Simple Active Directory Monitoring Tool

/0 Comments/in /by 

# Simple Active Directory Monitoring Tool

# Import the Active Directory module
Import-Module ActiveDirectory

function Show-Menu {
    Clear-Host
    Write-Host "=== Simple Active Directory Monitoring Tool ===" -ForegroundColor Cyan
    Write-Host "1. Check Domain Controllers Status"
    Write-Host "2. List Recently Created Users"
    Write-Host "3. List Disabled User Accounts"
    Write-Host "4. Check Password Expiration"
    Write-Host "5. View Group Membership"
    Write-Host "6. Exit"
}

function Check-DomainControllers {
    Write-Host "`nChecking Domain Controllers Status..." -ForegroundColor Yellow
    $dcs = Get-ADDomainController -Filter *
    foreach ($dc in $dcs) {
        $status = Test-Connection -ComputerName $dc.HostName -Count 1 -Quiet
        if ($status) {
            Write-Host "$($dc.HostName) is Online" -ForegroundColor Green
        } else {
            Write-Host "$($dc.HostName) is Offline" -ForegroundColor Red
        }
    }
}

function List-RecentUsers {
    $days = Read-Host "Enter the number of days to check for new users"
    $date = (Get-Date).AddDays(-$days)
    Write-Host "`nListing users created in the last $days days..." -ForegroundColor Yellow
    Get-ADUser -Filter {Created -ge $date} -Properties Created | 
        Select-Object Name, SamAccountName, Created | 
        Format-Table -AutoSize
}

function List-DisabledUsers {
    Write-Host "`nListing disabled user accounts..." -ForegroundColor Yellow
    Get-ADUser -Filter {Enabled -eq $false} | 
        Select-Object Name, SamAccountName | 
        Format-Table -AutoSize
}

function Check-PasswordExpiration {
    $days = Read-Host "Enter the number of days to check for password expiration"
    $date = (Get-Date).AddDays($days)
    Write-Host "`nListing users whose passwords will expire within $days days..." -ForegroundColor Yellow
    Get-ADUser -Filter {Enabled -eq $true -and PasswordNeverExpires -eq $false} -Properties "DisplayName", "msDS-UserPasswordExpiryTimeComputed" | 
        Select-Object -Property "DisplayName", @{Name="ExpiryDate";Expression={[datetime]::FromFileTime($_."msDS-UserPasswordExpiryTimeComputed")}} | 
        Where-Object {$_.ExpiryDate -le $date} | 
        Sort-Object ExpiryDate | 
        Format-Table -AutoSize
}

function View-GroupMembership {
    $groupName = Read-Host "Enter the group name to check membership"
    Write-Host "`nListing members of group $groupName..." -ForegroundColor Yellow
    try {
        Get-ADGroupMember -Identity $groupName | 
            Select-Object Name, SamAccountName | 
            Format-Table -AutoSize
    } catch {
        Write-Host "Error: Group not found or you don't have permission to view its members." -ForegroundColor Red
    }
}

do {
    Show-Menu
    $choice = Read-Host "`nEnter your choice (1-6)"

    switch ($choice) {
        "1" { Check-DomainControllers }
        "2" { List-RecentUsers }
        "3" { List-DisabledUsers }
        "4" { Check-PasswordExpiration }
        "5" { View-GroupMembership }
        "6" { Write-Host "Exiting program..." -ForegroundColor Yellow; break }
        default { Write-Host "Invalid choice. Please try again." -ForegroundColor Red }
    }

    if ($choice -ne "6") {
        Read-Host "`nPress Enter to continue..."
    }
} while ($choice -ne "6")

This Active Directory Monitoring Tool includes:

  1. A menu with 6 options
  2. Functions for various AD monitoring tasks:
    • Checking Domain Controllers status
    • Listing recently created users
    • Listing disabled user accounts
    • Checking password expiration
    • Viewing group membership
  3. Use of Active Directory PowerShell cmdlets
  4. Basic error handling
  5. Formatted output for better readability

Key features:

  • Domain Controller Status: Pings each DC to check if it’s online.
  • Recent Users: Lists users created within a specified number of days.
  • Disabled Users: Shows all disabled user accounts.
  • Password Expiration: Lists users whose passwords will expire soon.
  • Group Membership: Displays members of a specified group.

This tool provides a quick overview of essential Active Directory metrics and statuses. It’s useful for:

  • Monitoring the health of Domain Controllers
  • Tracking recent account creations
  • Identifying disabled accounts
  • Managing password policies
  • Reviewing group memberships

Note: To use this script, you need to:

  1. Run PowerShell as an administrator
  2. Have the Active Directory PowerShell module installed
  3. Have appropriate permissions in the AD environment

This script is suitable for AD administrators who want to perform basic AD health checks and gather information quickly without navigating through multiple tools or writing complex queries.

You might also like
Windows Services Analyzer Tool
Simple IIS Security Check Tool
Microsoft 365 Security Check Tool
DHCP Toolkit
Task Manager and Process Monitor
Simple System Health Monitor
0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *