├── Get-ADAudit.ps1 ├── README.md └── Scripts ├── Excluded └── Tempalte.ps1 ├── Get-ADAuditSettings.ps1 ├── Get-ADDetails.ps1 ├── Get-ADFSMO.ps1 ├── Get-ADLevels.ps1 ├── Get-ADTrusts.ps1 ├── Get-AccountsWithNeverExpirePasswords.ps1 ├── Get-AuthenticationPolicyDetails.ps1 ├── Get-BackupInfo.ps1 ├── Get-ComputerDetails.ps1 ├── Get-ComputerMachineQuota.ps1 ├── Get-DCDiag.ps1 ├── Get-DCFeatures.ps1 ├── Get-DCUACIssues.ps1 ├── Get-DCwithSpooler.ps1 ├── Get-DHCPDetails.ps1 ├── Get-DNSAdmins.ps1 ├── Get-DefaultContainers.ps1 ├── Get-GMSADetails.ps1 ├── Get-ImportantAccountsDetails.ps1 ├── Get-InactiveDCs.ps1 ├── Get-KrbtgtPwdLastSet.ps1 ├── Get-LAPSDetails.ps1 ├── Get-NTPDetails.ps1 ├── Get-NotSensitivePrivilegedUsers.ps1 ├── Get-PSOwithPasswordLenghtBelow8.ps1 ├── Get-PasswordPolicies.ps1 ├── Get-Pre200GroupMembers.ps1 ├── Get-PrivilegedGroupsDetails.ps1 ├── Get-PrivilegedGroupsMembership.ps1 ├── Get-Repadim.ps1 ├── Get-SPNDetails.ps1 ├── Get-SPNDuplicatesDetails.ps1 ├── Get-SchemaAdmins.ps1 ├── Get-ServicesOnDC.ps1 ├── Get-SysvolDetails.ps1 ├── Get-UserDetails.ps1 └── Get-UsersWithAdminCount.ps1 /Get-ADAudit.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | .EXAMPLE 3 | .\Get-ADAudit.ps1 -AuditPath C:\Audit 4 | 5 | .NOTES 6 | All rigts reserved to 7 | Robert Przybylski 8 | www.azureblog.pl 9 | 2021 10 | #> 11 | 12 | [CmdletBinding()] 13 | param ( 14 | [Parameter(Position = 0, mandatory = $true)] 15 | [string] $AuditPath 16 | ) 17 | 18 | #region initial setup 19 | try { 20 | Stop-Transcript 21 | } 22 | catch { 23 | 24 | } 25 | $auditFolderTest = Test-Path $AuditPath 26 | if ($auditFolderTest -eq $false) { 27 | New-Item -Path $AuditPath -Name ADAudit -ItemType Directory -Force | Out-Null 28 | } 29 | 30 | $dnsRoot = (Get-ADDomain).dnsroot 31 | $domainAuditPath = "$AuditPath\ADAudit\$dnsRoot" 32 | $DomainFolderTest = Test-Path $domainAuditPath 33 | if ($DomainFolderTest -eq $false) { 34 | New-Item -path "$AuditPath\ADAudit" -Name $dnsRoot -ItemType Directory -Force | Out-Null 35 | } 36 | 37 | $oldLocation = Get-Location 38 | 39 | #endregion 40 | 41 | #region transcript 42 | $date = Get-Date -Format "dd_MM_yyyy_HHmm" 43 | $transcriptPath = "$domainAuditPath\ADAudit_$($date).log" 44 | Start-Transcript -Path $transcriptPath 45 | #endregion 46 | 47 | #region Audit Scripts run 48 | 49 | $scripts = Get-ChildItem -Path .\Scripts\ -File 50 | $scriptsNumber = ($scripts | Measure-Object).count 51 | $i = 1 52 | foreach ($entry in $scripts) { 53 | $fileName = $entry.Name 54 | $fileNameClean = [io.path]::GetFileNameWithoutExtension($fileName) 55 | write-Host "----> Running $fileNameClean script <-----" -ForegroundColor Green 56 | . .\Scripts\$fileName -OutputPath $domainAuditPath 57 | 58 | } 59 | #end region 60 | 61 | Stop-Transcript 62 | Set-Location $oldLocation -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # AD Health Check Repository 2 | 3 | Hi there! 4 | This is my place where I'm putting all the scripts Active Directory Health Check. 5 | 6 | To start your assessment run: 7 | 8 | .\Get-ADAudit.ps1 -AuditPath C:\Audit 9 | 10 | To add new scripts add them to [Scripts](https://github.com/przybylskirobert/ADhealthCheck/tree/master/Scripts) folder. 11 | 12 | To exclude draft scripts place them in [Scripts\Excluded](https://github.com/przybylskirobert/ADhealthCheck/tree/master/Scripts/Excluded) folder. 13 | 14 | Template script file could be found here: 15 | [Template.ps1](https://github.com/przybylskirobert/ADhealthCheck/blob/master/Scripts/Excluded/Tempalte.ps1) 16 | -------------------------------------------------------------------------------- /Scripts/Excluded/Tempalte.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | .EXAMPLE 3 | .\Get-XXX.ps1 -OutputPath C:\Tools\Audit -Verbose 4 | .NOTES 5 | All rigts reserved to 6 | Robert Przybylski 7 | www.azureblog.pl 8 | 2021 9 | #> 10 | 11 | [CmdletBinding()] 12 | param ( 13 | [Parameter(Position = 0, mandatory = $true)] 14 | [string] $OutputPath 15 | ) 16 | 17 | #region initial setup 18 | Import-Module ActiveDirectory 19 | $adDomain = Get-ADDomain 20 | $adForest = Get-ADForest 21 | $scriptName = $myInvocation.ScriptName 22 | 23 | function Get-ScriptProgress { 24 | param ( 25 | [string] $Name 26 | ) 27 | Write-Verbose "[$scriptName] Running $name check..." 28 | } 29 | #endregion 30 | 31 | #Region Forest Info 32 | Get-ScriptProgress -Name 'XXXX' 33 | 34 | $result | Export-Csv -Path $OutputPath\XXX_details.csv -NoTypeInformation 35 | #endregion 36 | -------------------------------------------------------------------------------- /Scripts/Get-ADAuditSettings.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | .EXAMPLE 3 | $AuditSettings = @("Authentication Policy Change" , "Computer Account Management" , "DPAPI Activity" , "Kerberos Authentication service" , "Kerberos Service Ticket Operations" , "Logoff" , "Logon" , "Process Creation" , "Security Group Management" , "Security System Extension" , "Sensitive Privilege Use" , "Special Logon" , "User Account Management") 4 | .\Get-ADAuditSettings -AuditSettings $AuditSettings -OutputPath "C:\tools" 5 | 6 | #> 7 | param ( 8 | [string[]] $AuditSettings = @("Authentication Policy Change" , "Computer Account Management" , "DPAPI Activity" , "Kerberos Authentication service" , "Kerberos Service Ticket Operations" , "Logoff" , "Logon" , "Process Creation" , "Security Group Management" , "Security System Extension" , "Sensitive Privilege Use" , "Special Logon" , "User Account Management"), 9 | [string] $OutputPath = "C:\tools" 10 | ) 11 | 12 | $dclist = Get-ADDomainController 13 | $tempStatusCSV = "$OutputPath\tempdcstatus.csv" 14 | $auditFile = "$OutputPath\AuditSettings.csv" 15 | 16 | if ((Test-Path -LiteralPath $auditFile) -eq $false) { 17 | New-Item -ItemType File -Path $auditFile | out-null 18 | } 19 | 20 | $headers = "Domain Controller, " + ($AuditSettings -join ", ") 21 | Add-Content $auditFile $headers 22 | 23 | Foreach ($dc in $dclist) { 24 | $dcName = $dc.Name 25 | Write-Host "Checking DC '$dcName'" -ForegroundColor Green 26 | $tempTable = @() 27 | $dcStatusArray = @() 28 | $auditStatus = Invoke-Command -ComputerName $dcName -Script { auditpol.exe /get /Category:* /r } 29 | $auditStatus > $tempStatusCSV 30 | $auditStatusCSV = Import-CSV -path $tempStatusCSV 31 | foreach ($entry in $auditStatusCSV) { 32 | $subcategory = $entry.Subcategory 33 | $inclusionSetting = $entry.'Inclusion Setting' 34 | $tempTable += $(New-Object PSObject -Property @{DCName = $dcName; subcategory = $entry.Subcategory; "Inclusion Setting" = $inclusionSetting }) 35 | } 36 | foreach ($setting in $AuditSettings) { 37 | $dcStatusArray += $tempTable | Where-Object { $_.subcategory -eq $setting } 38 | } 39 | $str = $dcName 40 | foreach ($subcategory in $dcStatusArray) { 41 | Write-Host "Building Results string for for category '$($subcategory.subcategory)'" -ForegroundColor Yellow 42 | $str = $str + ", " + $subcategory.'Inclusion Setting' 43 | } 44 | Add-Content $auditFile $str 45 | } 46 | Remove-Item -LiteralPath $tempStatusCSV 47 | Write-Host "AuditSettings.csv file updated and temporary file removed" -ForegroundColor Green 48 | -------------------------------------------------------------------------------- /Scripts/Get-ADDetails.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | .EXAMPLE 3 | .\Get-ADDetails.ps1 -OutputPath C:\Tools\Audit 4 | .NOTES 5 | All rigts reserved to 6 | Robert Przybylski 7 | www.azureblog.pl 8 | 2021 9 | #> 10 | 11 | [CmdletBinding()] 12 | param ( 13 | [Parameter(Position = 0, mandatory = $true)] 14 | [string] $OutputPath 15 | ) 16 | 17 | #region initial setup 18 | Import-Module ActiveDirectory 19 | $adDomain = Get-ADDomain 20 | $adForest = Get-ADForest 21 | $scriptName = $myInvocation.ScriptName 22 | 23 | function Get-ScriptProgress { 24 | param ( 25 | [string] $Name 26 | ) 27 | Write-Host "[$scriptName] Running $name check..." -ForegroundColor Yellow 28 | } 29 | #endregion 30 | 31 | #Region Forest Info 32 | Get-ScriptProgress -Name 'Forest Info' 33 | 34 | $adInfo = @( 35 | $(New-Object PSObject -Property @{ 36 | ForestName = $adForest.Name; 37 | DomainName = $adDomain.Name; 38 | DomainDistinguishedName = $adDomain.DistinguishedName; 39 | DomainFunctionalLevel = $adDomain.DomainMode; 40 | PDC = $adDomain.PDCEmulator; 41 | RID = $adDomain.RIDMaster; 42 | InfraMAster = $adDomain.InfrastructureMaster; 43 | ForestFunctionalLevel = $adForest.ForestMode; 44 | ForestSchemaVersion = (Get-ADObject (Get-ADRootDSE).schemaNamingContext -Property objectVersion).objectVersion; 45 | RootDomain = $adForest.rootDomain; 46 | NETBIOS = $adDomain.NetBIOSName; 47 | SchemaMAster = $adForest.SchemaMaster; 48 | DomainNamingMaster = $adForest.DomainNamingMaster 49 | } 50 | ) 51 | ) 52 | $adInfo | Export-Csv -Path $OutputPath\AD_details.csv -NoTypeInformation 53 | #endregion 54 | -------------------------------------------------------------------------------- /Scripts/Get-ADFSMO.