWindows2016Domain
Domains-
Forestzenpr.local
Parent Domainzenpr.local
Replica Directory Serversacade-dc-01v.acad.zenpr.local
Forestpharmax.local
Parent Domainpharmax.local
Replica Directory Serversacade-dc-01v.acad.pharmax.local
Child Domains-
Domain Pathacad.zenpr.local/
Computers Containeracad.zenpr.local/Computers
Domain Controllers Containeracad.zenpr.local/Domain Controllers
Systems Containeracad.zenpr.local/System
Users Containeracad.zenpr.local/Users
Domain Pathacad.pharmax.local/
Computers Containeracad.pharmax.local/Computers
Domain Controllers Containeracad.pharmax.local/Domain Controllers
Systems Containeracad.pharmax.local/System
Users Containeracad.pharmax.local/Users
ReadOnly Replica Directory Servers-
-
Table 26 - AD Domain Summary Information - ACAD.ZENPR.LOCAL

-

1.2.2.1 Flexible Single Master Operations (FSMO)

The following section provides a summary of the Active Directory FSMO for Domain ACAD.ZENPR.LOCAL.

+
Table 40 - Domain Summary - ACAD.PHARMAX.LOCAL

+

1.2.2.1 Flexible Single Master Operations (FSMO)

The following section provides a summary of the Active Directory FSMO for Domain ACAD.PHARMAX.LOCAL.

- - - - - -
Infrastructure Master Serveracade-dc-01v.acad.zenpr.local
RID Master Serveracade-dc-01v.acad.zenpr.local
PDC Emulator Nameacade-dc-01v.acad.zenpr.local
Domain Naming Master ServerServer-DC-01V.zenpr.local
Schema Master ServerServer-DC-01V.zenpr.local
-
Table 27 - FSMO Server Information - acad.zenpr.local

-

1.2.2.2 Domain and Trusts

The following section provides a summary of Active Directory Trust information on ACAD.ZENPR.LOCAL.

+ + + + + +
Infrastructure Master Serveracade-dc-01v.acad.pharmax.local
RID Master Serveracade-dc-01v.acad.pharmax.local
PDC Emulator Nameacade-dc-01v.acad.pharmax.local
Domain Naming Master ServerServer-DC-01V.pharmax.local
Schema Master ServerServer-DC-01V.pharmax.local
+
Table 41 - FSMO Server - acad.pharmax.local

+

1.2.2.2 Domain and Trusts

The following section provides a summary of Active Directory Trust information on ACAD.PHARMAX.LOCAL.

- - + + - + @@ -652,8 +763,8 @@
Namezenpr.local
Pathacad.zenpr.local/System/zenpr.local
Namepharmax.local
Pathacad.pharmax.local/System/pharmax.local
Sourceacad
Targetzenpr.local
Targetpharmax.local
DirectionBiDirectional
IntraForestYes
Selective AuthenticationNo
Trust TypeUplevel
Uplevel OnlyNo
-
Table 28 - Active Directory Trusts Information - ACAD.ZENPR.LOCAL

-

1.2.2.3 Domain Object Count

The following section provides a summary of the Active Directory Object Count on ACAD.ZENPR.LOCAL.

+
Table 42 - Trusts - ACAD.PHARMAX.LOCAL

+

1.2.2.3 Domain Object Count

The following section provides a summary of the Active Directory Object Count on ACAD.PHARMAX.LOCAL.

@@ -663,12 +774,12 @@
Computers2
Servers2
Privileged Users2
Groups46
-
Table 29 - Active Directory Object Count Information - ACAD.ZENPR.LOCAL

-

1.2.2.4 Default Domain Password Policy

The following section provides a summary of the Default Domain Password Policy on ACAD.ZENPR.LOCAL.

+
Table 43 - Object Count - ACAD.PHARMAX.LOCAL

+

1.2.2.4 Default Domain Password Policy

The following section provides a summary of the Default Domain Password Policy on ACAD.PHARMAX.LOCAL.

- + - + @@ -678,13 +789,13 @@
Domain Nameacad.zenpr.local
Domain Name 
Complexity EnabledYes
Pathacad.zenpr.local/
Pathacad.pharmax.local/
Lockout Duration00 days 00 hours 30 minutes 00 seconds
Lockout Threshold0
Lockout Observation Window00 days 00 hours 30 minutes 00 seconds
Password History Count24
Reversible Encryption EnabledNo
-
Table 30 - Default Domain Password Policy Information - ACAD.ZENPR.LOCAL

-

1.2.2.5 Fined Grained Password Policies

The following section provides a summary of the Fined Grained Password Policies on ACAD.ZENPR.LOCAL.

+
Table 44 - Default Domain Password Policy - ACAD.PHARMAX.LOCAL

+

1.2.2.5 Fined Grained Password Policies

The following section provides a summary of the Fined Grained Password Policies on ACAD.PHARMAX.LOCAL.

- + - + @@ -696,14 +807,14 @@
Password Setting NameACADTest
Domain Nameacad.zenpr.local
Domain Nameacad.pharmax.local
Complexity EnabledYes
Pathacad.zenpr.local/System/Password Settings Container/ACADTest
Pathacad.pharmax.local/System/Password Settings Container/ACADTest
Lockout Duration00 days 00 hours 30 minutes 00 seconds
Lockout Threshold5
Lockout Observation Window00 days 00 hours 30 minutes 00 seconds
Precedence1
Applies ToSCCM-GMSA
-
Table 31 - Fined Grained Password Policies Information - ACAD.ZENPR.LOCAL

-

1.2.2.6 Group Managed Service Accounts (GMSA)

The following section provides a summary of the Group Managed Service Accounts on ACAD.ZENPR.LOCAL.

+
Table 45 - Fined Grained Password Policies - ACADTest

+

1.2.2.6 Group Managed Service Accounts (GMSA)

The following section provides a summary of the Group Managed Service Accounts on ACAD.PHARMAX.LOCAL.

- + @@ -713,20 +824,20 @@
NameSCCMMSA
SamAccountNameSCCMMSA$
Created09/11/2021 21:01:33
EnabledYes
DNS Host Nameacad.zenpr.local
DNS Host Nameacad.pharmax.local
Host Computers 
Retrieve Managed PasswordSCCM-GMSA
Primary GroupDomain Computers
Password ExpiredNo
Password Last Set09/11/2021 21:01:33
-
Table 32 - Group Managed Service Accounts Information - ACAD.ZENPR.LOCAL

-

1.2.2.7 Domain Controller Summary

A domain controller (DC) is a server computer that responds to security authentication requests within a computer network domain. It is a network server that is responsible for allowing host access to domain resources. It authenticates users, stores user account information and enforces security policy for a domain.

+
Table 46 - Group Managed Service Accounts - SCCMMSA

+

1.2.2.7 Domain Controller Summary

A domain controller (DC) is a server computer that responds to security authentication requests within a computer network domain. It is a network server that is responsible for allowing host access to domain resources. It authenticates users, stores user account information and enforces security policy for a domain.

- +
DC NameDomain NameSiteGlobal CatalogRead OnlyIP Address
ACADE-DC-01Vacad.zenpr.localACADYesNo172.23.4.1
ACADE-DC-01Vacad.pharmax.localACADYesNo172.23.4.1
-
Table 33 - AD Domain Controller Summary Information - ACAD.ZENPR.LOCAL

-
1.2.2.7.1 Hardware Inventory
The following section provides a summary of the Domain Controller Hardware for ACAD.ZENPR.LOCAL.

+
Table 47 - Domain Controller Summary - ACAD.PHARMAX.LOCAL

+
1.2.2.7.1 Hardware Inventory
The following section provides a summary of the Domain Controller Hardware for ACAD.PHARMAX.LOCAL.

- + @@ -738,167 +849,234 @@ - +
Nameacade-dc-01v
Windows Product NameWindows Server 2019 Standard Evaluation
Windows Current Version6.3
Windows Build Number10.0.17763
Windows Install TypeServer
AD Domainacad.zenpr.local
AD Domainacad.pharmax.local
Windows Installation Date09/05/2021 10:35:50
Time Zone(UTC-04:00) Georgetown, La Paz, Manaus, San Juan
License TypeRetail:TB:Eval
BIOS Version 
Processor ManufacturerGenuineIntel
Processor ModelIntel(R) Core(TM) i7-6700 CPU @ 3.40GHz
Number of Processors1
Number of Processors 
Number of CPU Cores2
Number of Logical Cores2
Physical Memory (GB)4.00 GB
-
Table 34 - AD Domain Controller Hardware Information - ACAD.ZENPR.LOCAL

-
1.2.2.7.2 NTDS Information
The following section provides a summary of the Domain Controller NTDS file size on ACAD.ZENPR.LOCAL.

+
Table 48 - Domain Controller Hardware - ACADE-DC-01V

+
1.2.2.7.2 NTDS Information
The following section provides a summary of the Domain Controller NTDS file size on ACAD.PHARMAX.LOCAL.

DC NameDatabase FileDatabase SizeLog PathSysVol Path
ACADE-DC-01VC:\Windows\NTDS\ntds.dit36.00 MBC:\Windows\NTDSC:\Windows\SYSVOL\sysvol
-
Table 35 - Domain Controller NTDS Database File Usage Information - ACAD.ZENPR.LOCAL

-
1.2.2.7.3 Time Source Information
The following section provides a summary of the Domain Controller Time Source configuration on ACAD.ZENPR.LOCAL.

+
Table 49 - NTDS Database File Usage - ACAD.PHARMAX.LOCAL

+
1.2.2.7.3 Time Source Information
The following section provides a summary of the Domain Controller Time Source configuration on ACAD.PHARMAX.LOCAL.

NameTime ServerType
ACADE-DC-01VDomain HierarchyDOMHIER
-
Table 36 - Domain Controller Time Source Configuration - ACAD.ZENPR.LOCAL

-
1.2.2.7.4 DC Diagnostic
The following section provides a summary of the Active Directory DC Diagnostic.

+
Table 50 - Time Source Configuration - ACAD.PHARMAX.LOCAL

+
1.2.2.7.4 HealthCheck - Installed Software on DC
The following section provides a summary of additional software running on ACAD.PHARMAX.LOCAL.

1.2.2.7.5 DC Diagnostic
The following section provides a summary of the Active Directory DC Diagnostic.

- - - - - - - - - - - - - - - - - - - - - - - - - - -
DC NameTest NameResult
acade-dc-01v.acad.zenpr.localConnectivitypassed
acade-dc-01v.acad.zenpr.localAdvertisingfailed
acade-dc-01v.acad.zenpr.localFrsEventpassed
acade-dc-01v.acad.zenpr.localDFSREventfailed
acade-dc-01v.acad.zenpr.localSysVolCheckfailed
acade-dc-01v.acad.zenpr.localKccEventpassed
acade-dc-01v.acad.zenpr.localKnowsOfRoleHolderspassed
acade-dc-01v.acad.zenpr.localMachineAccountpassed
acade-dc-01v.acad.zenpr.localNCSecDescfailed
acade-dc-01v.acad.zenpr.localNetLogonsfailed
acade-dc-01v.acad.zenpr.localObjectsReplicatedpassed
acade-dc-01v.acad.zenpr.localReplicationspassed
acade-dc-01v.acad.zenpr.localRidManagerpassed
acade-dc-01v.acad.zenpr.localServicespassed
acade-dc-01v.acad.zenpr.localSystemLogfailed
acade-dc-01v.acad.zenpr.localVerifyReferencespassed
acade-dc-01v.acad.zenpr.localCheckSDRefDompassed
acade-dc-01v.acad.zenpr.localCheckSDRefDompassed
acade-dc-01v.acad.zenpr.localCrossRefValidationpassed
acade-dc-01v.acad.zenpr.localCheckSDRefDompassed
acade-dc-01v.acad.zenpr.localCheckSDRefDompassed
acade-dc-01v.acad.zenpr.localCrossRefValidationpassed
acade-dc-01v.acad.zenpr.localCheckSDRefDompassed
acade-dc-01v.acad.zenpr.localCrossRefValidationpassed
acade-dc-01v.acad.zenpr.localLocatorCheckfailed
acade-dc-01v.acad.zenpr.localIntersitepassed
-
Table 37 - AD Domain Controller DCDiag Information - ACAD.ZENPR.LOCAL

-
1.2.2.7.5 ACADE-DC-01V Infrastructure Services Status
The following section provides a summary of the Domain Controller Infrastructure services status.

+ + + + + + + + + + + + + + + + + + + + + + + + + + +
acade-dc-01v.acad.pharmax.localAdvertisingfailed
acade-dc-01v.acad.pharmax.localCheckSDRefDompassed
acade-dc-01v.acad.pharmax.localCheckSDRefDompassed
acade-dc-01v.acad.pharmax.localCheckSDRefDompassed
acade-dc-01v.acad.pharmax.localCheckSDRefDompassed
acade-dc-01v.acad.pharmax.localCheckSDRefDompassed
acade-dc-01v.acad.pharmax.localConnectivitypassed
acade-dc-01v.acad.pharmax.localCrossRefValidationpassed
acade-dc-01v.acad.pharmax.localCrossRefValidationpassed
acade-dc-01v.acad.pharmax.localCrossRefValidationpassed
acade-dc-01v.acad.pharmax.localDFSREventfailed
acade-dc-01v.acad.pharmax.localFrsEventpassed
acade-dc-01v.acad.pharmax.localIntersitepassed
acade-dc-01v.acad.pharmax.localKccEventpassed
acade-dc-01v.acad.pharmax.localKnowsOfRoleHolderspassed
acade-dc-01v.acad.pharmax.localLocatorCheckfailed
acade-dc-01v.acad.pharmax.localMachineAccountpassed
acade-dc-01v.acad.pharmax.localNCSecDescfailed
acade-dc-01v.acad.pharmax.localNetLogonsfailed
acade-dc-01v.acad.pharmax.localObjectsReplicatedpassed
acade-dc-01v.acad.pharmax.localReplicationspassed
acade-dc-01v.acad.pharmax.localRidManagerpassed
acade-dc-01v.acad.pharmax.localServicespassed
acade-dc-01v.acad.pharmax.localSystemLogfailed
acade-dc-01v.acad.pharmax.localSysVolCheckfailed
acade-dc-01v.acad.pharmax.localVerifyReferencespassed
+
Table 51 - Domain Controller DCDiag - ACADE-DC-01V

+
1.2.2.7.6 ACADE-DC-01V Infrastructure Services Status
The following section provides a summary of the Domain Controller Infrastructure services status.

- + + + - -
Display NameShort NameStatus
DNS ServerDNSRunning
Active Directory Domain ServicesNTDSRunning
Active Directory Web ServicesADWSRunning
DFS ReplicationDFSRRunning
DNS ServerDNSRunning
Intersite MessagingIsmServRunning
Kerberos Key Distribution CenterKdcRunning
NetLogonNetlogonRunning
Active Directory Domain ServicesNTDSRunning
Windows TimeW32TimeRunning
Active Directory Web ServicesADWSRunning
-
Table 38 - Domain Controller Infrastructure Services Status Information.

-
1.2.2.7.6 Sites Replication
The following section provides a summary of the Active Directory Site Replication information.

+
Table 52 - Domain Controller Infrastructure Services Status Information.

+
1.2.2.7.7 Sites Replication
The following section provides a summary of the Active Directory Site Replication information.

- +
DC NameACADE-DC-01V
GUID739a49db-275b-4d09-81c8-ab9e5f393977
Description-
Replicate From Directory ServerSERVER-DC-01V
Replicate To Directory ServerACADE-DC-01V
Replicated Naming ContextsDC=DomainDnsZones,DC=acad,DC=zenpr,DC=local
DC=acad,DC=zenpr,DC=local
DC=ForestDnsZones,DC=zenpr,DC=local
CN=Schema,CN=Configuration,DC=zenpr,DC=local
CN=Configuration,DC=zenpr,DC=local
Replicated Naming ContextsDC=DomainDnsZones,DC=acad,DC=pharmax,DC=local
DC=acad,DC=pharmax,DC=local
DC=ForestDnsZones,DC=pharmax,DC=local
CN=Schema,CN=Configuration,DC=pharmax,DC=local
CN=Configuration,DC=pharmax,DC=local
Transport ProtocolIP
AutoGeneratedYes
EnabledYes
CreatedSun, 05 Sep 2021 16:26:31 GMT
-
Table 39 - Site Replication Information - ACAD.ZENPR.LOCAL

-
1.2.2.7.7 Group Policy Objects Summary
The following section provides a summary of the Group Policy Objects for domain ACAD.ZENPR.LOCAL.

+
Table 53 - Site Replication - ACADE-DC-01V

+
1.2.2.7.8 Group Policy Objects Summary
The following section provides a summary of the Group Policy Objects for domain ACAD.PHARMAX.LOCAL.

- - - - + + + +
GPO NameGPO StatusCreatedModified
Empty Policy ACADAll Settings Enabled10/05/202110/05/2021
Default Domain PolicyAll Settings Enabled09/05/202110/19/2021
Unlinked Policy ACADAll Settings Disabled10/05/202110/05/2021
Default Domain Controllers PolicyAll Settings Enabled09/05/202109/22/2021
ACAD Certificate AutoEnrollmentAll Settings Enabled09/22/202109/22/2021
Default Domain Controllers PolicyAll Settings Enabled09/05/202109/22/2021
Default Domain PolicyAll Settings Enabled09/05/202110/19/2021
Empty Policy ACADAll Settings Enabled10/05/202110/05/2021
Logon ScriptAll Settings Enabled10/07/202110/07/2021
Unlinked Policy ACADAll Settings Disabled10/05/202110/05/2021
-
Table 40 - GPO Information - ACAD.ZENPR.LOCAL

-
1.2.2.7.7.1 GPO with User Logon/Logoff Script
The following section provides a summary of Group Policy Objects with Logon/Logoff Script.

