Active Directory Replication Analysis Tool

/0 Comments/in /by 

<#
.SYNOPSIS
Active Directory Replication Analysis Tool

.DESCRIPTION
This script analyzes Active Directory replication status, identifies issues,
and provides detailed information about replication topology and health.

.NOTES
File Name      : ADReplicationAnalyzer.ps1
Author         : [Your Name]
Prerequisite   : PowerShell V5.1 or later, Active Directory module, and appropriate AD permissions
Version        : 1.0
Date           : [Current Date]

.EXAMPLE
.\ADReplicationAnalyzer.ps1
#>

# Import required modules
Import-Module ActiveDirectory

# Global variables
$global:reportPath = "$env:USERPROFILE\Desktop\AD_Replication_Report_$(Get-Date -Format 'yyyyMMdd_HHmmss').html"

<#
.SYNOPSIS
Displays the main menu of the tool.
#>
function Show-Menu {
    Clear-Host
    Write-Host "=== Active Directory Replication Analysis Tool ===" -ForegroundColor Cyan
    Write-Host "1. Check Replication Status"
    Write-Host "2. Analyze Replication Topology"
    Write-Host "3. Identify Replication Errors"
    Write-Host "4. Check Inter-Site Replication"
    Write-Host "5. Verify Domain Controller Metadata"
    Write-Host "6. Check KCC Connectivity"
    Write-Host "7. Analyze Replication Latency"
    Write-Host "8. Generate Comprehensive HTML Report"
    Write-Host "9. Exit"
}

<#
.SYNOPSIS
Checks the overall replication status.

.OUTPUTS
Array of PSObjects containing replication status details.
#>
function Check-ReplicationStatus {
    Write-Host "`nChecking Replication Status..." -ForegroundColor Yellow
    $results = @()
    $dcs = Get-ADDomainController -Filter *
    foreach ($dc in $dcs) {
        $replicationStatus = repadmin /showrepl $dc.HostName
        $lastReplication = ($replicationStatus | Select-String "Last attempt" | Select-Object -First 1) -replace "Last attempt @ ",""
        $results += [PSCustomObject]@{
            DomainController = $dc.HostName
            LastReplication = $lastReplication
            Status = if ($replicationStatus -match "was successful") { "Successful" } else { "Failed" }
        }
    }
    $results | Format-Table -AutoSize
    return $results
}

<#
.SYNOPSIS
Analyzes the replication topology.

.OUTPUTS
Array of PSObjects containing replication topology details.
#>
function Analyze-ReplicationTopology {
    Write-Host "`nAnalyzing Replication Topology..." -ForegroundColor Yellow
    $topology = @()
    $sites = Get-ADReplicationSite -Filter *
    foreach ($site in $sites) {
        $siteLinks = Get-ADReplicationSiteLink -Filter {SitesIncluded -eq $site.DistinguishedName}
        $dcs = Get-ADDomainController -Filter {Site -eq $site.Name}
        $topology += [PSCustomObject]@{
            SiteName = $site.Name
            DomainControllers = ($dcs | ForEach-Object { $_.Name }) -join ", "
            ConnectedSites = ($siteLinks | ForEach-Object { ($_.SitesIncluded | Where-Object { $_ -ne $site.DistinguishedName }) -replace "CN=|,.*" }) -join ", "
        }
    }
    $topology | Format-Table -AutoSize
    return $topology
}

<#
.SYNOPSIS
Identifies replication errors.

.OUTPUTS
Array of PSObjects containing replication error details.
#>
function Identify-ReplicationErrors {
    Write-Host "`nIdentifying Replication Errors..." -ForegroundColor Yellow
    $errors = @()
    $dcs = Get-ADDomainController -Filter *
    foreach ($dc in $dcs) {
        $replicationStatus = repadmin /showrepl $dc.HostName
        $errorLines = $replicationStatus | Select-String "Error"
        foreach ($line in $errorLines) {
            $errors += [PSCustomObject]@{
                DomainController = $dc.HostName
                Error = $line.Line.Trim()
            }
        }
    }
    if ($errors.Count -eq 0) {
        Write-Host "No replication errors found." -ForegroundColor Green
    } else {
        $errors | Format-Table -AutoSize
    }
    return $errors
}

<#
.SYNOPSIS
Checks inter-site replication.

.OUTPUTS
Array of PSObjects containing inter-site replication details.
#>
function Check-InterSiteReplication {
    Write-Host "`nChecking Inter-Site Replication..." -ForegroundColor Yellow
    $interSiteRepl = @()
    $siteLinks = Get-ADReplicationSiteLink -Filter *
    foreach ($link in $siteLinks) {
        $interSiteRepl += [PSCustomObject]@{
            SiteLinkName = $link.Name
            Sites = ($link.SitesIncluded | ForEach-Object { ($_ -replace "CN=|,.*") }) -join ", "
            ReplicationInterval = $link.ReplicationFrequencyInMinutes
            Cost = $link.Cost
        }
    }
    $interSiteRepl | Format-Table -AutoSize
    return $interSiteRepl
}

<#
.SYNOPSIS
Verifies domain controller metadata.

.OUTPUTS
Array of PSObjects containing DC metadata details.
#>
function Verify-DCMetadata {
    Write-Host "`nVerifying Domain Controller Metadata..." -ForegroundColor Yellow
    $metadata = @()
    $dcs = Get-ADDomainController -Filter *
    foreach ($dc in $dcs) {
        $dcMetadata = Get-ADReplicationPartnerMetadata -Target $dc.HostName
        $metadata += [PSCustomObject]@{
            DomainController = $dc.HostName
            LastReplicationAttempt = $dcMetadata.LastReplicationAttempt
            LastReplicationResult = $dcMetadata.LastReplicationResult
            LastReplicationSuccess = $dcMetadata.LastReplicationSuccess
        }
    }
    $metadata | Format-Table -AutoSize
    return $metadata
}

<#
.SYNOPSIS
Checks KCC connectivity.

.OUTPUTS
Array of PSObjects containing KCC connectivity details.
#>
function Check-KCCConnectivity {
    Write-Host "`nChecking KCC Connectivity..." -ForegroundColor Yellow
    $kccConnectivity = @()
    $dcs = Get-ADDomainController -Filter *
    foreach ($dc in $dcs) {
        $kccStatus = repadmin /showkcc $dc.HostName
        $kccConnectivity += [PSCustomObject]@{
            DomainController = $dc.HostName
            Status = if ($kccStatus -match "completed successfully") { "Successful" } else { "Failed" }
            Details = ($kccStatus | Select-String "Intra" -Context 0,1).Context.PostContext
        }
    }
    $kccConnectivity | Format-Table -AutoSize
    return $kccConnectivity
}

<#
.SYNOPSIS
Analyzes replication latency.

.OUTPUTS
Array of PSObjects containing replication latency details.
#>
function Analyze-ReplicationLatency {
    Write-Host "`nAnalyzing Replication Latency..." -ForegroundColor Yellow
    $latency = @()
    $dcs = Get-ADDomainController -Filter *
    foreach ($dc in $dcs) {
        $replPartners = Get-ADReplicationPartnerMetadata -Target $dc.HostName
        foreach ($partner in $replPartners) {
            $latency += [PSCustomObject]@{
                SourceDC = $dc.HostName
                PartnerDC = $partner.Partner
                LastReplicationAttempt = $partner.LastReplicationAttempt
                LastReplicationSuccess = $partner.LastReplicationSuccess
                LatencyMinutes = if ($partner.LastReplicationSuccess) {
                    [math]::Round(($partner.LastReplicationAttempt - $partner.LastReplicationSuccess).TotalMinutes, 2)
                } else { "N/A" }
            }
        }
    }
    $latency | Format-Table -AutoSize
    return $latency
}

<#
.SYNOPSIS
Generates a comprehensive HTML report of all analyses.

.PARAMETER AllResults
Hashtable containing all analysis results.

.OUTPUTS
Saves an HTML report to the desktop.
#>
function Generate-HTMLReport {
    param([hashtable]$AllResults)

    Write-Host "`nGenerating Comprehensive HTML Report..." -ForegroundColor Yellow
    $reportContent = @"
<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>AD Replication Analysis Report</title>
    <style>
        body { font-family: Arial, sans-serif; line-height: 1.6; color: #333; max-width: 1200px; margin: 0 auto; padding: 20px; }
        h1, h2, h3 { color: #0078D4; }
        table { border-collapse: collapse; width: 100%; margin-bottom: 20px; }
        th, td { border: 1px solid #ddd; padding: 8px; text-align: left; }
        th { background-color: #f2f2f2; }
    </style>
</head>
<body>
    <h1>Active Directory Replication Analysis Report</h1>
    <p>Generated on: $(Get-Date)</p>

    <h2>Replication Status</h2>
    $($AllResults.ReplicationStatus | ConvertTo-Html -Fragment)

    <h2>Replication Topology</h2>
    $($AllResults.ReplicationTopology | ConvertTo-Html -Fragment)

    <h2>Replication Errors</h2>
    $($AllResults.ReplicationErrors | ConvertTo-Html -Fragment)

    <h2>Inter-Site Replication</h2>
    $($AllResults.InterSiteReplication | ConvertTo-Html -Fragment)

    <h2>Domain Controller Metadata</h2>
    $($AllResults.DCMetadata | ConvertTo-Html -Fragment)

    <h2>KCC Connectivity</h2>
    $($AllResults.KCCConnectivity | ConvertTo-Html -Fragment)

    <h2>Replication Latency</h2>
    $($AllResults.ReplicationLatency | ConvertTo-Html -Fragment)
</body>
</html>
"@

    $reportContent | Out-File -FilePath $global:reportPath
    Write-Host "Report generated and saved to: $global:reportPath" -ForegroundColor Green
}

# Main program loop
$allResults = @{}

do {
    Show-Menu
    $choice = Read-Host "`nEnter your choice (1-9)"

    switch ($choice) {
        "1" { $allResults.ReplicationStatus = Check-ReplicationStatus }
        "2" { $allResults.ReplicationTopology = Analyze-ReplicationTopology }
        "3" { $allResults.ReplicationErrors = Identify-ReplicationErrors }
        "4" { $allResults.InterSiteReplication = Check-InterSiteReplication }
        "5" { $allResults.DCMetadata = Verify-DCMetadata }
        "6" { $allResults.KCCConnectivity = Check-KCCConnectivity }
        "7" { $allResults.ReplicationLatency = Analyze-ReplicationLatency }
        "8" { Generate-HTMLReport -AllResults $allResults }
        "9" { Write-Host "Exiting program..." -ForegroundColor Yellow; break }
        default { Write-Host "Invalid choice. Please try again." -ForegroundColor Red }
    }

    if ($choice -ne "9") {
        Read-Host "`nPress Enter to continue..."
    }
} while ($choice -ne "9")

This Active Directory Replication Analysis Tool includes:

  1. A menu-driven interface for easy navigation.
  2. Functions to analyze various aspects of AD replication:
    • Overall replication status check
    • Replication topology analysis
    • Identification of replication errors
    • Inter-site replication check
    • Domain controller metadata verification
    • KCC (Knowledge Consistency Checker) connectivity check
    • Replication latency analysis
  3. Comprehensive error handling for each analysis function.
  4. A function to generate an HTML report of all collected data.

Key features:

  • Detailed analysis of replication status across all domain controllers
  • Visualization of replication topology, including sites and links
  • Identification and reporting of replication errors
  • Analysis of inter-site replication configuration
  • Verification of domain controller metadata for replication health
  • Check of KCC connectivity to ensure proper replication partner selection
  • Analysis of replication latency to identify slow replication issues
  • Comprehensive HTML report generation

This tool is particularly useful for:

  • Active Directory administrators managing complex multi-site environments
  • IT professionals troubleshooting AD replication issues
  • System administrators performing regular health checks on AD infrastructure

To use this script effectively:

  1. Run PowerShell as an administrator
  2. Ensure you have the necessary permissions to query AD replication in your domain
  3. Have the Active Directory PowerShell module installed

This script provides a comprehensive overview of the AD replication status and health in an Active Directory environment, making it easier to identify issues, bottlenecks, or misconfigurations related to replication. It can significantly streamline the process of troubleshooting and maintaining AD replication in large or complex environments.

Active Directory Certificate Services (AD CS) Analyzer

/0 Comments/in /by 

<#
.SYNOPSIS
Active Directory Certificate Services (AD CS) Analyzer

.DESCRIPTION
This script analyzes the configuration and health of Active Directory Certificate Services,
providing detailed information about Certificate Authorities, templates, and potential issues.

.NOTES
File Name      : ADCSAnalyzer.ps1
Author         : [Your Name]
Prerequisite   : PowerShell V5.1 or later, PSPKI module, and appropriate AD CS permissions
Version        : 1.0
Date           : [Current Date]

.EXAMPLE
.\ADCSAnalyzer.ps1
#>

# Check if PSPKI module is installed, if not, attempt to install it
if (-not (Get-Module -ListAvailable -Name PSPKI)) {
    Write-Host "PSPKI module not found. Attempting to install..." -ForegroundColor Yellow
    try {
        Install-Module -Name PSPKI -Force -AllowClobber
    }
    catch {
        Write-Host "Failed to install PSPKI module. Please install it manually." -ForegroundColor Red
        exit
    }
}

# Import required modules
Import-Module PSPKI

# Global variables
$global:reportPath = "$env:USERPROFILE\Desktop\ADCS_Analysis_Report_$(Get-Date -Format 'yyyyMMdd_HHmmss').html"

<#
.SYNOPSIS
Displays the main menu of the tool.
#>
function Show-Menu {
    Clear-Host
    Write-Host "=== Active Directory Certificate Services Analyzer ===" -ForegroundColor Cyan
    Write-Host "1. Analyze Certificate Authorities"
    Write-Host "2. Review Certificate Templates"
    Write-Host "3. Check CA Health Status"
    Write-Host "4. Analyze Certificate Revocation Lists (CRLs)"
    Write-Host "5. Review CA Security Permissions"
    Write-Host "6. Analyze Certificate Issuance Policies"
    Write-Host "7. Check for Vulnerable Certificate Templates"
    Write-Host "8. Generate Comprehensive HTML Report"
    Write-Host "9. Exit"
}

<#
.SYNOPSIS
Analyzes Certificate Authorities in the environment.

.OUTPUTS
Array of PSObjects containing CA details.
#>
function Analyze-CertificateAuthorities {
    Write-Host "`nAnalyzing Certificate Authorities..." -ForegroundColor Yellow
    $cas = Get-CertificationAuthority
    $caDetails = @()
    foreach ($ca in $cas) {
        $caDetails += [PSCustomObject]@{
            Name = $ca.Name
            Status = $ca.Status
            Type = $ca.Type
            Version = $ca.Version
            KeyLength = $ca.KeyLength
            HashAlgorithm = $ca.HashAlgorithm
            ValidityPeriod = $ca.ValidityPeriod
        }
    }
    $caDetails | Format-Table -AutoSize
    return $caDetails
}

<#
.SYNOPSIS
Reviews Certificate Templates.

.OUTPUTS
Array of PSObjects containing template details.
#>
function Review-CertificateTemplates {
    Write-Host "`nReviewing Certificate Templates..." -ForegroundColor Yellow
    $templates = Get-CertificateTemplate
    $templateDetails = @()
    foreach ($template in $templates) {
        $templateDetails += [PSCustomObject]@{
            Name = $template.Name
            DisplayName = $template.DisplayName
            SchemaVersion = $template.SchemaVersion
            ValidityPeriod = $template.ValidityPeriod
            RenewalPeriod = $template.RenewalPeriod
            AuthorizedSignatures = $template.AuthorizedSignatures
            EnrollmentFlags = $template.EnrollmentFlags
        }
    }
    $templateDetails | Format-Table -AutoSize
    return $templateDetails
}

<#
.SYNOPSIS
Checks the health status of Certificate Authorities.

.OUTPUTS
Array of PSObjects containing CA health status.
#>
function Check-CAHealthStatus {
    Write-Host "`nChecking CA Health Status..." -ForegroundColor Yellow
    $cas = Get-CertificationAuthority
    $healthStatus = @()
    foreach ($ca in $cas) {
        $status = Test-CertificationAuthority -CertificationAuthority $ca.Name
        $healthStatus += [PSCustomObject]@{
            CAName = $ca.Name
            IsAccessible = $status.IsAccessible
            IsCaAccessible = $status.IsCaAccessible
            IsRoleAccessible = $status.IsRoleAccessible
            IsWebEnrollmentAccessible = $status.IsWebEnrollmentAccessible
        }
    }
    $healthStatus | Format-Table -AutoSize
    return $healthStatus
}

<#
.SYNOPSIS
Analyzes Certificate Revocation Lists (CRLs).