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | .EXAMPLE 3 | .\Get-ADFSMO.ps1 -OutputPath C:\Tools\Audit -Verbose 4 | .NOTES 5 | All rigts reserved to 6 | Robert Przybylski 7 | www.azureblog.pl 8 | 2021 9 | #> 10 | 11 | [CmdletBinding()] 12 | param ( 13 | [Parameter(Position = 0, mandatory = $true)] 14 | [string] $OutputPath 15 | ) 16 | 17 | #region initial setup 18 | Import-Module ActiveDirectory 19 | $adDomain = Get-ADDomain 20 | $adForest = Get-ADForest 21 | $scriptName = $myInvocation.ScriptName 22 | 23 | function Get-ScriptProgress { 24 | param ( 25 | [string] $Name 26 | ) 27 | Write-Host "[$scriptName] Running $name check..." -ForegroundColor Yellow 28 | } 29 | #endregion 30 | 31 | #region FSMO 32 | Get-ScriptProgress -Name 'FSMO Roles' 33 | 34 | $fsmoRoles = @( 35 | $(New-Object PSObject -Property @{ 36 | SchemaMaster_F = $adForest.SchemaMaster; 37 | DomainNamingMaster_F = $adforest.DomainNamingMaster; 38 | PDC_D = $addomain.PDCEmulator; 39 | RIDPoolMaster_D = $addomain.RIDMaster; 40 | InfrastructureMaster_D = $addomain.InfrastructureMaster 41 | } 42 | ) 43 | ) 44 | $fsmoRoles | Export-Csv -Path $OutputPath\AD_FSMO_details.csv -NoTypeInformation 45 | 46 | #endregion -------------------------------------------------------------------------------- /Scripts/Get-ADLevels.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | .EXAMPLE 3 | .\Get-ADLevels.ps1 -OutputPath C:\Tools\Audit -Verbose 4 | .NOTES 5 | All rigts reserved to 6 | Robert Przybylski 7 | www.azureblog.pl 8 | 2021 9 | #> 10 | 11 | [CmdletBinding()] 12 | param ( 13 | [Parameter(Position = 0, mandatory = $true)] 14 | [string] $OutputPath 15 | ) 16 | 17 | #region initial setup 18 | Import-Module ActiveDirectory 19 | $adDomain = Get-ADDomain 20 | $adForest = Get-ADForest 21 | $scriptName = $myInvocation.ScriptName 22 | 23 | function Get-ScriptProgress { 24 | param ( 25 | [string] $Name 26 | ) 27 | Write-Host "[$scriptName] Running $name check..." -ForegroundColor Yellow 28 | } 29 | #endregion 30 | 31 | Get-ScriptProgress -Name 'AD Levels' 32 | $adLevels = @( 33 | $(New-Object PSObject -Property @{ 34 | Domain = $adDomain.Name; 35 | ForestLevel = $adforest.ForestMode; 36 | DomainLevel = $addomain.DomainMode 37 | } 38 | ) 39 | ) 40 | $adLevels | Export-Csv -Path $OutputPath\AD_Levels_details.csv -NoTypeInformation 41 | -------------------------------------------------------------------------------- /Scripts/Get-ADTrusts.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | .EXAMPLE 3 | .\Get-ADTrusts.ps1 -OutputPath C:\Tools\Audit -Verbose 4 | .NOTES 5 | All rigts reserved to 6 | Robert Przybylski 7 | www.azureblog.pl 8 | 2021 9 | #> 10 | 11 | [CmdletBinding()] 12 | param ( 13 | [Parameter(Position = 0, mandatory = $true)] 14 | [string] $OutputPath 15 | ) 16 | 17 | #region initial setup 18 | Import-Module ActiveDirectory 19 | $adDomain = Get-ADDomain 20 | $adForest = Get-ADForest 21 | $scriptName = $myInvocation.ScriptName 22 | 23 | function Get-ScriptProgress { 24 | param ( 25 | [string] $Name 26 | ) 27 | Write-Host "[$scriptName] Running $name check..." -ForegroundColor Yellow 28 | } 29 | #endregion 30 | 31 | #region AD Trust 32 | Get-ScriptProgress -Name 'AD Trusts' 33 | $adTrusts = Get-ADTrust -Filter * 34 | Write-Host "Found '$($adTrusts.count)' ADTrust(s)" -ForegroundColor Green 35 | if ($($adTrusts.count) -ne 0) { 36 | $adTrusts = $adTrusts | Select-Object Source, Target, DistinguishedName, TrustType, Direction, IntraForest, SIDFilteringForestAware, SIDFilteringQuarantined, SelectiveAuthentication 37 | $adTrusts | Export-Csv -Path $OutputPath\AD_Trusts_details.csv -NoTypeInformation 38 | } else { 39 | Write-Host "INFO: There are no trusts configured" -ForegroundColor Yellow 40 | } 41 | #endregion 42 | -------------------------------------------------------------------------------- /Scripts/Get-AccountsWithNeverExpirePasswords.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | .EXAMPLE 3 | .\Get-AccountsWithNeverExpirePasswords.ps1 -OutputPath C:\Tools\Audit 4 | .NOTES 5 | All rigts reserved to 6 | Robert Przybylski 7 | www.azureblog.pl 8 | 2021 9 | #> 10 | 11 | [CmdletBinding()] 12 | param ( 13 | [Parameter(Position = 0, mandatory = $true)] 14 | [string] $OutputPath 15 | ) 16 | 17 | #region initial setup 18 | Import-Module ActiveDirectory 19 | $scriptName = $myInvocation.ScriptName 20 | 21 | function Get-ScriptProgress { 22 | param ( 23 | [string] $Name 24 | ) 25 | Write-Host "[$scriptName] Running $name check..." -ForegroundColor Yellow 26 | } 27 | #endregion 28 | 29 | #Region Forest Info 30 | Get-ScriptProgress -Name 'Accounts with never expire passwords' 31 | $userList = Get-ADUSer -filter * -Properties Name,PasswordNeverExpires,Created,DistinguishedName,LastLogonDate,Enabled 32 | $neverExpireUsers = $userList | where-object {$_.PasswordExpired -ne $true} 33 | $result = $neverExpireUsers | select-object Name,PasswordNeverExpires,Created,DistinguishedName,LastLogonDate,Enabled | where-object {$_.PasswordNeverExpires -eq $true -and $_.Enabled -eq $true} 34 | $result | Export-Csv -Path $OutputPath\Accounts_With_Never_Expire_Password_details.csv -NoTypeInformation 35 | #endregion 36 | -------------------------------------------------------------------------------- /Scripts/Get-AuthenticationPolicyDetails.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | .EXAMPLE 3 | .\Get-AuthenticationPolicyDetails.ps1 -OutputPath C:\Tools\Audit -Verbose 4 | .NOTES 5 | All rigts reserved to 6 | Robert Przybylski 7 | www.azureblog.pl 8 | 2021 9 | #> 10 | 11 | [CmdletBinding()] 12 | param ( 13 | [Parameter(Position = 0, mandatory = $true)] 14 | [string] $OutputPath 15 | ) 16 | 17 | #region initial setup 18 | Import-Module ActiveDirectory 19 | 20 | $scriptName = $myInvocation.ScriptName 21 | function Get-ScriptProgress { 22 | param ( 23 | [string] $Name 24 | ) 25 | Write-Host "[$scriptName] Running $name check..." -ForegroundColor Yellow 26 | } 27 | #endregion 28 | 29 | Get-ScriptProgress -Name 'Authentication Policy' 30 | #region AuthenticationPolicy 31 | $ADAuthenticationPolicy = Get-ADAuthenticationPolicy -Filter * | select-object Name, Enforce, UserTGTLifetimeMins 32 | Write-Host "Found '$($ADAuthenticationPolicy.count)' Authentication Policy entries" -ForegroundColor Green 33 | if ($($ADAuthenticationPolicy.count) -ne 0) { 34 | $ADAuthenticationPolicy | export-csv -Path $OutputPath\Authentication_Policy_Details.csv -NoTypeInformation 35 | } 36 | Get-ScriptProgress -Name 'Authentication Policy Silo' 37 | $ADAuthenticationPolicySilo = Get-ADAuthenticationPolicySilo -Filter * | select-object Name, Enforce, UserTGTLifetimeMins 38 | Write-Host "Found '$($ADAuthenticationPolicySilo.count)' Authentication Policy Silo entries" -ForegroundColor Green 39 | if ($($ADAuthenticationPolicySilo.count) -ne 0) { 40 | $ADAuthenticationPolicySilo | export-csv -Path $OutputPath\Authentication_Policy_Details_Silo.csv -NoTypeInformation 41 | } 42 | -------------------------------------------------------------------------------- /Scripts/Get-BackupInfo.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | .EXAMPLE 3 | .\Get-BackupInfo.ps1 -OutputPath C:\Tools\Audit -Verbose 4 | .NOTES 5 | All rigts reserved to 6 | Robert Przybylski 7 | www.azureblog.pl 8 | 2021 9 | #> 10 | 11 | [CmdletBinding()] 12 | param ( 13 | [Parameter(Position = 0, mandatory = $true)] 14 | [string] $OutputPath = "C:\Temp\ADAudit\mvp.azureblog.pl" 15 | ) 16 | 17 | #region initial setup 18 | Import-Module ActiveDirectory 19 | 20 | $scriptName = $myInvocation.ScriptName 21 | function Get-ScriptProgress { 22 | param ( 23 | [string] $Name 24 | ) 25 | Write-Host "[$scriptName] Running $name check..." -ForegroundColor Yellow 26 | } 27 | #endregion 28 | 29 | Get-ScriptProgress -Name 'Backup Info' 30 | $dcList = Get-ADGroupMember -Identity "Domain Controllers" 31 | $result = @() 32 | $dclist | ForEach-Object { 33 | $backups = repadmin.exe /showbackup $_.name 34 | $cleanedBackups = $backups | where{$_ -ne ""} 35 | for ($i = 0; $i -lt $cleanedBackups.Count; $i++) { 36 | 37 | if ($cleanedBackups[$i] -match '^(CN|DC)') { 38 | $backupPartition = $cleanedBackups[$i] 39 | $backupDateTime = [regex]::Match($cleanedBackups[$i + 1], '(\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2})').Groups[1].Value 40 | $result += $(New-Object PSObject -Property @{DomainController = $_.name; Partition = $backupPartition; DateTime = $backupDateTime}) 41 | } 42 | } 43 | } 44 | $result | Export-Csv -Path $OutputPath\Backup_Info.csv -NoTypeInformation -------------------------------------------------------------------------------- /Scripts/Get-ComputerDetails.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | .EXAMPLE 3 | .