+
Table 54 - GPO - ACAD.PHARMAX.LOCAL

+
1.2.2.7.8.1 GPO Central Store Repository
The following section provides information of the status of Central Store. Corrective Action: Deploy centralized GPO repository.

+ + +
DomainConfiguredCentral Store Path
ACAD.PHARMAX.LOCALNo\\acad.pharmax.local\SYSVOL\acad.pharmax.local\Policies\PolicyDefinitions
+
Table 55 - GPO Central Store - ACAD.PHARMAX.LOCAL

+
1.2.2.7.8.2 GPO with User Logon/Logoff Script
The following section provides a summary of Group Policy Objects with Logon/Logoff Script.

- +
GPO NameGPO StatusTypeScript
Logon ScriptAll Settings EnabledLogon\\acad.zenpr.local\NETLOGON\enroll.exe
Logon ScriptAll Settings EnabledLogon\\acad.pharmax.local\NETLOGON\enroll.exe
-
Table 41 - GPO with Logon/Logoff Script Information - ACAD.ZENPR.LOCAL

-
1.2.2.7.7.2 Health Check - Unlinked GPO
The following section provides a summary of the Unlinked Group Policy Objects. Corrective Action: Remove Unused GPO.

+
Table 56 - GPO with Logon/Logoff Script - ACAD.PHARMAX.LOCAL

+
1.2.2.7.8.3 Health Check - Unlinked GPO
The following section provides a summary of the Unlinked Group Policy Objects. Corrective Action: Remove Unused GPO.

- +
GPO NameCreatedModifiedComputer EnabledUser Enabled
Unlinked Policy ACAD2021-10-062021-10-06NoNo
Logon Script2021-10-072021-10-07YesYes
Unlinked Policy ACAD2021-10-062021-10-06NoNo
-
Table 42 - Unlinked GPO Information - ACAD.ZENPR.LOCAL

-
1.2.2.7.7.3 Health Check - Empty GPOs
The following section provides a summary of the Empty Group Policy Objects. Corrective Action: No User and Computer parameters are set : Remove Unused GPO.

+
Table 57 - Unlinked GPO - ACAD.PHARMAX.LOCAL

+
1.2.2.7.8.4 Health Check - Empty GPOs
The following section provides a summary of the Empty Group Policy Objects. Corrective Action: No User and Computer parameters are set : Remove Unused GPO.

GPO NameCreatedModifiedDescription
Empty Policy ACAD2021-10-062021-10-06-
-
Table 43 - Empty GPO Information - ACAD.ZENPR.LOCAL

-
1.2.2.7.7.4 Health Check - Enforced GPO
The following section provides a summary of the Enforced Group Policy Objects.

+
Table 58 - Empty GPO - ACAD.PHARMAX.LOCAL

+
1.2.2.7.8.5 Health Check - Enforced GPO
The following section provides a summary of the Enforced Group Policy Objects.

- +
GPO NameEnforcedOrderTarget
Empty Policy ACADYes1acad.zenpr.local/Acad Computers/SCCM Computers
Empty Policy ACADYes1acad.pharmax.local/Acad Computers/SCCM Computers
-
Table 44 - Enforced GPO Information - ACAD.ZENPR.LOCAL

-
1.2.2.7.8 Organizational Units
The following section provides a summary of Active Directory Organizational Unit information.

+
Table 59 - Enforced GPO - ACAD.PHARMAX.LOCAL

+
1.2.2.7.9 Organizational Units
The following section provides a summary of Active Directory Organizational Unit information.

- - - - + + + +
NamePathLinked GPO
Domain Controllersacad.zenpr.local/Domain ControllersDefault Domain Controllers Policy
Member Serversacad.zenpr.local/Member Servers-
Acad Computersacad.zenpr.local/Acad Computers-
SCCM Computersacad.zenpr.local/Acad Computers/SCCM ComputersEmpty Policy ACAD
Acad Computersacad.pharmax.local/Acad Computers-
Domain Controllersacad.pharmax.local/Domain ControllersDefault Domain Controllers Policy
Member Serversacad.pharmax.local/Member Servers-
SCCM Computersacad.pharmax.local/Acad Computers/SCCM ComputersEmpty Policy ACAD
-
Table 45 - Active Directory Organizational Unit Information - ACAD.ZENPR.LOCAL

-
1.2.2.7.8.1 Health Check - OU with GPO Blocked Inheritance
The following section provides a summary of the Blocked Inheritance Group Policy Objects.

+
Table 60 - Organizational Unit - ACAD.PHARMAX.LOCAL

+
1.2.2.7.9.1 Health Check - OU with GPO Blocked Inheritance
The following section provides a summary of the Blocked Inheritance Group Policy Objects.

- +
OU NameContainer TypeInheritance BlockedPath
sccm computersOUYesacad.zenpr.local/Acad Computers/SCCM Computers
sccm computersOUYesacad.pharmax.local/Acad Computers/SCCM Computers
-
Table 46 - Blocked Inheritance GPO Information - ACAD.ZENPR.LOCAL

-

1.3 ZENPR.LOCAL Domain Name System Summary

The Domain Name System (DNS) is a hierarchical and decentralized naming system for computers, services, or other resources connected to the Internet or a private network. It associates various information with domain names assigned to each of the participating entities. Most prominently, it translates more readily memorized domain names to the numerical IP addresses needed for locating and identifying computer services and devices with the underlying network protocols.

1.3.1 ZENPR.LOCAL DNS Configuration

The following section provides a configuration summary of the DNS service.

1.3.1.1 Infrastructure Summary

The following section provides a summary of the DNS Infrastructure configuration.

+
Table 61 - Blocked Inheritance GPO - ACAD.PHARMAX.LOCAL

+

1.3 Domain Name System Summary

The Domain Name System (DNS) is a hierarchical and decentralized naming system for computers, services, or other resources connected to the Internet or a private network. It associates various information with domain names assigned to each of the participating entities. Most prominently, it translates more readily memorized domain names to the numerical IP addresses needed for locating and identifying computer services and devices with the underlying network protocols.

1.3.1 PHARMAX.LOCAL DNS Configuration

The following section provides a configuration summary of the DNS service.

1.3.1.1 Infrastructure Summary

The following section provides a summary of the DNS Infrastructure configuration.

- - -
DC NameBuild NumberIPv6DnsSecReadOnly DCListening IP
SERVER-DC-01V17763YesNoNofe80::284b:4bc7:2b30:5832
192.168.5.1
CAYEY-DC-01V17763YesNoNofe80::b5fd:f35b:d81d:dfcd
10.10.33.1
-
Table 47 - DNS Infrastructure Setting Information.

-
1.3.1.1.1 Response Rate Limiting (RRL)
The following section provides a summary of the DNS Response Rate Limiting configuration.

+ + +
CAYEY-DC-01V17763YesNoNo10.10.33.1
SERVER-DC-01V17763YesNoNo192.168.5.1
+
Table 62 - Infrastructure Setting -PHARMAX.LOCAL

+
1.3.1.1.1 Domain Controller DNS IP Configuration
+ + + +
DC NameInterfaceDNS IP 1DNS IP 2DNS IP 3DNS IP 4
CAYEY-DC-01VEthernet010.10.33.1192.168.5.1127.0.0.1-
SERVER-DC-01VEthernet0192.168.5.1127.0.0.1--
+
Table 63 - IP Configuration -PHARMAX.LOCAL

+
1.3.1.1.2 Application Directory Partition
1.3.1.1.2.1 SERVER-DC-01V Directory Partition
The following section provides SERVER-DC-01V Directory Partition information.

+ + + + +
NameStateFlagsZone Count
DomainDnsZones.acad.pharmax.local-Not-Enlisted 0
DomainDnsZones.pharmax.local0Enlisted Auto Domain 7
ForestDnsZones.pharmax.local0Enlisted Auto Forest 2
+
Table 64 - Directory Partitions - PHARMAX.LOCAL

+
1.3.1.1.2.2 CAYEY-DC-01V Directory Partition
The following section provides CAYEY-DC-01V Directory Partition information.

+ + + + +
NameStateFlagsZone Count
DomainDnsZones.acad.pharmax.local-Not-Enlisted 0
DomainDnsZones.pharmax.local0Enlisted Auto Domain 7
ForestDnsZones.pharmax.local0Enlisted Auto Forest 2
+
Table 65 - Directory Partitions - PHARMAX.LOCAL

+
1.3.1.1.3 Response Rate Limiting (RRL)
- +
DC NameStatusResponses Per SecErrors Per SecWindow In SecLeak RateTruncate Rate
SERVER-DC-01VDisable55532
CAYEY-DC-01VDisable55532
SERVER-DC-01VDisable55532
-
Table 48 - DNS Response Rate Limiting configuration.

-
1.3.1.1.2 Scavenging Options
The following section provides a summary of the DNS Scavenging configuration.

+
Table 66 - Response Rate Limiting - PHARMAX.LOCAL

+
1.3.1.1.4 Scavenging Options
- +
DC NameNoRefresh IntervalRefresh IntervalScavenging IntervalLast Scavenge TimeScavenging State
SERVER-DC-01V7.00:00:007.00:00:007.00:00:00-Enabled
CAYEY-DC-01V7.00:00:007.00:00:0000:00:00-Disabled
SERVER-DC-01V7.00:00:007.00:00:007.00:00:00-Enabled
-
Table 49 - DNS Scavenging configuration.

-
1.3.1.1.3 Forwarder Options
The following section provides a summary of the DNS Forwarder configuration.

+
Table 67 - Scavenging - PHARMAX.LOCAL

+
1.3.1.1.5 Forwarder Options
- - -
DC NameIP AddressTimeoutUse Root HintUse Recursion
SERVER-DC-01V192.168.1.2
192.168.1.1		3/sYesYes
CAYEY-DC-01V192.168.5.1
192.168.1.1		3/sYesYes
-
Table 50 - DNS Infrastructure Forwarder configuration.

-
1.3.1.1.4 Zone Scope Recursion
The following section provides a summary of the DNS Zone Scope Recursion configuration.

+ + +
CAYEY-DC-01V192.168.5.13/sYesYes
SERVER-DC-01V10.0.0.1383/sYesYes
+
Table 68 - Forwarders - PHARMAX.LOCAL

+
1.3.1.1.6 Root Hints
1.3.1.1.6.1 SERVER-DC-01V Root Hints
The following section provides SERVER-DC-01V Root Hints information.

+ + + + + + + + + + + + + + +
NameIP Address
a.root-servers.net.198.41.0.4
b.root-servers.net.199.9.14.201
c.root-servers.net.192.33.4.12
d.root-servers.net.199.7.91.13
e.root-servers.net.192.203.230.10
f.root-servers.net.192.5.5.241
g.root-servers.net.192.112.36.4
h.root-servers.net.198.97.190.53
i.root-servers.net.192.36.148.17
j.root-servers.net.192.58.128.30
k.root-servers.net.193.0.14.129
l.root-servers.net.199.7.83.42
m.root-servers.net.202.12.27.33
+
Table 69 - Root Hints - PHARMAX.LOCAL

+
1.3.1.1.6.2 CAYEY-DC-01V Root Hints
The following section provides CAYEY-DC-01V Root Hints information.

+ + + + + + + + + + + + + + +
NameIP Address
a.root-servers.net.198.41.0.4
b.root-servers.net.199.9.14.201
c.root-servers.net.192.33.4.12
d.root-servers.net.199.7.91.13
e.root-servers.net.192.203.230.10
f.root-servers.net.192.5.5.241
g.root-servers.net.192.112.36.4
h.root-servers.net.198.97.190.53
i.root-servers.net.192.36.148.17
j.root-servers.net.192.58.128.30
k.root-servers.net.193.0.14.129
l.root-servers.net.199.7.83.42
m.root-servers.net.202.12.27.33
+
Table 70 - Root Hints - PHARMAX.LOCAL

+
1.3.1.1.7 Zone Scope Recursion
- - + +
DC NameZone NameForwarderUse Recursion
SERVER-DC-01VRoot192.168.1.2
192.168.1.1		Yes
CAYEY-DC-01VRoot192.168.5.1
192.168.1.1		Yes
CAYEY-DC-01VRoot192.168.5.1Yes
SERVER-DC-01VRoot10.0.0.138Yes
-
Table 51 - DNS Zone Scope Recursion configuration.

-

1.3.1.2 SERVER-DC-01V DNS Zone Configuration

The following section provides a summary of the DNS Zone Configuration information.

+
Table 71 - Zone Scope Recursion - PHARMAX.LOCAL

+

1.3.1.2 SERVER-DC-01V DNS Zone Configuration

- - + +
Zone NameZone TypeReplication ScopeDynamic UpdateDS IntegratedRead OnlySigned
_msdcs.zenpr.localPrimaryForestSecureYesNoNo
zenpr.localPrimaryDomainSecureYesNoNo
_msdcs.pharmax.localPrimaryForestSecureYesNoNo
pharmax.localPrimaryDomainSecureYesNoNo
TrustAnchorsPrimaryForestNoneYesNoNo
zenprsolutions.localStubDomain-YesNo-
-
Table 52 - DNS Zone Information.

-
1.3.1.2.1 SERVER-DC-01V Zone Delegation
The following section provides a summary of the DNS Zone Delegation information.

+
Table 72 - Zones - PHARMAX.LOCAL

+
1.3.1.2.1 Zone Delegation
- - + +
Zone NameChild ZoneName ServerIP Address
zenpr.local_msdcs.zenpr.local.server-dc-01v.zenpr.local.192.168.5.1
zenpr.localacad.zenpr.local.ACADE-DC-01V.acad.zenpr.local.172.23.4.1
pharmax.localacad.pharmax.local.ACADE-DC-01V.acad.pharmax.local.172.23.4.1
pharmax.local_msdcs.pharmax.local.server-dc-01v.pharmax.local.192.168.5.1
-
Table 53 - DNS Zone Delegation Information.

-
1.3.1.2.2 SERVER-DC-01V Reverse Lookup Zone Configuration
The following section provides a summary of the DNS Reverse Lookup Zone Configuration information.

+
Table 73 - Zone Delegations - PHARMAX.LOCAL

+
1.3.1.2.2 Zone Transfers
+ + + + + +
Zone Namepharmax.local
Secondary Servers172.23.4.1
Notify Servers-
Secure SecondariesSend zone transfers only to name servers that are authoritative for the zone.
+
Table 74 - Zone Transfers - pharmax.local

+
1.3.1.2.3 Reverse Lookup Zone Configuration
@@ -907,35 +1085,35 @@
Zone NameZone TypeReplication ScopeDynamic UpdateDS IntegratedRead OnlySigned
0.in-addr.arpaPrimaryNoneNoneNoNoNo
10.10.in-addr.arpaPrimaryDomainSecureYesNoNo
23.172.in-addr.arpaPrimaryDomainSecureYesNoNo
255.in-addr.arpaPrimaryNoneNoneNoNoNo
-
Table 54 - DNS Zone Information.

-
1.3.1.2.3 SERVER-DC-01V Conditional Forwarder
The following section provides a summary of the DNS Conditional Forwarder information.

+
Table 75 - Zones - PHARMAX.LOCAL

+
1.3.1.2.4 Conditional Forwarder
Zone NameZone TypeReplication ScopeMaster ServersDS Integrated
zenprsolutions.govForwarderDomain8.8.8.8True
-
Table 55 - DNS Conditional Forwarder Information.

-
1.3.1.2.4 SERVER-DC-01V Zone Scope Aging Properties
The following section provides a summary of the DNS Zone Aging properties information.

+
Table 76 - Conditional Forwarders - PHARMAX.LOCAL

+
1.3.1.2.5 Zone Scope Aging Properties
- - - + + +
Zone NameAging EnabledRefresh IntervalNoRefresh IntervalAvailable For Scavenge
_msdcs.zenpr.localYes7.00:00:007.00:00:00Fri, 05 Nov 2021 13:00:00 GMT
zenpr.localYes7.00:00:007.00:00:00Fri, 05 Nov 2021 13:00:00 GMT
TrustAnchorsYes7.00:00:007.00:00:00Fri, 05 Nov 2021 13:00:00 GMT
_msdcs.pharmax.localYes7.00:00:007.00:00:00Sat, 29 Jan 2022 18:00:00 GMT
pharmax.localYes7.00:00:007.00:00:00Mon, 31 Jan 2022 10:00:00 GMT
TrustAnchorsYes7.00:00:007.00:00:00Mon, 31 Jan 2022 10:00:00 GMT
-
Table 56 - DNS Zone Aging properties Information.

-

1.3.1.3 CAYEY-DC-01V DNS Zone Configuration

The following section provides a summary of the DNS Zone Configuration information.

+
Table 77 - Zone Aging Properties - PHARMAX.LOCAL

+

1.3.1.3 CAYEY-DC-01V DNS Zone Configuration

- - + +
Zone NameZone TypeReplication ScopeDynamic UpdateDS IntegratedRead OnlySigned
_msdcs.zenpr.localPrimaryForestSecureYesNoNo
zenpr.localPrimaryDomainSecureYesNoNo
_msdcs.pharmax.localPrimaryForestSecureYesNoNo
pharmax.localPrimaryDomainSecureYesNoNo
TrustAnchorsPrimaryForestNoneYesNoNo
zenpr.localSecondary--NoNo-
zenprsolutions.localStubDomain-YesNo-
-
Table 57 - DNS Zone Information.

