Domain Check Toolkit

<#
.SYNOPSIS
Domain Check Toolkit

.DESCRIPTION
This script performs comprehensive checks and information gathering on an Active Directory domain,
providing insights into domain controllers, users, groups, GPOs, and other domain-related configurations.

.NOTES
File Name      : DomainCheckToolkit.ps1
Author         : [Your Name]
Prerequisite   : PowerShell V5.1 or later, Active Directory module, and appropriate domain admin rights
Version        : 1.0
Date           : [Current Date]

.EXAMPLE
.\DomainCheckToolkit.ps1
#>

# Import required modules
Import-Module ActiveDirectory

# Global variables
$global:reportPath = "$env:USERPROFILE\Desktop\Domain_Check_Report_$(Get-Date -Format 'yyyyMMdd_HHmmss').html"

function Show-Menu {
    Clear-Host
    Write-Host "=== Domain Check Toolkit ===" -ForegroundColor Cyan
    Write-Host "1. Domain Information"
    Write-Host "2. Domain Controller Health Check"
    Write-Host "3. User Account Analysis"
    Write-Host "4. Group Analysis"
    Write-Host "5. Group Policy Object (GPO) Check"
    Write-Host "6. DNS Health Check"
    Write-Host "7. FSMO Roles Check"
    Write-Host "8. Replication Status"
    Write-Host "9. Trust Relationships"
    Write-Host "10. Generate Comprehensive HTML Report"
    Write-Host "11. Exit"
}

function Get-DomainInformation {
    Write-Host "`nGathering Domain Information..." -ForegroundColor Yellow
    $domainInfo = Get-ADDomain
    $forestInfo = Get-ADForest

    $result = [PSCustomObject]@{
        DomainName = $domainInfo.DNSRoot
        NetBIOSName = $domainInfo.NetBIOSName
        DomainMode = $domainInfo.DomainMode
        ForestName = $forestInfo.Name
        ForestMode = $forestInfo.ForestMode
        DomainControllers = ($domainInfo.ReplicaDirectoryServers -join ", ")
        GlobalCatalogs = ($forestInfo.GlobalCatalogs -join ", ")
    }

    $result | Format-List
    return $result
}

function Get-DomainControllerHealth {
    Write-Host "`nPerforming Domain Controller Health Check..." -ForegroundColor Yellow
    $dcs = Get-ADDomainController -Filter *
    $results = @()

    foreach ($dc in $dcs) {
        $dcdiag = dcdiag /s:$($dc.HostName) /test:services /test:advertising /test:fsmocheck /test:ridmanager
        $results += [PSCustomObject]@{
            Name = $dc.HostName
            Site = $dc.Site
            IPv4Address = $dc.IPv4Address
            OperatingSystem = $dc.OperatingSystem
            IsGlobalCatalog = $dc.IsGlobalCatalog
            ServicesTest = if ($dcdiag -match "passed test Services") { "Passed" } else { "Failed" }
            AdvertisingTest = if ($dcdiag -match "passed test Advertising") { "Passed" } else { "Failed" }
            FSMOCheckTest = if ($dcdiag -match "passed test FsmoCheck") { "Passed" } else { "Failed" }
            RidManagerTest = if ($dcdiag -match "passed test RidManager") { "Passed" } else { "Failed" }
        }
    }

    $results | Format-Table -AutoSize
    return $results
}

function Get-UserAccountAnalysis {
    Write-Host "`nPerforming User Account Analysis..." -ForegroundColor Yellow
    $users = Get-ADUser -Filter * -Properties Enabled, PasswordLastSet, LastLogonDate, PasswordNeverExpires
    $results = @{
        TotalUsers = $users.Count
        EnabledUsers = ($users | Where-Object { $_.Enabled -eq $true }).Count
        DisabledUsers = ($users | Where-Object { $_.Enabled -eq $false }).Count
        PasswordNeverExpires = ($users | Where-Object { $_.PasswordNeverExpires -eq $true }).Count
        InactiveUsers = ($users | Where-Object { $_.LastLogonDate -lt (Get-Date).AddDays(-90) }).Count
    }