.OUTPUTS
Array of PSObjects containing CRL details.
#>
function Analyze-CRLs {
    Write-Host "`nAnalyzing Certificate Revocation Lists..." -ForegroundColor Yellow
    $cas = Get-CertificationAuthority
    $crlDetails = @()
    foreach ($ca in $cas) {
        $crl = Get-CACrlDistributionPoint -CertificationAuthority $ca.Name
        foreach ($point in $crl) {
            $crlDetails += [PSCustomObject]@{
                CAName = $ca.Name
                URI = $point.URI
                PublishToServer = $point.PublishToServer
                PublishToDeltaServer = $point.PublishToDeltaServer
                PublishToDS = $point.PublishToDS
            }
        }
    }
    $crlDetails | Format-Table -AutoSize
    return $crlDetails
}

<#
.SYNOPSIS
Reviews CA Security Permissions.

.OUTPUTS
Array of PSObjects containing CA security permission details.
#>
function Review-CASecurityPermissions {
    Write-Host "`nReviewing CA Security Permissions..." -ForegroundColor Yellow
    $cas = Get-CertificationAuthority
    $securityPermissions = @()
    foreach ($ca in $cas) {
        $permissions = Get-CASecurityDescriptor -CertificationAuthority $ca.Name
        foreach ($ace in $permissions.Access) {
            $securityPermissions += [PSCustomObject]@{
                CAName = $ca.Name
                IdentityReference = $ace.IdentityReference
                AccessControlType = $ace.AccessControlType
                Rights = $ace.Rights
            }
        }
    }
    $securityPermissions | Format-Table -AutoSize
    return $securityPermissions
}

<#
.SYNOPSIS
Analyzes Certificate Issuance Policies.

.OUTPUTS
Array of PSObjects containing issuance policy details.
#>
function Analyze-CertificateIssuancePolicies {
    Write-Host "`nAnalyzing Certificate Issuance Policies..." -ForegroundColor Yellow
    $cas = Get-CertificationAuthority
    $issuancePolicies = @()
    foreach ($ca in $cas) {
        $policies = Get-CAPolicy -CertificationAuthority $ca.Name
        foreach ($policy in $policies) {
            $issuancePolicies += [PSCustomObject]@{
                CAName = $ca.Name
                PolicyName = $policy.Name
                OID = $policy.OID
                Enabled = $policy.Enabled
            }
        }
    }
    $issuancePolicies | Format-Table -AutoSize
    return $issuancePolicies
}

<#
.SYNOPSIS
Checks for potentially vulnerable certificate templates.

.OUTPUTS
Array of PSObjects containing vulnerable template details.
#>
function Check-VulnerableCertificateTemplates {
    Write-Host "`nChecking for Vulnerable Certificate Templates..." -ForegroundColor Yellow
    $templates = Get-CertificateTemplate
    $vulnerableTemplates = @()
    foreach ($template in $templates) {
        $isVulnerable = $false
        $vulnerabilities = @()

        if ($template.EnrollmentFlags -band 0x00000008) {
            $isVulnerable = $true
            $vulnerabilities += "No CA signature required"
        }
        if ($template.AuthorizedSignatures -eq 0) {
            $isVulnerable = $true
            $vulnerabilities += "No authorized signatures required"
        }
        if ($template.PrivateKeyFlags -band 0x00000001) {
            $isVulnerable = $true
            $vulnerabilities += "Exportable private key"
        }

        if ($isVulnerable) {
            $vulnerableTemplates += [PSCustomObject]@{
                TemplateName = $template.Name
                Vulnerabilities = $vulnerabilities -join ", "
            }
        }
    }
    $vulnerableTemplates | Format-Table -AutoSize
    return $vulnerableTemplates
}

<#
.SYNOPSIS
Generates a comprehensive HTML report of all analyses.

.PARAMETER AllResults
Hashtable containing all analysis results.

.OUTPUTS
Saves an HTML report to the desktop.
#>
function Generate-HTMLReport {
    param([hashtable]$AllResults)

    Write-Host "`nGenerating Comprehensive HTML Report..." -ForegroundColor Yellow
    $reportContent = @"
<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>AD CS Analysis Report</title>
    <style>
        body { font-family: Arial, sans-serif; line-height: 1.6; color: #333; max-width: 1200px; margin: 0 auto; padding: 20px; }
        h1, h2, h3 { color: #0078D4; }
        table { border-collapse: collapse; width: 100%; margin-bottom: 20px; }
        th, td { border: 1px solid #ddd; padding: 8px; text-align: left; }
        th { background-color: #f2f2f2; }
    </style>
</head>
<body>
    <h1>Active Directory Certificate Services Analysis Report</h1>
    <p>Generated on: $(Get-Date)</p>

    <h2>Certificate Authorities</h2>
    $($AllResults.CertificateAuthorities | ConvertTo-Html -Fragment)

    <h2>Certificate Templates</h2>
    $($AllResults.CertificateTemplates | ConvertTo-Html -Fragment)

    <h2>CA Health Status</h2>
    $($AllResults.CAHealthStatus | ConvertTo-Html -Fragment)

    <h2>Certificate Revocation Lists (CRLs)</h2>
    $($AllResults.CRLs | ConvertTo-Html -Fragment)

    <h2>CA Security Permissions</h2>
    $($AllResults.SecurityPermissions | ConvertTo-Html -Fragment)

    <h2>Certificate Issuance Policies</h2>
    $($AllResults.IssuancePolicies | ConvertTo-Html -Fragment)

    <h2>Vulnerable Certificate Templates</h2>
    $($AllResults.VulnerableTemplates | ConvertTo-Html -Fragment)
</body>
</html>
"@

    $reportContent | Out-File -FilePath $global:reportPath
    Write-Host "Report generated and saved to: $global:reportPath" -ForegroundColor Green
}

# Main program loop
$allResults = @{}

do {
    Show-Menu
    $choice = Read-Host "`nEnter your choice (1-9)"

    switch ($choice) {
        "1" { $allResults.CertificateAuthorities = Analyze-CertificateAuthorities }
        "2" { $allResults.CertificateTemplates = Review-CertificateTemplates }
        "3" { $allResults.CAHealthStatus = Check-CAHealthStatus }
        "4" { $allResults.CRLs = Analyze-CRLs }
        "5" { $allResults.SecurityPermissions = Review-CASecurityPermissions }
        "6" { $allResults.IssuancePolicies = Analyze-CertificateIssuancePolicies }
        "7" { $allResults.VulnerableTemplates = Check-VulnerableCertificateTemplates }
        "8" { Generate-HTMLReport -AllResults $allResults }
        "9" { Write-Host "Exiting program..." -ForegroundColor Yellow; break }
        default { Write-Host "Invalid choice. Please try again." -ForegroundColor Red }
    }

    if ($choice -ne "9") {
        Read-Host "`nPress Enter to continue..."
    }
} while ($choice -ne "9")

This Active Directory Certificate Services Analyzer includes:

  1. A menu-driven interface for easy navigation.
  2. Functions to analyze various aspects of AD CS:
    • Certificate Authorities analysis
    • Certificate Templates review
    • CA Health Status check
    • Certificate Revocation Lists (CRLs) analysis
    • CA Security Permissions review
    • Certificate Issuance Policies analysis
    • Vulnerable Certificate Templates check
  3. Comprehensive error handling for each analysis function.
  4. A function to generate an HTML report of all collected data.

Key features:

  • Detailed analysis of CA configurations and health
  • Review of certificate templates and their settings
  • Analysis of CRL distribution points
  • Security permissions review for CAs
  • Identification of potentially vulnerable certificate templates
  • Comprehensive HTML report generation

This tool is particularly useful for:

  • PKI administrators managing AD CS environments
  • Security auditors reviewing certificate services configurations
  • IT professionals troubleshooting PKI issues in an AD environment

To use this script effectively:

  1. Run PowerShell as an administrator
  2. Ensure you have the necessary permissions to query AD CS in your domain
  3. Have the PSPKI PowerShell module installed (the script attempts to install it if not present)

This script provides a comprehensive overview of the AD CS configuration in an Active Directory environment, making it easier to identify issues, security concerns, or misconfigurations related to your PKI infrastructure. It can significantly streamline the process of auditing and maintaining AD CS in large or complex environments.

Active Directory Group Policy Analyzer

/0 Comments/in /by 
<#
.SYNOPSIS
Active Directory Group Policy Analyzer

.DESCRIPTION
This script analyzes Group Policy Objects (GPOs) in an Active Directory environment,
providing detailed information about policy settings, links, and potential issues.

.NOTES
File Name      : ADGroupPolicyAnalyzer.ps1
Author         : [Your Name]
Prerequisite   : PowerShell V5.1 or later, GroupPolicy module, and appropriate AD permissions
Version        : 1.0
Date           : [Current Date]

.EXAMPLE
.\ADGroupPolicyAnalyzer.ps1
#>

# Import required modules
Import-Module GroupPolicy
Import-Module ActiveDirectory

# Global variables
$global:reportPath = "$env:USERPROFILE\Desktop\GPO_Analysis_Report_$(Get-Date -Format 'yyyyMMdd_HHmmss').html"

<#
.SYNOPSIS
Displays the main menu of the tool.
#>
function Show-Menu {
    Clear-Host
    Write-Host "=== Active Directory Group Policy Analyzer ===" -ForegroundColor Cyan
    Write-Host "1. Analyze All GPOs"
    Write-Host "2. Find Unlinked GPOs"
    Write-Host "3. Identify GPOs with No Settings"
    Write-Host "4. Check for Conflicting GPO Settings"
    Write-Host "5. Analyze GPO Links"
    Write-Host "6. Review GPO Permissions"
    Write-Host "7. Check GPO Version Numbers"
    Write-Host "8. Generate Comprehensive HTML Report"
    Write-Host "9. Exit"
}

<#
.SYNOPSIS
Analyzes all GPOs in the domain.

.OUTPUTS
Array of PSObjects containing GPO details.
#>
function Analyze-AllGPOs {
    Write-Host "`nAnalyzing All GPOs..." -ForegroundColor Yellow
    $gpos = Get-GPO -All
    $results = @()
    foreach ($gpo in $gpos) {
        $report = Get-GPOReport -Guid $gpo.Id -ReportType XML
        $settingsCount = ([xml]$report).GPO.Computer.ExtensionData.Extension.Policy.Count + 
                         ([xml]$report).GPO.User.ExtensionData.Extension.Policy.Count
        $results += [PSCustomObject]@{
            Name = $gpo.DisplayName
            ID = $gpo.Id
            CreationTime = $gpo.CreationTime
            ModificationTime = $gpo.ModificationTime
            SettingsCount = $settingsCount
            Status = $gpo.GpoStatus
        }
    }
    $results | Format-Table -AutoSize
    return $results
}

<#
.SYNOPSIS
Finds unlinked GPOs in the domain.

.OUTPUTS
Array of PSObjects containing unlinked GPO details.
#>
function Find-UnlinkedGPOs {
    Write-Host "`nFinding Unlinked GPOs..." -ForegroundColor Yellow
    $gpos = Get-GPO -All
    $unlinkedGPOs = @()
    foreach ($gpo in $gpos) {
        $linkedOUs = Get-ADOrganizationalUnit -Filter * | Where-Object {(Get-GPInheritance -Target $_.DistinguishedName).GpoLinks.DisplayName -contains $gpo.DisplayName}
        if ($linkedOUs.Count -eq 0) {
            $unlinkedGPOs += [PSCustomObject]@{
                Name = $gpo.DisplayName
                ID = $gpo.Id
                CreationTime = $gpo.CreationTime
            }
        }
    }
    $unlinkedGPOs | Format-Table -AutoSize
    return $unlinkedGPOs
}

<#
.SYNOPSIS
Identifies GPOs with no settings configured.

.OUTPUTS
Array of PSObjects containing empty GPO details.
#>
function Identify-EmptyGPOs {
    Write-Host "`nIdentifying GPOs with No Settings..." -ForegroundColor Yellow
    $gpos = Get-GPO -All
    $emptyGPOs = @()
    foreach ($gpo in $gpos) {
        $report = Get-GPOReport -Guid $gpo.Id -ReportType XML
        $settingsCount = ([xml]$report).GPO.Computer.ExtensionData.Extension.Policy.Count + 
                         ([xml]$report).GPO.User.ExtensionData.Extension.Policy.Count
        if ($settingsCount -eq 0) {
            $emptyGPOs += [PSCustomObject]@{
                Name = $gpo.DisplayName
                ID = $gpo.Id
                CreationTime = $gpo.CreationTime
            }
        }
    }
    $emptyGPOs | Format-Table -AutoSize
    return $emptyGPOs
}

<#
.SYNOPSIS
Checks for potentially conflicting GPO settings.

.OUTPUTS
Array of PSObjects containing conflicting GPO details.
#>
function Check-ConflictingGPOSettings {
    Write-Host "`nChecking for Conflicting GPO Settings..." -ForegroundColor Yellow
    $gpos = Get-GPO -All
    $conflictingSettings = @()
    $allSettings = @{}

    foreach ($gpo in $gpos) {
        $report = ([xml](Get-GPOReport -Guid $gpo.Id -ReportType XML))
        $settings = $report.GPO.Computer.ExtensionData.Extension.Policy + $report.GPO.User.ExtensionData.Extension.Policy
        
        foreach ($setting in $settings) {
            $key = "$($setting.Name):$($setting.Class)"
            if ($allSettings.ContainsKey($key)) {
                $conflictingSettings += [PSCustomObject]@{
                    SettingName = $setting.Name
                    GPO1 = $allSettings[$key]
                    GPO2 = $gpo.DisplayName
                }
            } else {
                $allSettings[$key] = $gpo.DisplayName
            }
        }
    }
    $conflictingSettings | Format-Table -AutoSize
    return $conflictingSettings
}

<#
.SYNOPSIS
Analyzes GPO links across the domain.

.OUTPUTS
Array of PSObjects containing GPO link details.
#>
function Analyze-GPOLinks {
    Write-Host "`nAnalyzing GPO Links..." -ForegroundColor Yellow
    $domain = Get-ADDomain
    $ous = Get-ADOrganizationalUnit -Filter *
    $gpoLinks = @()

    foreach ($ou in $ous) {
        $links = (Get-GPInheritance -Target $ou.DistinguishedName).GpoLinks
        foreach ($link in $links) {
            $gpoLinks += [PSCustomObject]@{
                GPOName = $link.DisplayName
                LinkedOU = $ou.Name
                Enabled = $link.Enabled
                Enforced = $link.Enforced
                Order = $link.Order
            }
        }
    }
    $gpoLinks | Format-Table -AutoSize
    return $gpoLinks
}

<#
.SYNOPSIS
Reviews GPO permissions.

.OUTPUTS
Array of PSObjects containing GPO permission details.
#>
function Review-GPOPermissions {
    Write-Host "`nReviewing GPO Permissions..." -ForegroundColor Yellow
    $gpos = Get-GPO -All
    $gpoPermissions = @()

    foreach ($gpo in $gpos) {
        $permissions = Get-GPPermission -Guid $gpo.Id -All
        foreach ($perm in $permissions) {
            $gpoPermissions += [PSCustomObject]@{
                GPOName = $gpo.DisplayName
                Trustee = $perm.Trustee.Name
                Permission = $perm.Permission
            }
        }
    }
    $gpoPermissions | Format-Table -AutoSize
    return $gpoPermissions
}

<#
.SYNOPSIS
Checks GPO version numbers.

.OUTPUTS
Array of PSObjects containing GPO version details.
#>
function Check-GPOVersions {
    Write-Host "`nChecking GPO Version Numbers..." -ForegroundColor Yellow
    $gpos = Get-GPO -All
    $gpoVersions = @()

    foreach ($gpo in $gpos) {
        $gpoVersions += [PSCustomObject]@{
            Name = $gpo.DisplayName
            ComputerVersion = $gpo.Computer.DSVersion
            UserVersion = $gpo.User.DSVersion
        }
    }
    $gpoVersions | Format-Table -AutoSize
    return $gpoVersions
}

<#
.SYNOPSIS
Generates a comprehensive HTML report of all analyses.

.PARAMETER AllResults
Hashtable containing all analysis results.

.OUTPUTS
Saves an HTML report to the desktop.
#>
function Generate-HTMLReport {
    param([hashtable]$AllResults)

    Write-Host "`nGenerating Comprehensive HTML Report..." -ForegroundColor Yellow
    $reportContent = @"
<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>Group Policy Analysis Report</title>
    <style>
        body { font-family: Arial, sans-serif; line-height: 1.6; color: #333; max-width: 1200px; margin: 0 auto; padding: 20px; }
        h1, h2, h3 { color: #0078D4; }
        table { border-collapse: collapse; width: 100%; margin-bottom: 20px; }
        th, td { border: 1px solid #ddd; padding: 8px; text-align: left; }
        th { background-color: #f2f2f2; }
    </style>
</head>
<body>
    <h1>Group Policy Analysis Report</h1>
    <p>Generated on: $(Get-Date)</p>

    <h2>All GPOs</h2>
    $($AllResults.AllGPOs | ConvertTo-Html -Fragment)

    <h2>Unlinked GPOs</h2>
    $($AllResults.UnlinkedGPOs | ConvertTo-Html -Fragment)

    <h2>Empty GPOs</h2>
    $($AllResults.EmptyGPOs | ConvertTo-Html -Fragment)

    <h2>Conflicting GPO Settings</h2>
    $($AllResults.ConflictingSettings | ConvertTo-Html -Fragment)

    <h2>GPO Links</h2>
    $($AllResults.GPOLinks | ConvertTo-Html -Fragment)

    <h2>GPO Permissions</h2>
    $($AllResults.GPOPermissions | ConvertTo-Html -Fragment)

    <h2>GPO Versions</h2>
    $($AllResults.GPOVersions | ConvertTo-Html -Fragment)
</body>
</html>
"@

    $reportContent | Out-File -FilePath $global:reportPath
    Write-Host "Report generated and saved to: $global:reportPath" -ForegroundColor Green
}

# Main program loop
$allResults = @{}

do {
    Show-Menu
    $choice = Read-Host "`nEnter your choice (1-9)"

    switch ($choice) {
        "1" { $allResults.AllGPOs = Analyze-AllGPOs }
        "2" { $allResults.UnlinkedGPOs = Find-UnlinkedGPOs }
        "3" { $allResults.EmptyGPOs = Identify-EmptyGPOs }
        "4" { $allResults.ConflictingSettings = Check-ConflictingGPOSettings }
        "5" { $allResults.GPOLinks = Analyze-GPOLinks }
        "6" { $allResults.GPOPermissions = Review-GPOPermissions }
        "7" { $allResults.GPOVersions = Check-GPOVersions }
        "8" { Generate-HTMLReport -AllResults $allResults }
        "9" { Write-Host "Exiting program..." -ForegroundColor Yellow; break }
        default { Write-Host "Invalid choice. Please try again." -ForegroundColor Red }
    }

    if ($choice -ne "9") {
        Read-Host "`nPress Enter to continue..."
    }
} while ($choice -ne "9")

This Active Directory Group Policy Analyzer includes:

  1. A menu-driven interface for easy navigation.
  2. Functions to analyze various aspects of Group Policy Objects:
    • Overview of all GPOs
    • Identification of unlinked GPOs
    • Detection of GPOs with no settings
    • Analysis of potentially conflicting GPO settings
    • Review of GPO links across the domain
    • Examination of GPO permissions
    • Checking of GPO version numbers
  3. Comprehensive error handling for each analysis function.
  4. A function to generate an HTML report of all collected data.

Key features:

  • Detailed analysis of GPO configurations and links
  • Identification of potential issues like unlinked or empty GPOs
  • Detection of conflicting policy settings
  • Review of GPO permissions for security analysis
  • Version number checks to identify potential replication issues

This tool is particularly useful for:

  • Active Directory administrators managing complex GPO environments
  • IT auditors reviewing Group Policy configurations
  • System administrators troubleshooting Group Policy issues

To use this script effectively:

  1. Run PowerShell as an administrator
  2. Ensure you have the necessary permissions to query GPOs in your domain
  3. Have the GroupPolicy and ActiveDirectory PowerShell modules installed

This script provides a comprehensive overview of Group Policy configurations in an Active Directory environment, making it easier to identify issues, inconsistencies, or security concerns related to GPOs. It can significantly streamline the process of auditing and maintaining Group Policies in large or complex AD environments.

Advanced Network Configuration Analyzer

/0 Comments/in /by 

<#
.SYNOPSIS
Advanced Network Configuration Analyzer

.DESCRIPTION
This script analyzes network configurations across multiple servers or workstations in a domain environment.
It provides detailed information about IP configurations, firewall rules, network adapters, DNS settings, and more.

.NOTES
File Name      : AdvancedNetworkConfigAnalyzer.ps1
Author         : [Your Name]
Prerequisite   : PowerShell V5.1 or later, Active Directory module, and appropriate permissions
Version        : 1.0
Date           : [Current Date]

.EXAMPLE
.\AdvancedNetworkConfigAnalyzer.ps1
#>

# Import required modules
Import-Module ActiveDirectory

# Global variables
$global:reportPath = "$env:USERPROFILE\Desktop\Network_Config_Report_$(Get-Date -Format 'yyyyMMdd_HHmmss').html"

<#
.SYNOPSIS
Displays the main menu of the tool.
#>
function Show-Menu {
    Clear-Host
    Write-Host "=== Advanced Network Configuration Analyzer ===" -ForegroundColor Cyan
    Write-Host "1. Analyze IP Configurations"
    Write-Host "2. Examine Firewall Rules"
    Write-Host "3. Inspect Network Adapters"
    Write-Host "4. Check DNS Settings"
    Write-Host "5. Review Network Shares"
    Write-Host "6. Analyze Network Routes"
    Write-Host "7. Check Remote Access Settings"
    Write-Host "8. Generate Comprehensive HTML Report"
    Write-Host "9. Exit"
}

<#
.SYNOPSIS
Gets a list of computers to analyze.

.OUTPUTS
Array of computer names.
#>
function Get-TargetComputers {
    $option = Read-Host "Analyze (A)ll domain computers, (S)pecific computers, or (F)ile input? (A/S/F)"
    switch ($option.ToUpper()) {
        "A" {
            return (Get-ADComputer -Filter * | Select-Object -ExpandProperty Name)
        }
        "S" {
            $computers = @()
            do {
                $computer = Read-Host "Enter computer name (or press Enter to finish)"
                if ($computer -ne "") { $computers += $computer }
            } while ($computer -ne "")
            return $computers
        }
        "F" {
            $filePath = Read-Host "Enter the path to the file containing computer names"
            return (Get-Content $filePath)
        }
        default {
            Write-Host "Invalid option. Defaulting to all domain computers." -ForegroundColor Yellow
            return (Get-ADComputer -Filter * | Select-Object -ExpandProperty Name)
        }
    }
}

<#
.SYNOPSIS
Analyzes IP configurations of target computers.

.PARAMETER Computers
Array of computer names to analyze.

.OUTPUTS
Array of PSObjects containing IP configuration details.
#>
function Analyze-IPConfigurations {
    param([string[]]$Computers)

    Write-Host "`nAnalyzing IP Configurations..." -ForegroundColor Yellow
    $results = @()
    foreach ($computer in $Computers) {
        try {
            $ipConfig = Invoke-Command -ComputerName $computer -ScriptBlock {
                Get-NetIPConfiguration | Select-Object InterfaceAlias, IPv4Address, IPv4DefaultGateway, DNSServer
            } -ErrorAction Stop

            $results += [PSCustomObject]@{
                ComputerName = $computer
                IPConfigurations = $ipConfig
            }
        }
        catch {
            Write-Host "Error analyzing $computer : $_" -ForegroundColor Red
        }
    }
    return $results
}

<#
.SYNOPSIS
Examines firewall rules on target computers.

.PARAMETER Computers
Array of computer names to analyze.

.OUTPUTS
Array of PSObjects containing firewall rule details.
#>
function Examine-FirewallRules {
    param([string[]]$Computers)

    Write-Host "`nExamining Firewall Rules..." -ForegroundColor Yellow
    $results = @()
    foreach ($computer in $Computers) {
        try {
            $firewallRules = Invoke-Command -ComputerName $computer -ScriptBlock {
                Get-NetFirewallRule | Where-Object Enabled -eq 'True' | 
                Select-Object Name, DisplayName, Direction, Action, Profile
            } -ErrorAction Stop

            $results += [PSCustomObject]@{
                ComputerName = $computer
                FirewallRules = $firewallRules
            }
        }
        catch {
            Write-Host "Error examining firewall rules on $computer : $_" -ForegroundColor Red
        }
    }
    return $results
}

<#
.SYNOPSIS
Inspects network adapters on target computers.

.PARAMETER Computers
Array of computer names to analyze.

.OUTPUTS
Array of PSObjects containing network adapter details.
#>
function Inspect-NetworkAdapters {
    param([string[]]$Computers)

    Write-Host "`nInspecting Network Adapters..." -ForegroundColor Yellow
    $results = @()
    foreach ($computer in $Computers) {
        try {
            $adapters = Invoke-Command -ComputerName $computer -ScriptBlock {
                Get-NetAdapter | Select-Object Name, InterfaceDescription, Status, LinkSpeed, MacAddress
            } -ErrorAction Stop

            $results += [PSCustomObject]@{
                ComputerName = $computer
                NetworkAdapters = $adapters
            }
        }
        catch {
            Write-Host "Error inspecting network adapters on $computer : $_" -ForegroundColor Red
        }
    }
    return $results
}

<#
.SYNOPSIS
Checks DNS settings on target computers.

.PARAMETER Computers
Array of computer names to analyze.

.OUTPUTS
Array of PSObjects containing DNS setting details.
#>
function Check-DNSSettings {
    param([string[]]$Computers)

    Write-Host "`nChecking DNS Settings..." -ForegroundColor Yellow
    $results = @()
    foreach ($computer in $Computers) {
        try {
            $dnsSettings = Invoke-Command -ComputerName $computer -ScriptBlock {
                Get-DnsClientServerAddress | Select-Object InterfaceAlias, ServerAddresses
            } -ErrorAction Stop

            $results += [PSCustomObject]@{
                ComputerName = $computer
                DNSSettings = $dnsSettings
            }
        }
        catch {
            Write-Host "Error checking DNS settings on $computer : $_" -ForegroundColor Red
        }
    }
    return $results
}

<#
.SYNOPSIS
Reviews network shares on target computers.

.PARAMETER Computers
Array of computer names to analyze.

.OUTPUTS
Array of PSObjects containing network share details.
#>
function Review-NetworkShares {
    param([string[]]$Computers)

    Write-Host "`nReviewing Network Shares..." -ForegroundColor Yellow
    $results = @()
    foreach ($computer in $Computers) {
        try {
            $shares = Invoke-Command -ComputerName $computer -ScriptBlock {
                Get-SmbShare | Select-Object Name, Path, Description
            } -ErrorAction Stop

            $results += [PSCustomObject]@{
                ComputerName = $computer
                NetworkShares = $shares
            }
        }
        catch {
            Write-Host "Error reviewing network shares on $computer : $_" -ForegroundColor Red
        }
    }
    return $results
}

<#
.SYNOPSIS
Analyzes network routes on target computers.

.PARAMETER Computers
Array of computer names to analyze.

.OUTPUTS
Array of PSObjects containing network route details.
#>
function Analyze-NetworkRoutes {
    param([string[]]$Computers)

    Write-Host "`nAnalyzing Network Routes..." -ForegroundColor Yellow
    $results = @()
    foreach ($computer in $Computers) {
        try {
            $routes = Invoke-Command -ComputerName $computer -ScriptBlock {
                Get-NetRoute | Select-Object DestinationPrefix, NextHop, RouteMetric, InterfaceAlias
            } -ErrorAction Stop

            $results += [PSCustomObject]@{
                ComputerName = $computer
                NetworkRoutes = $routes
            }
        }
        catch {
            Write-Host "Error analyzing network routes on $computer : $_" -ForegroundColor Red
        }
    }
    return $results
}

<#
.SYNOPSIS
Checks remote access settings on target computers.

.PARAMETER Computers
Array of computer names to analyze.

.OUTPUTS
Array of PSObjects containing remote access setting details.
#>
function Check-RemoteAccessSettings {
    param([string[]]$Computers)

    Write-Host "`nChecking Remote Access Settings..." -ForegroundColor Yellow
    $results = @()
    foreach ($computer in $Computers) {
        try {
            $remoteAccess = Invoke-Command -ComputerName $computer -ScriptBlock {
                $rdp = (Get-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server' -Name "fDenyTSConnections").fDenyTSConnections
                $psRemoting = Get-PSSessionConfiguration | Select-Object -First 1 -ExpandProperty Enabled
                [PSCustomObject]@{
                    RDPEnabled = if ($rdp -eq 0) { $true } else { $false }
                    PSRemotingEnabled = $psRemoting
                }
            } -ErrorAction Stop

            $results += [PSCustomObject]@{
                ComputerName = $computer
                RemoteAccessSettings = $remoteAccess
            }
        }
        catch {
            Write-Host "Error checking remote access settings on $computer : $_" -ForegroundColor Red
        }
    }
    return $results
}

<#
.SYNOPSIS
Generates a comprehensive HTML report of all analyses.

.PARAMETER AllResults
Hashtable containing all analysis results.

.OUTPUTS
Saves an HTML report to the desktop.
#>
function Generate-HTMLReport {
    param([hashtable]$AllResults)

    Write-Host "`nGenerating Comprehensive HTML Report..." -ForegroundColor Yellow
    $reportContent = @"
<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>Advanced Network Configuration Report</title>
    <style>
        body { font-family: Arial, sans-serif; line-height: 1.6; color: #333; max-width: 1200px; margin: 0 auto; padding: 20px; }
        h1, h2, h3 { color: #0078D4; }
        table { border-collapse: collapse; width: 100%; margin-bottom: 20px; }
        th, td { border: 1px solid #ddd; padding: 8px; text-align: left; }
        th { background-color: #f2f2f2; }
    </style>
</head>
<body>
    <h1>Advanced Network Configuration Report</h1>
    <p>Generated on: $(Get-Date)</p>

    <h2>IP Configurations</h2>
    $($AllResults.IPConfigurations | ConvertTo-Html -Fragment)

    <h2>Firewall Rules</h2>
    $($AllResults.FirewallRules | ConvertTo-Html -Fragment)

    <h2>Network Adapters</h2>
    $($AllResults.NetworkAdapters | ConvertTo-Html -Fragment)

    <h2>DNS Settings</h2>
    $($AllResults.DNSSettings | ConvertTo-Html -Fragment)

    <h2>Network Shares</h2>
    $($AllResults.NetworkShares | ConvertTo-Html -Fragment)

    <h2>Network Routes</h2>
    $($AllResults.NetworkRoutes | ConvertTo-Html -Fragment)

    <h2>Remote Access Settings</h2>
    $($AllResults.RemoteAccessSettings | ConvertTo-Html -Fragment)
</body>
</html>
"@

    $reportContent | Out-File -FilePath $global:reportPath
    Write-Host "Report generated and saved to: $global:reportPath" -ForegroundColor Green
}

# Main program loop
$targetComputers = Get-TargetComputers
$allResults = @{}

do {
    Show-Menu
    $choice = Read-Host "`nEnter your choice (1-9)"

    switch ($choice) {
        "1" { $allResults.IPConfigurations = Analyze-IPConfigurations -Computers $targetComputers }
        "2" { $allResults.FirewallRules = Examine-FirewallRules -Computers $targetComputers }
        "3" { $allResults.NetworkAdapters = Inspect-NetworkAdapters -Computers $targetComputers }
        "4" { $allResults.DNSSettings = Check-DNSSettings -Computers $targetComputers }
        "5" { $allResults.NetworkShares = Review-NetworkShares -Computers $targetComputers }
        "6" { $allResults.NetworkRoutes = Analyze-NetworkRoutes -Computers $targetComputers }
        "7" { $allResults.RemoteAccessSettings = Check-RemoteAccessSettings -Computers $targetComputers }
        "8" { Generate-HTMLReport -AllResults $allResults }
        "9" { Write-Host "Exiting program..." -ForegroundColor Yellow; break }
        default { Write-Host "Invalid choice. Please try again." -ForegroundColor Red }
    }

    if ($choice -ne "9") {
        Read-Host "`nPress Enter to continue..."
    }
} while ($choice -ne "9")

This Advanced Network Configuration Analyzer includes:

  1. A menu-driven interface for easy navigation.
  2. Functions to analyze various aspects of network configuration:
    • IP Configurations
    • Firewall Rules
    • Network Adapters
    • DNS Settings
    • Network Shares
    • Network Routes
    • Remote Access Settings
  3. The ability to target all domain computers, specific computers, or read from a file.
  4. Comprehensive error handling for each analysis function.
  5. A function to generate an HTML report of all collected data.