-
1.3.1.3.1 CAYEY-DC-01V Zone Delegation
The following section provides a summary of the DNS Zone Delegation information.

+
Table 78 - Zones - PHARMAX.LOCAL

+
1.3.1.3.1 Zone Delegation
- - + +
Zone NameChild ZoneName ServerIP Address
zenpr.local_msdcs.zenpr.local.server-dc-01v.zenpr.local.192.168.5.1
zenpr.localacad.zenpr.local.ACADE-DC-01V.acad.zenpr.local.172.23.4.1
pharmax.localacad.pharmax.local.ACADE-DC-01V.acad.pharmax.local.172.23.4.1
pharmax.local_msdcs.pharmax.local.server-dc-01v.pharmax.local.192.168.5.1
-
Table 58 - DNS Zone Delegation Information.

-
1.3.1.3.2 CAYEY-DC-01V Reverse Lookup Zone Configuration
The following section provides a summary of the DNS Reverse Lookup Zone Configuration information.

+
Table 79 - Zone Delegations - PHARMAX.LOCAL

+
1.3.1.3.2 Reverse Lookup Zone Configuration
@@ -944,89 +1122,158 @@
Zone NameZone TypeReplication ScopeDynamic UpdateDS IntegratedRead OnlySigned
0.in-addr.arpaPrimaryNoneNoneNoNoNo
10.10.in-addr.arpaPrimaryDomainSecureYesNoNo
23.172.in-addr.arpaPrimaryDomainSecureYesNoNo
255.in-addr.arpaPrimaryNoneNoneNoNoNo
-
Table 59 - DNS Zone Information.

-
1.3.1.3.3 CAYEY-DC-01V Conditional Forwarder
The following section provides a summary of the DNS Conditional Forwarder information.

+
Table 80 - Zones - PHARMAX.LOCAL

+
1.3.1.3.3 Conditional Forwarder
Zone NameZone TypeReplication ScopeMaster ServersDS Integrated
zenprsolutions.eduForwarderNone1.1.1.1False
zenprsolutions.govForwarderDomain8.8.8.8True
-
Table 60 - DNS Conditional Forwarder Information.

-
1.3.1.3.4 CAYEY-DC-01V Zone Scope Aging Properties
The following section provides a summary of the DNS Zone Aging properties information.

+
Table 81 - Conditional Forwarders - PHARMAX.LOCAL

+
1.3.1.3.4 Zone Scope Aging Properties
- - + +
Zone NameAging EnabledRefresh IntervalNoRefresh IntervalAvailable For Scavenge
_msdcs.zenpr.localYes7.00:00:007.00:00:00Sun, 12 Sep 2021 23:00:00 GMT
zenpr.localYes7.00:00:007.00:00:00Fri, 24 Sep 2021 23:00:00 GMT
_msdcs.pharmax.localYes7.00:00:007.00:00:00Sat, 29 Jan 2022 18:00:00 GMT
pharmax.localYes7.00:00:007.00:00:00Fri, 24 Sep 2021 23:00:00 GMT
TrustAnchorsYes7.00:00:007.00:00:00Thu, 07 Jan 2021 16:00:00 GMT
-
Table 61 - DNS Zone Aging properties Information.

-

1.3.2 ACAD.ZENPR.LOCAL DNS Configuration

The following section provides a configuration summary of the DNS service.

1.3.2.1 Infrastructure Summary

The following section provides a summary of the DNS Infrastructure configuration.

+
Table 82 - Zone Aging Properties - PHARMAX.LOCAL

+

1.3.2 ACAD.PHARMAX.LOCAL DNS Configuration

The following section provides a configuration summary of the DNS service.

1.3.2.1 Infrastructure Summary

The following section provides a summary of the DNS Infrastructure configuration.

- -
DC NameBuild NumberIPv6DnsSecReadOnly DCListening IP
ACADE-DC-01V17763YesNoNofd99:9971::1
fd99:9971::cb7:65e6:4475:2eba
fe80::9896:1b46:502:8b34
172.23.4.1
-
Table 62 - DNS Infrastructure Setting Information.

-
1.3.2.1.1 Response Rate Limiting (RRL)
The following section provides a summary of the DNS Response Rate Limiting configuration.

+ +
ACADE-DC-01V17763YesNoNo172.23.4.1
+
Table 83 - Infrastructure Setting -ACAD.PHARMAX.LOCAL

+
1.3.2.1.1 Domain Controller DNS IP Configuration
+ + +
DC NameInterfaceDNS IP 1DNS IP 2DNS IP 3DNS IP 4
ACADE-DC-01VEthernet0172.23.4.1192.168.5.1127.0.0.1-
+
Table 84 - IP Configuration -ACAD.PHARMAX.LOCAL

+
1.3.2.1.2 Application Directory Partition
1.3.2.1.2.1 ACADE-DC-01V Directory Partition
The following section provides ACADE-DC-01V Directory Partition information.

+ + + + +
NameStateFlagsZone Count
DomainDnsZones.acad.pharmax.local0Enlisted Auto Domain 3
DomainDnsZones.pharmax.local-Not-Enlisted 0
ForestDnsZones.pharmax.local0Enlisted Auto Forest 2
+
Table 85 - Directory Partitions - ACAD.PHARMAX.LOCAL

+
1.3.2.1.3 Response Rate Limiting (RRL)
DC NameStatusResponses Per SecErrors Per SecWindow In SecLeak RateTruncate Rate
ACADE-DC-01VDisable55532
-
Table 63 - DNS Response Rate Limiting configuration.

-
1.3.2.1.2 Scavenging Options
The following section provides a summary of the DNS Scavenging configuration.

+
Table 86 - Response Rate Limiting - ACAD.PHARMAX.LOCAL

+
1.3.2.1.4 Scavenging Options
DC NameNoRefresh IntervalRefresh IntervalScavenging IntervalLast Scavenge TimeScavenging State
ACADE-DC-01V7.00:00:007.00:00:0000:00:00-Disabled
-
Table 64 - DNS Scavenging configuration.

-
1.3.2.1.3 Forwarder Options
The following section provides a summary of the DNS Forwarder configuration.

+
Table 87 - Scavenging - ACAD.PHARMAX.LOCAL

+
1.3.2.1.5 Forwarder Options
DC NameIP AddressTimeoutUse Root HintUse Recursion
ACADE-DC-01V192.168.5.13/sYesYes
-
Table 65 - DNS Infrastructure Forwarder configuration.

-
1.3.2.1.4 Zone Scope Recursion
The following section provides a summary of the DNS Zone Scope Recursion configuration.

+
Table 88 - Forwarders - ACAD.PHARMAX.LOCAL

+
1.3.2.1.6 Root Hints
1.3.2.1.6.1 ACADE-DC-01V Root Hints
The following section provides ACADE-DC-01V Root Hints information.

+ + + + + + + + + + + + + + +
NameIP Address
a.root-servers.net.198.41.0.4
b.root-servers.net.199.9.14.201
c.root-servers.net.2001:500:2::c
d.root-servers.net.2001:500:2d::d
e.root-servers.net.2001:500:a8::e
f.root-servers.net.2001:500:2f::f
g.root-servers.net.2001:500:12::d0d
h.root-servers.net.2001:500:1::53
i.root-servers.net.2001:7fe::53
j.root-servers.net.2001:503:c27::2:30
k.root-servers.net.2001:7fd::1
l.root-servers.net.2001:500:9f::42
m.root-servers.net.2001:dc3::35
+
Table 89 - Root Hints - ACAD.PHARMAX.LOCAL

+
1.3.2.1.7 Zone Scope Recursion
DC NameZone NameForwarderUse Recursion
ACADE-DC-01VRoot192.168.5.1Yes
-
Table 66 - DNS Zone Scope Recursion configuration.

-

1.4 ZENPR.LOCAL Dynamic Host Configuration Protocol Summary

The Dynamic Host Configuration Protocol (DHCP) is a network management protocol used on Internet Protocol (IP) networks for automatically assigning IP addresses and other communication parameters to devices connected to the network using a client/server architecture.

1.4.1 ZENPR.LOCAL Domain DHCP Configuration

The following section provides a summary of the Dynamic Host Configuration Protocol.

1.4.1.1 DHCP Servers In Active Directory

The following section provides a summary of the DHCP servers information on ZENPR.LOCAL.

+
Table 90 - Zone Scope Recursion - ACAD.PHARMAX.LOCAL

+

1.3.2.2 ACADE-DC-01V DNS Zone Configuration

+ + + + + +
Zone NameZone TypeReplication ScopeDynamic UpdateDS IntegratedRead OnlySigned
_msdcs.pharmax.localPrimaryForestSecureYesNoNo
acad.pharmax.localPrimaryDomainSecureYesNoNo
TrustAnchorsPrimaryForestNoneYesNoNo
zenpr.localSecondary--NoNo-
+
Table 91 - Zones - ACAD.PHARMAX.LOCAL

+
1.3.2.2.1 Zone Transfers
+ + + + + +
Zone Nameacad.pharmax.local
Secondary Servers172.23.4.2, 10.10.40.2
Notify Servers172.23.4.2
Secure SecondariesSend zone transfers only to servers you specify in Secondary Servers.
+
Table 92 - Zone Transfers - acad.pharmax.local

+
+ + + + + +
Zone Namezenpr.local
Secondary Servers172.23.4.2
Notify Servers172.24.4.2
Secure SecondariesSend zone transfers only to servers you specify in Secondary Servers.
+
Table 93 - Zone Transfers - zenpr.local

+
1.3.2.2.2 Reverse Lookup Zone Configuration
+ + + + + +
Zone NameZone TypeReplication ScopeDynamic UpdateDS IntegratedRead OnlySigned
0.23.172.in-addr.arpaPrimaryDomainSecureYesNoNo
0.in-addr.arpaPrimaryNoneNoneNoNoNo
127.in-addr.arpaPrimaryNoneNoneNoNoNo
255.in-addr.arpaPrimaryNoneNoneNoNoNo
+
Table 94 - Zones - ACAD.PHARMAX.LOCAL

+
1.3.2.2.3 Conditional Forwarder
+ + +
Zone NameZone TypeReplication ScopeMaster ServersDS Integrated
zenprsolutions.localForwarderNone8.8.8.8False
+
Table 95 - Conditional Forwarders - ACAD.PHARMAX.LOCAL

+
1.3.2.2.4 Zone Scope Aging Properties
+ + + + +
Zone NameAging EnabledRefresh IntervalNoRefresh IntervalAvailable For Scavenge
_msdcs.pharmax.localYes7.00:00:007.00:00:00Sat, 29 Jan 2022 18:00:00 GMT
acad.pharmax.localNo7.00:00:007.00:00:00-
TrustAnchorsYes7.00:00:007.00:00:00Thu, 07 Jan 2021 16:00:00 GMT
+
Table 96 - Zone Aging Properties - ACAD.PHARMAX.LOCAL

+

1.4 Dynamic Host Configuration Protocol Summary

The Dynamic Host Configuration Protocol (DHCP) is a network management protocol used on Internet Protocol (IP) networks for automatically assigning IP addresses and other communication parameters to devices connected to the network using a client/server architecture.

1.4.1 PHARMAX.LOCAL Domain DHCP Configuration

The following section provides a summary of the Dynamic Host Configuration Protocol.

1.4.1.1 DHCP Servers In Active Directory

The following section provides a summary of the DHCP servers information on PHARMAX.LOCAL.

- - - + +
DC NameIP AddressDomain NameDomain JoinedAuthorizedConflict Detection Attempts
cayey-dc-01v10.10.33.1zenpr.localYesYes0
server-dc-01v-0192.168.5.1zenpr.local-- 
server-dc-01v192.168.5.1zenpr.localYesYes1
cayey-dc-01v10.10.33.1pharmax.localYesYes0
server-dc-01v192.168.5.1pharmax.localYesYes1
-
Table 68 - DHCP Servers In Active Directory Information - ZENPR.LOCAL

-
1.4.1.1.1 Service Database
The following section provides a summary of the DHCP servers service database information on ZENPR.LOCAL.

+
Table 97 - DHCP Servers In Active Directory - PHARMAX.LOCAL

+
1.4.1.1.1 Service Database
-
DC NameFile PathBackup PathBackup IntervalLogging Enabled
cayey-dc-01vC:\Windows\system32\dhcp\dhcp.mdbC:\Windows\system32\dhcp\backup60 minYes
server-dc-01v-0----
server-dc-01vC:\Windows\system32\dhcp\dhcp.mdbC:\Windows\system32\dhcp\backup60 minYes
-
Table 69 - DHCP Servers Database Information - ZENPR.LOCAL

-
1.4.1.1.2 Dynamic DNS credentials
The following section provides a summary of the DHCP Servers Dynamic DNS registration credentials information on ZENPR.LOCAL.

+
Table 98 - DHCP Servers Database - PHARMAX.LOCAL

+
1.4.1.1.2 Dynamic DNS credentials
- - +
DC NameUser NameDomain Name
cayey-dc-01v--
server-dc-01v-0--
server-dc-01vadministratorZENPR.LOCAL
server-dc-01v--
-
Table 70 - DHCP Servers Dynamic DNS Credentials Information - ZENPR.LOCAL

-

1.4.1.2 IPv4 Scope Summary

The following section provides a IPv4 configuration summary of the Dynamic Host Configuration Protocol.

1.4.1.2.1 IPv4 Service Statistics
The following section provides a summary of the DHCP servers IPv4 Statistics information on ZENPR.LOCAL.

+
Table 99 - DHCP Servers Dynamic DNS Credentials - PHARMAX.LOCAL

+

1.4.1.2 IPv4 Scope Configuration

The following section provides a IPv4 configuration summary of the Dynamic Host Configuration Protocol.

1.4.1.2.1 IPv4 Service Statistics
- - - + +
DC NameTotal ScopesTotal AddressesAddresses In UseAddresses AvailablePercentage In UsePercentage Available
cayey-dc-01v24585453199
server-dc-01v-0----00
server-dc-01v918741631711991
cayey-dc-01v24583455199
server-dc-01v9187418116931090
-
Table 71 - DHCP Server IPv4 Statistics Information - ZENPR.LOCAL

-
1.4.1.2.2 CAYEY-DC-01V IPv4 Scopes
The following section provides a summary of the DHCP servers IPv4 Scope information.

+
Table 100 - DHCP Server IPv4 Statistics - PHARMAX.LOCAL

+
1.4.1.2.2 CAYEY-DC-01V IPv4 Scopes
The following section provides detailed information of the IPv4 Scope configuration.

Scope IdScope NameScope RangeLease DurationState
10.10.33.0/24ESX-VM-NETWORK-DR10.10.33.40 - 10.10.33.253100.00:00:00Active
10.10.34.0/24ESXi-ISCSI-BLOCK-A-DR10.10.34.10 - 10.10.34.2538.00:00:00Active
-
Table 72 - IPv4 Scopes Information - CAYEY-DC-01V

-
1.4.1.2.2.1 CAYEY-DC-01V IPv4 Scope Statistics
The following section provides a summary of the DHCP servers IPv4 Scope Statistics information.

+
Table 101 - IPv4 Scopes - CAYEY-DC-01V

+
1.4.1.2.2.1 IPv4 Scope Statistics
- +
Scope IdFree IPIn Use IPPercentage In UseReserved IP
10.10.33.0210423
10.10.33.0212213
10.10.34.0243100
-
Table 73 - IPv4 Scope Statistics Information - CAYEY-DC-01V

-
1.4.1.2.2.2 CAYEY-DC-01V IPv4 Scope Failover
The following section provides a summary of the DHCP servers IPv4 Scope Failover information.

+
Table 102 - IPv4 Scope Statistics - CAYEY-DC-01V

+
1.4.1.2.2.2 IPv4 Scope Failover
- - + + @@ -1038,11 +1285,11 @@
DHCP Servercayey-dc-01v.zenpr.local
Partner DHCP Serverserver-dc-01v.zenpr.local
DHCP Servercayey-dc-01v.pharmax.local
Partner DHCP Serverserver-dc-01v.pharmax.local
ModeLoadBalance
LoadBalance Percent20
Server Role-
Auto State TransitionNo
Authetication EnableYes
-
+
Table 103 - IPv4 Scope Failover Cofiguration - CAYEY-DC-01V

- - + + @@ -1054,21 +1301,21 @@
DHCP Servercayey-dc-01v.zenpr.local
Partner DHCP Serverserver-dc-01v.zenpr.local
DHCP Servercayey-dc-01v.pharmax.local
Partner DHCP Serverserver-dc-01v.pharmax.local
ModeHotStandby
LoadBalance Percent0
Server RoleActive
Auto State TransitionYes
Authetication EnableNo
-
-
1.4.1.2.2.3 CAYEY-DC-01V IPv4 Network Interface Binding
The following section provides a summary of the IPv4 Network Interface binding.