\Get-ComputerDetails.ps1 -OutputPath C:\Tools\Audit -Verbose 4 | .NOTES 5 | All rigts reserved to 6 | Robert Przybylski 7 | www.azureblog.pl 8 | 2021 9 | #> 10 | 11 | [CmdletBinding()] 12 | param ( 13 | [Parameter(Position = 0, mandatory = $true)] 14 | [string] $OutputPath 15 | ) 16 | 17 | #region initial setup 18 | Import-Module ActiveDirectory 19 | 20 | $scriptName = $myInvocation.ScriptName 21 | function Get-ScriptProgress { 22 | param ( 23 | [string] $Name 24 | ) 25 | Write-Host "[$scriptName] Running $name check..." -ForegroundColor Yellow 26 | } 27 | #endregion 28 | 29 | Get-ScriptProgress -Name 'Computer Objects' 30 | $CompReport = @() 31 | $domain = (Get-ADDomain).DNSRoot 32 | $computers = Get-ADComputer -Filter * -Properties DistinguishedName, Enabled, DNSHostName, Name, ObjectClass, ObjectGUID, SamAccountName, OperatingSystem, OperatingSystemVersion, lastLogonTimestamp, pwdLastSet 33 | foreach ($computer in $computers) { 34 | $cmpDNS = $computer.DNSHostName 35 | $cmpName = $computer.Name 36 | $CompReport += New-Object PSObject -Property @{ 37 | 'Domain' = $domain 38 | 'DistinguishedName' = $computer.DistinguishedName 39 | 'Enabled' = $computer.Enabled 40 | 'DNSHostName' = $cmpDNS 41 | 'Name' = $computer.Name 42 | 'ObjectClass' = $computer.ObjectClass 43 | 'ObjectGUID' = $computer.ObjectGUID 44 | 'SamAccountName' = $computer.SamAccountName 45 | 'OperatingSystem' = $computer.OperatingSystem 46 | 'OperatingSystemVersion' = $computer.OperatingSystemVersion 47 | 'lastLogonTimestamp' = $computer.lastLogonTimestamp 48 | 'pwdLastSet' = $computer.pwdLastSet 49 | } 50 | } 51 | $compReportCount = ($CompReport | measure-object).count 52 | Write-Host "Found '$compReportCount' Computer Accounts" -ForegroundColor Green 53 | $CompReport | export-csv -Path $OutputPath\Computer_Objets.csv -NoTypeInformation -------------------------------------------------------------------------------- /Scripts/Get-ComputerMachineQuota.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | .EXAMPLE 3 | .\Get-ComputerMachineQuota.ps1 -OutputPath C:\Tools\Audit -Verbose 4 | .NOTES 5 | All rigts reserved to 6 | Robert Przybylski 7 | www.azureblog.pl 8 | 2021 9 | #> 10 | 11 | [CmdletBinding()] 12 | param ( 13 | [Parameter(Position = 0, mandatory = $true)] 14 | [string] $OutputPath 15 | ) 16 | 17 | #region initial setup 18 | Import-Module ActiveDirectory 19 | $adDomain = Get-ADDomain 20 | $adForest = Get-ADForest 21 | $scriptName = $myInvocation.ScriptName 22 | 23 | function Get-ScriptProgress { 24 | param ( 25 | [string] $Name 26 | ) 27 | Write-Host "[$scriptName] Running $name check..." -ForegroundColor Yellow 28 | } 29 | #endregion 30 | 31 | #Region Forest Info 32 | Get-ScriptProgress -Name 'Machine Account Quota' 33 | Import-module ActiveDirectory 34 | Get-ADObject -Identity ((Get-ADDomain).distinguishedname) -Properties ms-DS-MachineAccountQuota | Export-Csv -Path $OutputPath\Computer_Machine_quota_details.csv -NoTypeInformation 35 | #endregion 36 | -------------------------------------------------------------------------------- /Scripts/Get-DCDiag.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | .EXAMPLE 3 | .\Get-DCDiag.ps1 -OutputPath C:\Tools\Audit -Verbose 4 | .NOTES 5 | All rigts reserved to 6 | Robert Przybylski 7 | www.azureblog.pl 8 | 2021 9 | #> 10 | 11 | [CmdletBinding()] 12 | param ( 13 | [Parameter(Position = 0, mandatory = $true)] 14 | [string] $OutputPath 15 | ) 16 | 17 | #region initial setup 18 | Import-Module ActiveDirectory 19 | $adDomain = Get-ADDomain 20 | $adForest = Get-ADForest 21 | $scriptName = $myInvocation.ScriptName 22 | 23 | function Get-ScriptProgress { 24 | param ( 25 | [string] $Name 26 | ) 27 | Write-Host "[$scriptName] Running $name check..." -ForegroundColor Yellow 28 | } 29 | #endregion 30 | 31 | #region DCDIAG 32 | Get-ScriptProgress -Name 'DCDIAG' 33 | $dcdiag = dcdiag /e 34 | $dcdiag > $OutputPath\DCdiag_details.log 35 | #endregion -------------------------------------------------------------------------------- /Scripts/Get-DCFeatures.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | .EXAMPLE 3 | .\Get-DCFeatures.ps1 -OutputPath C:\Tools\Audit -Verbose 4 | .NOTES 5 | All rigts reserved to 6 | Robert Przybylski 7 | www.azureblog.pl 8 | 2021 9 | #> 10 | 11 | [CmdletBinding()] 12 | param ( 13 | [Parameter(Position = 0, mandatory = $true)] 14 | [string] $OutputPath 15 | ) 16 | 17 | #region initial setup 18 | Import-Module ActiveDirectory 19 | 20 | $scriptName = $myInvocation.ScriptName 21 | function Get-ScriptProgress { 22 | param ( 23 | [string] $Name 24 | ) 25 | Write-Host "[$scriptName] Running $name check..." -ForegroundColor Yellow 26 | } 27 | #endregion 28 | 29 | Get-ScriptProgress -Name 'Installed DC Features' 30 | $dcList = Get-ADGroupMember -Identity "Domain Controllers" 31 | $tempArray = @{ } 32 | foreach ($dc in $dclist) { 33 | $dc = $dc.name 34 | if (Test-Connection -BufferSize 32 -Count 1 -ComputerName $dc -Quiet) { 35 | $tempArray.add($dc, @()) 36 | $osVersion = (Get-ADComputer -Identity $dc -Properties *).OperatingSystem 37 | $tempArray["$dc"] += $osVersion 38 | Write-Output "Processing $dc ($osVersion)...`n" 39 | $featuresInstalled = (Get-WmiObject -ComputerName $dc -Query 'select * from win32_serverfeature').Name 40 | 41 | ForEach ($featureName in $featuresInstalled) { 42 | $tempArray["$dc"] += $featureName 43 | } 44 | } 45 | else { 46 | Write-Output "Domain Controller $dc ($osVersion) is unavailable`n" 47 | } 48 | } 49 | 50 | $numberOfFeaturesInstalled = $tempArray.Values | ForEach-Object { $_.count } | Sort-Object | Select-Object -last 1 51 | 52 | $results = @() 53 | For ($i = 0; $i -lt $numberOfFeaturesInstalled; $i++) { 54 | $record = New-Object PSObject 55 | $tempArray.Keys | ForEach-Object { Add-Member -InputObject $record -NotePropertyName $_ -NotePropertyValue $tempArray["$_"][$i] } 56 | $results += $record 57 | Clear-Variable Record 58 | } 59 | $results | Export-Csv -Path $OutputPath\DC_Features.csv -NoTypeInformation 60 | #endregion -------------------------------------------------------------------------------- /Scripts/Get-DCUACIssues.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | .EXAMPLE 3 | .\Get-DCUACIssues.ps1 -OutputPath C:\Tools\Audit -Verbose 4 | .NOTES 5 | All rigts reserved to 6 | Robert Przybylski 7 | www.azureblog.pl 8 | 2021 9 | #> 10 | 11 | [CmdletBinding()] 12 | param ( 13 | [Parameter(Position = 0, mandatory = $true)] 14 | [string] $OutputPath 15 | ) 16 | 17 | #region initial setup 18 | Import-Module ActiveDirectory 19 | $scriptName = $myInvocation.ScriptName 20 | 21 | function Get-ScriptProgress { 22 | param ( 23 | [string] $Name 24 | ) 25 | Write-Host "[$scriptName] Running $name check..." -ForegroundColor Yellow 26 | } 27 | #endregion 28 | 29 | #Region Forest Info 30 | Get-ScriptProgress -Name 'DC UAC Settings' 31 | $dNC = (Get-ADRootDSE).defaultNamingContext 32 | $searchBase = "OU=DOMAIN CONTROLLERS,$dNC" 33 | $dcList = Get-ADComputer -SearchBase $searchBase -properties * -filter * 34 | # 532480, which is (DC + enabled for delegation) 35 | # 83890176, which is (computer account + enabled for delegation + RODC) 36 | $DCwithIssues = $dcList | Where-Object {$_.userAccountControl -ne '532480'} | Format-Table name,DNSHostName,userAccountControl 37 | if ($($DCwithIssues.count) -ne 0) { 38 | $DCwithIssues | Export-Csv -Path $OutputPath\DC_with_UAC_issues.csv -NoTypeInformation 39 | } else { 40 | Write-Host "INFO: There are DC's with UAC issues" -ForegroundColor Yellow 41 | } 42 | #endregion 43 | -------------------------------------------------------------------------------- /Scripts/Get-DCwithSpooler.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | .EXAMPLE 3 | .\Get-DCwithSpooler.ps1 -OutputPath C:\Tools\Audit -Verbose 4 | .NOTES 5 | All rigts reserved to 6 | Robert Przybylski 7 | www.azureblog.pl 8 | 2021 9 | #> 10 | 11 | [CmdletBinding()] 12 | param ( 13 | [Parameter(Position = 0, mandatory = $true)] 14 | [string] $OutputPath 15 | ) 16 | 17 | #region initial setup 18 | Import-Module ActiveDirectory 19 | $adDomain = Get-ADDomain 20 | $adForest = Get-ADForest 21 | $scriptName = $myInvocation.ScriptName 22 | 23 | function Get-ScriptProgress { 24 | param ( 25 | [string] $Name 26 | ) 27 | Write-Host "[$scriptName] Running $name check..." -ForegroundColor Yellow 28 | } 29 | #endregion 30 | 31 | #Region Forest Info 32 | Get-ScriptProgress -Name 'Spooler Service' 33 | $DCList = Get-ADGroupMember -Identity 'Domain Controllers' 34 | $dcswithPrintSpooler = @() 35 | $DCList | ForEach-Object { 36 | $name = $_.Name 37 | $service = Get-Service -ComputerName $name -DisplayName "Print Spooler" 38 | $serviceName = $service.name 39 | $serviceStatus = $service.Status 40 | $dcswithPrintSpooler = $(New-Object PSObject -Property @{ 41 | DCName = $name 42 | ServiceName = $serviceName 43 | ServiceStatus = $serviceStatus 44 | } 45 | ) 46 | } 47 | $dcswithPrintSpooler = $dcswithPrintSpooler | where-object {$_.serviceStatus -eq 'Running'} 48 | if ($($dcswithPrintSpooler.count) -ne 0) { 49 | $dcswithPrintSpooler | Export-Csv -Path $OutputPath\DCs_with_spooler.csv -NoTypeInformation 50 | } else { 51 | Write-Host "INFO: There are DC's with print spooler service running" -ForegroundColor Yellow 52 | } 53 | #endregion 54 | -------------------------------------------------------------------------------- /Scripts/Get-DHCPDetails.