Key features:

  • Flexible target selection (all domain computers, specific computers, or from a file)
  • Detailed analysis of various network configuration aspects
  • Error handling to ensure the script continues even if some computers are unreachable
  • HTML report generation for easy sharing and viewing of results

This tool is particularly useful for:

  • Network administrators managing multiple servers or workstations
  • Security auditors reviewing network configurations across an organization
  • IT professionals troubleshooting network issues in a domain environment

To use this script effectively:

  1. Run PowerShell as an administrator
  2. Ensure you have the necessary permissions to query the target computers
  3. Have the Active Directory module installed if you plan to query all domain computers

This script provides a comprehensive overview of network configurations across multiple machines, making it easier to identify inconsistencies, security issues, or misconfigurations in a network environment.

Expert Active Directory Monitoring Tool

/0 Comments/in /by 
<#
.SYNOPSIS
Expert Active Directory Monitoring Tool

.DESCRIPTION
This script provides comprehensive monitoring and analysis capabilities for on-premises Active Directory environments.
It covers various aspects including health checks, security audits, performance analysis, and configuration reviews.

.NOTES
File Name      : ExpertADMonitoringTool.ps1
Author         : [Your Name]
Prerequisite   : PowerShell V5.1 or later, ActiveDirectory, GroupPolicy, and DnsServer modules
Version        : 1.0
Date           : [Current Date]

.EXAMPLE
.\ExpertADMonitoringTool.ps1
#>

# Import required modules
Import-Module ActiveDirectory
Import-Module GroupPolicy
Import-Module DnsServer

# Global variables
$global:reportPath = "$env:USERPROFILE\Desktop\AD_Expert_Report_$(Get-Date -Format 'yyyyMMdd_HHmmss').html"
$global:criticalEvents = @()

<#
.SYNOPSIS
Displays the main menu of the tool.
#>
function Show-Menu {
    Clear-Host
    Write-Host "=== Expert Active Directory Monitoring Tool ===" -ForegroundColor Cyan
    Write-Host "1.  Comprehensive Health Check"
    Write-Host "2.  Security Audit"
    Write-Host "3.  Performance Analysis"
    Write-Host "4.  Replication Diagnostics"
    Write-Host "5.  DNS Health Check"
    Write-Host "6.  FSMO Roles and Site Topology Analysis"
    Write-Host "7.  Group Policy Assessment"
    Write-Host "8.  User and Computer Account Analysis"
    Write-Host "9.  Active Directory Database and SYSVOL Analysis"
    Write-Host "10. Trust Relationship Verification"
    Write-Host "11. Active Directory Backup Status"
    Write-Host "12. Generate Comprehensive HTML Report"
    Write-Host "13. Exit"
}

<#
.SYNOPSIS
Performs a comprehensive health check on all domain controllers.

.DESCRIPTION
This function runs dcdiag tests on all domain controllers to check various aspects of AD health.

.OUTPUTS
Array of PSObjects containing health check results for each domain controller.
#>
function Comprehensive-HealthCheck {
    Write-Host "`nPerforming Comprehensive Health Check..." -ForegroundColor Yellow
    $results = @()
    $dcs = Get-ADDomainController -Filter *
    foreach ($dc in $dcs) {
        $dcdiag = Invoke-Command -ComputerName $dc.HostName -ScriptBlock {
            dcdiag /test:services /test:replications /test:advertising /test:fsmocheck /test:ridmanager /test:machineaccount /test:outboundSecureChannels /test:netlogons /test:systemlog /test:kccevent /test:frssysvol /test:frsevent
        } -ErrorAction SilentlyContinue
        $results += [PSCustomObject]@{
            Name = $dc.HostName
            Services = if ($dcdiag -match "passed test Services") { "Passed" } else { "Failed" }
            Replications = if ($dcdiag -match "passed test Replications") { "Passed" } else { "Failed" }
            Advertising = if ($dcdiag -match "passed test Advertising") { "Passed" } else { "Failed" }
            FSMORoles = if ($dcdiag -match "passed test FsmoCheck") { "Passed" } else { "Failed" }
            RidManager = if ($dcdiag -match "passed test RidManager") { "Passed" } else { "Failed" }
            MachineAccount = if ($dcdiag -match "passed test MachineAccount") { "Passed" } else { "Failed" }
            OutboundSecureChannels = if ($dcdiag -match "passed test OutboundSecureChannels") { "Passed" } else { "Failed" }
            Netlogons = if ($dcdiag -match "passed test NetLogons") { "Passed" } else { "Failed" }
            SystemLog = if ($dcdiag -match "passed test SystemLog") { "Passed" } else { "Failed" }
            KccEvent = if ($dcdiag -match "passed test KccEvent") { "Passed" } else { "Failed" }
            FrsSysVol = if ($dcdiag -match "passed test FrsSysVol") { "Passed" } else { "Failed" }
            FrsEvent = if ($dcdiag -match "passed test FrsEvent") { "Passed" } else { "Failed" }
        }
    }
    $results | Format-Table -AutoSize
    return $results
}

<#
.SYNOPSIS
Performs a security audit of the Active Directory environment.

.DESCRIPTION
This function checks for various security-related issues such as inactive accounts,
non-expiring passwords, empty groups, and dormant computer accounts.

.OUTPUTS
Array of PSObjects containing security audit results.
#>
function Security-Audit {
    Write-Host "`nPerforming Security Audit..." -ForegroundColor Yellow
    $securityResults = @()
    
    # Check for inactive accounts
    $inactiveUsers = Get-ADUser -Filter {Enabled -eq $true} -Properties LastLogonDate | 
                     Where-Object {$_.LastLogonDate -lt (Get-Date).AddDays(-90)}
    $securityResults += [PSCustomObject]@{
        Check = "Inactive User Accounts"
        Result = "$($inactiveUsers.Count) accounts inactive for 90+ days"
    }

    # Check for accounts with non-expiring passwords
    $nonExpiringPasswords = Get-ADUser -Filter {Enabled -eq $true -and PasswordNeverExpires -eq $true} | 
                            Measure-Object | Select-Object -ExpandProperty Count
    $securityResults += [PSCustomObject]@{
        Check = "Non-expiring Passwords"
        Result = "$nonExpiringPasswords accounts"
    }

    # Check for empty groups
    $emptyGroups = Get-ADGroup -Filter * | 
                   Where-Object {-not (Get-ADGroupMember -Identity $_ -Recursive)} | 
                   Measure-Object | Select-Object -ExpandProperty Count
    $securityResults += [PSCustomObject]@{
        Check = "Empty Groups"
        Result = "$emptyGroups groups"
    }

    # Check for dormant computer accounts
    $dormantComputers = Get-ADComputer -Filter {Enabled -eq $true} -Properties LastLogonDate | 
                        Where-Object {$_.LastLogonDate -lt (Get-Date).AddDays(-90)} | 
                        Measure-Object | Select-Object -ExpandProperty Count
    $securityResults += [PSCustomObject]@{
        Check = "Dormant Computer Accounts"
        Result = "$dormantComputers accounts inactive for 90+ days"
    }

    # Check for users with admin rights
    $admins = Get-ADGroupMember "Domain Admins" -Recursive | 
              Measure-Object | Select-Object -ExpandProperty Count
    $securityResults += [PSCustomObject]@{
        Check = "Domain Admins Count"
        Result = "$admins users"
    }

    $securityResults | Format-Table -AutoSize
    return $securityResults
}

<#
.SYNOPSIS
Analyzes the performance of domain controllers.

.DESCRIPTION
This function checks CPU usage, memory usage, and free disk space on all domain controllers.

.OUTPUTS
Array of PSObjects containing performance metrics for each domain controller.
#>
function Performance-Analysis {
    Write-Host "`nPerforming Performance Analysis..." -ForegroundColor Yellow
    $perfResults = @()
    $dcs = Get-ADDomainController -Filter *
    foreach ($dc in $dcs) {
        $cpu = Get-WmiObject Win32_Processor -ComputerName $dc.HostName | 
               Measure-Object -Property LoadPercentage -Average | 
               Select-Object -ExpandProperty Average
        $memory = Get-WmiObject Win32_OperatingSystem -ComputerName $dc.HostName | 
                  Select-Object @{Name="MemoryUsage";Expression={"{0:N2}" -f ((($_.TotalVisibleMemorySize - $_.FreePhysicalMemory)*100)/ $_.TotalVisibleMemorySize)}}
        $disk = Get-WmiObject Win32_LogicalDisk -ComputerName $dc.HostName -Filter "DeviceID='C:'" | 
                Select-Object @{Name="FreeSpace";Expression={"{0:N2}" -f ($_.FreeSpace/1GB)}}
        $perfResults += [PSCustomObject]@{
            Name = $dc.HostName
            CPUUsage = "$cpu%"
            MemoryUsage = "$($memory.MemoryUsage)%"
            FreeDiskSpace = "$($disk.FreeSpace) GB"
        }
    }
    $perfResults | Format-Table -AutoSize
    return $perfResults
}

<#
.SYNOPSIS
Performs replication diagnostics.

.DESCRIPTION
This function checks for replication failures between domain controllers.

.OUTPUTS
Array of PSObjects containing replication failure details, if any.
#>
function Replication-Diagnostics {
    Write-Host "`nPerforming Replication Diagnostics..." -ForegroundColor Yellow
    $replResults = @()
    $repl = repadmin /showrepl * /csv | ConvertFrom-Csv
    $failedReplications = $repl | Where-Object { $_."Number of Failures" -ne "0" }
    if ($failedReplications) {
        foreach ($failure in $failedReplications) {
            $replResults += [PSCustomObject]@{
                SourceDC = $failure."Source DC"
                DestinationDC = $failure."Destination DC"
                FailureCount = $failure."Number of Failures"
                LastFailureTime = $failure."Last Failure Time"
            }
        }
    } else {
        $replResults += [PSCustomObject]@{
            Status = "No replication failures detected"
        }
    }
    $replResults | Format-Table -AutoSize
    return $replResults
}

<#
.SYNOPSIS
Checks the health of DNS servers.

.DESCRIPTION
This function analyzes DNS zones and statistics on all domain controllers.

.OUTPUTS
Array of PSObjects containing DNS health information for each domain controller.
#>
function DNS-HealthCheck {
    Write-Host "`nPerforming DNS Health Check..." -ForegroundColor Yellow
    $dnsResults = @()
    $dnsServers = Get-ADDomainController -Filter * | Select-Object -ExpandProperty HostName
    foreach ($server in $dnsServers) {
        $zones = Get-DnsServerZone -ComputerName $server
        foreach ($zone in $zones) {
            $stats = Get-DnsServerStatistics -ComputerName $server -ZoneName $zone.ZoneName
            $dnsResults += [PSCustomObject]@{
                Server = $server
                Zone = $zone.ZoneName
                RecordCount = $zone.ZoneStatistics.RecordCount
                Queries = $stats.QueriesReceived
                Failures = $stats.QueriesFailure
            }
        }
    }
    $dnsResults | Format-Table -AutoSize
    return $dnsResults
}

<#
.SYNOPSIS
Analyzes FSMO roles and site topology.

.DESCRIPTION
This function identifies FSMO role holders and provides an overview of AD sites and subnets.

.OUTPUTS
Array of PSObjects containing FSMO role information and site topology details.
#>
function FSMO-SiteTopologyAnalysis {
    Write-Host "`nAnalyzing FSMO Roles and Site Topology..." -ForegroundColor Yellow
    $fsmoResults = @()
    $forest = Get-ADForest
    $domain = Get-ADDomain
    $fsmoResults += [PSCustomObject]@{
        Role = "Schema Master"
        Holder = $forest.SchemaMaster
    }
    $fsmoResults += [PSCustomObject]@{
        Role = "Domain Naming Master"
        Holder = $forest.DomainNamingMaster
    }
    $fsmoResults += [PSCustomObject]@{
        Role = "PDC Emulator"
        Holder = $domain.PDCEmulator
    }
    $fsmoResults += [PSCustomObject]@{
        Role = "RID Master"
        Holder = $domain.RIDMaster
    }
    $fsmoResults += [PSCustomObject]@{
        Role = "Infrastructure Master"
        Holder = $domain.InfrastructureMaster
    }
    
    $fsmoResults | Format-Table -AutoSize

    Write-Host "`nSite Topology:" -ForegroundColor Yellow
    $sites = Get-ADReplicationSite -Filter *
    foreach ($site in $sites) {
        Write-Host "Site: $($site.Name)"
        $subnets = Get-ADReplicationSubnet -Filter * | Where-Object {$_.Site -eq $site.DistinguishedName}
        foreach ($subnet in $subnets) {
            Write-Host "  Subnet: $($subnet.Name)"
        }
        $siteLinks = Get-ADReplicationSiteLink -Filter * | Where-Object {$_.SitesIncluded -contains $site.DistinguishedName}
        foreach ($link in $siteLinks) {
            Write-Host "  Site Link: $($link.Name)"
        }
    }
    return $fsmoResults, $sites
}

<#
.SYNOPSIS
Assesses Group Policy Objects.

.DESCRIPTION
This function analyzes all GPOs, including their creation time, modification time, and number of settings.

.OUTPUTS
Array of PSObjects containing GPO assessment results.
#>
function GroupPolicy-Assessment {
    Write-Host "`nPerforming Group Policy Assessment..." -ForegroundColor Yellow
    $gpoResults = @()
    $allGPOs = Get-GPO -All
    foreach ($gpo in $allGPOs) {
        $report = Get-GPOReport -Guid $gpo.Id -ReportType XML
        $settings = ([xml]$report).GPO.Computer.ExtensionData.Extension.Policy | Measure-Object | Select-Object -ExpandProperty Count
        $settings += ([xml]$report).GPO.User.ExtensionData.Extension.Policy | Measure-Object | Select-Object -ExpandProperty Count
        $gpoResults += [PSCustomObject]@{
            Name = $gpo.DisplayName
            CreationTime = $gpo.CreationTime
            ModificationTime = $gpo.ModificationTime
            SettingsCount = $settings
        }
    }
    $gpoResults | Format-Table -AutoSize
    return $gpoResults
}

<#
.SYNOPSIS
Analyzes user and computer accounts.

.DESCRIPTION
This function provides statistics on user and computer accounts, including active/inactive counts and OS versions.

.OUTPUTS
PSObject containing user and computer account analysis results.
#>
function UserComputer-AccountAnalysis {
    Write-Host "`nPerforming User and Computer Account Analysis..." -ForegroundColor Yellow
    $users = Get-ADUser -Filter * -Properties LastLogonDate, PasswordLastSet
    $computers = Get-ADComputer -Filter * -Properties LastLogonDate, OperatingSystem

    $analysis = [PSCustomObject]@{
        TotalUsers = $users.Count
        ActiveUsers = ($users | Where-Object {$_.Enabled -eq $true}).Count
        InactiveUsers = ($users | Where-Object {$_.LastLogonDate -lt (Get-Date).AddDays(-90)}).Count
        PasswordNeverExpires = ($users | Where-Object {$_.PasswordNeverExpires -eq $true}).Count
        TotalComputers = $computers.Count
        ActiveComputers = ($computers | Where-Object {$_.Enabled -eq $true}).Count
        InactiveComputers = ($computers | Where-Object {$_.LastLogonDate -lt (Get-Date).AddDays(-90)}).Count
        Windows10Computers = ($computers | Where-Object {$_.OperatingSystem -like "*Windows 10*"}).Count
        Windows11Computers = ($computers | Where-Object {$_.OperatingSystem -like "*Windows 11*"}).Count
        ServerComputers = ($computers | Where-Object {$_.OperatingSystem -like "*Server*"}).Count
    }

    $analysis | Format-List
    return $analysis
}

<#
.SYNOPSIS
Analyzes Active Directory database and SYSVOL.

.DESCRIPTION
This function checks the size of NTDS.dit and SYSVOL on each domain controller.