+
Table 104 - IPv4 Scope Failover Cofiguration - CAYEY-DC-01V

+
1.4.1.2.2.3 IPv4 Network Interface Binding
Interface AliasIP AddressSubnet MaskState
Ethernet010.10.33.1255.255.255.0Enabled
-
Table 74 - IPv4 Network Interface binding Information - CAYEY-DC-01V

-
1.4.1.2.3 CAYEY-DC-01V IPv4 Scope Server Options
The following section provides a summary of the DHCP servers IPv4 Scope Server Options information.

+
Table 105 - IPv4 Network Interface binding - CAYEY-DC-01V

+
1.4.1.2.3 CAYEY-DC-01V IPv4 Scope Server Options
The following section provides a summary of the DHCP servers IPv4 Scope Server Options information.

NameOption IdValuePolicy Name
Time Offset20-
Time Server410.10.33.1-
Name Servers510.10.33.1-
DNS Servers610.10.33.1
192.168.5.1		-
-
Table 75 - IPv4 Scopes Server Options Information - CAYEY-DC-01V

-
1.4.1.2.3.1 Scope DNS Setting
The following section provides a summary of the DHCP servers IPv4 Scope DNS Setting information.

+
Table 106 - IPv4 Scopes Server Options - CAYEY-DC-01V

+
1.4.1.2.3.1 Scope DNS Setting
The following section provides a summary of the DHCP servers IPv4 Scope DNS Setting information.

@@ -1077,54 +1324,54 @@
Dynamic UpdatesOnClientRequest
Dns Suffix-
Disable Dns Ptr RR UpdateNo
Delete Dns RR On Lease ExpiryYes
-
Table 76 - IPv4 Scopes DNS Setting Information - cayey-dc-01v

-
1.4.1.2.3.2 10.10.33.0 Scope Options Configuration
The following section provides a summary of the DHCP servers IPv4 Scope Server Options information.

+
Table 107 - IPv4 Scopes DNS Setting - cayey-dc-01v

+
1.4.1.2.4 10.10.33.0 Scope Options
The following section provides a summary of the DHCP servers IPv4 Scope Server Options information.

- +
NameOption IdValuePolicy Name
Router310.10.33.254-
Lease518640000-
 8123-
Boot Server Host Name66192.168.5.2-
Bootfile Name67snponly64.efi.vmw-hardwired-
 8123-
-
Table 77 - IPv4 Scopes Options Information - 10.10.33.0

-
1.4.1.2.3.3 10.10.34.0 Scope Options Configuration
The following section provides a summary of the DHCP servers IPv4 Scope Server Options information.

+
Table 108 - IPv4 Scopes Options - 10.10.33.0

+
1.4.1.2.5 10.10.34.0 Scope Options
The following section provides a summary of the DHCP servers IPv4 Scope Server Options information.

- - + +
NameOption IdValuePolicy Name
Lease51691200-
Router310.10.34.254-
DNS Domain Name15zenpr.local-
DNS Servers6192.168.5.1
192.168.5.1		-
DNS Domain Name15pharmax.local-
Lease51691200-
-
Table 78 - IPv4 Scopes Options Information - 10.10.34.0

-
1.4.1.2.4 SERVER-DC-01V IPv4 Scopes
The following section provides a summary of the DHCP servers IPv4 Scope information.

+
Table 109 - IPv4 Scopes Options - 10.10.34.0

+
1.4.1.2.6 SERVER-DC-01V IPv4 Scopes
The following section provides detailed information of the IPv4 Scope configuration.

+ -
Scope IdScope NameScope RangeLease DurationState
10.10.32.0/24ESXi-vMotion-DR10.10.32.10 - 10.10.32.2508.00:00:00Active
10.10.33.0/24ESX-VM-NETWORK-DR10.10.33.40 - 10.10.33.253100.00:00:00Active
10.10.34.0/24ESXi-ISCSI-BLOCK-A-DR10.10.34.10 - 10.10.34.2538.00:00:00Active
10.10.35.0/24ESXi-ISCSI-BLOCK-B-DR10.10.35.10 - 10.10.35.2538.00:00:00Active
192.168.12.0/24ESXi-ISCSI-BLOCK-B192.168.12.10 - 192.168.12.2408.00:00:00Active
192.168.2.0/24ESXi-vMotion192.168.2.10 - 192.168.2.2538.00:00:00Active
192.168.4.0/24ESXi-NFS-File192.168.4.10 - 192.168.4.208.00:00:00Active
192.168.6.0/24ESXi-ISCSI-BLOCK-A192.168.6.10 - 192.168.6.2408.00:00:00Active
192.168.7.0/24ESX-VM-NETWORK192.168.7.40 - 192.168.7.253UnlimitedActive
192.168.12.0/24ESXi-ISCSI-BLOCK-B192.168.12.10 - 192.168.12.2408.00:00:00Active
-
Table 79 - IPv4 Scopes Information - SERVER-DC-01V

-
1.4.1.2.4.1 SERVER-DC-01V IPv4 Scope Statistics
The following section provides a summary of the DHCP servers IPv4 Scope Statistics information.

+
Table 110 - IPv4 Scopes - SERVER-DC-01V

+
1.4.1.2.6.1 IPv4 Scope Statistics
- + - - - - + + + +
Scope IdFree IPIn Use IPPercentage In UseReserved IP
10.10.32.0240100
10.10.33.0210422
10.10.33.0212212
10.10.34.0243100
10.10.35.0243100
192.168.2.0240420
192.168.4.011000
192.168.6.0225632
192.168.7.0741406517
192.168.12.0225632
192.168.2.0241310
192.168.4.011000
192.168.6.0224732
192.168.7.0541607517
-
Table 80 - IPv4 Scope Statistics Information - SERVER-DC-01V

-
1.4.1.2.4.2 SERVER-DC-01V IPv4 Scope Failover
The following section provides a summary of the DHCP servers IPv4 Scope Failover information.

+
Table 111 - IPv4 Scope Statistics - SERVER-DC-01V

+
1.4.1.2.6.2 IPv4 Scope Failover
- - + + @@ -1136,11 +1383,11 @@
DHCP Serverserver-dc-01v.zenpr.local
Partner DHCP Servercayey-dc-01v.zenpr.local
DHCP Serverserver-dc-01v.pharmax.local
Partner DHCP Servercayey-dc-01v.pharmax.local
ModeLoadBalance
LoadBalance Percent80
Server Role-
Auto State TransitionNo
Authetication EnableYes
-
+
Table 112 - IPv4 Scope Failover Cofiguration - SERVER-DC-01V

- - + + @@ -1152,13 +1399,13 @@
DHCP Serverserver-dc-01v.zenpr.local
Partner DHCP Servercayey-dc-01v.zenpr.local
DHCP Serverserver-dc-01v.pharmax.local
Partner DHCP Servercayey-dc-01v.pharmax.local
ModeHotStandby
LoadBalance Percent0
Server RoleStandby
Auto State TransitionYes
Authetication EnableNo
-
-
1.4.1.2.4.3 SERVER-DC-01V IPv4 Network Interface Binding
The following section provides a summary of the IPv4 Network Interface binding.

+
Table 113 - IPv4 Scope Failover Cofiguration - SERVER-DC-01V

+
1.4.1.2.6.3 IPv4 Network Interface Binding
Interface AliasIP AddressSubnet MaskState
Ethernet0192.168.5.1255.255.255.0Enabled
-
Table 81 - IPv4 Network Interface binding Information - SERVER-DC-01V

-
1.4.1.2.5 SERVER-DC-01V IPv4 Scope Server Options
The following section provides a summary of the DHCP servers IPv4 Scope Server Options information.

+
Table 114 - IPv4 Network Interface binding - SERVER-DC-01V

+
1.4.1.2.7 SERVER-DC-01V IPv4 Scope Server Options
The following section provides a summary of the DHCP servers IPv4 Scope Server Options information.

@@ -1168,8 +1415,8 @@
NameOption IdValuePolicy Name
Time Server4192.168.5.1-
Name Servers5192.168.5.1-
Post Office Protocol (POP3) Servers70192.168.7.21-
 8155-
-
Table 82 - IPv4 Scopes Server Options Information - SERVER-DC-01V

-
1.4.1.2.5.1 Scope DNS Setting
The following section provides a summary of the DHCP servers IPv4 Scope DNS Setting information.

+
Table 115 - IPv4 Scopes Server Options - SERVER-DC-01V

+
1.4.1.2.7.1 Scope DNS Setting
The following section provides a summary of the DHCP servers IPv4 Scope DNS Setting information.

@@ -1178,126 +1425,125 @@
Dynamic UpdatesAlways
Dns Suffix-
Disable Dns Ptr RR UpdateNo
Delete Dns RR On Lease ExpiryYes
-
Table 83 - IPv4 Scopes DNS Setting Information - server-dc-01v

-
1.4.1.2.5.2 10.10.32.0 Scope Options Configuration
The following section provides a summary of the DHCP servers IPv4 Scope Server Options information.

+
Table 116 - IPv4 Scopes DNS Setting - server-dc-01v

+
1.4.1.2.8 10.10.32.0 Scope Options
The following section provides a summary of the DHCP servers IPv4 Scope Server Options information.

- +
NameOption IdValuePolicy Name
Router310.10.32.254-
DNS Domain Name15zenpr.local-
DNS Domain Name15pharmax.local-
Lease51691200-
-
Table 84 - IPv4 Scopes Options Information - 10.10.32.0

-
1.4.1.2.5.3 10.10.33.0 Scope Options Configuration
The following section provides a summary of the DHCP servers IPv4 Scope Server Options information.

+
Table 117 - IPv4 Scopes Options - 10.10.32.0

+
1.4.1.2.9 10.10.33.0 Scope Options
The following section provides a summary of the DHCP servers IPv4 Scope Server Options information.

- +
NameOption IdValuePolicy Name
Router310.10.33.254-
Lease518640000-
 8123-
Boot Server Host Name66192.168.5.2-
Bootfile Name67snponly64.efi.vmw-hardwired-
 8123-
-
Table 85 - IPv4 Scopes Options Information - 10.10.33.0

-
1.4.1.2.5.4 10.10.34.0 Scope Options Configuration
The following section provides a summary of the DHCP servers IPv4 Scope Server Options information.

+
Table 118 - IPv4 Scopes Options - 10.10.33.0

+
1.4.1.2.10 10.10.34.0 Scope Options
The following section provides a summary of the DHCP servers IPv4 Scope Server Options information.

- - + +
NameOption IdValuePolicy Name
Lease51691200-
Router310.10.34.254-
DNS Domain Name15zenpr.local-
DNS Servers6192.168.5.1
192.168.5.1		-
DNS Domain Name15pharmax.local-
Lease51691200-
-
Table 86 - IPv4 Scopes Options Information - 10.10.34.0

-
1.4.1.2.5.5 10.10.35.0 Scope Options Configuration
The following section provides a summary of the DHCP servers IPv4 Scope Server Options information.

+
Table 119 - IPv4 Scopes Options - 10.10.34.0

+
1.4.1.2.11 10.10.35.0 Scope Options
The following section provides a summary of the DHCP servers IPv4 Scope Server Options information.

- - + +
NameOption IdValuePolicy Name
Lease51691200-
Router310.10.35.254-
DNS Domain Name15zenpr.local-
DNS Servers6192.168.5.1
192.168.5.1		-
DNS Domain Name15pharmax.local-
Lease51691200-
-
Table 87 - IPv4 Scopes Options Information - 10.10.35.0

-
1.4.1.2.5.6 192.168.2.0 Scope Options Configuration
The following section provides a summary of the DHCP servers IPv4 Scope Server Options information.

+
Table 120 - IPv4 Scopes Options - 10.10.35.0

+
1.4.1.2.12 192.168.2.0 Scope Options
The following section provides a summary of the DHCP servers IPv4 Scope Server Options information.

- +
NameOption IdValuePolicy Name
Router3192.168.2.254-
DNS Domain Name15zenpr.local-
DNS Domain Name15pharmax.local-
Lease51691200-
-
Table 88 - IPv4 Scopes Options Information - 192.168.2.0

-
1.4.1.2.5.7 192.168.4.0 Scope Options Configuration
The following section provides a summary of the DHCP servers IPv4 Scope Server Options information.

+
Table 121 - IPv4 Scopes Options - 192.168.2.0

+
1.4.1.2.13 192.168.4.0 Scope Options
The following section provides a summary of the DHCP servers IPv4 Scope Server Options information.

- +
NameOption IdValuePolicy Name
DNS Domain Name15zenpr.local-
Router3192.168.4.254-
DNS Domain Name15pharmax.local-
Lease51691200-
-
Table 89 - IPv4 Scopes Options Information - 192.168.4.0

-
1.4.1.2.5.8 192.168.6.0 Scope Options Configuration
The following section provides a summary of the DHCP servers IPv4 Scope Server Options information.

+
Table 122 - IPv4 Scopes Options - 192.168.4.0

+
1.4.1.2.14 192.168.6.0 Scope Options
The following section provides a summary of the DHCP servers IPv4 Scope Server Options information.

- +
NameOption IdValuePolicy Name
Router3192.168.6.254-
DNS Domain Name15zenpr.local-
DNS Domain Name15pharmax.local-
Lease51691200-
-
Table 90 - IPv4 Scopes Options Information - 192.168.6.0

-
1.4.1.2.5.9 192.168.7.0 Scope Options Configuration
The following section provides a summary of the DHCP servers IPv4 Scope Server Options information.

+
Table 123 - IPv4 Scopes Options - 192.168.6.0

+
1.4.1.2.15 192.168.7.0 Scope Options
The following section provides a summary of the DHCP servers IPv4 Scope Server Options information.

- +
NameOption IdValuePolicy Name
Router3192.168.7.254-
DNS Domain Name15zenpr.local-
DNS Domain Name15pharmax.local-
Lease514294967295-
Boot Server Host Name66192.168.5.2-
Bootfile Name67snponly64.efi.vmw-hardwired-
 8123-
-
Table 91 - IPv4 Scopes Options Information - 192.168.7.0

-
1.4.1.2.5.10 192.168.12.0 Scope Options Configuration
The following section provides a summary of the DHCP servers IPv4 Scope Server Options information.

+
Table 124 - IPv4 Scopes Options - 192.168.7.0

+
1.4.1.2.16 192.168.12.0 Scope Options
The following section provides a summary of the DHCP servers IPv4 Scope Server Options information.

- +
NameOption IdValuePolicy Name
Router3192.168.12.254-
DNS Domain Name15zenpr.local-
DNS Domain Name15pharmax.local-
Lease51691200-
-
Table 92 - IPv4 Scopes Options Information - 192.168.12.0

-

1.4.1.3 ZENPR.LOCAL IPv6 Scope Configuration

The following section provides a IPv6 configuration summary of the Dynamic Host Configuration Protocol.

1.4.1.3.1 IPv6 Service Statistics
The following section provides a summary of the DHCP servers IPv6 Statistics information on ZENPR.LOCAL.

+
Table 125 - IPv4 Scopes Options - 192.168.12.0

+

1.4.1.3 IPv6 Scope Configuration

The following section provides a IPv6 configuration summary of the Dynamic Host Configuration Protocol.

1.4.1.3.1 IPv6 Service Statistics
-
DC NameTotal ScopesTotal AddressesAddresses In UseAddresses AvailablePercentage In UsePercentage Available
cayey-dc-01v000000
server-dc-01v-0----00
server-dc-01v000000
-
Table 93 - DHCP Server IPv6 Statistics Information - ZENPR.LOCAL

-

1.4.2 ACAD.ZENPR.LOCAL Domain DHCP Configuration

The following section provides a summary of the Dynamic Host Configuration Protocol.

1.4.2.1 DHCP Servers In Active Directory

The following section provides a summary of the DHCP servers information on ACAD.ZENPR.LOCAL.

+
Table 126 - DHCP Server IPv6 Statistics - PHARMAX.LOCAL

+

1.4.2 ACAD.PHARMAX.LOCAL Domain DHCP Configuration

The following section provides a summary of the Dynamic Host Configuration Protocol.

1.4.2.1 DHCP Servers In Active Directory

The following section provides a summary of the DHCP servers information on ACAD.PHARMAX.LOCAL.

- +
DC NameIP AddressDomain NameDomain JoinedAuthorizedConflict Detection Attempts
acade-dc-01v172.23.4.1acad.zenpr.localYesYes0
acade-dc-01v172.23.4.1acad.pharmax.localYesYes0
-
Table 94 - DHCP Servers In Active Directory Information - ACAD.ZENPR.LOCAL

-
1.4.2.1.1 Service Database
The following section provides a summary of the DHCP servers service database information on ACAD.ZENPR.LOCAL.

+
Table 127 - DHCP Servers In Active Directory - ACAD.PHARMAX.LOCAL

+
1.4.2.1.1 Service Database
DC NameFile PathBackup PathBackup IntervalLogging Enabled
acade-dc-01vC:\Windows\system32\dhcp\dhcp.mdbC:\Windows\system32\dhcp\backup60 minYes
-
Table 95 - DHCP Servers Database Information - ACAD.ZENPR.LOCAL

-
1.4.2.1.2 Dynamic DNS credentials
The following section provides a summary of the DHCP Servers Dynamic DNS registration credentials information on ACAD.ZENPR.LOCAL.

+
Table 128 - DHCP Servers Database - ACAD.PHARMAX.LOCAL

+
1.4.2.1.2 Dynamic DNS credentials
DC NameUser NameDomain Name
acade-dc-01v--
-
Table 96 - DHCP Servers Dynamic DNS Credentials Information - ACAD.ZENPR.LOCAL

-

1.4.2.2 IPv4 Scope Summary

The following section provides a IPv4 configuration summary of the Dynamic Host Configuration Protocol.

1.4.2.2.1 IPv4 Service Statistics
The following section provides a summary of the DHCP servers IPv4 Statistics information on ACAD.ZENPR.LOCAL.

+
Table 129 - DHCP Servers Dynamic DNS Credentials - ACAD.PHARMAX.LOCAL

+

1.4.2.2 IPv4 Scope Configuration

The following section provides a IPv4 configuration summary of the Dynamic Host Configuration Protocol.

1.4.2.2.1 IPv4 Service Statistics
DC NameTotal ScopesTotal AddressesAddresses In UseAddresses AvailablePercentage In UsePercentage Available
acade-dc-01v123302330100
-
Table 97 - DHCP Server IPv4 Statistics Information - ACAD.ZENPR.LOCAL

-
1.4.2.2.2 ACADE-DC-01V IPv4 Scopes
The following section provides a summary of the DHCP servers IPv4 Scope information.

+
Table 130 - DHCP Server IPv4 Statistics - ACAD.PHARMAX.LOCAL

+
1.4.2.2.2 ACADE-DC-01V IPv4 Scopes
The following section provides detailed information of the IPv4 Scope configuration.

Scope IdScope NameScope RangeLease DurationState
172.23.5.0/24Dept-B Clients172.23.5.10 - 172.23.5.2531.00:00:00Active
-
Table 98 - IPv4 Scopes Information - ACADE-DC-01V

-
1.4.2.2.2.1 ACADE-DC-01V IPv4 Scope Statistics
The following section provides a summary of the DHCP servers IPv4 Scope Statistics information.

+
Table 131 - IPv4 Scopes - ACADE-DC-01V

+
1.4.2.2.2.1 IPv4 Scope Statistics
Scope IdFree IPIn Use IPPercentage In UseReserved IP
172.23.5.0233000
-
Table 99 - IPv4 Scope Statistics Information - ACADE-DC-01V

-
1.4.2.2.2.2 ACADE-DC-01V IPv4 Network Interface Binding
The following section provides a summary of the IPv4 Network Interface binding.

+
Table 132 - IPv4 Scope Statistics - ACADE-DC-01V

+
1.4.2.2.2.2 IPv4 Network Interface Binding
Interface AliasIP AddressSubnet MaskState
Ethernet0172.23.4.1255.255.255.0Enabled
-
Table 100 - IPv4 Network Interface binding Information - ACADE-DC-01V

-
1.4.2.2.3 ACADE-DC-01V IPv4 Scope Server Options
The following section provides a summary of the DHCP servers IPv4 Scope Server Options information.

+
Table 133 - IPv4 Network Interface binding - ACADE-DC-01V

+
1.4.2.2.3 ACADE-DC-01V IPv4 Scope Server Options
The following section provides a summary of the DHCP servers IPv4 Scope Server Options information.

- +
NameOption IdValuePolicy Name
DNS Servers6172.23.4.1
192.168.5.1
10.10.33.1		-
DNS Domain Name15acad.zenpr.local-
DNS Domain Name15acad.pharmax.local-
-
Table 101 - IPv4 Scopes Server Options Information - ACADE-DC-01V

-
1.4.2.2.3.1 Scope DNS Setting
The following section provides a summary of the DHCP servers IPv4 Scope DNS Setting information.

+
Table 134 - IPv4 Scopes Server Options - ACADE-DC-01V

+
1.4.2.2.3.1 Scope DNS Setting
The following section provides a summary of the DHCP servers IPv4 Scope DNS Setting information.

@@ -1306,67 +1552,730 @@
Dynamic UpdatesOnClientRequest
Dns Suffix-
Disable Dns Ptr RR UpdateNo
Delete Dns RR On Lease ExpiryYes
-
Table 102 - IPv4 Scopes DNS Setting Information - acade-dc-01v

-
1.4.2.2.3.2 172.23.5.0 Scope Options Configuration
The following section provides a summary of the DHCP servers IPv4 Scope Server Options information.

+
Table 135 - IPv4 Scopes DNS Setting - acade-dc-01v

+
1.4.2.2.4 172.23.5.0 Scope Options
The following section provides a summary of the DHCP servers IPv4 Scope Server Options information.

- +
NameOption IdValuePolicy Name
Lease5186400-
Router3172.23.5.254-
Lease5186400-
-
Table 103 - IPv4 Scopes Options Information - 172.23.5.0

-

1.4.2.3 ACAD.ZENPR.LOCAL IPv6 Scope Configuration

The following section provides a IPv6 configuration summary of the Dynamic Host Configuration Protocol.

1.4.2.3.1 IPv6 Service Statistics
The following section provides a summary of the DHCP servers IPv6 Statistics information on ACAD.ZENPR.LOCAL.

+
Table 136 - IPv4 Scopes Options - 172.23.5.0

+

1.4.2.3 IPv6 Scope Configuration

The following section provides a IPv6 configuration summary of the Dynamic Host Configuration Protocol.

1.4.2.3.1 IPv6 Service Statistics
- +
DC NameTotal ScopesTotal AddressesAddresses In UseAddresses AvailablePercentage In UsePercentage Available
acade-dc-01v1184467440737095516143184467440737095516110100
acade-dc-01v1184467440737095516140184467440737095516140100
-
Table 104 - DHCP Server IPv6 Statistics Information - ACAD.ZENPR.LOCAL

-
1.4.2.3.2 ACADE-DC-01V IPv6 Scopes
The following section provides a summary of the DHCP servers IPv6 Scope Configuration.

+
Table 137 - DHCP Server IPv6 Statistics - ACAD.PHARMAX.LOCAL

+
1.4.2.3.2 ACADE-DC-01V IPv6 Scopes
The following section provides a summary of the DHCP servers IPv6 Scope Configuration.

Scope IdScope NameLease DurationState
fd99:9971::/64Dept-C Clients8.00:00:00Active
-
Table 105 - IPv6 Scopes Information - ACADE-DC-01V

-
1.4.2.3.2.1 ACADE-DC-01V IPv6 Scope Statistics
The following section provides a summary of the DHCP servers IPv6 Scope Statistics information.

+
Table 138 - IPv6 Scopes - ACADE-DC-01V

+
1.4.2.3.2.1 IPv6 Scope Statistics
- -
Scope IdFree IPIn Use IPPercentage In UseReserved IP
fd99:9971::18446744073709551611300
-
Table 106 - IPv6 Scope Statistics Information - ACADE-DC-01V

-
1.4.2.3.2.2 ACADE-DC-01V IPv6 Network Interface Binding
The following section provides a summary of the IPv6 Network Interface Binding.

- - +
Interface AliasIP AddressState
Ethernet0fd99:9971::1Enabled
fd99:9971::18446744073709551614000
-
Table 107 - IPv6 Network Interface binding Information - ACADE-DC-01V

-
1.4.2.3.3 ACADE-DC-01V IPv6 Scope Server Options
The following section provides a summary of the DHCP servers IPv6 Scope Server Options information.

+
Table 139 - IPv6 Scope Statistics - ACADE-DC-01V

+
1.4.2.3.3 ACADE-DC-01V IPv6 Scope Server Options
The following section provides a summary of the DHCP servers IPv6 Scope Server Options information.

NameOption IdTypeValue
Domain Search List 24Stringfd99:9971::1
-
Table 108 - IPv6 Scopes Server Options Information - ACADE-DC-01V

-
1.4.2.3.3.1 Scope DNS Settings
The following section provides a summary of the DHCP servers IPv6 Scope DNS Setting information.

+
Table 140 - IPv6 Scopes Server Options - ACADE-DC-01V

+
1.4.2.3.3.1 Scope DNS Settings
Dynamic UpdatesOnClientRequest
Name ProtectionNo
Delete Dns RR On Lease ExpiryYes
-
Table 109 - IPv6 Scopes DNS Setting Information - acade-dc-01v

-
1.4.2.3.3.2 fd99:9971:: Scope Options
The following section provides a summary of the DHCP servers IPv6 Scope Server Options information.

+
Table 141 - IPv6 Scopes DNS Setting - acade-dc-01v

+
1.4.2.3.4 fd99:9971:: Scope Options
The following section provides a summary of the DHCP servers IPv6 Scope Server Options information.

NameOption IdTypeValue
DNS Recursive Name Server IPv6 Address List 23IPv6Addressfd99:9971::1
-
Table 110 - IPv6 Scopes Options Information - fd99:9971::

-

1.5 ZENPR.LOCAL Certificate Authority Summary

In cryptography, a certificate authority or certification authority (CA) is an entity that issues digital certificates. A digital certificate certifies the ownership of a public key by the named subject of the certificate. This allows others (relying parties) to rely upon signatures or on assertions made about the private key that corresponds to the certified public key. A CA acts as a trusted third party—trusted both by the subject (owner) of the certificate and by the party relying upon the certificate. The format of these certificates is specified by the X.509 or EMV standard.

+
Table 142 - IPv6 Scopes Options - fd99:9971::

+

1.5 Certificate Authority Summary

In cryptography, a certificate authority or certification authority (CA) is an entity that issues digital certificates. A digital certificate certifies the ownership of a public key by the named subject of the certificate. This allows others (relying parties) to rely upon signatures or on assertions made about the private key that corresponds to the certified public key. A CA acts as a trusted third party trusted both by the subject (owner) of the certificate and by the party relying upon the certificate. The format of these certificates is specified by the X.509 or EMV standard.

- - + +
CA NameServer NameTypeStatus
zenpr-SERVER-DC-01V-CASERVER-DC-01VEnterprise Root CARunning
acad-ACADE-DC-01V-CAACADE-DC-01VEnterprise Subordinate CARunning
zenpr-CAYEY-DC-01V-CACAYEY-DC-01VEnterprise Subordinate CARunning
pharmax-CAYEY-DC-01V-CACAYEY-DC-01VEnterprise Subordinate CARunning
pharmax-SERVER-DC-01V-CASERVER-DC-01VEnterprise Root CARunning
-
Table 111 - Certification Authority Summary Information - ZENPR.LOCAL

-

1.5.1 ZENPR.LOCAL Enterprise Root Certificate Authority

The following section provides the of the DHCP servers IPv6 Scope Server Options information.

+
Table 143 - Certification Authority Summary - PHARMAX.LOCAL

+

1.5.1 Enterprise Root Certificate Authority

The following section provides the Enterprise Root CA information.

- + - + + + + +
CA Namezenpr-SERVER-DC-01V-CA
CA Namepharmax-SERVER-DC-01V-CA
Server NameSERVER-DC-01V
TypeEnterprise Root CA
Config StringServer-DC-01V.zenpr.local\zenpr-SERVER-DC-01V-CA
Config StringServer-DC-01V.pharmax.local\pharmax-SERVER-DC-01V-CA
Operating SystemMicrosoft Windows Server 2019 Standard Evaluation
Certificate[Subject]
CN=pharmax-SERVER-DC-01V-CA, DC=pharmax, DC=local

[Issuer]
CN=pharmax-SERVER-DC-01V-CA, DC=pharmax, DC=local

[Serial Number]
5D2E25D9AFFDE4904A05D70BEB7ACBD2

[Not Before]
1/25/2020 7:35:16 PM

[Not After]
1/25/2025 7:45:15 PM

[Thumbprint]
0F6D4D3B8C71290E76B6B6C0661275F6F37B9CE0
StatusRunning
+
Table 144 - Enterprise Root CA - PHARMAX.LOCAL

+

1.5.2 Enterprise Subordinate Certificate Authority

The following section provides the Enterprise Subordinate CA information.

+ + + + + + + + +
CA Nameacad-ACADE-DC-01V-CA
Server NameACADE-DC-01V
TypeEnterprise Subordinate CA
Config Stringacade-dc-01v.acad.pharmax.local\acad-ACADE-DC-01V-CA
Operating SystemMicrosoft Windows Server 2019 Standard Evaluation
Certificate[Subject]
CN=acad-ACADE-DC-01V-CA, DC=acad, DC=pharmax, DC=local

[Issuer]
CN=pharmax-SERVER-DC-01V-CA, DC=pharmax, DC=local

[Serial Number]
61000000F5B20F8367F4837C6A0000000000F5

[Not Before]
9/22/2021 8:59:36 PM

[Not After]
9/22/2023 9:09:36 PM

[Thumbprint]
89532761827821E1B102CC8B86C529A6D2E92AC6
StatusRunning
+
Table 145 - Enterprise Subordinate CA - acad-ACADE-DC-01V-CA

+
+ + + + + - +
CA Namepharmax-CAYEY-DC-01V-CA
Server NameCAYEY-DC-01V
TypeEnterprise Subordinate CA
Config Stringcayey-dc-01v.pharmax.local\pharmax-CAYEY-DC-01V-CA
Operating SystemMicrosoft Windows Server 2019 Standard Evaluation
Certificate[Subject]
CN=zenpr-SERVER-DC-01V-CA, DC=zenpr, DC=local

[Issuer]
CN=zenpr-SERVER-DC-01V-CA, DC=zenpr, DC=local

[Serial Number]
5D2E25D9AFFDE4904A05D70BEB7ACBD2

[Not Before]
1/25/2020 7:35:16 PM

[Not After]
1/25/2025 7:45:15 PM

[Thumbprint]
0F6D4D3B8C71290E76B6B6C0661275F6F37B9CE0
Certificate[Subject]
CN=pharmax-CAYEY-DC-01V-CA, DC=pharmax, DC=local

[Issuer]
CN=pharmax-SERVER-DC-01V-CA, DC=pharmax, DC=local

[Serial Number]
61000000F60DE0C8AB312FB51E0000000000F6

[Not Before]
10/4/2021 10:33:08 AM

[Not After]
10/4/2023 10:43:08 AM

[Thumbprint]
CB2AC03DDA5A793DACAFC1EDC048CB1123D94B4B
StatusRunning
-
Table 112 - Certification Authority Summary Information - ZENPR.LOCAL

+
Table 146 - Enterprise Subordinate CA - pharmax-CAYEY-DC-01V-CA

+

1.5.3 Certificate Validity Period

The following section provides the Certification Authority Certificate Validity Period information.

+ + + + +
CA NameServer NameValidity Period
acad-ACADE-DC-01V-CAACADE-DC-01V2 Years
pharmax-CAYEY-DC-01V-CACAYEY-DC-01V2 Years
pharmax-SERVER-DC-01V-CASERVER-DC-01V2 Years
+
Table 147 - Certificate Validity Period - PHARMAX.LOCAL

+

1.5.3.1 Access Control List (ACL) Summary

+ + + + +
DC NameOwnerGroup
acad-ACADE-DC-01V-CABUILTIN\AdministratorsBUILTIN\Administrators
pharmax-CAYEY-DC-01V-CABUILTIN\AdministratorsBUILTIN\Administrators
pharmax-SERVER-DC-01V-CABUILTIN\AdministratorsBUILTIN\Administrators
+
Table 148 - Access Control List - PHARMAX.LOCAL

+
1.5.3.1.1 pharmax-SERVER-DC-01V-CA Rights
+ + + + + + +
IdentityAccess Control TypeRights
BUILTIN\AdministratorsAllowManageCA, ManageCertificates
NT AUTHORITY\Authenticated UsersAllowEnroll
PHARMAX\Domain AdminsAllowManageCA, ManageCertificates
PHARMAX\Enterprise AdminsAllowManageCA, ManageCertificates
PHARMAX\jocolonAllowManageCA, ManageCertificates, Read, Enroll
+
Table 149 - ACL Rights - pharmax-SERVER-DC-01V-CA

+
1.5.3.1.2 acad-ACADE-DC-01V-CA Rights
+ + + + + +
IdentityAccess Control TypeRights
ACAD\Domain AdminsAllowManageCA, ManageCertificates
BUILTIN\AdministratorsAllowManageCA, ManageCertificates
NT AUTHORITY\Authenticated UsersAllowEnroll
PHARMAX\Enterprise AdminsAllowManageCA, ManageCertificates
+
Table 150 - ACL Rights - acad-ACADE-DC-01V-CA

+
1.5.3.1.3 pharmax-CAYEY-DC-01V-CA Rights
+ + + + + +
IdentityAccess Control TypeRights
BUILTIN\AdministratorsAllowManageCA, ManageCertificates
NT AUTHORITY\Authenticated UsersAllowEnroll
PHARMAX\Domain AdminsAllowManageCA, ManageCertificates
PHARMAX\Enterprise AdminsAllowManageCA, ManageCertificates
+
Table 151 - ACL Rights - pharmax-CAYEY-DC-01V-CA

+

1.5.4 Cryptography Configuration

The following section provides the Certification Authority Cryptography Configuration information.

+ + + + + + + + +
CA Namepharmax-SERVER-DC-01V-CA
Server NameSERVER-DC-01V
PublicKey AlgorithmRSA
Hashing AlgorithmSHA256
Provider NameMicrosoft Software Key Storage Provider
Alternate Signature AlgorithmNo
Provider Is CNGYes
+
Table 152 - Cryptography Configuration - PHARMAX.LOCAL

+
+ + + + + + + + +
CA Nameacad-ACADE-DC-01V-CA
Server NameACADE-DC-01V
PublicKey AlgorithmRSA
Hashing AlgorithmSHA256
Provider NameMicrosoft Software Key Storage Provider
Alternate Signature AlgorithmNo
Provider Is CNGYes
+
Table 153 - Cryptography Configuration - PHARMAX.LOCAL

+
+ + + + + + + + +
CA Namepharmax-CAYEY-DC-01V-CA
Server NameCAYEY-DC-01V
PublicKey AlgorithmRSA
Hashing AlgorithmSHA256
Provider NameMicrosoft Software Key Storage Provider
Alternate Signature AlgorithmNo
Provider Is CNGYes
+
Table 154 - Cryptography Configuration - PHARMAX.LOCAL

+

1.5.5 Authority Information Access (AIA) Summary

The following section provides the Certification Authority Authority Information Access information.