    $results | Format-Table -AutoSize
    return $results
}

function Get-GroupAnalysis {
    Write-Host "`nPerforming Group Analysis..." -ForegroundColor Yellow
    $groups = Get-ADGroup -Filter *
    $results = @{
        TotalGroups = $groups.Count
        SecurityGroups = ($groups | Where-Object { $_.GroupCategory -eq "Security" }).Count
        DistributionGroups = ($groups | Where-Object { $_.GroupCategory -eq "Distribution" }).Count
        GlobalGroups = ($groups | Where-Object { $_.GroupScope -eq "Global" }).Count
        UniversalGroups = ($groups | Where-Object { $_.GroupScope -eq "Universal" }).Count
        DomainLocalGroups = ($groups | Where-Object { $_.GroupScope -eq "DomainLocal" }).Count
    }

    $results | Format-Table -AutoSize
    return $results
}

function Get-GPOCheck {
    Write-Host "`nPerforming Group Policy Object Check..." -ForegroundColor Yellow
    $gpos = Get-GPO -All
    $results = @()

    foreach ($gpo in $gpos) {
        $results += [PSCustomObject]@{
            Name = $gpo.DisplayName
            ID = $gpo.Id
            CreationTime = $gpo.CreationTime
            ModificationTime = $gpo.ModificationTime
            UserVersionNumber = $gpo.UserVersion.DSVersion
            ComputerVersionNumber = $gpo.ComputerVersion.DSVersion
        }
    }

    $results | Format-Table -AutoSize
    return $results
}

function Get-DNSHealthCheck {
    Write-Host "`nPerforming DNS Health Check..." -ForegroundColor Yellow
    $dnsServers = Get-ADDomainController -Filter * | Select-Object -ExpandProperty Name
    $results = @()

    foreach ($server in $dnsServers) {
        $dnsTest = Test-DnsServer -ComputerName $server -Context DnsServer
        $results += [PSCustomObject]@{
            Server = $server
            IsResponding = $dnsTest.IsResponding
            TCPPort53Open = ($dnsTest.TcpOpen -contains 53)
            UDPPort53Open = ($dnsTest.UdpOpen -contains 53)
        }
    }

    $results | Format-Table -AutoSize
    return $results
}

function Get-FSMORolesCheck {
    Write-Host "`nChecking FSMO Roles..." -ForegroundColor Yellow
    $domain = Get-ADDomain
    $forest = Get-ADForest

    $result = [PSCustomObject]@{
        PDCEmulator = $domain.PDCEmulator
        RIDMaster = $domain.RIDMaster
        InfrastructureMaster = $domain.InfrastructureMaster
        SchemaMaster = $forest.SchemaMaster
        DomainNamingMaster = $forest.DomainNamingMaster
    }

    $result | Format-List
    return $result
}

function Get-ReplicationStatus {
    Write-Host "`nChecking Replication Status..." -ForegroundColor Yellow
    $results = @()
    $repl = repadmin /showrepl * /csv
    $replData = ConvertFrom-Csv $repl

    foreach ($item in $replData) {
        if ($item."Number of Failures" -ne "0") {
            $results += [PSCustomObject]@{
                SourceDC = $item."Source DC"
                DestinationDC = $item."Destination DC"
                FailureCount = $item."Number of Failures"
                LastFailureTime = $item."Last Failure Time"
                LastSuccessTime = $item."Last Success Time"
            }
        }
    }

    if ($results.Count -eq 0) {
        Write-Host "No replication failures detected." -ForegroundColor Green
    } else {
        $results | Format-Table -AutoSize
    }
    return $results
}

function Get-TrustRelationships {
    Write-Host "`nChecking Trust Relationships..." -ForegroundColor Yellow
    $trusts = Get-ADTrust -Filter *
    $results = @()

    foreach ($trust in $trusts) {
        $results += [PSCustomObject]@{
            Name = $trust.Name
            Direction = $trust.Direction
            TrustType = $trust.TrustType
            ForestTransitive = $trust.ForestTransitive
            IntraForest = $trust.IntraForest
        }
    }

    $results | Format-Table -AutoSize
    return $results
}

function Generate-HTMLReport {
    param([hashtable]$AllResults)

    Write-Host "`nGenerating Comprehensive HTML Report..." -ForegroundColor Yellow
    $reportContent = @"
<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>Domain Check Report</title>
    <style>
        body { font-family: Arial, sans-serif; line-height: 1.6; color: #333; max-width: 1200px; margin: 0 auto; padding: 20px; }
        h1, h2, h3 { color: #0078D4; }
        table { border-collapse: collapse; width: 100%; margin-bottom: 20px; }
        th, td { border: 1px solid #ddd; padding: 8px; text-align: left; }
        th { background-color: #f2f2f2; }
        .warning { color: orange; }
        .critical { color: red; }
    </style>
</head>
<body>
    <h1>Domain Check Report</h1>
    <p>Generated on: $(Get-Date)</p>