.OUTPUTS
Array of PSObjects containing AD database and SYSVOL size information for each domain controller.
#>
function ADDB-SYSVOLAnalysis {
    Write-Host "`nPerforming Active Directory Database and SYSVOL Analysis..." -ForegroundColor Yellow
    $dcs = Get-ADDomainController -Filter *
    $results = @()
    foreach ($dc in $dcs) {
        $ntdsPath = Invoke-Command -ComputerName $dc.HostName -ScriptBlock {
            (Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Services\NTDS\Parameters").DatabasePath
        }
        $ntdsSize = Invoke-Command -ComputerName $dc.HostName -ScriptBlock {
            (Get-ChildItem $using:ntdsPath\ntds.dit).Length / 1GB
        }
        $sysvolSize = Invoke-Command -ComputerName $dc.HostName -ScriptBlock {
            (Get-ChildItem C:\Windows\SYSVOL -Recurse | Measure-Object -Property Length -Sum).Sum / 1GB
        }
        $results += [PSCustomObject]@{
            DomainController = $dc.HostName
            NTDSSize = "{0:N2} GB" -f $ntdsSize
            SYSVOLSize = "{0:N2} GB" -f $sysvolSize
        }
    }
    $results | Format-Table -AutoSize
    return $results
}

<#
.SYNOPSIS
Verifies trust relationships.

.DESCRIPTION
This function checks the health of all trust relationships in the forest.

.OUTPUTS
Array of PSObjects containing trust relationship status information.
#>
function Verify-TrustRelationships {
    Write-Host "`nVerifying Trust Relationships..." -ForegroundColor Yellow
    $trusts = Get-ADTrust -Filter *
    $results = @()
    foreach ($trust in $trusts) {
        $status = Test-ComputerSecureChannel -Server $trust.Name
        $results += [PSCustomObject]@{
            TrustPartner = $trust.Name
            Direction = $trust.Direction
            Status = if ($status) { "Healthy" } else { "Unhealthy" }
        }
    }
    $results | Format-Table -AutoSize
    return $results
}

<#
.SYNOPSIS
Checks Active Directory backup status.

.DESCRIPTION
This function retrieves the last successful backup date for each domain controller.

.OUTPUTS
Array of PSObjects containing backup status information for each domain controller.
#>
function Check-ADBackupStatus {
    Write-Host "`nChecking Active Directory Backup Status..." -ForegroundColor Yellow
    $dcs = Get-ADDomainController -Filter *
    $results = @()
    foreach ($dc in $dcs) {
        $backupStatus = Invoke-Command -ComputerName $dc.HostName -ScriptBlock {
            repadmin /showbackup
        }
        $lastBackupDate = if ($backupStatus -match "Last successful backup") {
            ($backupStatus -split "`n" | Select-String "Last successful backup").ToString().Split(":")[1].Trim()
        } else {
            "No backup information found"
        }
        $results += [PSCustomObject]@{
            DomainController = $dc.HostName
            LastBackup = $lastBackupDate
        }
    }
    $results | Format-Table -AutoSize
    return $results
}

<#
.SYNOPSIS
Generates a comprehensive HTML report.

.DESCRIPTION
This function compiles all the analysis results into a single HTML report.

.OUTPUTS
Saves an HTML report to the desktop.
#>
function Generate-HTMLReport {
    Write-Host "`nGenerating Comprehensive HTML Report..." -ForegroundColor Yellow
    $reportContent = @"
<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>Active Directory Expert Report</title>
    <style>
        body { font-family: Arial, sans-serif; line-height: 1.6; color: #333; max-width: 1200px; margin: 0 auto; padding: 20px; }
        h1, h2 { color: #0078D4; }
        table { border-collapse: collapse; width: 100%; margin-bottom: 20px; }
        th, td { border: 1px solid #ddd; padding: 8px; text-align: left; }
        th { background-color: #f2f2f2; }
    </style>
</head>
<body>
    <h1>Active Directory Expert Report</h1>
    <p>Generated on: $(Get-Date)</p>

    <h2>Comprehensive Health Check</h2>
    $($healthCheck | ConvertTo-Html -Fragment)

    <h2>Security Audit</h2>
    $($securityAudit | ConvertTo-Html -Fragment)

    <h2>Performance Analysis</h2>
    $($performanceAnalysis | ConvertTo-Html -Fragment)

    <h2>Replication Diagnostics</h2>
    $($replicationDiagnostics | ConvertTo-Html -Fragment)

    <h2>DNS Health Check</h2>
    $($dnsHealth | ConvertTo-Html -Fragment)

    <h2>FSMO Roles and Site Topology</h2>
    $($fsmoAnalysis | ConvertTo-Html -Fragment)

    <h2>Group Policy Assessment</h2>
    $($gpoAssessment | ConvertTo-Html -Fragment)

    <h2>User and Computer Account Analysis</h2>
    $($accountAnalysis | ConvertTo-Html -Fragment)

    <h2>AD Database and SYSVOL Analysis</h2>
    $($dbAnalysis | ConvertTo-Html -Fragment)

    <h2>Trust Relationships</h2>
    $($trustRelationships | ConvertTo-Html -Fragment)

    <h2>AD Backup Status</h2>
    $($backupStatus | ConvertTo-Html -Fragment)
</body>
</html>
"@

    $reportContent | Out-File -FilePath $global:reportPath
    Write-Host "Report generated and saved to: $global:reportPath" -ForegroundColor Green
}

# Main program loop
do {
    Show-Menu
    $choice = Read-Host "`nEnter your choice (1-13)"

    switch ($choice) {
        "1"  { $healthCheck = Comprehensive-HealthCheck }
        "2"  { $securityAudit = Security-Audit }
        "3"  { $performanceAnalysis = Performance-Analysis }
        "4"  { $replicationDiagnostics = Replication-Diagnostics }
        "5"  { $dnsHealth = DNS-HealthCheck }
        "6"  { $fsmoAnalysis = FSMO-SiteTopologyAnalysis }
        "7"  { $gpoAssessment = GroupPolicy-Assessment }
        "8"  { $accountAnalysis = UserComputer-AccountAnalysis }
        "9"  { $dbAnalysis = ADDB-SYSVOLAnalysis }
        "10" { $trustRelationships = Verify-TrustRelationships }
        "11" { $backupStatus = Check-ADBackupStatus }
        "12" { Generate-HTMLReport }
        "13" { Write-Host "Exiting program..." -ForegroundColor Yellow; break }
        default { Write-Host "Invalid choice. Please try again." -ForegroundColor Red }
    }

    if ($choice -ne "13") {
        Read-Host "`nPress Enter to continue..."
    }
} while ($choice -ne "13")

This well-documented script includes:

  1. A detailed header with synopsis, description, and usage example.
  2. Comments explaining the purpose of each function and its outputs.
  3. Clear and descriptive variable names.
  4. Consistent formatting and indentation for improved readability.
  5. Error handling for critical operations.
  6. A modular structure with separate functions for each major task.
  7. A main program loop that allows users to run individual checks or generate a comprehensive report.

This script is now more maintainable, easier to understand, and can serve as a reference for other administrators or for future modifications. It provides a comprehensive tool for monitoring and analyzing an Active Directory environment, suitable for experienced AD administrators managing complex AD infrastructures.

Active Directory Monitoring Tool – Expert

/0 Comments/in /by 
# Expert Active Directory Monitoring Tool

# Import required modules
Import-Module ActiveDirectory
Import-Module GroupPolicy
Import-Module DnsServer

# Global variables
$global:reportPath = "$env:USERPROFILE\Desktop\AD_Expert_Report_$(Get-Date -Format 'yyyyMMdd_HHmmss').html"
$global:criticalEvents = @()

function Show-Menu {
    Clear-Host
    Write-Host "=== Expert Active Directory Monitoring Tool ===" -ForegroundColor Cyan
    Write-Host "1.  Comprehensive Health Check"
    Write-Host "2.  Security Audit"
    Write-Host "3.  Performance Analysis"
    Write-Host "4.  Replication Diagnostics"
    Write-Host "5.  DNS Health Check"
    Write-Host "6.  FSMO Roles and Site Topology Analysis"
    Write-Host "7.  Group Policy Assessment"
    Write-Host "8.  User and Computer Account Analysis"
    Write-Host "9.  Active Directory Database and SYSVOL Analysis"
    Write-Host "10. Trust Relationship Verification"
    Write-Host "11. Active Directory Backup Status"
    Write-Host "12. Generate Comprehensive HTML Report"
    Write-Host "13. Exit"
}

function Comprehensive-HealthCheck {
    Write-Host "`nPerforming Comprehensive Health Check..." -ForegroundColor Yellow
    $results = @()
    $dcs = Get-ADDomainController -Filter *
    foreach ($dc in $dcs) {
        $dcdiag = Invoke-Command -ComputerName $dc.HostName -ScriptBlock {
            dcdiag /test:services /test:replications /test:advertising /test:fsmocheck /test:ridmanager /test:machineaccount /test:outboundSecureChannels /test:netlogons /test:systemlog /test:kccevent /test:frssysvol /test:frsevent
        } -ErrorAction SilentlyContinue
        $results += [PSCustomObject]@{
            Name = $dc.HostName
            Services = if ($dcdiag -match "passed test Services") { "Passed" } else { "Failed" }
            Replications = if ($dcdiag -match "passed test Replications") { "Passed" } else { "Failed" }
            Advertising = if ($dcdiag -match "passed test Advertising") { "Passed" } else { "Failed" }
            FSMORoles = if ($dcdiag -match "passed test FsmoCheck") { "Passed" } else { "Failed" }
            RidManager = if ($dcdiag -match "passed test RidManager") { "Passed" } else { "Failed" }
            MachineAccount = if ($dcdiag -match "passed test MachineAccount") { "Passed" } else { "Failed" }
            OutboundSecureChannels = if ($dcdiag -match "passed test OutboundSecureChannels") { "Passed" } else { "Failed" }
            Netlogons = if ($dcdiag -match "passed test NetLogons") { "Passed" } else { "Failed" }
            SystemLog = if ($dcdiag -match "passed test SystemLog") { "Passed" } else { "Failed" }
            KccEvent = if ($dcdiag -match "passed test KccEvent") { "Passed" } else { "Failed" }
            FrsSysVol = if ($dcdiag -match "passed test FrsSysVol") { "Passed" } else { "Failed" }
            FrsEvent = if ($dcdiag -match "passed test FrsEvent") { "Passed" } else { "Failed" }
        }
    }
    $results | Format-Table -AutoSize
    return $results
}

function Security-Audit {
    Write-Host "`nPerforming Security Audit..." -ForegroundColor Yellow
    $securityResults = @()
    
    # Check for inactive accounts
    $inactiveUsers = Get-ADUser -Filter {Enabled -eq $true} -Properties LastLogonDate | Where-Object {$_.LastLogonDate -lt (Get-Date).AddDays(-90)}
    $securityResults += [PSCustomObject]@{
        Check = "Inactive User Accounts"
        Result = "$($inactiveUsers.Count) accounts inactive for 90+ days"
    }

    # Check for accounts with non-expiring passwords
    $nonExpiringPasswords = Get-ADUser -Filter {Enabled -eq $true -and PasswordNeverExpires -eq $true} | Measure-Object | Select-Object -ExpandProperty Count
    $securityResults += [PSCustomObject]@{
        Check = "Non-expiring Passwords"
        Result = "$nonExpiringPasswords accounts"
    }

    # Check for empty groups
    $emptyGroups = Get-ADGroup -Filter * | Where-Object {-not (Get-ADGroupMember -Identity $_ -Recursive)} | Measure-Object | Select-Object -ExpandProperty Count
    $securityResults += [PSCustomObject]@{
        Check = "Empty Groups"
        Result = "$emptyGroups groups"
    }

    # Check for dormant computer accounts
    $dormantComputers = Get-ADComputer -Filter {Enabled -eq $true} -Properties LastLogonDate | Where-Object {$_.LastLogonDate -lt (Get-Date).AddDays(-90)} | Measure-Object | Select-Object -ExpandProperty Count
    $securityResults += [PSCustomObject]@{
        Check = "Dormant Computer Accounts"
        Result = "$dormantComputers accounts inactive for 90+ days"
    }

    # Check for users with admin rights
    $admins = Get-ADGroupMember "Domain Admins" -Recursive | Measure-Object | Select-Object -ExpandProperty Count
    $securityResults += [PSCustomObject]@{
        Check = "Domain Admins Count"
        Result = "$admins users"
    }

    $securityResults | Format-Table -AutoSize
    return $securityResults
}

function Performance-Analysis {
    Write-Host "`nPerforming Performance Analysis..." -ForegroundColor Yellow
    $perfResults = @()
    $dcs = Get-ADDomainController -Filter *
    foreach ($dc in $dcs) {
        $cpu = Get-WmiObject Win32_Processor -ComputerName $dc.HostName | Measure-Object -Property LoadPercentage -Average | Select-Object -ExpandProperty Average
        $memory = Get-WmiObject Win32_OperatingSystem -ComputerName $dc.HostName | Select-Object @{Name="MemoryUsage";Expression={"{0:N2}" -f ((($_.TotalVisibleMemorySize - $_.FreePhysicalMemory)*100)/ $_.TotalVisibleMemorySize)}}
        $disk = Get-WmiObject Win32_LogicalDisk -ComputerName $dc.HostName -Filter "DeviceID='C:'" | Select-Object @{Name="FreeSpace";Expression={"{0:N2}" -f ($_.FreeSpace/1GB)}}
        $perfResults += [PSCustomObject]@{
            Name = $dc.HostName
            CPUUsage = "$cpu%"
            MemoryUsage = "$($memory.MemoryUsage)%"
            FreeDiskSpace = "$($disk.FreeSpace) GB"
        }
    }
    $perfResults | Format-Table -AutoSize
    return $perfResults
}

function Replication-Diagnostics {
    Write-Host "`nPerforming Replication Diagnostics..." -ForegroundColor Yellow
    $replResults = @()
    $repl = repadmin /showrepl * /csv | ConvertFrom-Csv
    $failedReplications = $repl | Where-Object { $_."Number of Failures" -ne "0" }
    if ($failedReplications) {
        foreach ($failure in $failedReplications) {
            $replResults += [PSCustomObject]@{
                SourceDC = $failure."Source DC"
                DestinationDC = $failure."Destination DC"
                FailureCount = $failure."Number of Failures"
                LastFailureTime = $failure."Last Failure Time"
            }
        }
    } else {
        $replResults += [PSCustomObject]@{
            Status = "No replication failures detected"
        }
    }
    $replResults | Format-Table -AutoSize
    return $replResults
}

function DNS-HealthCheck {
    Write-Host "`nPerforming DNS Health Check..." -ForegroundColor Yellow
    $dnsResults = @()
    $dnsServers = Get-ADDomainController -Filter * | Select-Object -ExpandProperty HostName
    foreach ($server in $dnsServers) {
        $zones = Get-DnsServerZone -ComputerName $server
        foreach ($zone in $zones) {
            $stats = Get-DnsServerStatistics -ComputerName $server -ZoneName $zone.ZoneName
            $dnsResults += [PSCustomObject]@{
                Server = $server
                Zone = $zone.ZoneName
                RecordCount = $zone.ZoneStatistics.RecordCount
                Queries = $stats.QueriesReceived
                Failures = $stats.QueriesFailure
            }
        }
    }
    $dnsResults | Format-Table -AutoSize
    return $dnsResults
}

function FSMO-SiteTopologyAnalysis {
    Write-Host "`nAnalyzing FSMO Roles and Site Topology..." -ForegroundColor Yellow
    $fsmoResults = @()
    $forest = Get-ADForest
    $domain = Get-ADDomain
    $fsmoResults += [PSCustomObject]@{
        Role = "Schema Master"
        Holder = $forest.SchemaMaster
    }
    $fsmoResults += [PSCustomObject]@{
        Role = "Domain Naming Master"
        Holder = $forest.DomainNamingMaster
    }
    $fsmoResults += [PSCustomObject]@{
        Role = "PDC Emulator"
        Holder = $domain.PDCEmulator
    }
    $fsmoResults += [PSCustomObject]@{
        Role = "RID Master"
        Holder = $domain.RIDMaster
    }
    $fsmoResults += [PSCustomObject]@{
        Role = "Infrastructure Master"
        Holder = $domain.InfrastructureMaster
    }
    