1.5.5.1 pharmax-SERVER-DC-01V-CA

+ + + + + + + +
Reg URI1:C:\Windows\system32\CertSrv\CertEnroll\%1_%3%4.crt
Config URI1:C:\Windows\system32\CertSrv\CertEnroll\<ServerDNSName>_<CaName><CertificateName>.crt
Flags1
Server PublishYes
Include To ExtensionNo
OCSPNo
+
Table 155 - Authority Information Access - pharmax-SERVER-DC-01V-CA

+
+ + + + + + + +
Reg URI3:ldap:///CN=%7,CN=AIA,CN=Public Key Services,CN=Services,%6%11
Config URI3:ldap:///CN=<CATruncatedName>,CN=AIA,CN=Public Key Services,CN=Services,<ConfigurationContainer><CAObjectClass>
Flags1, 2
Server PublishYes
Include To ExtensionYes
OCSPNo
+
Table 156 - Authority Information Access - pharmax-SERVER-DC-01V-CA

+
+ + + + + + + +
Reg URI0:http://%1/CertEnroll/%1_%3%4.crt
Config URI0:http://<ServerDNSName>/CertEnroll/<ServerDNSName>_<CaName><CertificateName>.crt
Flags-
Server PublishNo
Include To ExtensionNo
OCSPNo
+
Table 157 - Authority Information Access - pharmax-SERVER-DC-01V-CA

+
+ + + + + + + +
Reg URI0:file://%1/CertEnroll/%1_%3%4.crt
Config URI0:file://<ServerDNSName>/CertEnroll/<ServerDNSName>_<CaName><CertificateName>.crt
Flags-
Server PublishNo
Include To ExtensionNo
OCSPNo
+
Table 158 - Authority Information Access - pharmax-SERVER-DC-01V-CA

+
+ + + + + + + +
Reg URI2:http://acade-dc-01v.acad.pharmax.local/CertData/%1_%3%4.crt
Config URI2:http://acade-dc-01v.acad.pharmax.local/CertData/<ServerDNSName>_<CaName><CertificateName>.crt
Flags2
Server PublishNo
Include To ExtensionYes
OCSPNo
+
Table 159 - Authority Information Access - pharmax-SERVER-DC-01V-CA

+

1.5.5.2 acad-ACADE-DC-01V-CA

+ + + + + + + +
Reg URI1:C:\Windows\system32\CertSrv\CertEnroll\%1_%3%4.crt
Config URI1:C:\Windows\system32\CertSrv\CertEnroll\<ServerDNSName>_<CaName><CertificateName>.crt
Flags1
Server PublishYes
Include To ExtensionNo
OCSPNo
+
Table 160 - Authority Information Access - acad-ACADE-DC-01V-CA

+
+ + + + + + + +
Reg URI3:ldap:///CN=%7,CN=AIA,CN=Public Key Services,CN=Services,%6%11
Config URI3:ldap:///CN=<CATruncatedName>,CN=AIA,CN=Public Key Services,CN=Services,<ConfigurationContainer><CAObjectClass>
Flags1, 2
Server PublishYes
Include To ExtensionYes
OCSPNo
+
Table 161 - Authority Information Access - acad-ACADE-DC-01V-CA

+
+ + + + + + + +
Reg URI0:http://%1/CertEnroll/%1_%3%4.crt
Config URI0:http://<ServerDNSName>/CertEnroll/<ServerDNSName>_<CaName><CertificateName>.crt
Flags-
Server PublishNo
Include To ExtensionNo
OCSPNo
+
Table 162 - Authority Information Access - acad-ACADE-DC-01V-CA

+
+ + + + + + + +
Reg URI0:file://%1/CertEnroll/%1_%3%4.crt
Config URI0:file://<ServerDNSName>/CertEnroll/<ServerDNSName>_<CaName><CertificateName>.crt
Flags-
Server PublishNo
Include To ExtensionNo
OCSPNo
+
Table 163 - Authority Information Access - acad-ACADE-DC-01V-CA

+
+ + + + + + + +
Reg URI2:http://acade-dc-01v.acad.pharmax.local/CertEnroll/%1_%3%4.crt
Config URI2:http://acade-dc-01v.acad.pharmax.local/CertEnroll/<ServerDNSName>_<CaName><CertificateName>.crt
Flags2
Server PublishNo
Include To ExtensionYes
OCSPNo
+
Table 164 - Authority Information Access - acad-ACADE-DC-01V-CA

+
+ + + + + + + +
Reg URI32:http://acade-dc-01v.acad.pharmax.local/ocsp
Config URI32:http://acade-dc-01v.acad.pharmax.local/ocsp
Flags32
Server PublishNo
Include To ExtensionNo
OCSPYes
+
Table 165 - Authority Information Access - acad-ACADE-DC-01V-CA

+

1.5.5.3 pharmax-CAYEY-DC-01V-CA

+ + + + + + + +
Reg URI1:C:\Windows\system32\CertSrv\CertEnroll\%1_%3%4.crt
Config URI1:C:\Windows\system32\CertSrv\CertEnroll\<ServerDNSName>_<CaName><CertificateName>.crt
Flags1
Server PublishYes
Include To ExtensionNo
OCSPNo
+
Table 166 - Authority Information Access - pharmax-CAYEY-DC-01V-CA

+
+ + + + + + + +
Reg URI3:ldap:///CN=%7,CN=AIA,CN=Public Key Services,CN=Services,%6%11
Config URI3:ldap:///CN=<CATruncatedName>,CN=AIA,CN=Public Key Services,CN=Services,<ConfigurationContainer><CAObjectClass>
Flags1, 2
Server PublishYes
Include To ExtensionYes
OCSPNo
+
Table 167 - Authority Information Access - pharmax-CAYEY-DC-01V-CA

+
+ + + + + + + +
Reg URI0:http://%1/CertEnroll/%1_%3%4.crt
Config URI0:http://<ServerDNSName>/CertEnroll/<ServerDNSName>_<CaName><CertificateName>.crt
Flags-
Server PublishNo
Include To ExtensionNo
OCSPNo
+
Table 168 - Authority Information Access - pharmax-CAYEY-DC-01V-CA

+
+ + + + + + + +
Reg URI0:file://%1/CertEnroll/%1_%3%4.crt
Config URI0:file://<ServerDNSName>/CertEnroll/<ServerDNSName>_<CaName><CertificateName>.crt
Flags-
Server PublishNo
Include To ExtensionNo
OCSPNo
+
Table 169 - Authority Information Access - pharmax-CAYEY-DC-01V-CA

+

1.5.6 Certificate Revocation List (CRL) Configuration

The following section provides the Certification Authority CRL Distribution Point information.

1.5.6.1 CRL Validity Period

+ + + + +
CA NameBase CRLBase CRL OverlapDelta CRLDelta CRL Overlap
acad-ACADE-DC-01V-CA1 Weeks0 Hours1 Days0 Minutes
pharmax-CAYEY-DC-01V-CA1 Weeks0 Hours1 Days0 Minutes
pharmax-SERVER-DC-01V-CA50 Weeks0 Hours0 Days0 Minutes
+
Table 170 - CRL Validity Preriod - PHARMAX.LOCAL

+

1.5.6.2 CRL Flags Settings

+ + + + +
CA NameServer NameCRL Flags
acad-ACADE-DC-01V-CAACADE-DC-01VDeleteExpiredCRLs
pharmax-CAYEY-DC-01V-CACAYEY-DC-01VDeleteExpiredCRLs
pharmax-SERVER-DC-01V-CASERVER-DC-01VDeleteExpiredCRLs
+
Table 171 - CRL Flags - PHARMAX.LOCAL

+

1.5.6.3 CRL Distribution Point

The following section provides the Certification Authority CRL Distribution Point information.

1.5.6.3.1 pharmax-SERVER-DC-01V-CA
+ + + + + + + + + + + +
Reg URI65:C:\Windows\system32\CertSrv\CertEnroll\%3%8%9.crl
Config URI65:C:\Windows\system32\CertSrv\CertEnroll\<CaName><CRLNameSuffix><DeltaCRLAllowed>.crl
Url SchemeUnknown
ProjectedURI65:C:\Windows\system32\CertSrv\CertEnroll\pharmax-SERVER-DC-01V-CA.crl
65:C:\Windows\system32\CertSrv\CertEnroll\pharmax-SERVER-DC-01V-CA+.crl
Flags1, 64
CRL Publish-
Delta CRL PublishYes
Add To Cert CDPNo
Add To Fresh est CRLNo
Add To Crl cdpNo
+
Table 172 - CRL Distribution Point - pharmax-SERVER-DC-01V-CA

+
+ + + + + + + + + + + +
Reg URI79:ldap:///CN=%7%8,CN=%2,CN=CDP,CN=Public Key Services,CN=Services,%6%10
Config URI79:ldap:///CN=<CATruncatedName><CRLNameSuffix>,CN=<ServerShortName>,CN=CDP,CN=Public Key Services,CN=Services,<ConfigurationContainer><CDPObjectClass>
Url SchemeLDAP
ProjectedURI79:ldap:///CN=pharmax-SERVER-DC-01V-CA,CN=Server-DC-01V,CN=CDP,CN=Public Key Services,CN=Services,CN=Configuration,DC=pharmax,DC=local?certificateRevocationList?base?objectClass=cRLDistributionPoint
Flags1, 2, 4, 8, 64
CRL Publish-
Delta CRL PublishYes
Add To Cert CDPYes
Add To Fresh est CRLYes
Add To Crl cdpYes
+
Table 173 - CRL Distribution Point - pharmax-SERVER-DC-01V-CA

+
+ + + + + + + + + + + +
Reg URI0:http://%1/CertEnroll/%3%8%9.crl
Config URI0:http://<ServerDNSName>/CertEnroll/<CaName><CRLNameSuffix><DeltaCRLAllowed>.crl
Url SchemeHTTP
ProjectedURI0:http:///CertEnroll/pharmax-SERVER-DC-01V-CA.crl
0:http:///CertEnroll/pharmax-SERVER-DC-01V-CA+.crl
Flags-
CRL Publish-
Delta CRL PublishNo
Add To Cert CDPNo
Add To Fresh est CRLNo
Add To Crl cdpNo
+
Table 174 - CRL Distribution Point - pharmax-SERVER-DC-01V-CA

+
+ + + + + + + + + + + +
Reg URI0:file://%1/CertEnroll/%3%8%9.crl
Config URI0:file://<ServerDNSName>/CertEnroll/<CaName><CRLNameSuffix><DeltaCRLAllowed>.crl
Url SchemeUNC
ProjectedURI0:file:///CertEnroll/pharmax-SERVER-DC-01V-CA.crl
0:file:///CertEnroll/pharmax-SERVER-DC-01V-CA+.crl
Flags-
CRL Publish-
Delta CRL PublishNo
Add To Cert CDPNo
Add To Fresh est CRLNo
Add To Crl cdpNo
+
Table 175 - CRL Distribution Point - pharmax-SERVER-DC-01V-CA

+
+ + + + + + + + + + + +
Reg URI6:http://acade-dc-01v.acad.pharmax.local/CertData/%3%8%9.crl
Config URI6:http://acade-dc-01v.acad.pharmax.local/CertData/<CaName><CRLNameSuffix><DeltaCRLAllowed>.crl
Url SchemeHTTP
ProjectedURI6:http://acade-dc-01v.acad.pharmax.local/CertData/pharmax-SERVER-DC-01V-CA.crl
6:http://acade-dc-01v.acad.pharmax.local/CertData/pharmax-SERVER-DC-01V-CA+.crl
Flags2, 4
CRL Publish-
Delta CRL PublishNo
Add To Cert CDPYes
Add To Fresh est CRLYes
Add To Crl cdpNo
+
Table 176 - CRL Distribution Point - pharmax-SERVER-DC-01V-CA

+
1.5.6.3.2 acad-ACADE-DC-01V-CA
+ + + + + + + + + + + +
Reg URI65:C:\Windows\system32\CertSrv\CertEnroll\%3%8%9.crl
Config URI65:C:\Windows\system32\CertSrv\CertEnroll\<CaName><CRLNameSuffix><DeltaCRLAllowed>.crl
Url SchemeUnknown
ProjectedURI65:C:\Windows\system32\CertSrv\CertEnroll\acad-ACADE-DC-01V-CA.crl
65:C:\Windows\system32\CertSrv\CertEnroll\acad-ACADE-DC-01V-CA+.crl
Flags1, 64
CRL Publish-
Delta CRL PublishYes
Add To Cert CDPNo
Add To Fresh est CRLNo
Add To Crl cdpNo
+
Table 177 - CRL Distribution Point - acad-ACADE-DC-01V-CA

+
+ + + + + + + + + + + +
Reg URI79:ldap:///CN=%7%8,CN=%2,CN=CDP,CN=Public Key Services,CN=Services,%6%10
Config URI79:ldap:///CN=<CATruncatedName><CRLNameSuffix>,CN=<ServerShortName>,CN=CDP,CN=Public Key Services,CN=Services,<ConfigurationContainer><CDPObjectClass>
Url SchemeLDAP
ProjectedURI79:ldap:///CN=acad-ACADE-DC-01V-CA,CN=acade-dc-01v,CN=CDP,CN=Public Key Services,CN=Services,CN=Configuration,DC=pharmax,DC=local?certificateRevocationList?base?objectClass=cRLDistributionPoint
Flags1, 2, 4, 8, 64
CRL Publish-
Delta CRL PublishYes
Add To Cert CDPYes
Add To Fresh est CRLYes
Add To Crl cdpYes
+
Table 178 - CRL Distribution Point - acad-ACADE-DC-01V-CA

+
+ + + + + + + + + + + +
Reg URI0:http://%1/CertEnroll/%3%8%9.crl
Config URI0:http://<ServerDNSName>/CertEnroll/<CaName><CRLNameSuffix><DeltaCRLAllowed>.crl
Url SchemeHTTP
ProjectedURI0:http:///CertEnroll/acad-ACADE-DC-01V-CA.crl
0:http:///CertEnroll/acad-ACADE-DC-01V-CA+.crl
Flags-
CRL Publish-
Delta CRL PublishNo
Add To Cert CDPNo
Add To Fresh est CRLNo
Add To Crl cdpNo
+
Table 179 - CRL Distribution Point - acad-ACADE-DC-01V-CA

+
+ + + + + + + + + + + +
Reg URI0:file://%1/CertEnroll/%3%8%9.crl
Config URI0:file://<ServerDNSName>/CertEnroll/<CaName><CRLNameSuffix><DeltaCRLAllowed>.crl
Url SchemeUNC
ProjectedURI0:file:///CertEnroll/acad-ACADE-DC-01V-CA.crl
0:file:///CertEnroll/acad-ACADE-DC-01V-CA+.crl
Flags-
CRL Publish-
Delta CRL PublishNo
Add To Cert CDPNo
Add To Fresh est CRLNo
Add To Crl cdpNo
+
Table 180 - CRL Distribution Point - acad-ACADE-DC-01V-CA

+
+ + + + + + + + + + + +
Reg URI6:http://acade-dc-01v.acad.pharmax.local/CertEnroll/%3%8%9.crl
Config URI6:http://acade-dc-01v.acad.pharmax.local/CertEnroll/<CaName><CRLNameSuffix><DeltaCRLAllowed>.crl
Url SchemeHTTP
ProjectedURI6:http://acade-dc-01v.acad.pharmax.local/CertEnroll/acad-ACADE-DC-01V-CA.crl
6:http://acade-dc-01v.acad.pharmax.local/CertEnroll/acad-ACADE-DC-01V-CA+.crl
Flags2, 4
CRL Publish-
Delta CRL PublishNo
Add To Cert CDPYes
Add To Fresh est CRLYes
Add To Crl cdpNo
+
Table 181 - CRL Distribution Point - acad-ACADE-DC-01V-CA

+
1.5.6.3.3 pharmax-CAYEY-DC-01V-CA
+ + + + + + + + + + + +
Reg URI65:C:\Windows\system32\CertSrv\CertEnroll\%3%8%9.crl
Config URI65:C:\Windows\system32\CertSrv\CertEnroll\<CaName><CRLNameSuffix><DeltaCRLAllowed>.crl
Url SchemeUnknown
ProjectedURI65:C:\Windows\system32\CertSrv\CertEnroll\pharmax-CAYEY-DC-01V-CA.crl
65:C:\Windows\system32\CertSrv\CertEnroll\pharmax-CAYEY-DC-01V-CA+.crl
Flags1, 64
CRL Publish-
Delta CRL PublishYes
Add To Cert CDPNo
Add To Fresh est CRLNo
Add To Crl cdpNo
+
Table 182 - CRL Distribution Point - pharmax-CAYEY-DC-01V-CA

+
+ + + + + + + + + + + +
Reg URI79:ldap:///CN=%7%8,CN=%2,CN=CDP,CN=Public Key Services,CN=Services,%6%10
Config URI79:ldap:///CN=<CATruncatedName><CRLNameSuffix>,CN=<ServerShortName>,CN=CDP,CN=Public Key Services,CN=Services,<ConfigurationContainer><CDPObjectClass>
Url SchemeLDAP
ProjectedURI79:ldap:///CN=pharmax-CAYEY-DC-01V-CA,CN=cayey-dc-01v,CN=CDP,CN=Public Key Services,CN=Services,CN=Configuration,DC=pharmax,DC=local?certificateRevocationList?base?objectClass=cRLDistributionPoint
Flags1, 2, 4, 8, 64
CRL Publish-
Delta CRL PublishYes
Add To Cert CDPYes
Add To Fresh est CRLYes
Add To Crl cdpYes
+
Table 183 - CRL Distribution Point - pharmax-CAYEY-DC-01V-CA

+
+ + + + + + + + + + + +
Reg URI0:http://%1/CertEnroll/%3%8%9.crl
Config URI0:http://<ServerDNSName>/CertEnroll/<CaName><CRLNameSuffix><DeltaCRLAllowed>.crl
Url SchemeHTTP
ProjectedURI0:http:///CertEnroll/pharmax-CAYEY-DC-01V-CA.crl
0:http:///CertEnroll/pharmax-CAYEY-DC-01V-CA+.crl
Flags-
CRL Publish-
Delta CRL PublishNo
Add To Cert CDPNo
Add To Fresh est CRLNo
Add To Crl cdpNo
+
Table 184 - CRL Distribution Point - pharmax-CAYEY-DC-01V-CA

+
+ + + + + + + + + + + +
Reg URI0:file://%1/CertEnroll/%3%8%9.crl
Config URI0:file://<ServerDNSName>/CertEnroll/<CaName><CRLNameSuffix><DeltaCRLAllowed>.crl
Url SchemeUNC
ProjectedURI0:file:///CertEnroll/pharmax-CAYEY-DC-01V-CA.crl
0:file:///CertEnroll/pharmax-CAYEY-DC-01V-CA+.crl
Flags-
CRL Publish-
Delta CRL PublishNo
Add To Cert CDPNo
Add To Fresh est CRLNo
Add To Crl cdpNo
+
Table 185 - CRL Distribution Point - pharmax-CAYEY-DC-01V-CA

+

1.5.7 AIA and CDP Health Status

The following section is intended to perform Certification Authority health status checking by CA certificate chain status and validating all CRL Distribution Point (CDP) and Authority Information Access (AIA) URLs for each certificate in the chain.

+ + + + +
CA NameChildsHealth
acad-ACADE-DC-01V-CAacad-ACADE-DC-01V-CA
pharmax-SERVER-DC-01V-CA		Error
pharmax-CAYEY-DC-01V-CApharmax-CAYEY-DC-01V-CA
pharmax-SERVER-DC-01V-CA		Ok
pharmax-SERVER-DC-01V-CApharmax-SERVER-DC-01V-CAOk
+
Table 186 - Certification Authority Health - PHARMAX.LOCAL

+

1.5.8 Certificate Template Summary

The following section provides the certificate templates that are assigned to a specified Certification Authority (CA). CA server can issue certificates only based on assigned templates.

1.5.8.1 pharmax-SERVER-DC-01V-CA Certificate Template

+ + + + + + + + + + + + + + + + + + + + + +
Template NameSchema VersionSupported CAAutoenrollment
Administrator1Windows 2000 ServerNo
Basic EFS1Windows 2000 ServerNo
Computer1Windows 2000 ServerNo
ConfigMgr Client Distribution2Windows Server 2003 Enterprise EditionYes
Directory Email Replication2Windows Server 2003 Enterprise EditionYes
Domain Controller1Windows 2000 ServerNo
Domain Controller Authentication2Windows Server 2003 Enterprise EditionYes
EFS Recovery Agent1Windows 2000 ServerNo
Kerberos Authentication2Windows Server 2003 Enterprise EditionYes
Pharmax Key Recovery Agent2Windows Server 2003 Enterprise EditionYes
Pharmax Labs Key Archive2Windows Server 2003 Enterprise EditionYes
Pharmax Web Server2Windows Server 2003 Enterprise EditionNo
Pharmax Workstation Authentication2Windows Server 2003 Enterprise EditionYes
Subordinate Certification Authority1Windows 2000 ServerNo
User1Windows 2000 ServerNo
Web Server1Windows 2000 ServerNo
Web Server - ADFS2Windows Server 2003 Enterprise EditionNo
Web Server - Horizon2Windows Server 2003 Enterprise EditionNo
Web Server - Parallel2Windows Server 2003 Enterprise EditionNo
Web Server - WSUS SSL2Windows Server 2003 Enterprise EditionNo
+
Table 187 - Issued Certificate Template - pharmax-SERVER-DC-01V-CA

+

1.5.8.2 Certificate Template In Active Directory

The following section provides registered certificate templates from Active Directory.

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Template NameSchema VersionSupported CAAutoenrollment
Administrator1Windows 2000 ServerNo
Authenticated Session1Windows 2000 ServerNo
Basic EFS1Windows 2000 ServerNo
CA Exchange2Windows Server 2003 Enterprise EditionNo
CEP Encryption1Windows 2000 ServerNo
Code Signing1Windows 2000 ServerNo
Computer1Windows 2000 ServerNo
ConfigMgr Client Distribution2Windows Server 2003 Enterprise EditionYes
Cross Certification Authority2Windows Server 2003 Enterprise EditionNo
Directory Email Replication2Windows Server 2003 Enterprise EditionYes
Domain Controller1Windows 2000 ServerNo
Domain Controller Authentication2Windows Server 2003 Enterprise EditionYes
EFS Recovery Agent1Windows 2000 ServerNo
Enrollment Agent1Windows 2000 ServerNo
Enrollment Agent (Computer)1Windows 2000 ServerNo
Exchange Enrollment Agent (Offline request)1Windows 2000 ServerNo
Exchange Signature Only1Windows 2000 ServerNo
Exchange User1Windows 2000 ServerNo
IPSec1Windows 2000 ServerNo
IPSec (Offline request)1Windows 2000 ServerNo
Kerberos Authentication2Windows Server 2003 Enterprise EditionYes
Key Recovery Agent2Windows Server 2003 Enterprise EditionYes
OCSP Response Signing3Windows Server 2008 Enterprise EditionNo
Pharmax Key Recovery Agent2Windows Server 2003 Enterprise EditionYes
Pharmax Labs Key Archive2Windows Server 2003 Enterprise EditionYes
Pharmax Web Server2Windows Server 2003 Enterprise EditionNo
Pharmax Workstation Authentication2Windows Server 2003 Enterprise EditionYes
RAS and IAS Server2Windows Server 2003 Enterprise EditionYes
Root Certification Authority1Windows 2000 ServerNo
Router (Offline request)1Windows 2000 ServerNo
Smartcard Logon1Windows 2000 ServerNo
Smartcard User1Windows 2000 ServerNo
Subordinate Certification Authority1Windows 2000 ServerNo
Trust List Signing1Windows 2000 ServerNo
User1Windows 2000 ServerNo
User Signature Only1Windows 2000 ServerNo
Web Server1Windows 2000 ServerNo
Web Server - ADFS2Windows Server 2003 Enterprise EditionNo
Web Server - Horizon2Windows Server 2003 Enterprise EditionNo
Web Server - Parallel2Windows Server 2003 Enterprise EditionNo
Web Server - WSUS SSL2Windows Server 2003 Enterprise EditionNo
Workstation Authentication2Windows Server 2003 Enterprise EditionYes
+
Table 188 - Certificate Template in AD - PHARMAX.LOCAL

+

1.5.9 Certificate Template Summary

The following section provides the certificate templates that are assigned to a specified Certification Authority (CA). CA server can issue certificates only based on assigned templates.

1.5.9.1 acad-ACADE-DC-01V-CA Certificate Template

+ + + + + + + + + + + + + +
Template NameSchema VersionSupported CAAutoenrollment
Administrator1Windows 2000 ServerNo
Basic EFS1Windows 2000 ServerNo
Computer1Windows 2000 ServerNo
Directory Email Replication2Windows Server 2003 Enterprise EditionYes
Domain Controller1Windows 2000 ServerNo
Domain Controller Authentication2Windows Server 2003 Enterprise EditionYes
EFS Recovery Agent1Windows 2000 ServerNo
Kerberos Authentication2Windows Server 2003 Enterprise EditionYes
Pharmax Workstation Authentication2Windows Server 2003 Enterprise EditionYes
Subordinate Certification Authority1Windows 2000 ServerNo
User1Windows 2000 ServerNo
Web Server1Windows 2000 ServerNo
+
Table 189 - Issued Certificate Template - acad-ACADE-DC-01V-CA

+

1.5.9.2 Certificate Template In Active Directory

The following section provides registered certificate templates from Active Directory.

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Template NameSchema VersionSupported CAAutoenrollment
Administrator1Windows 2000 ServerNo
Authenticated Session1Windows 2000 ServerNo
Basic EFS1Windows 2000 ServerNo
CA Exchange2Windows Server 2003 Enterprise EditionNo
CEP Encryption1Windows 2000 ServerNo
Code Signing1Windows 2000 ServerNo
Computer1Windows 2000 ServerNo
ConfigMgr Client Distribution2Windows Server 2003 Enterprise EditionYes
Cross Certification Authority2Windows Server 2003 Enterprise EditionNo
Directory Email Replication2Windows Server 2003 Enterprise EditionYes
Domain Controller1Windows 2000 ServerNo
Domain Controller Authentication2Windows Server 2003 Enterprise EditionYes
EFS Recovery Agent1Windows 2000 ServerNo
Enrollment Agent1Windows 2000 ServerNo
Enrollment Agent (Computer)1Windows 2000 ServerNo
Exchange Enrollment Agent (Offline request)1Windows 2000 ServerNo
Exchange Signature Only1Windows 2000 ServerNo
Exchange User1Windows 2000 ServerNo
IPSec1Windows 2000 ServerNo
IPSec (Offline request)1Windows 2000 ServerNo
Kerberos Authentication2Windows Server 2003 Enterprise EditionYes
Key Recovery Agent2Windows Server 2003 Enterprise EditionYes
OCSP Response Signing3Windows Server 2008 Enterprise EditionNo
Pharmax Key Recovery Agent2Windows Server 2003 Enterprise EditionYes
Pharmax Labs Key Archive2Windows Server 2003 Enterprise EditionYes
Pharmax Web Server2Windows Server 2003 Enterprise EditionNo
Pharmax Workstation Authentication2Windows Server 2003 Enterprise EditionYes
RAS and IAS Server2Windows Server 2003 Enterprise EditionYes
Root Certification Authority1Windows 2000 ServerNo
Router (Offline request)1Windows 2000 ServerNo
Smartcard Logon1Windows 2000 ServerNo
Smartcard User1Windows 2000 ServerNo
Subordinate Certification Authority1Windows 2000 ServerNo
Trust List Signing1Windows 2000 ServerNo
User1Windows 2000 ServerNo
User Signature Only1Windows 2000 ServerNo
Web Server1Windows 2000 ServerNo
Web Server - ADFS2Windows Server 2003 Enterprise EditionNo
Web Server - Horizon2Windows Server 2003 Enterprise EditionNo
Web Server - Parallel2Windows Server 2003 Enterprise EditionNo
Web Server - WSUS SSL2Windows Server 2003 Enterprise EditionNo
Workstation Authentication2Windows Server 2003 Enterprise EditionYes
+
Table 190 - Certificate Template in AD - PHARMAX.LOCAL

+

1.5.10 Certificate Template Summary

The following section provides the certificate templates that are assigned to a specified Certification Authority (CA). CA server can issue certificates only based on assigned templates.

1.5.10.1 pharmax-CAYEY-DC-01V-CA Certificate Template

+ + + + + + + + + + + + +
Template NameSchema VersionSupported CAAutoenrollment
Administrator1Windows 2000 ServerNo
Basic EFS1Windows 2000 ServerNo
Computer1Windows 2000 ServerNo
Directory Email Replication2Windows Server 2003 Enterprise EditionYes
Domain Controller1Windows 2000 ServerNo
Domain Controller Authentication2Windows Server 2003 Enterprise EditionYes
EFS Recovery Agent1Windows 2000 ServerNo
Kerberos Authentication2Windows Server 2003 Enterprise EditionYes
Subordinate Certification Authority1Windows 2000 ServerNo
User1Windows 2000 ServerNo
Web Server1Windows 2000 ServerNo
+
Table 191 - Issued Certificate Template - pharmax-CAYEY-DC-01V-CA

+

1.5.10.2 Certificate Template In Active Directory

The following section provides registered certificate templates from Active Directory.

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Template NameSchema VersionSupported CAAutoenrollment
Administrator1Windows 2000 ServerNo
Authenticated Session1Windows 2000 ServerNo
Basic EFS1Windows 2000 ServerNo
CA Exchange2Windows Server 2003 Enterprise EditionNo
CEP Encryption1Windows 2000 ServerNo
Code Signing1Windows 2000 ServerNo
Computer1Windows 2000 ServerNo
ConfigMgr Client Distribution2Windows Server 2003 Enterprise EditionYes
Cross Certification Authority2Windows Server 2003 Enterprise EditionNo
Directory Email Replication2Windows Server 2003 Enterprise EditionYes
Domain Controller1Windows 2000 ServerNo
Domain Controller Authentication2Windows Server 2003 Enterprise EditionYes
EFS Recovery Agent1Windows 2000 ServerNo
Enrollment Agent1Windows 2000 ServerNo
Enrollment Agent (Computer)1Windows 2000 ServerNo
Exchange Enrollment Agent (Offline request)1Windows 2000 ServerNo
Exchange Signature Only1Windows 2000 ServerNo
Exchange User1Windows 2000 ServerNo
IPSec1Windows 2000 ServerNo
IPSec (Offline request)1Windows 2000 ServerNo
Kerberos Authentication2Windows Server 2003 Enterprise EditionYes
Key Recovery Agent2Windows Server 2003 Enterprise EditionYes
OCSP Response Signing3Windows Server 2008 Enterprise EditionNo
Pharmax Key Recovery Agent2Windows Server 2003 Enterprise EditionYes
Pharmax Labs Key Archive2Windows Server 2003 Enterprise EditionYes
Pharmax Web Server2Windows Server 2003 Enterprise EditionNo
Pharmax Workstation Authentication2Windows Server 2003 Enterprise EditionYes
RAS and IAS Server2Windows Server 2003 Enterprise EditionYes
Root Certification Authority1Windows 2000 ServerNo
Router (Offline request)1Windows 2000 ServerNo
Smartcard Logon1Windows 2000 ServerNo
Smartcard User1Windows 2000 ServerNo
Subordinate Certification Authority1Windows 2000 ServerNo
Trust List Signing1Windows 2000 ServerNo
User1Windows 2000 ServerNo
User Signature Only1Windows 2000 ServerNo
Web Server1Windows 2000 ServerNo
Web Server - ADFS2Windows Server 2003 Enterprise EditionNo
Web Server - Horizon2Windows Server 2003 Enterprise EditionNo
Web Server - Parallel2Windows Server 2003 Enterprise EditionNo
Web Server - WSUS SSL2Windows Server 2003 Enterprise EditionNo
Workstation Authentication2Windows Server 2003 Enterprise EditionYes
+
Table 192 - Certificate Template in AD - PHARMAX.LOCAL

+

1.5.11 Key Recovery Agent Certificate

The following section provides the Key Recovery Agent certificate used to encrypt user's certificate private key and store it in CA database. In the case when user cannot access his or her certificate private key it is possible to recover it by Key Recovery Agent if Key Archival procedure was taken against particular certificate.

