Hello Dear Reader,
Recently I was thinking about creating small repo of the scripts that will perform AD Health Check.
To be honest from thinking to doing it went very fast and today I’d like to share with you my latest idea.
Repo is available on my GitHub, and below you can see how it is working.
The idea is to make it simpler as possible – I don’t want to update the ‘master’ script in order to run new features. This is why I have decided to create one main file that will trigger all scripts that are placed under the Scripts folder with the exception of Scripts\Excluded location which is something like a playground with unfinished scripts.
In order to run the master script run the following line
.\Get-ADAudit.ps1 -AuditPath C:\Audit
As you can see there is only one parameter AuditPath which is the location for output files.
So what are the magical scripts that I have created? Some of them are just log files with raw output of the commands, some of them are CSV files with custom columns – just run it and discover (if you trust me)
At the moment of writing this article there are the following scripts:
- Get-ADAuditSettings – Checks auditing settings configuration
- Get-ADDetails – Gets basic ADDS details
- Get-ADTrusts – Checks if there are any trusts
- Get-BackupInfo – Information about backups
- Get-ComputerDetails – Information about computer objects
- Get-ComputerMachineQuota – Checks what are the settings about ‘domain join’
- Get-DCDiag – Self explanatory
- Get-DCFeatures – List of the features installed on the DC
- Get-DCUACIssues – List of the DCs with wrong UAC settings
- Get-DCwithSpooler – List of the DCs with print spooler service
- Get-DefaultContainers – What are the default containers for users and computers
- Get-DNSAdmins – List of the DNS admins
- Get-GMSADetails – Checks if there are and how are configured GMSA accounts
- Get-InactiveDCs – Checks if there are any inactive DCs
- Get-KrbtgtPwdLastSet – LAst password changefor KRBTGT
- Get-LAPSDetails – checks if LAPS is configured under the domain
- Get-NTPDetails – RAW NTPoutput
- Get-PrivilegedGroupsDetails – Checks membership under the privileged groups
- Get-Repadim – Self explanatory
- Get-SchemaAdmins – Self explanatory
- Get-ServicesOnDC – What services are running on DCs
- Get-SysvolDetail – Self explanatory
- Get-UserDetails – Information about computer objects
I can imagine what you are thinking – Those are basic scripts … what is the innovation here?
And the answer is simple – There is no innovation – these are the scripts that should be created by every admin but sometimes we don’t have time, PowerShell skills, etc. to create such.
This is why I have decided to create this repo to help others not only me.
So how do those scripts work? The picture below depicts the script run.
As I mentioned before – you will get some output from the script, even the whole transcript of the script run. All files will be available based on the location that was provided for the AuditPath parameter under the ADAudit\<YourDomainName> folder
There are 3 types of files available:
- CSV – tabular report
- LOG – RAW output of the command run
- LOG (ADAudit_<CurrentDate>.log) – transcript from the Get-ADAudit.ps1 script run
As you can this article wasn’t so long, but the value of the scripts should be much bigger for everyday usage under your AD DS environment.
There will be more articles regarding this repo when new features will be developed by me.
Stay tuned and see you soon…