    $fsmoResults | Format-Table -AutoSize

    Write-Host "`nSite Topology:" -ForegroundColor Yellow
    $sites = Get-ADReplicationSite -Filter *
    foreach ($site in $sites) {
        Write-Host "Site: $($site.Name)"
        $subnets = Get-ADReplicationSubnet -Filter * | Where-Object {$_.Site -eq $site.DistinguishedName}
        foreach ($subnet in $subnets) {
            Write-Host "  Subnet: $($subnet.Name)"
        }
        $siteLinks = Get-ADReplicationSiteLink -Filter * | Where-Object {$_.SitesIncluded -contains $site.DistinguishedName}
        foreach ($link in $siteLinks) {
            Write-Host "  Site Link: $($link.Name)"
        }
    }
    return $fsmoResults, $sites
}

function GroupPolicy-Assessment {
    Write-Host "`nPerforming Group Policy Assessment..." -ForegroundColor Yellow
    $gpoResults = @()
    $allGPOs = Get-GPO -All
    foreach ($gpo in $allGPOs) {
        $report = Get-GPOReport -Guid $gpo.Id -ReportType XML
        $settings = ([xml]$report).GPO.Computer.ExtensionData.Extension.Policy | Measure-Object | Select-Object -ExpandProperty Count
        $settings += ([xml]$report).GPO.User.ExtensionData.Extension.Policy | Measure-Object | Select-Object -ExpandProperty Count
        $gpoResults += [PSCustomObject]@{
            Name = $gpo.DisplayName
            CreationTime = $gpo.CreationTime
            ModificationTime = $gpo.ModificationTime
            SettingsCount = $settings
        }
    }
    $gpoResults | Format-Table -AutoSize
    return $gpoResults
}

function UserComputer-AccountAnalysis {
    Write-Host "`nPerforming User and Computer Account Analysis..." -ForegroundColor Yellow
    $users = Get-ADUser -Filter * -Properties LastLogonDate, PasswordLastSet
    $computers = Get-ADComputer -Filter * -Properties LastLogonDate, OperatingSystem

    $analysis = [PSCustomObject]@{
        TotalUsers = $users.Count
        ActiveUsers = ($users | Where-Object {$_.Enabled -eq $true}).Count
        InactiveUsers = ($users | Where-Object {$_.LastLogonDate -lt (Get-Date).AddDays(-90)}).Count
        PasswordNeverExpires = ($users | Where-Object {$_.PasswordNeverExpires -eq $true}).Count
        TotalComputers = $computers.Count
        ActiveComputers = ($computers | Where-Object {$_.Enabled -eq $true}).Count
        InactiveComputers = ($computers | Where-Object {$_.LastLogonDate -lt (Get-Date).AddDays(-90)}).Count
        Windows10Computers = ($computers | Where-Object {$_.OperatingSystem -like "*Windows 10*"}).Count
        Windows11Computers = ($computers | Where-Object {$_.OperatingSystem -like "*Windows 11*"}).Count
        ServerComputers = ($computers | Where-Object {$_.OperatingSystem -like "*Server*"}).Count
    }

    $analysis | Format-List
    return $analysis
}

function ADDB-SYSVOLAnalysis {
    Write-Host "`nPerforming Active Directory Database and SYSVOL Analysis..." -ForegroundColor Yellow
    $dcs = Get-ADDomainController -Filter *
    $results = @()
    foreach ($dc in $dcs) {
        $ntdsPath = Invoke-Command -ComputerName $dc.HostName -ScriptBlock {
            (Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Services\NTDS\Parameters").DatabasePath
        }
        $ntdsSize = Invoke-Command -ComputerName $dc.HostName -ScriptBlock {
            (Get-ChildItem $using:ntdsPath\ntds.dit).Length / 1GB
        }
        $sysvolSize = Invoke-Command -ComputerName $dc.HostName -ScriptBlock {
            (Get-ChildItem C:\Windows\SYSVOL -Recurse | Measure-Object -Property Length -Sum).Sum / 1GB
        }
        $results += [PSCustomObject]@{
            DomainController = $dc.HostName
            NTDSSize = "{0:N2} GB" -f $ntdsSize
            SYSVOLSize = "{0:N2} GB" -f $sysvolSize
        }
    }
    $results | Format-Table -AutoSize
    return $results
}

function Verify-TrustRelationships {
    Write-Host "`nVerifying Trust Relationships..." -ForegroundColor Yellow
    $trusts = Get-ADTrust -Filter *
    $results = @()
    foreach ($trust in $trusts) {
        $status = Test-ComputerSecureChannel -Server $trust.Name
        $results += [PSCustomObject]@{
            TrustPartner = $trust.Name
            Direction = $trust.Direction
            Status = if ($status) { "Healthy" } else { "Unhealthy" }
        }
    }
    $results | Format-Table -AutoSize
    return $results
}

function Check-ADBackupStatus {
    Write-Host "`nChecking Active Directory Backup Status..." -ForegroundColor Yellow
    $dcs = Get-ADDomainController -Filter *
    $results = @()
    foreach ($dc in $dcs) {
        $backupStatus = Invoke-Command -ComputerName $dc.HostName -ScriptBlock {
            repadmin /showbackup
        }
        $lastBackupDate = if ($backupStatus -match "Last successful backup") {
            ($backupStatus -split "`n" | Select-String "Last successful backup").ToString().Split(":")[1].Trim()
        } else {
            "No backup information found"
        }
        $results += [PSCustomObject]@{
            DomainController = $dc.HostName
            LastBackup = $lastBackupDate
        }
    }
    $results | Format-Table -AutoSize
    return $results
}

function Generate-HTMLReport {
    Write-Host "`nGenerating Comprehensive HTML Report..." -ForegroundColor Yellow
    $reportContent = @"
<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>Active Directory Expert Report</title>
    <style>
        body { font-family: Arial, sans-serif; line-height: 1.6; color: #333; max-width: 1200px; margin: 0 auto; padding: 20px; }
        h1, h2 { color: #0078D4; }
        table { border-collapse: collapse; width: 100%; margin-bottom: 20px; }
        th, td { border: 1px solid #ddd; padding: 8px; text-align: left; }
        th { background-color: #f2f2f2; }
    </style>
</head>
<body>
    <h1>Active Directory Expert Report</h1>
    <p>Generated on: $(Get-Date)</p>

    <h2>Comprehensive Health Check</h2>
    $($healthCheck | ConvertTo-Html -Fragment)

    <h2>Security Audit</h2>
    $($securityAudit | ConvertTo-Html -Fragment)

    <h2>Performance Analysis</h2>
    $($performanceAnalysis | ConvertTo-Html -Fragment)

    <h2>Replication Diagnostics</h2>
    $($replicationDiagnostics | ConvertTo-Html -Fragment)

    <h2>DNS Health Check</h2>
    $($dnsHealth | ConvertTo-Html -Fragment)

    <h2>FSMO Roles and Site Topology</h2>
    $($fsmoAnalysis | ConvertTo-Html -Fragment)

    <h2>Group Policy Assessment</h2>
    $($gpoAssessment | ConvertTo-Html -Fragment)

    <h2>User and Computer Account Analysis</h2>
    $($accountAnalysis | ConvertTo-Html -Fragment)

    <h2>AD Database and SYSVOL Analysis</h2>
    $($dbAnalysis | ConvertTo-Html -Fragment)

    <h2>Trust Relationships</h2>
    $($trustRelationships | ConvertTo-Html -Fragment)

    <h2>AD Backup Status</h2>
    $($backupStatus | ConvertTo-Html -Fragment)
</body>
</html>
"@

    $reportContent | Out-File -FilePath $global:reportPath
    Write-Host "Report generated and saved to: $global:reportPath" -ForegroundColor Green
}

# Main program loop
do {
    Show-Menu
    $choice = Read-Host "`nEnter your choice (1-13)"

    switch ($choice) {
        "1"  { $healthCheck = Comprehensive-HealthCheck }
        "2"  { $securityAudit = Security-Audit }
        "3"  { $performanceAnalysis = Performance-Analysis }
        "4"  { $replicationDiagnostics = Replication-Diagnostics }
        "5"  { $dnsHealth = DNS-HealthCheck }
        "6"  { $fsmoAnalysis = FSMO-SiteTopologyAnalysis }
        "7"  { $gpoAssessment = GroupPolicy-Assessment }
        "8"  { $accountAnalysis = UserComputer-AccountAnalysis }
        "9"  { $dbAnalysis = ADDB-SYSVOLAnalysis }
        "10" { $trustRelationships = Verify-TrustRelationships }
        "11" { $backupStatus = Check-ADBackupStatus }
        "12" { Generate-HTMLReport }
        "13" { Write-Host "Exiting program..." -ForegroundColor Yellow; break }
        default { Write-Host "Invalid choice. Please try again." -ForegroundColor Red }
    }

    if ($choice -ne "13") {
        Read-Host "`nPress Enter to continue..."
    }
} while ($choice -ne "13")

This Expert Active Directory Monitoring Tool includes:

  1. A comprehensive menu with 13 options
  2. Advanced functions for various AD monitoring and analysis tasks:
    • Comprehensive health check using dcdiag
    • Security audit
    • Performance analysis of domain controllers
    • Replication diagnostics
    • DNS health check
    • FSMO roles and site topology analysis
    • Group Policy assessment
    • User and computer account analysis
    • AD database and SYSVOL analysis
    • Trust relationship verification
    • AD backup status check
  3. Use of multiple PowerShell modules (ActiveDirectory, GroupPolicy, DnsServer)
  4. Detailed output and reporting capabilities, including HTML report generation

Key features:

  • Comprehensive Health Check: Uses dcdiag to perform extensive tests on all domain controllers
  • Security Audit: Checks for inactive accounts, non-expiring passwords, empty groups, and more
  • Performance Analysis: Monitors CPU, memory, and disk usage on domain controllers
  • Replication Diagnostics: Identifies any replication failures across the domain
  • DNS Health Check: Verifies DNS zones and statistics
  • FSMO Roles and Site Topology: Analyzes FSMO role holders and AD site structure
  • Group Policy Assessment: Reviews all GPOs, including creation and modification times
  • User and Computer Account Analysis: Provides statistics on user and computer accounts
  • AD Database and SYSVOL Analysis: Checks the size of NTDS.dit and SYSVOL on each DC
  • Trust Relationships: Verifies the health of all trust relationships
  • AD Backup Status: Checks the last successful backup date for each DC

This tool provides a comprehensive analysis of an Active Directory environment. It’s particularly useful for:

  • Conducting regular AD health checks
  • Preparing for audits
  • Troubleshooting complex AD issues
  • Capacity planning and performance optimization
  • Generating detailed reports for management or compliance purposes

Note: To use this script effectively, you need to:

  1. Run PowerShell as an administrator
  2. Have the necessary PowerShell modules installed (ActiveDirectory, GroupPolicy, DnsServer)
  3. Have appropriate permissions in the AD environment (Domain Admin or equivalent)
  4. Run this script from a domain-joined machine, preferably a domain controller

This script is suitable for experienced AD administrators who need comprehensive monitoring and analysis capabilities for managing complex Active Directory environments.

Azure Active Directory Monitoring Tool

/0 Comments/in /by 

# Expert Azure Active Directory Monitoring Tool

# Ensure the required modules are installed
# Install-Module -Name AzureAD, MSOnline, AzureADPreview -Force

# Import required modules
Import-Module AzureAD
Import-Module MSOnline
Import-Module AzureADPreview

# Global variables
$global:reportPath = "$env:USERPROFILE\Desktop\AzureAD_Expert_Report_$(Get-Date -Format 'yyyyMMdd_HHmmss').html"

function Show-Menu {
    Clear-Host
    Write-Host "=== Expert Azure AD Monitoring Tool ===" -ForegroundColor Cyan
    Write-Host "1.  Tenant Overview"
    Write-Host "2.  User Account Analysis"
    Write-Host "3.  Group Management Audit"
    Write-Host "4.  Application Integration Assessment"
    Write-Host "5.  Conditional Access Policies Review"
    Write-Host "6.  Security Configuration Analysis"
    Write-Host "7.  Identity Protection Status"
    Write-Host "8.  Device Management Overview"
    Write-Host "9.  Privileged Identity Management Audit"
    Write-Host "10. Azure AD Connect Health Status"
    Write-Host "11. License Usage and Assignment"
    Write-Host "12. Generate Comprehensive HTML Report"
    Write-Host "13. Exit"
}

function Connect-AzureServices {
    try {
        Connect-AzureAD
        Connect-MsolService
        Write-Host "Successfully connected to Azure services." -ForegroundColor Green
    }
    catch {
        Write-Host "Failed to connect to Azure services. Please check your credentials and try again." -ForegroundColor Red
        Exit
    }
}

function Get-TenantOverview {
    Write-Host "`nRetrieving Tenant Overview..." -ForegroundColor Yellow
    $tenantInfo = Get-AzureADTenantDetail
    $domainInfo = Get-AzureADDomain
    $verifiedDomains = ($domainInfo | Where-Object { $_.IsVerified -eq $true }).Count
    $unverifiedDomains = ($domainInfo | Where-Object { $_.IsVerified -eq $false }).Count

    $overview = [PSCustomObject]@{
        TenantName = $tenantInfo.DisplayName
        TenantId = $tenantInfo.ObjectId
        VerifiedDomains = $verifiedDomains
        UnverifiedDomains = $unverifiedDomains
        TechnicalContacts = $tenantInfo.TechnicalNotificationMails -join ", "
    }

    $overview | Format-List
    return $overview
}

function Analyze-UserAccounts {
    Write-Host "`nAnalyzing User Accounts..." -ForegroundColor Yellow
    $users = Get-AzureADUser -All $true
    $guestUsers = $users | Where-Object { $_.UserType -eq 'Guest' }
    $mfaUsers = Get-MsolUser -All | Where-Object { $_.StrongAuthenticationRequirements.State -ne $null }

    $analysis = [PSCustomObject]@{
        TotalUsers = $users.Count
        EnabledUsers = ($users | Where-Object { $_.AccountEnabled -eq $true }).Count
        DisabledUsers = ($users | Where-Object { $_.AccountEnabled -eq $false }).Count
        GuestUsers = $guestUsers.Count
        MFAEnabledUsers = $mfaUsers.Count
        RecentlyCreatedUsers = ($users | Where-Object { $_.CreatedDateTime -gt (Get-Date).AddDays(-30) }).Count
    }

    $analysis | Format-List
    return $analysis
}

function Audit-GroupManagement {
    Write-Host "`nAuditing Group Management..." -ForegroundColor Yellow
    $groups = Get-AzureADGroup -All $true
    $dynamicGroups = $groups | Where-Object { $_.GroupTypes -contains "DynamicMembership" }

    $audit = [PSCustomObject]@{
        TotalGroups = $groups.Count
        SecurityGroups = ($groups | Where-Object { $_.SecurityEnabled -eq $true }).Count
        DistributionGroups = ($groups | Where-Object { $_.SecurityEnabled -eq $false }).Count
        DynamicGroups = $dynamicGroups.Count
        EmptyGroups = ($groups | Where-Object { (Get-AzureADGroupMember -ObjectId $_.ObjectId).Count -eq 0 }).Count
    }

    $audit | Format-List
    return $audit
}

function Assess-ApplicationIntegration {
    Write-Host "`nAssessing Application Integration..." -ForegroundColor Yellow
    $apps = Get-AzureADApplication -All $true
    $enterpriseApps = Get-AzureADServicePrincipal -All $true

    $assessment = [PSCustomObject]@{
        TotalApps = $apps.Count
        EnterpriseApps = $enterpriseApps.Count
        AppsWithSecrets = ($apps | Where-Object { $_.PasswordCredentials.Count -gt 0 -or $_.KeyCredentials.Count -gt 0 }).Count
        RecentlyAddedApps = ($apps | Where-Object { $_.CreatedDateTime -gt (Get-Date).AddDays(-30) }).Count
    }

    $assessment | Format-List
    return $assessment
}

function Review-ConditionalAccessPolicies {
    Write-Host "`nReviewing Conditional Access Policies..." -ForegroundColor Yellow
    $policies = Get-AzureADMSConditionalAccessPolicy

    $review = [PSCustomObject]@{
        TotalPolicies = $policies.Count
        EnabledPolicies = ($policies | Where-Object { $_.State -eq "enabled" }).Count
        DisabledPolicies = ($policies | Where-Object { $_.State -eq "disabled" }).Count
        ReportOnlyPolicies = ($policies | Where-Object { $_.State -eq "enabledForReportingButNotEnforced" }).Count
    }

    $review | Format-List
    return $review
}

function Analyze-SecurityConfiguration {
    Write-Host "`nAnalyzing Security Configuration..." -ForegroundColor Yellow
    $securityDefaults = (Get-MsolCompanyInformation).SecurityDefaultsEnabled
    $passwordPolicy = Get-MsolPasswordPolicy -TenantId (Get-MsolCompanyInformation).ObjectId