+ + + + +
CA Namepharmax-SERVER-DC-01V-CA
Server NameSERVER-DC-01V
Certificate[Subject]
CN=Administrator, CN=Users, DC=pharmax, DC=local

[Issuer]
CN=pharmax-SERVER-DC-01V-CA, DC=pharmax, DC=local

[Serial Number]
61000001068FABBB1D8B7B986A000000000106

[Not Before]
11/16/2021 8:11:55 PM

[Not After]
11/16/2023 8:11:55 PM

[Thumbprint]
0C65947128A94A0209907127D13F81AD5840CA37
+
Table 193 - Key Recovery Agent Certificate - pharmax-SERVER-DC-01V-CA

+
+ + + + +
CA Nameacad-ACADE-DC-01V-CA
Server NameACADE-DC-01V
Certificate[Subject]
CN=Administrator, CN=Users, DC=pharmax, DC=local

[Issuer]
CN=pharmax-SERVER-DC-01V-CA, DC=pharmax, DC=local

[Serial Number]
610000011FC4B5F75727EEAB0800000000011F

[Not Before]
1/23/2022 10:30:44 PM

[Not After]
1/23/2024 10:30:44 PM

[Thumbprint]
4883ED66CAB909725F89D7483E97DBF69C4CDA9B
+
Table 194 - Key Recovery Agent Certificate - acad-ACADE-DC-01V-CA


Page 3
From 2fa9fa856d8fab0f9f90203986ffb93ec5a62634 Mon Sep 17 00:00:00 2001 From: Jonathan Colon Date: Mon, 24 Jan 2022 10:19:50 -0400 Subject: [PATCH 23/23] More error handling --- Src/Private/Get-AbrADCACRLSetting.ps1 | 51 +++++++++++++-------- Src/Private/Get-AbrADCAKeyRecoveryAgent.ps1 | 40 ++++++++-------- Src/Private/Get-AbrADCASecurity.ps1 | 15 ++++-- Src/Private/Get-AbrADDNSInfrastructure.ps1 | 51 +++++++++++++-------- Src/Private/Get-AbrADDomainController.ps1 | 46 +++++++++++-------- Src/Private/Get-AbrADForest.ps1 | 29 +++++++----- Src/Private/Get-AbrADGPO.ps1 | 19 +++++--- Src/Private/Get-AbrADOU.ps1 | 11 +++-- 8 files changed, 161 insertions(+), 101 deletions(-) diff --git a/Src/Private/Get-AbrADCACRLSetting.ps1 b/Src/Private/Get-AbrADCACRLSetting.ps1 index 227ae15..fdc6409 100644 --- a/Src/Private/Get-AbrADCACRLSetting.ps1 +++ b/Src/Private/Get-AbrADCACRLSetting.ps1 @@ -34,14 +34,19 @@ function Get-AbrADCACRLSetting { Write-PscriboMessage "Collecting AD CA CRL Validity Period information on $($CA.Name)." $CRLs = Get-CRLValidityPeriod -CertificationAuthority $CA foreach ($VP in $CRLs) { - $inObj = [ordered] @{ - 'CA Name' = $VP.Name - 'Base CRL' = $VP.BaseCRL - 'Base CRL Overlap' = $VP.BaseCRLOverlap - 'Delta CRL' = $VP.DeltaCRL - 'Delta CRL Overlap' = $VP.DeltaCRLOverlap + try { + $inObj = [ordered] @{ + 'CA Name' = $VP.Name + 'Base CRL' = $VP.BaseCRL + 'Base CRL Overlap' = $VP.BaseCRLOverlap + 'Delta CRL' = $VP.DeltaCRL + 'Delta CRL Overlap' = $VP.DeltaCRLOverlap + } + $OutObj += [pscustomobject]$inobj + } + catch { + Write-PscriboMessage -IsWarning $_.Exception.Message } - $OutObj += [pscustomobject]$inobj } } catch { @@ -67,12 +72,17 @@ function Get-AbrADCACRLSetting { Write-PscriboMessage "Collecting AD CA CRL Distribution Point information on $($CA.Name)." $CRLs = Get-CertificateRevocationListFlag -CertificationAuthority $CA foreach ($Flag in $CRLs) { - $inObj = [ordered] @{ - 'CA Name' = $Flag.Name - 'Server Name' = $Flag.ComputerName.ToString().ToUpper().Split(".")[0] - 'CRL Flags' = $Flag.CRLFlags + try { + $inObj = [ordered] @{ + 'CA Name' = $Flag.Name + 'Server Name' = $Flag.ComputerName.ToString().ToUpper().Split(".")[0] + 'CRL Flags' = $Flag.CRLFlags + } + $OutObj += [pscustomobject]$inobj + } + catch { + Write-PscriboMessage -IsWarning $_.Exception.Message } - $OutObj += [pscustomobject]$inobj } } catch { @@ -160,13 +170,18 @@ function Get-AbrADCACRLSetting { try { $CAHealth = Get-EnterprisePKIHealthStatus -CertificateAuthority $CA foreach ($Health in $CAHealth) { - Write-PscriboMessage "Collecting AIA and CDP Health Status from $($Health.Name)." - $inObj = [ordered] @{ - 'CA Name' = $Health.Name - 'Childs' = ($Health.Childs).Name - 'Health' = $Health.Status + try { + Write-PscriboMessage "Collecting AIA and CDP Health Status from $($Health.Name)." + $inObj = [ordered] @{ + 'CA Name' = $Health.Name + 'Childs' = ($Health.Childs).Name + 'Health' = $Health.Status + } + $OutObj += [pscustomobject]$inobj + } + catch { + Write-PscriboMessage -IsWarning $_.Exception.Message } - $OutObj += [pscustomobject]$inobj } } catch { diff --git a/Src/Private/Get-AbrADCAKeyRecoveryAgent.ps1 b/Src/Private/Get-AbrADCAKeyRecoveryAgent.ps1 index 7c47882..5febacd 100644 --- a/Src/Private/Get-AbrADCAKeyRecoveryAgent.ps1 +++ b/Src/Private/Get-AbrADCAKeyRecoveryAgent.ps1 @@ -23,9 +23,9 @@ function Get-AbrADCAKeyRecoveryAgent { } process { - try { - $OutObj = @() - foreach ($CA in $CAs) { + $OutObj = @() + foreach ($CA in $CAs) { + try { $KRA = Get-CAKRACertificate -CertificationAuthority $CA if ($KRA.Certificate) { Write-PscriboMessage "Collecting Key Recovery Agent Certificate Certificate information of $($KRA.DisplayName)." @@ -37,27 +37,27 @@ function Get-AbrADCAKeyRecoveryAgent { $OutObj += [pscustomobject]$inobj } } - if ($OutObj) { - Section -Style Heading4 "Key Recovery Agent Certificate" { - Paragraph "The following section provides the Key Recovery Agent certificate used to encrypt user's certificate private key and store it in CA database. In the case when user cannot access his or her certificate private key it is possible to recover it by Key Recovery Agent if Key Archival procedure was taken against particular certificate." - BlankLine - foreach ($Item in $OutObj) { - $TableParams = @{ - Name = "Key Recovery Agent Certificate - $($Item.'CA Name')" - List = $true - ColumnWidths = 40, 60 - } - if ($Report.ShowTableCaptions) { - $TableParams['Caption'] = "- $($TableParams.Name)" - } - $Item | Table @TableParams + catch { + Write-PscriboMessage -IsWarning "$($_.Exception.Message) (Key Recovery Agent Certificate Item)" + } + } + if ($OutObj) { + Section -Style Heading4 "Key Recovery Agent Certificate" { + Paragraph "The following section provides the Key Recovery Agent certificate used to encrypt user's certificate private key and store it in CA database. In the case when user cannot access his or her certificate private key it is possible to recover it by Key Recovery Agent if Key Archival procedure was taken against particular certificate." + BlankLine + foreach ($Item in $OutObj) { + $TableParams = @{ + Name = "Key Recovery Agent Certificate - $($Item.'CA Name')" + List = $true + ColumnWidths = 40, 60 } + if ($Report.ShowTableCaptions) { + $TableParams['Caption'] = "- $($TableParams.Name)" + } + $Item | Table @TableParams } } } - catch { - Write-PscriboMessage -IsWarning "$($_.Exception.Message) (Key Recovery Agent Certificate)" - } } end {} diff --git a/Src/Private/Get-AbrADCASecurity.ps1 b/Src/Private/Get-AbrADCASecurity.ps1 index 309a016..701fe6b 100644 --- a/Src/Private/Get-AbrADCASecurity.ps1 +++ b/Src/Private/Get-AbrADCASecurity.ps1 @@ -61,12 +61,17 @@ function Get-AbrADCASecurity { $ACLs = Get-CertificationAuthorityAcl -CertificationAuthority $CA Write-PscriboMessage "Collecting Certification Authority Access Control List information of $($CA.Name)." foreach ($ACL in $ACLs) { - $inObj = [ordered] @{ - 'DC Name' = $CA.DisplayName - 'Owner' = $ACL.Owner - 'Group' = $ACL.Group + try { + $inObj = [ordered] @{ + 'DC Name' = $CA.DisplayName + 'Owner' = $ACL.Owner + 'Group' = $ACL.Group + } + $OutObj += [pscustomobject]$inobj + } + catch { + Write-PscriboMessage -IsWarning $_.Exception.Message } - $OutObj += [pscustomobject]$inobj } } catch { diff --git a/Src/Private/Get-AbrADDNSInfrastructure.ps1 b/Src/Private/Get-AbrADDNSInfrastructure.ps1 index e4b9966..57001e2 100644 --- a/Src/Private/Get-AbrADDNSInfrastructure.ps1 +++ b/Src/Private/Get-AbrADDNSInfrastructure.ps1 @@ -80,15 +80,20 @@ function Get-AbrADDNSInfrastructure { $DNSSettings = Invoke-Command -Session $DCPssSession {Get-NetAdapter | Get-DnsClientServerAddress -AddressFamily IPv4} Remove-PSSession -Session $DCPssSession foreach ($DNSSetting in $DNSSettings) { - $inObj = [ordered] @{ - 'DC Name' = $DC.ToString().ToUpper().Split(".")[0] - 'Interface' = $DNSSetting.InterfaceAlias - 'DNS IP 1' = ConvertTo-EmptyToFiller $DNSSetting.ServerAddresses[0] - 'DNS IP 2' = ConvertTo-EmptyToFiller $DNSSetting.ServerAddresses[1] - 'DNS IP 3' = ConvertTo-EmptyToFiller $DNSSetting.ServerAddresses[2] - 'DNS IP 4' = ConvertTo-EmptyToFiller $DNSSetting.ServerAddresses[3] + try { + $inObj = [ordered] @{ + 'DC Name' = $DC.ToString().ToUpper().Split(".")[0] + 'Interface' = $DNSSetting.InterfaceAlias + 'DNS IP 1' = ConvertTo-EmptyToFiller $DNSSetting.ServerAddresses[0] + 'DNS IP 2' = ConvertTo-EmptyToFiller $DNSSetting.ServerAddresses[1] + 'DNS IP 3' = ConvertTo-EmptyToFiller $DNSSetting.ServerAddresses[2] + 'DNS IP 4' = ConvertTo-EmptyToFiller $DNSSetting.ServerAddresses[3] + } + $OutObj += [pscustomobject]$inobj + } + catch { + Write-PscriboMessage -IsWarning $_.Exception.Message } - $OutObj += [pscustomobject]$inobj } } catch { @@ -130,13 +135,18 @@ function Get-AbrADDNSInfrastructure { try { $DNSSetting = Invoke-Command -Session $Session {Get-DnsServerDirectoryPartition -ComputerName $using:DC} foreach ($Partition in $DNSSetting) { - $inObj = [ordered] @{ - 'Name' = $Partition.DirectoryPartitionName - 'State' = ConvertTo-EmptyToFiller $Partition.State - 'Flags' = $Partition.Flags - 'Zone Count' = $Partition.ZoneCount + try { + $inObj = [ordered] @{ + 'Name' = $Partition.DirectoryPartitionName + 'State' = ConvertTo-EmptyToFiller $Partition.State + 'Flags' = $Partition.Flags + 'Zone Count' = $Partition.ZoneCount + } + $OutObj += [pscustomobject]$inobj + } + catch { + Write-PscriboMessage -IsWarning $_.Exception.Message } - $OutObj += [pscustomobject]$inobj } } catch { @@ -308,11 +318,16 @@ function Get-AbrADDNSInfrastructure { try { $DNSSetting = Invoke-Command -Session $Session {Get-DnsServerRootHint -ComputerName $using:DC | Select-Object @{Name="Name"; E={$_.NameServer.RecordData.Nameserver}},@{Name="IPAddress"; E={$_.IPAddress.RecordData.IPv6Address.IPAddressToString,$_.IPAddress.RecordData.IPv4Address.IPAddressToString} }} foreach ($Hints in $DNSSetting) { - $inObj = [ordered] @{ - 'Name' = $Hints.Name - 'IP Address' = (($Hints.IPAddress).Where({ $_ -ne $Null })) -join ", " + try { + $inObj = [ordered] @{ + 'Name' = $Hints.Name + 'IP Address' = (($Hints.IPAddress).Where({ $_ -ne $Null })) -join ", " + } + $OutObj += [pscustomobject]$inobj + } + catch { + Write-PscriboMessage -IsWarning $_.Exception.Message } - $OutObj += [pscustomobject]$inobj } } catch { diff --git a/Src/Private/Get-AbrADDomainController.ps1 b/Src/Private/Get-AbrADDomainController.ps1 index 177ced5..ec112e8 100644 --- a/Src/Private/Get-AbrADDomainController.ps1 +++ b/Src/Private/Get-AbrADDomainController.ps1 @@ -206,21 +206,26 @@ function Get-AbrADDomainController { $SourceType = Invoke-Command -Session $DCPssSession -ScriptBlock {Get-ItemProperty -Path HKLM:\System\CurrentControlSet\Services\W32Time\Parameters | Select-Object -ExpandProperty 'Type'} Remove-PSSession -Session $DCPssSession if ( $NtpServer -and $SourceType ) { - $inObj = [ordered] @{ - 'Name' = $DC.ToString().ToUpper().Split(".")[0] - 'Time Server' = Switch ($NtpServer) { - 'time.windows.com,0x8' {"Domain Hierarchy"} - 'time.windows.com' {"Domain Hierarchy"} - '0x8' {"Domain Hierarchy"} - default {$NtpServer} - } - 'Type' = Switch ($SourceType) { - 'NTP' {"MANUAL (NTP)"} - 'NT5DS' {"DOMHIER"} - default {$SourceType} + try { + $inObj = [ordered] @{ + 'Name' = $DC.ToString().ToUpper().Split(".")[0] + 'Time Server' = Switch ($NtpServer) { + 'time.windows.com,0x8' {"Domain Hierarchy"} + 'time.windows.com' {"Domain Hierarchy"} + '0x8' {"Domain Hierarchy"} + default {$NtpServer} + } + 'Type' = Switch ($SourceType) { + 'NTP' {"MANUAL (NTP)"} + 'NT5DS' {"DOMHIER"} + default {$SourceType} + } } + $OutObj += [pscustomobject]$inobj + } + catch { + Write-PscriboMessage -IsWarning $_.Exception.Message } - $OutObj += [pscustomobject]$inobj } } catch { @@ -263,12 +268,17 @@ function Get-AbrADDomainController { Paragraph "The following section provides a summary of additional software running on $($DC.ToString().ToUpper().Split(".")[0])." BlankLine foreach ($APP in $Software) { - $inObj = [ordered] @{ - 'Name' = $APP.DisplayName - 'Publisher' = $APP.Publisher - 'Install Date' = $APP.InstallDate + try { + $inObj = [ordered] @{ + 'Name' = $APP.DisplayName + 'Publisher' = $APP.Publisher + 'Install Date' = $APP.InstallDate + } + $OutObj = [pscustomobject]$inobj + } + catch { + Write-PscriboMessage -IsWarning $_.Exception.Message } - $OutObj = [pscustomobject]$inobj } $TableParams = @{ Name = "Installed Software - $($DC.ToString().ToUpper().Split(".")[0])" diff --git a/Src/Private/Get-AbrADForest.ps1 b/Src/Private/Get-AbrADForest.ps1 index f0864e3..cfec281 100644 --- a/Src/Private/Get-AbrADForest.ps1 +++ b/Src/Private/Get-AbrADForest.ps1 @@ -46,19 +46,24 @@ function Get-AbrADForest { if ($Data) { Write-PscriboMessage "Collecting Active Directory information of forest $ForestInfo." foreach ($Item in $Data) { - $inObj = [ordered] @{ - 'Forest Name' = $Item.RootDomain - 'Forest Functional Level' = $Item.ForestMode - 'Schema Version' = "ObjectVersion $ADVersion, Correspond to $server" - 'Tombstone Lifetime (days)' = $TombstoneLifetime - 'Domains' = $Item.Domains -join '; ' - 'Global Catalogs' = $Item.GlobalCatalogs -join '; ' - 'Application Partitions' = $Item.ApplicationPartitions - 'PartitionsContainer' = [string]$Item.PartitionsContainer - 'SPN Suffixes' = ConvertTo-EmptyToFiller $Item.SPNSuffixes - 'UPN Suffixes' = ConvertTo-EmptyToFiller $Item.UPNSuffixes + try { + $inObj = [ordered] @{ + 'Forest Name' = $Item.RootDomain + 'Forest Functional Level' = $Item.ForestMode + 'Schema Version' = "ObjectVersion $ADVersion, Correspond to $server" + 'Tombstone Lifetime (days)' = $TombstoneLifetime + 'Domains' = $Item.Domains -join '; ' + 'Global Catalogs' = $Item.GlobalCatalogs -join '; ' + 'Application Partitions' = $Item.ApplicationPartitions + 'PartitionsContainer' = [string]$Item.PartitionsContainer + 'SPN Suffixes' = ConvertTo-EmptyToFiller $Item.SPNSuffixes + 'UPN Suffixes' = ConvertTo-EmptyToFiller $Item.UPNSuffixes + } + $OutObj += [pscustomobject]$inobj + } + catch { + Write-PscriboMessage -IsWarning $_.Exception.Message } - $OutObj += [pscustomobject]$inobj } $TableParams = @{ diff --git a/Src/Private/Get-AbrADGPO.ps1 b/Src/Private/Get-AbrADGPO.ps1 index d0d8f7c..36432c5 100644 --- a/Src/Private/Get-AbrADGPO.ps1 +++ b/Src/Private/Get-AbrADGPO.ps1 @@ -165,14 +165,19 @@ function Get-AbrADGPO { $UserScripts = $Gpoxml.GPO.User.ExtensionData | Where-Object { $_.Name -eq 'Scripts' } if ($UserScripts.extension.Script) { foreach ($Script in $UserScripts.extension.Script) { - Write-PscriboMessage "Collecting Active Directory Group Policy Objects with Logon/Logoff Script '$($GPO.DisplayName)'." - $inObj = [ordered] @{ - 'GPO Name' = $GPO.DisplayName - 'GPO Status' = ($GPO.GpoStatus -creplace '([A-Z\W_]|\d+)(?