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | .EXAMPLE 3 | .\Get-DHCPDetails.ps1 -OutputPath C:\Tools\Audit -Verbose 4 | .NOTES 5 | All rigts reserved to 6 | Robert Przybylski 7 | www.azureblog.pl 8 | 2021 9 | #> 10 | 11 | [CmdletBinding()] 12 | param ( 13 | [Parameter(Position = 0, mandatory = $true)] 14 | [string] $OutputPath 15 | ) 16 | 17 | #region initial setup 18 | Import-Module ActiveDirectory 19 | 20 | $scriptName = $myInvocation.ScriptName 21 | function Get-ScriptProgress { 22 | param ( 23 | [string] $Name 24 | ) 25 | Write-Host "[$scriptName] Running $name check..." -ForegroundColor Yellow} 26 | #endregion 27 | 28 | Get-ScriptProgress -Name 'DHCP' 29 | $searchBase = "cn=configuration," + $adDomain.DistinguishedName 30 | $dhcplist = Get-ADObject -SearchBase $searchBase -Filter "objectclass -eq 'dhcpclass' -AND Name -ne 'dhcproot'" 31 | $dhcpTest = $dhcplist.count 32 | if ($dhcpTest -ne 0) { 33 | $dhcpReport = $dhcplist 34 | 35 | } 36 | else { 37 | $dhcpReport = New-Object PSObject -Property @{ 38 | Info = "There are no authorised DHCP Servers" 39 | } 40 | } 41 | $dhcpReport | export-csv -Path $OutputPath\DHCP_Details.csv -NoTypeInformation -------------------------------------------------------------------------------- /Scripts/Get-DNSAdmins.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | .EXAMPLE 3 | .\Get-DNSAdmins.ps1 -OutputPath C:\Tools\Audit -Verbose 4 | .NOTES 5 | All rigts reserved to 6 | Robert Przybylski 7 | www.azureblog.pl 8 | 2021 9 | #> 10 | 11 | [CmdletBinding()] 12 | param ( 13 | [Parameter(Position = 0, mandatory = $true)] 14 | [string] $OutputPath 15 | ) 16 | 17 | #region initial setup 18 | Import-Module ActiveDirectory 19 | $adDomain = Get-ADDomain 20 | $adForest = Get-ADForest 21 | $scriptName = $myInvocation.ScriptName 22 | 23 | function Get-ScriptProgress { 24 | param ( 25 | [string] $Name 26 | ) 27 | Write-Host "[$scriptName] Running $name check..." -ForegroundColor Yellow} 28 | #endregion 29 | 30 | #Region Forest Info 31 | Get-ScriptProgress -Name 'DNS Admins' 32 | $admins = @() 33 | Get-ADGroupMember -Identity 'DNSAdmins' | foreach-object { 34 | $admins += Get-ADUSer -Identity $_ -Properties Name,Enabled,SamAccountName,LastLogonDate 35 | } 36 | if ($($admins.count) -ne 0) { 37 | $admins | Export-Csv -Path $OutputPath\DNS_Admins_details.csv -NoTypeInformation 38 | } else { 39 | Write-Host "INFO: DNS Admins group is empty" -ForegroundColor Yellow 40 | } 41 | #endregion 42 | -------------------------------------------------------------------------------- /Scripts/Get-DefaultContainers.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | .EXAMPLE 3 | .\Get-DefaultContainers.ps1 -OutputPath C:\Tools\Audit -Verbose 4 | .NOTES 5 | All rigts reserved to 6 | Robert Przybylski 7 | www.azureblog.pl 8 | 2021 9 | #> 10 | 11 | [CmdletBinding()] 12 | param ( 13 | [Parameter(Position = 0, mandatory = $true)] 14 | [string] $OutputPath 15 | ) 16 | 17 | #region initial setup 18 | Import-Module ActiveDirectory 19 | $addomain = Get-ADDomain 20 | $scriptName = $myInvocation.ScriptName 21 | function Get-ScriptProgress { 22 | param ( 23 | [string] $Name 24 | ) 25 | Write-Host "[$scriptName] Running $name check..." -ForegroundColor Yellow 26 | } 27 | #endregion 28 | 29 | Get-ScriptProgress -Name 'Default Containers' 30 | $defaultContainers = @( 31 | $(New-Object PSObject -Property @{ 32 | DomainName = $adDomain.Name; 33 | UsersContainer = $adDomain.UsersContainer; 34 | ComputerContainer = $adDomain.ComputersContainer 35 | }) 36 | ) 37 | $defaultContainers | Export-Csv -Path $OutputPath\Default_Containers.csv -NoTypeInformation 38 | -------------------------------------------------------------------------------- /Scripts/Get-GMSADetails.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | .EXAMPLE 3 | .\Get-GMSADetails.ps1 -OutputPath C:\Tools\Audit -Verbose 4 | .NOTES 5 | All rigts reserved to 6 | Robert Przybylski 7 | www.azureblog.pl 8 | 2021 9 | #> 10 | 11 | [CmdletBinding()] 12 | param ( 13 | [Parameter(Position = 0, mandatory = $true)] 14 | [string] $OutputPath 15 | ) 16 | 17 | #region initial setup 18 | Import-Module ActiveDirectory 19 | 20 | $scriptName = $myInvocation.ScriptName 21 | function Get-ScriptProgress { 22 | param ( 23 | [string] $Name 24 | ) 25 | Write-Host "[$scriptName] Running $name check..." -ForegroundColor Yellow} 26 | #endregion 27 | 28 | Get-ScriptProgress -Name 'GMSA' 29 | $output = @() 30 | $gmsaReport = Get-ADServiceAccount -Filter * -Properties * 31 | Write-Host "Found '$($gmsaReport.count)' GMSA Accounts" -ForegroundColor Green 32 | if ($($gmsaReport.count) -ne 0 ) { 33 | $gmsaReport | ForEach-Object { 34 | $output += New-Object PSObject -Property @{ 35 | Name = $_.name; 36 | DistinguishedName = $_.DistinguishedName 37 | DnsHostName = $_.DNSHostName 38 | Enabled = $_.Enabled 39 | AllowedPrincipals = $_.PrincipalsAllowedToRetrieveManagedPassword -join ";" 40 | Sid = $_.SID 41 | SamAccountName = $_.SamAccountName 42 | } 43 | } 44 | $output | export-csv -Path $OutputPath\GMSA_Details.csv -NoTypeInformation 45 | } else { 46 | Write-Host "INFO: There are no GMSA accounts" -ForegroundColor Yellow 47 | } -------------------------------------------------------------------------------- /Scripts/Get-ImportantAccountsDetails.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | .EXAMPLE 3 | .\Get-ImportantAccountsDetails.ps1 -OutputPath C:\Tools\Audit -Verbose 4 | .NOTES 5 | All rigts reserved to 6 | Robert Przybylski 7 | www.azureblog.pl 8 | 2021 9 | #> 10 | 11 | [CmdletBinding()] 12 | param ( 13 | [Parameter(Position = 0, mandatory = $true)] 14 | [string] $OutputPath 15 | ) 16 | 17 | #region initial setup 18 | Import-Module ActiveDirectory 19 | 20 | $scriptName = $myInvocation.ScriptName 21 | function Get-ScriptProgress { 22 | param ( 23 | [string] $Name 24 | ) 25 | Write-Host "[$scriptName] Running $name check..." -ForegroundColor Yellow} 26 | #endregion 27 | 28 | Get-ScriptProgress -Name 'Important Accounts' 29 | 30 | $results = @() 31 | $passwordPolicy = (Get-ADDefaultDomainPasswordPolicy).MaxPasswordAge.Days 32 | $pass3x = $passwordPolicy * 3 33 | $staleDate = (Get-Date).AddDays(-$pass3x).ToFileTimeUtc() 34 | 35 | $users = Get-ADUser -filter * -Properties * 36 | $admCount = $users | where-object { $_.AdminCount -eq 1 } 37 | $primaryGroup = $users | where-object { $_.primaryGroupID -ne 513 } 38 | $staleUsers = $users | Where-Object { $_.pwdlastset -lt $staleDate -and $_.lastlogontimestamp -lt $staleDate } 39 | $oldPasswordUsers = $users | Where-Object { $_.pwdlastset -lt ((get-date).AddDays(-365)).ToFileTimeUtc() -and $_.enabled -eq $true } | Format-Table * 40 | $uac = $users | Where-Object { $_.useraccountcontrol -band 0x7d00e0 } 41 | $revEncPwdUsers = $users | Where-Object { $_.UserAccountControl -band 0x0080 } 42 | $kerbDesUsers = $users | Where-Object { $_.UserAccountControl -band 0x200000 } 43 | $sidUsers = $users | Where-Object { $_.SIDHistory -like "*" } 44 | 45 | 46 | $fgppUsers = @() 47 | $fgpp = Get-ADFineGrainedPasswordPolicy -Filter * 48 | foreach ($policy in $fgpp) { 49 | 50 | $fgppGroups = Get-ADFineGrainedPasswordPolicySubject -Identity $policy 51 | $fgppGroups | foreach-object { 52 | $fgppObjects = Get-ADGroupMember -Identity $_ 53 | $fgppObjects | foreach-object { 54 | $fgppUsers += Get-ADuser $_.samaccountname -Properties * 55 | } 56 | } 57 | } 58 | 59 | $results += $admCount 60 | $results += $primaryGroup 61 | $results += $staleUsers 62 | $results += $oldPasswordUsers 63 | $results += $uac 64 | $results += $fgppUsers 65 | $results += $revEncPwdUsers 66 | $resutls += $kerbDesUsers 67 | $results += $sidUsers 68 | 69 | $results = $results | Select-Object Name, SamAccountName, DistinguishedName, Description, AdminCount, PasswordLastSet, lastLogonTimestamp, Enabled, CannotChangePassword, PasswordNotRequired, SmartcardLogonRequired, AccountNotDelegated, KerberosEncryptionType, userAccountControl, PrimaryGroup, Modified, created 70 | 71 | $count = ($results | measure-object).count 72 | Write-Host "Found '$count' Important Accounts entries" -ForegroundColor Green 73 | $results | export-csv -Path $OutputPath\Important_Accounts_Details.csv -NoTypeInformation 74 | 75 | $importantInfo = @( 76 | $(New-Object PSObject -Property @{ 77 | AdminCount1Users = ($admCount | measure-object).count; 78 | PrimaryGroupNotDomainUsers = ($primaryGroup | Measure-Object).count; 79 | StaleUsers = ($staleUsers | Measure-Object).count; 80 | UsersWithOldPassword365 = ($oldPasswordUsers | Measure-Object).count; 81 | UACUsers = ($uac | Measure-Object).count; 82 | ReversibleEncryptionPasswordUsers = ($revEncPwdUsers | Measure-Object).count; 83 | KerberosDESUsers = ($kerbDesUsers | Measure-Object).count; 84 | UsersWithSIDHistory = ($sidUsers | Measure-Object).count; 85 | FineGrainedPasswordPolicyUsers = ($fgppUsers | Measure-Object).count; 86 | } 87 | ) 88 | ) 89 | $importantInfo | export-csv -Path $OutputPath\Important_Accounts_Details_sumamry.csv -NoTypeInformation -------------------------------------------------------------------------------- /Scripts/Get-InactiveDCs.