    <h2>Domain Information</h2>
    $($AllResults.DomainInfo | ConvertTo-Html -Fragment)

    <h2>Domain Controller Health</h2>
    $($AllResults.DCHealth | ConvertTo-Html -Fragment)

    <h2>User Account Analysis</h2>
    $($AllResults.UserAnalysis | ConvertTo-Html -Fragment)

    <h2>Group Analysis</h2>
    $($AllResults.GroupAnalysis | ConvertTo-Html -Fragment)

    <h2>Group Policy Objects</h2>
    $($AllResults.GPOCheck | ConvertTo-Html -Fragment)

    <h2>DNS Health Check</h2>
    $($AllResults.DNSHealth | ConvertTo-Html -Fragment)

    <h2>FSMO Roles</h2>
    $($AllResults.FSMORoles | ConvertTo-Html -Fragment)

    <h2>Replication Status</h2>
    $($AllResults.ReplicationStatus | ConvertTo-Html -Fragment)

    <h2>Trust Relationships</h2>
    $($AllResults.TrustRelationships | ConvertTo-Html -Fragment)
</body>
</html>
"@

    $reportContent | Out-File -FilePath $global:reportPath
    Write-Host "Report generated and saved to: $global:reportPath" -ForegroundColor Green
}

# Main program loop
$allResults = @{}

do {
    Show-Menu
    $choice = Read-Host "`nEnter your choice (1-11)"

    switch ($choice) {
        "1" { $allResults.DomainInfo = Get-DomainInformation }
        "2" { $allResults.DCHealth = Get-DomainControllerHealth }
        "3" { $allResults.UserAnalysis = Get-UserAccountAnalysis }
        "4" { $allResults.GroupAnalysis = Get-GroupAnalysis }
        "5" { $allResults.GPOCheck = Get-GPOCheck }
        "6" { $allResults.DNSHealth = Get-DNSHealthCheck }
        "7" { $allResults.FSMORoles = Get-FSMORolesCheck }
        "8" { $allResults.ReplicationStatus = Get-ReplicationStatus }
        "9" { $allResults.TrustRelationships = Get-TrustRelationships }
        "10" { Generate-HTMLReport -AllResults $allResults }
        "11" { Write-Host "Exiting program..." -ForegroundColor Yellow; break }
        default { Write-Host "Invalid choice. Please try again." -ForegroundColor Red }
    }

    if ($choice -ne "11") {
        Read-Host "`nPress Enter to continue..."
    }
} while ($choice -ne "11")

This Domain Check Toolkit includes:

A menu-driven interface for easy navigation.
Functions to analyze various aspects of the Active Directory domain:
- Domain Information
- Domain Controller Health Check
- User Account Analysis
- Group Analysis
- Group Policy Object (GPO) Check
- DNS Health Check
- FSMO Roles Check
- Replication Status
- Trust Relationships
HTML report generation for easy sharing and viewing of results.

Key features:

Comprehensive domain information gathering
Health check of all domain controllers
Analysis of user accounts, including inactive and potentially insecure accounts
Overview of group distribution in the domain
GPO inventory and version checking
DNS server health verification
FSMO roles location check
Replication status and failure detection
Trust relationship enumeration

This tool is particularly useful for:

Domain administrators performing regular health checks
IT professionals troubleshooting domain-wide issues
Security auditors reviewing domain configurations
Anyone needing to quickly gather comprehensive information about an Active Directory domain

To use this script effectively:

Run PowerShell as an administrator on a domain-joined machine (preferably a domain controller)
Ensure you have the necessary permissions to query domain information (Domain Admin or equivalent rights)
Have the Active Directory PowerShell module installed
Review the generated HTML report for a comprehensive overview of the domain’s status and configuration

This script provides a thorough check of an Active Directory domain, helping to identify potential issues, misconfigurations, or security concerns. It’s designed to give administrators a quick but comprehensive view of their domain’s health and configuration.

Leave a Reply

Leave a Reply Cancel reply

Windows PowerShell

Links

Contact

Sitemap

You might also like