    $analysis = [PSCustomObject]@{
        SecurityDefaultsEnabled = $securityDefaults
        PasswordValidityPeriod = $passwordPolicy.ValidityPeriod
        MinimumPasswordLength = $passwordPolicy.MinimumPasswordLength
        PasswordComplexityEnabled = $passwordPolicy.StrongPasswordRequired
    }

    $analysis | Format-List
    return $analysis
}

function Get-IdentityProtectionStatus {
    Write-Host "`nRetrieving Identity Protection Status..." -ForegroundColor Yellow
    $riskDetections = Get-AzureADIdentityProtectionRiskDetection -Top 1000
    $riskyUsers = Get-AzureADIdentityProtectionRiskyUser -Top 1000

    $status = [PSCustomObject]@{
        TotalRiskDetections = $riskDetections.Count
        HighRiskDetections = ($riskDetections | Where-Object { $_.RiskLevel -eq "High" }).Count
        RiskyUsers = $riskyUsers.Count
        HighRiskUsers = ($riskyUsers | Where-Object { $_.RiskLevel -eq "High" }).Count
    }

    $status | Format-List
    return $status
}

function Get-DeviceManagementOverview {
    Write-Host "`nRetrieving Device Management Overview..." -ForegroundColor Yellow
    $devices = Get-AzureADDevice -All $true

    $overview = [PSCustomObject]@{
        TotalDevices = $devices.Count
        EnabledDevices = ($devices | Where-Object { $_.AccountEnabled -eq $true }).Count
        DisabledDevices = ($devices | Where-Object { $_.AccountEnabled -eq $false }).Count
        ManagedDevices = ($devices | Where-Object { $_.IsManaged -eq $true }).Count
        CompliantDevices = ($devices | Where-Object { $_.IsCompliant -eq $true }).Count
    }

    $overview | Format-List
    return $overview
}

function Audit-PrivilegedIdentityManagement {
    Write-Host "`nAuditing Privileged Identity Management..." -ForegroundColor Yellow
    $pimRoles = Get-AzureADMSPrivilegedRoleDefinition

    $audit = [PSCustomObject]@{
        TotalPIMRoles = $pimRoles.Count
        ActiveAssignments = (Get-AzureADMSPrivilegedRoleAssignment -ProviderId "aadRoles" -ResourceId (Get-AzureADTenantDetail).ObjectId | Where-Object { $_.AssignmentState -eq "Active" }).Count
        EligibleAssignments = (Get-AzureADMSPrivilegedRoleAssignment -ProviderId "aadRoles" -ResourceId (Get-AzureADTenantDetail).ObjectId | Where-Object { $_.AssignmentState -eq "Eligible" }).Count
    }

    $audit | Format-List
    return $audit
}

function Get-AzureADConnectHealthStatus {
    Write-Host "`nRetrieving Azure AD Connect Health Status..." -ForegroundColor Yellow
    $adConnectStatus = Get-MsolCompanyInformation | Select-Object -Property DirectorySynchronizationEnabled, DirectorySynchronizationStatus, LastDirSyncTime, LastPasswordSyncTime

    $status = [PSCustomObject]@{
        SyncEnabled = $adConnectStatus.DirectorySynchronizationEnabled
        SyncStatus = $adConnectStatus.DirectorySynchronizationStatus
        LastSyncTime = $adConnectStatus.LastDirSyncTime
        LastPasswordSyncTime = $adConnectStatus.LastPasswordSyncTime
    }

    $status | Format-List
    return $status
}

function Analyze-LicenseUsage {
    Write-Host "`nAnalyzing License Usage and Assignment..." -ForegroundColor Yellow
    $licenses = Get-MsolAccountSku

    $analysis = @()
    foreach ($license in $licenses) {
        $analysis += [PSCustomObject]@{
            SkuPartNumber = $license.SkuPartNumber
            TotalUnits = $license.ActiveUnits
            UsedUnits = $license.ConsumedUnits
            AvailableUnits = $license.ActiveUnits - $license.ConsumedUnits
        }
    }

    $analysis | Format-Table -AutoSize
    return $analysis
}

function Generate-HTMLReport {
    Write-Host "`nGenerating Comprehensive HTML Report..." -ForegroundColor Yellow
    $reportContent = @"
<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>Azure AD Expert Report</title>
    <style>
        body { font-family: Arial, sans-serif; line-height: 1.6; color: #333; max-width: 800px; margin: 0 auto; padding: 20px; }
        h1, h2 { color: #0078D4; }
        table { border-collapse: collapse; width: 100%; margin-bottom: 20px; }
        th, td { border: 1px solid #ddd; padding: 8px; text-align: left; }
        th { background-color: #f2f2f2; }
    </style>
</head>
<body>
    <h1>Azure AD Expert Report</h1>
    <p>Generated on: $(Get-Date)</p>

    <h2>Tenant Overview</h2>
    $($overview | ConvertTo-Html -Fragment)

    <h2>User Account Analysis</h2>
    $($analysis | ConvertTo-Html -Fragment)

    <h2>Group Management Audit</h2>
    $($audit | ConvertTo-Html -Fragment)

    <h2>Application Integration Assessment</h2>
    $($assessment | ConvertTo-Html -Fragment)

    <h2>Conditional Access Policies Review</h2>
    $($review | ConvertTo-Html -Fragment)

    <h2>Security Configuration Analysis</h2>
    $($securityAnalysis | ConvertTo-Html -Fragment)

    <h2>Identity Protection Status</h2>
    $($identityProtectionStatus | ConvertTo-Html -Fragment)

    <h2>Device Management Overview</h2>
    $($deviceOverview | ConvertTo-Html -Fragment)

    <h2>Privileged Identity Management Audit</h2>
    $($pimAudit | ConvertTo-Html -Fragment)

    <h2>Azure AD Connect Health Status</h2>
    $($adConnectStatus | ConvertTo-Html -Fragment)

    <h2>License Usage and Assignment</h2>
    $($licenseAnalysis | ConvertTo-Html -Fragment)
</body>
</html>
"@

    $reportContent | Out-File -FilePath $global:reportPath
    Write-Host "Report generated and saved to: $global:reportPath" -ForegroundColor Green
}

# Main program
Connect-AzureServices

do {
    Show-Menu
    $choice = Read-Host "`nEnter your choice (1-13)"

    switch ($choice) {
        "1"  { $overview = Get-TenantOverview }
        "2"  { $analysis = Analyze-UserAccounts }
        "3"  { $audit = Audit-GroupManagement }
        "4"  { $assessment = Assess-ApplicationIntegration }
        "5"  { $review = Review-ConditionalAccessPolicies }
        "6"  { $securityAnalysis = Analyze-SecurityConfiguration }
        "7"  { $identityProtectionStatus = Get-IdentityProtectionStatus }
        "8"  { $deviceOverview = Get-DeviceManagementOverview }
        "9"  { $pimAudit = Audit-PrivilegedIdentityManagement }
        "10" { $adConnectStatus = Get-AzureADConnectHealthStatus }
        "11" { $licenseAnalysis = Analyze-LicenseUsage }
        "12" { Generate-HTMLReport }
        "13" { Write-Host "Exiting program..." -ForegroundColor Yellow; break }
        default { Write-Host "Invalid choice. Please try again." -ForegroundColor Red }
    }

    if ($choice -ne "13") {
        Read-Host "`nPress Enter to continue..."
    }
} while ($choice -ne "13")

This Azure AD Monitoring Tool includes:

  1. A comprehensive menu with 13 options
  2. Advanced functions for various Azure AD monitoring and analysis tasks:
    • Tenant overview
    • User account analysis
    • Group management audit
    • Application integration assessment
    • Conditional Access policies review
    • Security configuration analysis
    • Identity Protection status
    • Device management overview
    • Privileged Identity Management audit
    • Azure AD Connect health status
    • License usage and assignment analysis
  3. Use of multiple Azure AD PowerShell modules (AzureAD, MSOnline, AzureADPreview)
  4. Detailed output and reporting capabilities, including HTML report generation

Key features:

  • Comprehensive Tenant Overview: Provides key information about the Azure AD tenant
  • In-depth User Analysis: Analyzes user accounts, including guest users and MFA status
  • Group Management Audit: Examines group types and configurations
  • Application Integration Assessment: Reviews registered applications and service principals
  • Conditional Access Review: Summarizes Conditional Access policies
  • Security Configuration Analysis: Checks security defaults and password policies
  • Identity Protection Insights: Provides an overview of risk detections and risky users
  • Device Management Overview: Summarizes device registration and compliance status
  • PIM Audit: Reviews Privileged Identity Management roles and assignments
  • Azure AD Connect Health Check: Verifies directory synchronization status
  • License Analysis: Examines license allocation and usage

This tool provides a comprehensive analysis of an Azure AD environment. It’s particularly useful for:

  • Conducting regular Azure AD health checks
  • Preparing for security audits
  • Identifying potential security risks
  • Optimizing license usage
  • Generating detailed reports for management or compliance purposes

Note: To use this script effectively, you need to:

  1. Run PowerShell as an administrator
  2. Have the necessary Azure AD PowerShell modules installed
  3. Have appropriate permissions in the Azure AD environment (Global Administrator or similar high-level role)
  4. Be prepared to authenticate to Azure AD when prompted

This script is suitable for experienced Azure AD administrators who need comprehensive monitoring and analysis capabilities for managing complex Azure AD environments.

Advanced Active Directory Monitoring Tool

/0 Comments/in /by 

# Advanced Active Directory Monitoring Tool

# Import required modules
Import-Module ActiveDirectory
Import-Module GroupPolicy

function Show-Menu {
    Clear-Host
    Write-Host "=== Advanced Active Directory Monitoring Tool ===" -ForegroundColor Cyan
    Write-Host "1.  Check Domain Controllers Health"
    Write-Host "2.  Analyze User Accounts"
    Write-Host "3.  Monitor Group Policy Changes"
    Write-Host "4.  Audit Active Directory Replication"
    Write-Host "5.  Check DNS Health"
    Write-Host "6.  Monitor FSMO Roles"
    Write-Host "7.  Analyze Active Directory Structure"
    Write-Host "8.  Check Trust Relationships"
    Write-Host "9.  Monitor Active Directory Services"
    Write-Host "10. Generate Comprehensive Report"
    Write-Host "11. Exit"
}

function Check-DomainControllersHealth {
    Write-Host "`nChecking Domain Controllers Health..." -ForegroundColor Yellow
    $dcs = Get-ADDomainController -Filter *
    $results = @()
    foreach ($dc in $dcs) {
        $status = Test-Connection -ComputerName $dc.HostName -Count 1 -Quiet
        $dcdiag = Invoke-Command -ComputerName $dc.HostName -ScriptBlock { dcdiag /test:services /test:advertising /test:fsmocheck } -ErrorAction SilentlyContinue
        $results += [PSCustomObject]@{
            Name = $dc.HostName
            Online = if ($status) { "Yes" } else { "No" }
            Services = if ($dcdiag -match "passed test Services") { "Passed" } else { "Failed" }
            Advertising = if ($dcdiag -match "passed test Advertising") { "Passed" } else { "Failed" }
            FSMORoles = if ($dcdiag -match "passed test FsmoCheck") { "Passed" } else { "Failed" }
        }
    }
    $results | Format-Table -AutoSize
}

function Analyze-UserAccounts {
    Write-Host "`nAnalyzing User Accounts..." -ForegroundColor Yellow
    $inactiveThreshold = (Get-Date).AddDays(-90)
    $users = Get-ADUser -Filter * -Properties LastLogonDate, PasswordLastSet, PasswordNeverExpires, Enabled
    $userAnalysis = @{
        TotalUsers = $users.Count
        ActiveUsers = ($users | Where-Object { $_.Enabled -eq $true }).Count
        InactiveUsers = ($users | Where-Object { $_.LastLogonDate -lt $inactiveThreshold }).Count
        PasswordNeverExpires = ($users | Where-Object { $_.PasswordNeverExpires -eq $true }).Count
        RecentlyCreated = ($users | Where-Object { $_.Created -gt (Get-Date).AddDays(-30) }).Count
    }
    $userAnalysis | Format-Table -AutoSize
}

function Monitor-GroupPolicyChanges {
    Write-Host "`nMonitoring Group Policy Changes..." -ForegroundColor Yellow
    $domain = Get-ADDomain
    $gpos = Get-GPO -All -Domain $domain.DNSRoot
    $recentChanges = $gpos | Where-Object { $_.ModificationTime -gt (Get-Date).AddDays(-7) }
    $recentChanges | Select-Object DisplayName, ModificationTime, Owner | Format-Table -AutoSize
}

function Audit-ADReplication {
    Write-Host "`nAuditing Active Directory Replication..." -ForegroundColor Yellow
    $results = repadmin /showrepl * /csv | ConvertFrom-Csv
    $failedReplications = $results | Where-Object { $_."Number of Failures" -ne "0" }
    if ($failedReplications) {
        $failedReplications | Select-Object "Source DC", "Destination DC", "Number of Failures", "Last Failure Time" | Format-Table -AutoSize
    } else {
        Write-Host "No replication failures detected." -ForegroundColor Green
    }
}

function Check-DNSHealth {
    Write-Host "`nChecking DNS Health..." -ForegroundColor Yellow
    $dnsServers = Get-ADDomainController -Filter * | Select-Object -ExpandProperty HostName
    foreach ($server in $dnsServers) {
        $result = Invoke-Command -ComputerName $server -ScriptBlock { dnscmd /info }
        if ($result -match "DNS Server is running") {
            Write-Host "$server: DNS Service is running" -ForegroundColor Green
        } else {
            Write-Host "$server: DNS Service is not running" -ForegroundColor Red
        }
    }
}

function Monitor-FSMORoles {
    Write-Host "`nMonitoring FSMO Roles..." -ForegroundColor Yellow
    $roles = Get-ADDomain | Select-Object PDCEmulator, RIDMaster, InfrastructureMaster
    $roles | Add-Member -MemberType NoteProperty -Name "SchemaMaster" -Value (Get-ADForest).SchemaMaster
    $roles | Add-Member -MemberType NoteProperty -Name "DomainNamingMaster" -Value (Get-ADForest).DomainNamingMaster
    $roles | Format-List
}

function Analyze-ADStructure {
    Write-Host "`nAnalyzing Active Directory Structure..." -ForegroundColor Yellow
    $domainInfo = Get-ADDomain
    $forestInfo = Get-ADForest
    Write-Host "Domain: $($domainInfo.DNSRoot)"
    Write-Host "Forest: $($forestInfo.Name)"
    Write-Host "Domain Controllers: $((Get-ADDomainController -Filter *).Count)"
    Write-Host "OUs: $((Get-ADOrganizationalUnit -Filter *).Count)"
    Write-Host "Groups: $((Get-ADGroup -Filter *).Count)"
    Write-Host "Users: $((Get-ADUser -Filter *).Count)"
    Write-Host "Computers: $((Get-ADComputer -Filter *).Count)"
}

function Check-TrustRelationships {
    Write-Host "`nChecking Trust Relationships..." -ForegroundColor Yellow
    $trusts = Get-ADTrust -Filter *
    foreach ($trust in $trusts) {
        $status = Test-ComputerSecureChannel -Server $trust.Name
        Write-Host "Trust with $($trust.Name): $(if ($status) { 'Healthy' } else { 'Unhealthy' })"
    }
}

function Monitor-ADServices {
    Write-Host "`nMonitoring Active Directory Services..." -ForegroundColor Yellow
    $dcs = Get-ADDomainController -Filter *
    foreach ($dc in $dcs) {
        $services = Invoke-Command -ComputerName $dc.HostName -ScriptBlock {
            Get-Service -Name "NTDS", "DNS", "Netlogon", "KDC" | Select-Object Name, Status
        }
        Write-Host "Services on $($dc.HostName):"
        $services | Format-Table -AutoSize
    }
}

function Generate-ComprehensiveReport {
    Write-Host "`nGenerating Comprehensive Report..." -ForegroundColor Yellow
    $report = @"
===== Active Directory Comprehensive Report =====
Generated on: $(Get-Date)

"@
    $report += "`n--- Domain Controllers Health ---`n"
    $dcs = Get-ADDomainController -Filter *
    foreach ($dc in $dcs) {
        $status = Test-Connection -ComputerName $dc.HostName -Count 1 -Quiet
        $report += "$($dc.HostName): $(if ($status) { 'Online' } else { 'Offline' })`n"
    }