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | .EXAMPLE 3 | .\Get-InactiveDCs.ps1 -OutputPath C:\Tools\Audit -Verbose 4 | .NOTES 5 | All rigts reserved to 6 | Robert Przybylski 7 | www.azureblog.pl 8 | 2021 9 | #> 10 | 11 | [CmdletBinding()] 12 | param ( 13 | [Parameter(Position = 0, mandatory = $true)] 14 | [string] $OutputPath 15 | ) 16 | 17 | #region initial setup 18 | Import-Module ActiveDirectory 19 | $scriptName = $myInvocation.ScriptName 20 | 21 | function Get-ScriptProgress { 22 | param ( 23 | [string] $Name 24 | ) 25 | Write-Host "[$scriptName] Running $name check..." -ForegroundColor Yellow} 26 | #endregion 27 | 28 | #Region Forest Info 29 | Get-ScriptProgress -Name 'Inactive DCs' 30 | $dNC = (Get-ADRootDSE).defaultNamingContext 31 | $timeframe = (Get-Date).AddDays(-30) 32 | $searchBase = "OU=DOMAIN CONTROLLERS,$dNC" 33 | $dcList = Get-ADComputer -SearchBase $searchBase -properties * -filter * 34 | #$dcList | select-object name,DNSHostName,LastLogonDate | Where-Object {$_.LastLogonDate -lt $timeframe -or $_.LastLogonDate -eq $null} 35 | $oldDCs = $dcList | Where-Object {$_.LastLogonDate -lt $timeframe -or $_.LastLogonDate -eq $null} 36 | if ($oldDCs -ne $null){ 37 | $oldDCs | select-object name,DNSHostName,LastLogonDate | Export-Csv -Path $OutputPath\Inactive_DCs_details.csv -NoTypeInformation 38 | } else { 39 | Write-Host "INFO: There are no inactive DCs'" -ForegroundColor Yellow 40 | } 41 | #endregion 42 | -------------------------------------------------------------------------------- /Scripts/Get-KrbtgtPwdLastSet.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | .EXAMPLE 3 | .\Get-KrbtgtPwdLastSet.ps1 -OutputPath C:\Tools\Audit -Verbose 4 | .NOTES 5 | All rigts reserved to 6 | Robert Przybylski 7 | www.azureblog.pl 8 | 2021 9 | #> 10 | 11 | [CmdletBinding()] 12 | param ( 13 | [Parameter(Position = 0, mandatory = $true)] 14 | [string] $OutputPath 15 | ) 16 | 17 | #region initial setup 18 | Import-Module ActiveDirectory 19 | $scriptName = $myInvocation.ScriptName 20 | 21 | function Get-ScriptProgress { 22 | param ( 23 | [string] $Name 24 | ) 25 | Write-Host "[$scriptName] Running $name check..." -ForegroundColor Yellow} 26 | #endregion 27 | 28 | #Region Forest Info 29 | Get-ScriptProgress -Name 'KRBTGT Password Last Set' 30 | Get-ADUser krbtgt -Property PasswordLastSet | Export-Csv -Path $OutputPath\KRGTGT_pwd_details.csv -NoTypeInformation 31 | #endregion 32 | -------------------------------------------------------------------------------- /Scripts/Get-LAPSDetails.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | .EXAMPLE 3 | .\Get-LAPS.ps1 -OutputPath C:\Tools\Audit -Verbose 4 | .NOTES 5 | All rigts reserved to 6 | Robert Przybylski 7 | www.azureblog.pl 8 | 2021 9 | #> 10 | 11 | [CmdletBinding()] 12 | param ( 13 | [Parameter(Position = 0, mandatory = $true)] 14 | [string] $OutputPath 15 | ) 16 | 17 | #region initial setup 18 | Import-Module ActiveDirectory 19 | 20 | $scriptName = $myInvocation.ScriptName 21 | function Get-ScriptProgress { 22 | param ( 23 | [string] $Name 24 | ) 25 | Write-Host "[$scriptName] Running $name check..." -ForegroundColor Yellow} 26 | #endregion 27 | 28 | Get-ScriptProgress -Name 'LAPS' 29 | 30 | $lapsTest = get-module AdmPwd.PS -ErrorAction SilentlyContinue 31 | if ($null -ne $lapsTest) { 32 | $lapsInfo = Get-ADOrganizationalUnit -Filter * | Find-AdmPwdExtendedRights -PipelineVariable OU | ForEach-Object { 33 | $_.ExtendedRightHolders | ForEach-Object { 34 | [pscustomobject]@{ 35 | OU = $Ou.ObjectDN 36 | Object = $_ 37 | } 38 | } 39 | } 40 | 41 | } 42 | else { 43 | $LapsInfo = New-Object PSObject -Property @{ 44 | Info = "Laps not installed / found" 45 | } 46 | } 47 | $lapsInfo | export-csv -Path $OutputPath\LAPS.csv -NoTypeInformation 48 | #endRegion -------------------------------------------------------------------------------- /Scripts/Get-NTPDetails.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | .EXAMPLE 3 | .\Get-NTPDetails.ps1 -OutputPath C:\Tools\Audit -Verbose 4 | .NOTES 5 | All rigts reserved to 6 | Robert Przybylski 7 | www.azureblog.pl 8 | 2021 9 | #> 10 | 11 | [CmdletBinding()] 12 | param ( 13 | [Parameter(Position = 0, mandatory = $true)] 14 | [string] $OutputPath 15 | ) 16 | 17 | #region initial setup 18 | Import-Module ActiveDirectory 19 | $scriptName = $myInvocation.ScriptName 20 | 21 | function Get-ScriptProgress { 22 | param ( 23 | [string] $Name 24 | ) 25 | Write-Host "[$scriptName] Running $name check..." -ForegroundColor Yellow} 26 | #endregion 27 | 28 | Get-ScriptProgress -Name 'NTP Configurtion' 29 | $ntpConfig = w32tm /query /configuration 30 | 'w32tm /query /configuration' > $OutputPath\NTP_configuration.log 31 | $ntpConfig >> $OutputPath\NTP_configuration.log 32 | $ntpStatus = w32tm /query /status 33 | 'w32tm /query /status' >> $OutputPath\NTP_details.log 34 | $ntpStatus >> $OutputPath\NTP_details.log -------------------------------------------------------------------------------- /Scripts/Get-NotSensitivePrivilegedUsers.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | .EXAMPLE 3 | .\Get-NotSensitivePrivilegedUsers.ps1 -OutputPath C:\Tools\Audit -Verbose 4 | .NOTES 5 | All rigts reserved to 6 | Robert Przybylski 7 | www.azureblog.pl 8 | 2021 9 | #> 10 | 11 | [CmdletBinding()] 12 | param ( 13 | [Parameter(Position = 0, mandatory = $true)] 14 | [string] $OutputPath 15 | ) 16 | 17 | #region initial setup 18 | Import-Module ActiveDirectory 19 | $scriptName = $myInvocation.ScriptName 20 | 21 | function Get-ScriptProgress { 22 | param ( 23 | [string] $Name 24 | ) 25 | Write-Host "[$scriptName] Running $name check..." -ForegroundColor Yellow} 26 | #endregion 27 | 28 | #Region Forest Info 29 | Get-ScriptProgress -Name 'Get-NotSensitivePrivilegedUsers' 30 | $groups = @( 31 | 'Account Operators', 32 | 'Administrators', 33 | 'Backup Operators', 34 | 'DnsAdmins', 35 | 'Domain Admins', 36 | 'Enterprise Admins', 37 | 'Enterprise Key Admins', 38 | 'Key Admins', 39 | 'Print Operators', 40 | 'Replicator', 41 | 'Schema Admins', 42 | 'Server operators', 43 | 'Protected Users' 44 | ) 45 | 46 | $privilegedUsers = @() 47 | 48 | foreach($group in $groups){ 49 | $groupMembers = Get-ADGroupMember -Identity $group -ErrorAction SilentlyContinue -Recursive 50 | $groupMembers | ForEach-Object { 51 | $samaccountname = $_.samaccountname 52 | $name = $_.name 53 | $usr = Get-ADUser -Identity $samaccountname -Properties samaccountname,distinguishedName,AccountNotDelegated 54 | $distinguishedName = $usr.distinguishedName 55 | $AccountNotDelegated = $usr.AccountNotDelegated 56 | $privilegedUsers += $(New-Object PSObject -Property @{Name = $name; samaccountname = $samaccountname; OUPrefix = $distinguishedName; AccountNotDelegated = $AccountNotDelegated }) 57 | } 58 | } 59 | 60 | $notSensitivePrivilegedAccounts = $privilegedUsers | Where-Object {$_.AccountNotDelegated -eq $false} 61 | if (($notSensitivePrivilegedAccounts | Measure-Object).lenght -gt 0){ 62 | $notSensitivePrivilegedAccounts | Export-Csv -Path $OutputPath\Not_Sensitive_Privileged_Users.csv -NoTypeInformation 63 | } 64 | #endregion 65 | -------------------------------------------------------------------------------- /Scripts/Get-PSOwithPasswordLenghtBelow8.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | .EXAMPLE 3 | .\Get-PSOwithPasswordLenghtBelow8.ps1 -OutputPath C:\Tools\Audit -Verbose 4 | .NOTES 5 | All rigts reserved to 6 | Robert Przybylski 7 | www.azureblog.pl 8 | 2021 9 | #> 10 | 11 | [CmdletBinding()] 12 | param ( 13 | [Parameter(Position = 0, mandatory = $true)] 14 | [string] $OutputPath 15 | ) 16 | 17 | #region initial setup 18 | Import-Module ActiveDirectory 19 | $scriptName = $myInvocation.ScriptName 20 | 21 | function Get-ScriptProgress { 22 | param ( 23 | [string] $Name 24 | ) 25 | Write-Host "[$scriptName] Running $name check..." -ForegroundColor Yellow} 26 | #endregion 27 | 28 | #Region Forest Info 29 | Get-ScriptProgress -Name 'PSO with password lenght below 8 characters' 30 | 31 | Import-Module ActiveDirectory 32 | $results = @() 33 | $defaultPassword = Get-ADDefaultDomainPasswordPolicy 34 | $ddp = $(New-Object PSObject -Property @{ 35 | Domain = (Get-ADDOmain).Forest; 36 | Name = 'Default Password Policy'; 37 | Precedence = ''; 38 | PasswordHistory = $defaultPassword.PasswordHistoryCount; 39 | MinPasswordAge = $defaultPassword.MinPasswordAge.Days ; 40 | MAxPasswordAge = $defaultPassword.MaxPasswordAge.Days ; 41 | ComplexityEnabled = $defaultPassword.ComplexityEnabled; 42 | ReversibleEncryptionEnabled = $defaultPassword.ReversibleEncryptionEnabled; 43 | LockoutThreshold = $defaultPassword.ReversibleEncryptionEnabled; 44 | LockoutDuration = $defaultPassword.LockoutDuration.Minutes; 45 | LockoutObservationWindow = $defaultPassword.LockoutObservationWindow.Minutes; 46 | AppliesTo = $defaultPassword.DistinguishedName 47 | MinPasswordLength = $defaultPassword.MinPasswordLength 48 | }) 49 | 50 | $results += $ddp 51 | $psoArray = Get-ADFineGrainedPasswordPolicy -Filter * 52 | foreach ($entry in $psoArray) { 53 | $pso = $(New-Object PSObject -Property @{ 54 | Domain = (Get-ADDOmain).Forest; 55 | Name = $entry.name; 56 | Precedence = $entry.Precedence; 57 | PasswordHistory = $entry.PasswordHistoryCount; 58 | MinPasswordAge = $entry.MinPasswordAge.Days ; 59 | MAxPasswordAge = $entry.MaxPasswordAge.Days ; 60 | ComplexityEnabled = $entry.ComplexityEnabled; 61 | ReversibleEncryptionEnabled = $entry.ReversibleEncryptionEnabled; 62 | LockoutThreshold = $entry.ReversibleEncryptionEnabled; 63 | LockoutDuration = $entry.LockoutDuration.Minutes; 64 | LockoutObservationWindow = $entry.LockoutObservationWindow.Minutes; 65 | AppliesTo = $entry.DistinguishedName 66 | MinPasswordLength = $entry.MinPasswordLength 67 | }) 68 | $results += $pso 69 | } 70 | 71 | $results | Where-Object {$_.MinPasswordLength -le 8} | Export-Csv -Path $OutputPath\PSO_with_small_pwd_lenght.csv -NoTypeInformation 72 | #endregion 73 | -------------------------------------------------------------------------------- /Scripts/Get-PasswordPolicies.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | .EXAMPLE 3 | .\Get-PasswordPolicies.ps1 -OutputPath C:\Tools\Audit -Verbose 4 | .NOTES 5 | All rigts reserved to 6 | Robert Przybylski 7 | www.azureblog.pl 8 | 2021 9 | #> 10 | 11 | [CmdletBinding()] 12 | param ( 13 | [Parameter(Position = 0, mandatory = $true)] 14 | [string] $OutputPath 15 | ) 16 | 17 | #region initial setup 18 | Import-Module ActiveDirectory 19 | 20 | $scriptName = $myInvocation.ScriptName 21 | function Get-ScriptProgress { 22 | param ( 23 | [string] $Name 24 | ) 25 | Write-Host "[$scriptName] Running $name check..." -ForegroundColor Yellow} 26 | #endregion 27 | 28 | Get-ScriptProgress -Name 'Password Policies' 29 | 30 | $results = @() 31 | $defaultPassword = Get-ADDefaultDomainPasswordPolicy 32 | $ddp = $(New-Object PSObject -Property @{ 33 | Domain = $domain; 34 | Name = 'Default Password Policy'; 35 | Precedence = ''; 36 | PasswordHistory = $defaultPassword.PasswordHistoryCount; 37 | MinPasswordAge = $defaultPassword.MinPasswordAge.Days ; 38 | MAxPasswordAge = $defaultPassword.MaxPasswordAge.Days ; 39 | ComplexityEnabled = $defaultPassword.ComplexityEnabled; 40 | ReversibleEncryptionEnabled = $defaultPassword.ReversibleEncryptionEnabled; 41 | LockoutThreshold = $defaultPassword.ReversibleEncryptionEnabled; 42 | LockoutDuration = $defaultPassword.LockoutDuration.Minutes; 43 | LockoutObservationWindow = $defaultPassword.LockoutObservationWindow.Minutes; 44 | AppliesTo = $defaultPassword.DistinguishedName 45 | }) 46 | 47 | $results += $ddp 48 | $psoArray = Get-ADFineGrainedPasswordPolicy -Filter * 49 | foreach ($entry in $psoArray) { 50 | $pso = $(New-Object PSObject -Property @{ 51 | Domain = $domain; 52 | Name = $entry.name; 53 | Precedence = $entry.Precedence; 54 | PasswordHistory = $entry.PasswordHistoryCount; 55 | MinPasswordAge = $entry.MinPasswordAge.Days ; 56 | MAxPasswordAge = $entry.MaxPasswordAge.Days ; 57 | ComplexityEnabled = $entry.ComplexityEnabled; 58 | ReversibleEncryptionEnabled = $entry.ReversibleEncryptionEnabled; 59 | LockoutThreshold = $entry.ReversibleEncryptionEnabled; 60 | LockoutDuration = $entry.LockoutDuration.Minutes; 61 | LockoutObservationWindow = $entry.LockoutObservationWindow.Minutes; 62 | AppliesTo = $entry.DistinguishedName 63 | }) 64 | $results += $pso 65 | } 66 | 67 | $results 68 | $resultsCount = ($results | Measure-Object).count 69 | Write-Host "Found '$resultsCount' Password Policies" -ForegroundColor Green 70 | $results | export-csv -Path $OutputPath\Password_Policies.csv -NoTypeInformation 71 | -------------------------------------------------------------------------------- /Scripts/Get-Pre200GroupMembers.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | .EXAMPLE 3 | .\Get-Pre200GroupMembers.ps1 -OutputPath C:\Tools\Audit -Verbose 4 | .NOTES 5 | All rigts reserved to 6 | Robert Przybylski 7 | www.azureblog.pl 8 | 2021 9 | #> 10 | 11 | [CmdletBinding()] 12 | param ( 13 | [Parameter(Position = 0, mandatory = $true)] 14 | [string] $OutputPath 15 | ) 16 | 17 | #region initial setup 18 | Import-Module ActiveDirectory 19 | $scriptName = $myInvocation.ScriptName 20 | 21 | function Get-ScriptProgress { 22 | param ( 23 | [string] $Name 24 | ) 25 | Write-Host "[$scriptName] Running $name check..." -ForegroundColor Yellow} 26 | #endregion 27 | 28 | #Region Forest Info 29 | Get-ScriptProgress -Name 'Pre-Windows 2000 group members' 30 | Get-ADGroupMember -Identity 'Pre-Windows 2000 Compatible Access' | Export-Csv -Path $OutputPath\Pre2000_group_members.csv -NoTypeInformation 31 | #endregion 32 | -------------------------------------------------------------------------------- /Scripts/Get-PrivilegedGroupsDetails.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | .EXAMPLE 3 | .\Get-PrivilegedGroupsDetails.ps1 -OutputPath C:\Tools\Audit -Verbose 4 | .NOTES 5 | All rigts reserved to 6 | Robert Przybylski 7 | www.azureblog.pl 8 | 2021 9 | #> 10 | 11 | [CmdletBinding()] 12 | param ( 13 | [Parameter(Position = 0, mandatory = $true)] 14 | [string] $OutputPath 15 | ) 16 | 17 | #region initial setup 18 | Import-Module ActiveDirectory 19 | 20 | $scriptName = $myInvocation.ScriptName 21 | function Get-ScriptProgress { 22 | param ( 23 | [string] $Name 24 | ) 25 | Write-Host "[$scriptName] Running $name check..." -ForegroundColor Yellow} 26 | #endregion 27 | 28 | Get-ScriptProgress -Name 'Privileged Groups' 29 | 30 | $rootdomainSID = (get-addomain -identity $adForest.RootDomain).DomainSID.value 31 | $Groups = @( 32 | $(New-Object PSObject -Property @{Name = 'Administrators'; Value = 'S-1-5-32-544' }), 33 | $(New-Object PSObject -Property @{Name = 'DomainAdmins'; Value = $adDomain.DomainSID.value + "-512" }), 34 | $(New-Object PSObject -Property @{Name = 'ProtectedUsers'; Value = $adDomain.DomainSID.value + "-525" }), 35 | $(New-Object PSObject -Property @{Name = 'SchemaAdmins'; Value = $rootdomainSID + "-518" }), 36 | $(New-Object PSObject -Property @{Name = 'EnterpriseAdmins'; Value = $rootdomainSID + "-519" }) 37 | ) 38 | $types = @('Group', 'User') 39 | foreach ($group in $groups) { 40 | foreach ($type in $types) { 41 | Write-Host "###################### Creating '$($group.Name)' '$type' members report" -ForegroundColor Yellow 42 | $groupInfo = Get-ADGroupMember -Identity $group.value | where-Object ObjectClass -eq $type 43 | $groupInfoCount = ($groupInfo | measure-object).count 44 | Write-Host "Found '$groupInfoCount' '$type' entries" -ForegroundColor Green 45 | $fileName = "$($Group.Name)" + "_" + "$type" 46 | if ($($groupInfo.count) -ne 0) { 47 | $groupInfo | export-csv -Path $OutputPath\Privileged_Groups_Details_$fileName.csv -NoTypeInformation 48 | } else { 49 | Write-Host "INFO: Group '$($group.Name)' does not have any '$type' objects'" -ForegroundColor Yellow 50 | } 51 | } 52 | } 53 | -------------------------------------------------------------------------------- /Scripts/Get-PrivilegedGroupsMembership.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | .EXAMPLE 3 | .\Get-PrivilegedGroupsMembership.ps1 -OutputPath C:\Tools\Audit -Verbose 4 | .NOTES 5 | All rigts reserved to 6 | Robert Przybylski 7 | www.azureblog.pl 8 | 2021 9 | #> 10 | 11 | [CmdletBinding()] 12 | param ( 13 | [Parameter(Position = 0, mandatory = $true)] 14 | [string] $OutputPath 15 | ) 16 | 17 | #region initial setup 18 | Import-Module ActiveDirectory 19 | 20 | $scriptName = $myInvocation.ScriptName 21 | function Get-ScriptProgress { 22 | param ( 23 | [string] $Name 24 | ) 25 | Write-Host "[$scriptName] Running $name check..." -ForegroundColor Yellow} 26 | #endregion 27 | 28 | Get-ScriptProgress -Name 'Privileged Groups Membership' 29 | 30 | 31 | $privilegedGroups = @( 32 | $(New-Object PSObject -Property @{SID = $adSid + "-512"; Name = "Domain Admins" }), 33 | $(New-Object PSObject -Property @{SID = $adSid + "-514"; Name = "Domain Guests" }), 34 | $(New-Object PSObject -Property @{SID = $adSid + "-516"; Name = "Domain Controllers" }), 35 | $(New-Object PSObject -Property @{SID = $adSid + "-517"; Name = "Cert Publishers" }), 36 | $(New-Object PSObject -Property @{SID = $adSid + "-520"; Name = "Group Policy Creator Owners" }), 37 | $(New-Object PSObject -Property @{SID = $adSid + "-553"; Name = "RAS and IAS Servers" }), 38 | $(New-Object PSObject -Property @{SID = $adSid + "-498"; Name = "Enterprise Read-only Domain Controllers" }), 39 | $(New-Object PSObject -Property @{SID = $adSid + "-521"; Name = "Read-only Domain Controllers" }), 40 | $(New-Object PSObject -Property @{SID = $adSid + "-571"; Name = "Allowed RODC Password Replication Group" }), 41 | $(New-Object PSObject -Property @{SID = $adSid + "-572"; Name = "Denied RODC Password Replication Group" }), 42 | $(New-Object PSObject -Property @{SID = $adSid + "-522"; Name = "Clonable Domain Controllers" }), 43 | $(New-Object PSObject -Property @{SID = $adSid + "-525"; Name = "Protected Users" }), 44 | $(New-Object PSObject -Property @{SID = "S-1-5-32-544" ; Name = "Administrators" }), 45 | $(New-Object PSObject -Property @{SID = "S-1-5-32-546" ; Name = "Guests" }), 46 | $(New-Object PSObject -Property @{SID = "S-1-5-32-547" ; Name = "Power Users" }), 47 | $(New-Object PSObject -Property @{SID = "S-1-5-32-548" ; Name = "Account Operators" }), 48 | $(New-Object PSObject -Property @{SID = "S-1-5-32-549" ; Name = "Server Operators" }), 49 | $(New-Object PSObject -Property @{SID = "S-1-5-32-550" ; Name = "Print Operators" }), 50 | $(New-Object PSObject -Property @{SID = "S-1-5-32-551" ; Name = "Backup Operators" }), 51 | $(New-Object PSObject -Property @{SID = "S-1-5-32-552" ; Name = "Replicators" }), 52 | $(New-Object PSObject -Property @{SID = "S-1-5-32-554" ; Name = "Pre-Windows 2000 Compatible Access" }), 53 | $(New-Object PSObject -Property @{SID = "S-1-5-32-555" ; Name = "Remote Desktop Users" }), 54 | $(New-Object PSObject -Property @{SID = "S-1-5-32-556" ; Name = "Network Configuration Operators" }), 55 | $(New-Object PSObject -Property @{SID = "S-1-5-32-558" ; Name = "Performance Monitor Users" }), 56 | $(New-Object PSObject -Property @{SID = "S-1-5-32-559" ; Name = "Performance Log Users" }), 57 | $(New-Object PSObject -Property @{SID = "S-1-5-32-560" ; Name = "Windows Authorization Access Group" }), 58 | $(New-Object PSObject -Property @{SID = "S-1-5-32-561" ; Name = "Terminal Server License Servers" }), 59 | $(New-Object PSObject -Property @{SID = "S-1-5-32-562" ; Name = "Distributed COM Users" }), 60 | $(New-Object PSObject -Property @{SID = "S-1-5-32-568" ; Name = "IIS_IUSRS" }), 61 | $(New-Object PSObject -Property @{SID = "S-1-5-32-569" ; Name = "Cryptographic Operators" }), 62 | $(New-Object PSObject -Property @{SID = "S-1-5-32-573" ; Name = "Event Log Readers" }), 63 | $(New-Object PSObject -Property @{SID = "S-1-5-32-574" ; Name = "Certificate Service DCOM Access" }), 64 | $(New-Object PSObject -Property @{SID = "S-1-5-32-575" ; Name = "RDS Remote Access Servers" }), 65 | $(New-Object PSObject -Property @{SID = "S-1-5-32-576" ; Name = "RDS Endpoint Servers" }), 66 | $(New-Object PSObject -Property @{SID = "S-1-5-32-577" ; Name = "RDS Management Servers" }), 67 | $(New-Object PSObject -Property @{SID = "S-1-5-32-578" ; Name = "Hyper-V Administrators" }), 68 | $(New-Object PSObject -Property @{SID = "S-1-5-32-579" ; Name = "Access Control Assistance Operators" }), 69 | $(New-Object PSObject -Property @{SID = "S-1-5-32-580" ; Name = "Remote Management Users" }), 70 | $(New-Object PSObject -Property @{SID = "SIDunknown" ; Name = "Debugger Users" }), 71 | $(New-Object PSObject -Property @{SID = "SIDunknown" ; Name = "DHCP Administrators" }), 72 | $(New-Object PSObject -Property @{SID = "SIDunknown" ; Name = "DHCP Users" }), 73 | $(New-Object PSObject -Property @{SID = "SIDunknown" ; Name = "DnsAdmins" }), 74 | $(New-Object PSObject -Property @{SID = "SIDunknown" ; Name = "DnsUpdateProxy" }), 75 | $(New-Object PSObject -Property @{SID = "SIDunknown" ; Name = "Exchange Domain Servers" }), 76 | $(New-Object PSObject -Property @{SID = "SIDunknown" ; Name = "Exchange Enterprise Servers" }) 77 | ) 78 | 79 | $results = @() 80 | foreach ($group in $privilegedGroups) { 81 | $sid = $group.sid 82 | $name = $group.name 83 | Write-Host "Working on group '$name'" 84 | if ($sid -eq 'SIDunknown') { 85 | try { 86 | Get-ADGRoup -identity 'Debugger Users' 87 | } 88 | catch { 89 | $groupChecker = $null 90 | } 91 | if ($groupChecker -ne $null){ 92 | $selectedGroup = Get-ADGRoup -identity $name 93 | if ($null -ne $selectedGroup) { 94 | $selectedGroupMemebers = $selectedGroup | Get-ADGroupMember 95 | foreach ($member in $selectedGroupMemebers) { 96 | Write-Host "Working on object '$($member.SamAccountName )'" 97 | $grp = $null 98 | $grp = $(New-Object PSObject -Property @{ 99 | Domain = $domain; 100 | GroupName = $selectedGroup.Name; 101 | AccountName = $member.Name; 102 | SamAccountName = $member.SamAccountName; 103 | AccountDN = $member.distinguishedName; 104 | SPN = $member.ServicePrincipalName; 105 | ComputeroObject = (Get-ADObject -filter { (objectclass -eq 'group') -or (objectclass -eq 'user') -or (objectclass -eq 'computer') } | Where-Object { $_.Name -eq $member.name } ).objectclass 106 | } 107 | ) 108 | $results += $grp 109 | } 110 | } 111 | else { 112 | continue 113 | } 114 | } 115 | } 116 | 117 | $selectedGroup = Get-ADGRoup -filter * | Where-Object { $_.sid -eq $sid } 118 | if ($null -ne $selectedGroup) { 119 | 120 | $selectedGroupMemebers = $selectedGroup | Get-ADGroupMember 121 | foreach ($member in $selectedGroupMemebers) { 122 | Write-Host "Working on object '$($member.SamAccountName )'" 123 | $grp = $null 124 | $grp = $(New-Object PSObject -Property @{ 125 | Domain = $domain; 126 | GroupName = $selectedGroup.Name; 127 | AccountName = $member.Name; 128 | SamAccountName = $member.SamAccountName; 129 | AccountDN = $member.distinguishedName; 130 | SPN = $member.ServicePrincipalName.value; 131 | ComputeroObject = (Get-ADObject -filter { (objectclass -eq 'group') -or (objectclass -eq 'user') -or (objectclass -eq 'computer') } | Where-Object { $_.Name -eq $member.name } ).objectclass 132 | } 133 | ) 134 | $results += $grp 135 | 136 | } 137 | } 138 | else { 139 | continue 140 | } 141 | } 142 | 143 | $count = ($results | measure-object).count 144 | Write-Host "Found '$count' entries" -ForegroundColor Green 145 | $results | export-csv -Path $OutputPath\PrivilegedGroupsMembership.csv -NoTypeInformation -------------------------------------------------------------------------------- /Scripts/Get-Repadim.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | .EXAMPLE 3 | .\Get-Repadim.ps1 -OutputPath C:\Tools\Audit -Verbose 4 | .NOTES 5 | All rigts reserved to 6 | Robert Przybylski 7 | www.azureblog.pl 8 | 2021 9 | #> 10 | 11 | [CmdletBinding()] 12 | param ( 13 | [Parameter(Position = 0, mandatory = $true)] 14 | [string] $OutputPath 15 | ) 16 | 17 | #region initial setup 18 | Import-Module ActiveDirectory 19 | $scriptName = $myInvocation.ScriptName 20 | 21 | function Get-ScriptProgress { 22 | param ( 23 | [string] $Name 24 | ) 25 | Write-Host "[$scriptName] Running $name check..." -ForegroundColor Yellow} 26 | #endregion 27 | 28 | #region Repadmin 29 | Get-ScriptProgress -Name 'Replication' 30 | $showrepl = repadmin /showrepl 31 | 'repadmin /showrepl' > $OutputPath\Repadim_showrepl.log 32 | $showrepl >> $OutputPath\Repadim_showrepl.log 33 | $replsummary = repadmin /replsummary 34 | 'repadmin /replsummary' >> $OutputPath\Repadim_replsummary.log 35 | $replsummary >> $OutputPath\Repadim_replsummary.log 36 | #endregion -------------------------------------------------------------------------------- /Scripts/Get-SPNDetails.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | .EXAMPLE 3 | .\Get-SPNDetails.ps1 -OutputPath C:\Tools\Audit -Verbose 4 | .NOTES 5 | All rigts reserved to 6 | Robert Przybylski 7 | www.azureblog.pl 8 | 2021 9 | #> 10 | 11 | [CmdletBinding()] 12 | param ( 13 | [Parameter(Position = 0, mandatory = $true)] 14 | [string] $OutputPath 15 | ) 16 | 17 | #region initial setup 18 | Import-Module ActiveDirectory 19 | $scriptName = $myInvocation.ScriptName 20 | 21 | function Get-ScriptProgress { 22 | param ( 23 | [string] $Name 24 | ) 25 | Write-Host "[$scriptName] Running $name check..." -ForegroundColor Yellow} 26 | #endregion 27 | 28 | #region SPN 29 | Get-ScriptProgress -Name 'SPN' 30 | $spn = Get-ADUser -LDAPFilter '(servicePrincipalName=*)' -Properties servicePrincipalName 31 | $spnCount = ($spn | measure-object).count 32 | Write-Host "Found '$spnCount' SPN entries" -ForegroundColor Green 33 | $spns = Get-ADUser -LDAPFilter '(servicePrincipalName=*)' -Properties servicePrincipalName 34 | $result = @() 35 | foreach ($entry in $spns) { 36 | $result += @( 37 | $(New-Object PSObject -Property @{ 38 | DistinguishedName = $entry.DistinguishedName; 39 | Enabled = $entry.Enabled; 40 | GivenName = $entry.GivenName; 41 | Name = $entry.Name; 42 | ObjectClass = $entry.ObjectClass; 43 | ObjectGUID = $entry.ObjectGUID; 44 | SamAccountName = $entry.SamAccountName; 45 | servicePrincipalName = $entry.servicePrincipalName.value; 46 | SID = $entry.SID; 47 | Surname = $entry.Surname; 48 | UserPrincipalName = $entry.UserPrincipalName; 49 | } 50 | ) 51 | ) 52 | } 53 | $result | export-csv -Path $OutputPath\SPN_details.csv -NoTypeInformation 54 | #endregion -------------------------------------------------------------------------------- /Scripts/Get-SPNDuplicatesDetails.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | .EXAMPLE 3 | .\Get-SPNDuplicatesDetails.ps1 -OutputPath C:\Tools\Audit -Verbose 4 | .NOTES 5 | All rigts reserved to 6 | Robert Przybylski 7 | www.azureblog.pl 8 | 2021 9 | #> 10 | 11 | [CmdletBinding()] 12 | param ( 13 | [Parameter(Position = 0, mandatory = $true)] 14 | [string] $OutputPath 15 | ) 16 | 17 | #region initial setup 18 | Import-Module ActiveDirectory 19 | $scriptName = $myInvocation.ScriptName 20 | 21 | function Get-ScriptProgress { 22 | param ( 23 | [string] $Name 24 | ) 25 | Write-Host "[$scriptName] Running $name check..." -ForegroundColor Yellow} 26 | #endregion 27 | 28 | #Region Forest Info 29 | Get-ScriptProgress -Name 'SPN Duplicates' 30 | 31 | $spn = SetSPN -X -F | Where-Object { $_ -notlike "Processing entry*" } 32 | if ($spn[3] -ne 'found 0 group of duplicate SPNs.'){ 33 | $spn | Export-Csv -Path $OutputPath\SPN_Duplicates_details.csv -NoTypeInformation 34 | } 35 | #endregion 36 | -------------------------------------------------------------------------------- /Scripts/Get-SchemaAdmins.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | .EXAMPLE 3 | .\Get-SchemaAdmins.ps1 -OutputPath C:\Tools\Audit -Verbose 4 | .NOTES 5 | All rigts reserved to 6 | Robert Przybylski 7 | www.azureblog.pl 8 | 2021 9 | #> 10 | 11 | [CmdletBinding()] 12 | param ( 13 | [Parameter(Position = 0, mandatory = $true)] 14 | [string] $OutputPath 15 | ) 16 | 17 | #region initial setup 18 | Import-Module ActiveDirectory 19 | $scriptName = $myInvocation.ScriptName 20 | 21 | function Get-ScriptProgress { 22 | param ( 23 | [string] $Name 24 | ) 25 | Write-Host "[$scriptName] Running $name check..." -ForegroundColor Yellow} 26 | #endregion 27 | 28 | #Region Forest Info 29 | Get-ScriptProgress -Name 'Schema Admins' 30 | $admins = @() 31 | Get-ADGroupMember -Identity 'Schema Admins' | foreach-object { 32 | $admins += Get-ADUSer -Identity $_ -Properties Name,Enabled,SamAccountName,LastLogonDate 33 | } 34 | if ($($admins.count) -ne 0) { 35 | $admins | Export-Csv -Path $OutputPath\Schema_Admins_details.csv -NoTypeInformation 36 | } else { 37 | Write-Host "INFO: There are no members of Shema Admins group" -ForegroundColor Yellow 38 | } 39 | #endregion 40 | -------------------------------------------------------------------------------- /Scripts/Get-ServicesOnDC.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | .EXAMPLE 3 | .\Get-ServicesOnDC.ps1 -OutputPath C:\Tools\Audit -Verbose 4 | .NOTES 5 | All rigts reserved to 6 | Robert Przybylski 7 | www.azureblog.pl 8 | 2021 9 | #> 10 | 11 | [CmdletBinding()] 12 | param ( 13 | [Parameter(Position = 0, mandatory = $true)] 14 | [string] $OutputPath 15 | ) 16 | 17 | #region initial setup 18 | Import-Module ActiveDirectory 19 | 20 | $scriptName = $myInvocation.ScriptName 21 | function Get-ScriptProgress { 22 | param ( 23 | [string] $Name 24 | ) 25 | Write-Host "[$scriptName] Running $name check..." -ForegroundColor Yellow} 26 | #endregion 27 | 28 | Get-ScriptProgress -Name 'DC Services' 29 | 30 | $results = @() 31 | $dclist = Get-ADDomainController 32 | foreach ($dc in $dclist) { 33 | $services = Get-Service -ComputerNAme $dc.Name 34 | foreach ($service in $services) { 35 | $svc = $(New-Object PSObject -Property @{ 36 | DomainController = $dc.Name; 37 | ServiceName = $service.ServiceName; 38 | Caption = $service.DisplayName; 39 | DisplayName = $service.DisplayName; 40 | Description = $service.description; 41 | State = $service.status; 42 | StartMode = $service.StartType; 43 | Path = ((Get-WmiObject win32_service | where-object { $_.name -match $service.ServiceName }).PathName); 44 | SerivceAccount = (Get-WmiObject win32_service | where-object { $_.name -match $service.ServiceName }).StartName 45 | } 46 | ) 47 | $results += $svc 48 | } 49 | } 50 | $count = ($results | measure-object).count 51 | Write-Host "Found '$count' entries" -ForegroundColor Green 52 | $results | export-csv -Path $OutputPath\Services_On_DC.csv -NoTypeInformation -------------------------------------------------------------------------------- /Scripts/Get-SysvolDetails.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | .EXAMPLE 3 | .\Get-SysvolDetails.ps1 -OutputPath C:\Tools\Audit -Verbose 4 | .NOTES 5 | All rigts reserved to 6 | Robert Przybylski 7 | www.azureblog.pl 8 | 2021 9 | #> 10 | 11 | [CmdletBinding()] 12 | param ( 13 | [Parameter(Position = 0, mandatory = $true)] 14 | [string] $OutputPath 15 | ) 16 | 17 | #region initial setup 18 | Import-Module ActiveDirectory 19 | $scriptName = $myInvocation.ScriptName 20 | 21 | function Get-ScriptProgress { 22 | param ( 23 | [string] $Name 24 | ) 25 | Write-Host "[$scriptName] Running $name check..." -ForegroundColor Yellow} 26 | #endregion 27 | 28 | #region Sysvol 29 | $state = DfsrMig /GetGlobalState 30 | $result = @() 31 | if($state -like "DFSR migration has not yet initialized*"){ 32 | $result = $(New-Object PSObject -Property @{ 33 | Domain = (Get-ADDomain).DNSRoot; 34 | 'FRS Replication' = $true; 35 | 'DFSR Replication' = $false; 36 | } 37 | ) 38 | }else{ 39 | $result = $(New-Object PSObject -Property @{ 40 | Domain = (Get-ADDomain).DNSRoot; 41 | 'FRS Replication' = $false; 42 | 'DFSR Replication' = $true; 43 | } 44 | ) 45 | } 46 | $result | export-csv -Path $OutputPath\Sysvol_details.csv -NoTypeInformation 47 | #endregion 48 | -------------------------------------------------------------------------------- /Scripts/Get-UserDetails.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | .EXAMPLE 3 | .\Get-UserDetails.ps1 -OutputPath C:\Tools\Audit -Verbose 4 | .NOTES 5 | All rigts reserved to 6 | Robert Przybylski 7 | www.azureblog.pl 8 | 2021 9 | #> 10 | 11 | [CmdletBinding()] 12 | param ( 13 | [Parameter(Position = 0, mandatory = $true)] 14 | [string] $OutputPath 15 | ) 16 | 17 | #region initial setup 18 | Import-Module ActiveDirectory 19 | 20 | $scriptName = $myInvocation.ScriptName 21 | function Get-ScriptProgress { 22 | param ( 23 | [string] $Name 24 | ) 25 | Write-Host "[$scriptName] Running $name check..." -ForegroundColor Yellow} 26 | #endregion 27 | 28 | Get-ScriptProgress -Name 'Users Objects' 29 | $usrReport = @() 30 | $users = get-aduser -Filter * -Properties DistinguishedName, Enabled, Name, ObjectClass, ObjectGUID, SamAccountName, lastLogonTimestamp, pwdLastSet, UserPrincipalName, PrimaryGroup, adminCount, AccountNotDelegated 31 | foreach ($user in $users) { 32 | $usrName = $user.Name 33 | $usrReport += New-Object PSObject -Property @{ 34 | 'DistinguishedName' = $user.DistinguishedName 35 | 'Enabled' = $user.Enabled 36 | 'Name' = $user.Name 37 | 'ObjectClass' = $user.ObjectClass 38 | 'ObjectGUID' = $user.ObjectGUID 39 | 'SamAccountName' = $user.SamAccountName 40 | 'lastLogonTimestamp' = $user.lastLogonTimestamp 41 | 'pwdLastSet' = $user.pwdLastSet 42 | 'UserPrincipalName' = $user.UserPrincipalName 43 | 'PrimaryGroup' = $user.PrimaryGroup 44 | 'adminCount' = $user.adminCount 45 | 'AccountNotDelegated' = $user.AccountNotDelegated 46 | } 47 | } 48 | $userReportCount = ($usrReport | measure-object).count 49 | Write-Host "Found '$userReportCount' User Accounts" -ForegroundColor Green 50 | $usrReport | export-csv -Path "$OutputPath\User_Details.csv" -NoTypeInformation 51 | -------------------------------------------------------------------------------- /Scripts/Get-UsersWithAdminCount.ps1: -------------------------------------------------------------------------------- 1 | <# 2 | .EXAMPLE 3 | .\Get-UsersWithAdminCount.ps1 -OutputPath C:\Tools\Audit -Verbose 4 | .NOTES 5 | All rigts reserved to 6 | Robert Przybylski 7 | www.azureblog.pl 8 | 2021 9 | #> 10 | 11 | [CmdletBinding()] 12 | param ( 13 | [Parameter(Position = 0, mandatory = $true)] 14 | [string] $OutputPath 15 | ) 16 | 17 | #region initial setup 18 | Import-Module ActiveDirectory 19 | $adDomain = Get-ADDomain 20 | $adForest = Get-ADForest 21 | $scriptName = $myInvocation.ScriptName 22 | 23 | function Get-ScriptProgress { 24 | param ( 25 | [string] $Name 26 | ) 27 | Write-Host "[$scriptName] Running $name check..." -ForegroundColor Yellow} 28 | #endregion 29 | 30 | #Region Forest Info 31 | Get-ScriptProgress -Name 'Get Users with Admin Count = 1' 32 | 33 | Get-ADUser -filter * -properties * |where-object {$_.admincount -eq 1} | Select-Object name,distinguishedname | Export-Csv -Path $OutputPath\Users_With_Admin_Count_details.csv -NoTypeInformation 34 | #endregion 35 | --------------------------------------------------------------------------------