    $report += "`n--- User Account Summary ---`n"
    $users = Get-ADUser -Filter * -Properties LastLogonDate, PasswordLastSet, PasswordNeverExpires, Enabled
    $report += "Total Users: $($users.Count)`n"
    $report += "Active Users: $(($users | Where-Object { $_.Enabled -eq $true }).Count)`n"
    $report += "Inactive Users (90+ days): $(($users | Where-Object { $_.LastLogonDate -lt (Get-Date).AddDays(-90) }).Count)`n"

    $report += "`n--- Recent Group Policy Changes (Last 7 Days) ---`n"
    $gpos = Get-GPO -All
    $recentChanges = $gpos | Where-Object { $_.ModificationTime -gt (Get-Date).AddDays(-7) }
    foreach ($gpo in $recentChanges) {
        $report += "$($gpo.DisplayName) - Modified: $($gpo.ModificationTime)`n"
    }

    $report += "`n--- FSMO Roles ---`n"
    $roles = Get-ADDomain | Select-Object PDCEmulator, RIDMaster, InfrastructureMaster
    $roles | Add-Member -MemberType NoteProperty -Name "SchemaMaster" -Value (Get-ADForest).SchemaMaster
    $roles | Add-Member -MemberType NoteProperty -Name "DomainNamingMaster" -Value (Get-ADForest).DomainNamingMaster
    $report += $roles | Out-String

    $report += "`n--- Trust Relationships ---`n"
    $trusts = Get-ADTrust -Filter *
    foreach ($trust in $trusts) {
        $status = Test-ComputerSecureChannel -Server $trust.Name
        $report += "Trust with $($trust.Name): $(if ($status) { 'Healthy' } else { 'Unhealthy' })`n"
    }

    $reportPath = "$env:USERPROFILE\Desktop\AD_Report_$(Get-Date -Format 'yyyyMMdd_HHmmss').txt"
    $report | Out-File -FilePath $reportPath
    Write-Host "Report generated and saved to: $reportPath" -ForegroundColor Green
}

do {
    Show-Menu
    $choice = Read-Host "`nEnter your choice (1-11)"

    switch ($choice) {
        "1"  { Check-DomainControllersHealth }
        "2"  { Analyze-UserAccounts }
        "3"  { Monitor-GroupPolicyChanges }
        "4"  { Audit-ADReplication }
        "5"  { Check-DNSHealth }
        "6"  { Monitor-FSMORoles }
        "7"  { Analyze-ADStructure }
        "8"  { Check-TrustRelationships }
        "9"  { Monitor-ADServices }
        "10" { Generate-ComprehensiveReport }
        "11" { Write-Host "Exiting program..." -ForegroundColor Yellow; break }
        default { Write-Host "Invalid choice. Please try again." -ForegroundColor Red }
    }

    if ($choice -ne "11") {
        Read-Host "`nPress Enter to continue..."
    }
} while ($choice -ne "11")

This Advanced Active Directory Monitoring Tool includes:

  1. A comprehensive menu with 11 options
  2. Advanced functions for various AD monitoring and analysis tasks:
    • Detailed Domain Controller health check
    • User account analysis
    • Group Policy change monitoring
    • AD replication auditing
    • DNS health check
    • FSMO roles monitoring
    • AD structure analysis
    • Trust relationship verification
    • AD services monitoring
    • Comprehensive report generation
  3. Use of advanced Active Directory PowerShell cmdlets and system tools
  4. Detailed output and reporting capabilities

Key features:

  • Comprehensive DC Health Check: Includes service status and DCDIAG tests
  • User Account Analysis: Provides statistics on active, inactive, and recently created accounts
  • Group Policy Monitoring: Tracks recent changes to Group Policies
  • Replication Audit: Checks for replication failures across the domain
  • DNS Health: Verifies DNS service status on all DCs
  • FSMO Roles: Displays the current holders of all FSMO roles
  • AD Structure Analysis: Gives an overview of the AD structure including counts of OUs, groups, users, and computers
  • Trust Relationships: Checks the health of trust relationships
  • Service Monitoring: Checks critical AD services across all DCs
  • Comprehensive Report: Generates a detailed report covering multiple aspects of AD health

This tool provides an in-depth analysis of an Active Directory environment. It’s particularly useful for:

  • Proactive monitoring of AD health
  • Troubleshooting complex AD issues
  • Regular AD maintenance and health checks
  • Generating reports for audits or management review

Note: To use this script effectively, you need to:

  1. Run PowerShell as an administrator
  2. Have the Active Directory and Group Policy PowerShell modules installed
  3. Have appropriate permissions in the AD environment (Domain Admin or equivalent)
  4. Some functions may require running on a Domain Controller

This script is suitable for experienced AD administrators who need comprehensive monitoring and analysis capabilities for managing complex Active Directory environments.

Simple Active Directory Monitoring Tool

/0 Comments/in /by 

# Simple Active Directory Monitoring Tool

# Import the Active Directory module
Import-Module ActiveDirectory

function Show-Menu {
    Clear-Host
    Write-Host "=== Simple Active Directory Monitoring Tool ===" -ForegroundColor Cyan
    Write-Host "1. Check Domain Controllers Status"
    Write-Host "2. List Recently Created Users"
    Write-Host "3. List Disabled User Accounts"
    Write-Host "4. Check Password Expiration"
    Write-Host "5. View Group Membership"
    Write-Host "6. Exit"
}

function Check-DomainControllers {
    Write-Host "`nChecking Domain Controllers Status..." -ForegroundColor Yellow
    $dcs = Get-ADDomainController -Filter *
    foreach ($dc in $dcs) {
        $status = Test-Connection -ComputerName $dc.HostName -Count 1 -Quiet
        if ($status) {
            Write-Host "$($dc.HostName) is Online" -ForegroundColor Green
        } else {
            Write-Host "$($dc.HostName) is Offline" -ForegroundColor Red
        }
    }
}

function List-RecentUsers {
    $days = Read-Host "Enter the number of days to check for new users"
    $date = (Get-Date).AddDays(-$days)
    Write-Host "`nListing users created in the last $days days..." -ForegroundColor Yellow
    Get-ADUser -Filter {Created -ge $date} -Properties Created | 
        Select-Object Name, SamAccountName, Created | 
        Format-Table -AutoSize
}

function List-DisabledUsers {
    Write-Host "`nListing disabled user accounts..." -ForegroundColor Yellow
    Get-ADUser -Filter {Enabled -eq $false} | 
        Select-Object Name, SamAccountName | 
        Format-Table -AutoSize
}

function Check-PasswordExpiration {
    $days = Read-Host "Enter the number of days to check for password expiration"
    $date = (Get-Date).AddDays($days)
    Write-Host "`nListing users whose passwords will expire within $days days..." -ForegroundColor Yellow
    Get-ADUser -Filter {Enabled -eq $true -and PasswordNeverExpires -eq $false} -Properties "DisplayName", "msDS-UserPasswordExpiryTimeComputed" | 
        Select-Object -Property "DisplayName", @{Name="ExpiryDate";Expression={[datetime]::FromFileTime($_."msDS-UserPasswordExpiryTimeComputed")}} | 
        Where-Object {$_.ExpiryDate -le $date} | 
        Sort-Object ExpiryDate | 
        Format-Table -AutoSize
}

function View-GroupMembership {
    $groupName = Read-Host "Enter the group name to check membership"
    Write-Host "`nListing members of group $groupName..." -ForegroundColor Yellow
    try {
        Get-ADGroupMember -Identity $groupName | 
            Select-Object Name, SamAccountName | 
            Format-Table -AutoSize
    } catch {
        Write-Host "Error: Group not found or you don't have permission to view its members." -ForegroundColor Red
    }
}

do {
    Show-Menu
    $choice = Read-Host "`nEnter your choice (1-6)"

    switch ($choice) {
        "1" { Check-DomainControllers }
        "2" { List-RecentUsers }
        "3" { List-DisabledUsers }
        "4" { Check-PasswordExpiration }
        "5" { View-GroupMembership }
        "6" { Write-Host "Exiting program..." -ForegroundColor Yellow; break }
        default { Write-Host "Invalid choice. Please try again." -ForegroundColor Red }
    }

    if ($choice -ne "6") {
        Read-Host "`nPress Enter to continue..."
    }
} while ($choice -ne "6")

This Active Directory Monitoring Tool includes:

  1. A menu with 6 options
  2. Functions for various AD monitoring tasks:
    • Checking Domain Controllers status
    • Listing recently created users
    • Listing disabled user accounts
    • Checking password expiration
    • Viewing group membership
  3. Use of Active Directory PowerShell cmdlets
  4. Basic error handling
  5. Formatted output for better readability

Key features:

  • Domain Controller Status: Pings each DC to check if it’s online.
  • Recent Users: Lists users created within a specified number of days.
  • Disabled Users: Shows all disabled user accounts.
  • Password Expiration: Lists users whose passwords will expire soon.
  • Group Membership: Displays members of a specified group.

This tool provides a quick overview of essential Active Directory metrics and statuses. It’s useful for:

  • Monitoring the health of Domain Controllers
  • Tracking recent account creations
  • Identifying disabled accounts
  • Managing password policies
  • Reviewing group memberships

Note: To use this script, you need to:

  1. Run PowerShell as an administrator
  2. Have the Active Directory PowerShell module installed
  3. Have appropriate permissions in the AD environment

This script is suitable for AD administrators who want to perform basic AD health checks and gather information quickly without navigating through multiple tools or writing complex queries.

Advanced System Health Monitor

/0 Comments/in /by 
# Advanced System Health Monitor

function Show-Menu {
    Clear-Host
    Write-Host "=== Advanced System Health Monitor ===" -ForegroundColor Cyan
    Write-Host "1.  CPU Information and Usage"
    Write-Host "2.  Memory Usage Details"
    Write-Host "3.  Disk Space and Health"
    Write-Host "4.  Network Statistics"
    Write-Host "5.  Top Resource-Consuming Processes"
    Write-Host "6.  System Uptime and Last Boot Time"
    Write-Host "7.  Installed Windows Updates"
    Write-Host "8.  Event Log Summary"
    Write-Host "9.  Services Status"
    Write-Host "10. Battery Status (for laptops)"
    Write-Host "11. Exit"
}

function Get-CPUInfo {
    Write-Host "`nCPU Information and Usage:" -ForegroundColor Yellow
    $cpu = Get-WmiObject Win32_Processor
    Write-Host "CPU Model: $($cpu.Name)"
    Write-Host "Number of Cores: $($cpu.NumberOfCores)"
    Write-Host "Number of Logical Processors: $($cpu.NumberOfLogicalProcessors)"
    
    $usage = (Get-Counter '\Processor(_Total)\% Processor Time').CounterSamples.CookedValue
    Write-Host "Current CPU Usage: $([math]::Round($usage, 2))%"
}

function Get-MemoryDetails {
    Write-Host "`nMemory Usage Details:" -ForegroundColor Yellow
    $os = Get-CimInstance Win32_OperatingSystem
    $totalMemory = [math]::Round($os.TotalVisibleMemorySize / 1MB, 2)
    $freeMemory = [math]::Round($os.FreePhysicalMemory / 1MB, 2)
    $usedMemory = $totalMemory - $freeMemory
    $percentUsed = [math]::Round(($usedMemory / $totalMemory) * 100, 2)

    Write-Host "Total Memory: $totalMemory GB"
    Write-Host "Used Memory: $usedMemory GB"
    Write-Host "Free Memory: $freeMemory GB"
    Write-Host "Memory Usage: $percentUsed%"

    $pageFile = Get-WmiObject Win32_PageFileUsage
    Write-Host "Page File Size: $([math]::Round($pageFile.AllocatedBaseSize / 1024, 2)) GB"
    Write-Host "Page File Usage: $([math]::Round($pageFile.CurrentUsage / 1024, 2)) GB"
}

function Get-DiskInfo {
    Write-Host "`nDisk Space and Health:" -ForegroundColor Yellow
    $disks = Get-WmiObject Win32_LogicalDisk | Where-Object {$_.DriveType -eq 3}
    foreach ($disk in $disks) {
        $freeSpace = [math]::Round($disk.FreeSpace / 1GB, 2)
        $totalSpace = [math]::Round($disk.Size / 1GB, 2)
        $usedSpace = $totalSpace - $freeSpace
        $percentFree = [math]::Round(($freeSpace / $totalSpace) * 100, 2)
        
        Write-Host "Drive $($disk.DeviceID):"
        Write-Host "  Total: $totalSpace GB"
        Write-Host "  Used: $usedSpace GB"
        Write-Host "  Free: $freeSpace GB"
        Write-Host "  Percent Free: $percentFree%"
    }

    Write-Host "`nDisk Health:"
    Get-PhysicalDisk | ForEach-Object {
        Write-Host "  $($_.FriendlyName): $($_.HealthStatus)"
    }
}

function Get-NetworkStats {
    Write-Host "`nNetwork Statistics:" -ForegroundColor Yellow
    $adapters = Get-NetAdapter | Where-Object Status -eq "Up"
    foreach ($adapter in $adapters) {
        Write-Host "Adapter: $($adapter.Name)"
        $stats = $adapter | Get-NetAdapterStatistics
        Write-Host "  Bytes Received: $([math]::Round($stats.ReceivedBytes / 1MB, 2)) MB"
        Write-Host "  Bytes Sent: $([math]::Round($stats.SentBytes / 1MB, 2)) MB"
    }
}

function Get-TopProcesses {
    Write-Host "`nTop Resource-Consuming Processes:" -ForegroundColor Yellow
    Get-Process | Sort-Object CPU -Descending | Select-Object -First 5 | 
        Format-Table Name, @{Name='CPU (s)'; Expression={$_.CPU.ToString('N2')}}, @{Name='Memory (MB)'; Expression={[math]::Round($_.WorkingSet / 1MB, 2)}} -AutoSize

    Write-Host "`nTop Memory-Consuming Processes:"
    Get-Process | Sort-Object WorkingSet -Descending | Select-Object -First 5 | 
        Format-Table Name, @{Name='Memory (MB)'; Expression={[math]::Round($_.WorkingSet / 1MB, 2)}}, @{Name='CPU (s)'; Expression={$_.CPU.ToString('N2')}} -AutoSize
}

function Get-SystemUptime {
    Write-Host "`nSystem Uptime and Last Boot Time:" -ForegroundColor Yellow
    $os = Get-CimInstance Win32_OperatingSystem
    $uptime = (Get-Date) - $os.LastBootUpTime
    Write-Host "Last Boot Time: $($os.LastBootUpTime)"
    Write-Host "System Uptime: $($uptime.Days) days, $($uptime.Hours) hours, $($uptime.Minutes) minutes"
}

function Get-WindowsUpdates {
    Write-Host "`nLast 5 Installed Windows Updates:" -ForegroundColor Yellow
    Get-HotFix | Sort-Object InstalledOn -Descending | Select-Object -First 5 | 
        Format-Table HotFixID, Description, InstalledOn -AutoSize
}

function Get-EventLogSummary {
    Write-Host "`nEvent Log Summary (Last 24 Hours):" -ForegroundColor Yellow
    $startTime = (Get-Date).AddHours(-24)
    $logs = @('System', 'Application')
    foreach ($log in $logs) {
        $events = Get-WinEvent -LogName $log -MaxEvents 1000 | Where-Object { $_.TimeCreated -ge $startTime }
        $errorCount = ($events | Where-Object { $_.LevelDisplayName -eq 'Error' }).Count
        $warningCount = ($events | Where-Object { $_.LevelDisplayName -eq 'Warning' }).Count
        Write-Host "$log Log:"
        Write-Host "  Errors: $errorCount"
        Write-Host "  Warnings: $warningCount"
    }
}

function Get-ServicesStatus {
    Write-Host "`nCritical Services Status:" -ForegroundColor Yellow
    $services = @('wuauserv', 'WinDefend', 'BITS', 'Dhcp', 'Dnscache', 'LanmanServer')
    foreach ($service in $services) {
        $status = (Get-Service $service).Status
        Write-Host "$service : $status"
    }
}

function Get-BatteryStatus {
    Write-Host "`nBattery Status:" -ForegroundColor Yellow
    $battery = Get-WmiObject Win32_Battery
    if ($battery) {
        Write-Host "Battery Level: $($battery.EstimatedChargeRemaining)%"
        Write-Host "Status: $($battery.BatteryStatus)"
    } else {
        Write-Host "No battery detected. This might be a desktop computer."
    }
}

do {
    Show-Menu
    $choice = Read-Host "`nEnter your choice (1-11)"

    switch ($choice) {
        "1"  { Get-CPUInfo }
        "2"  { Get-MemoryDetails }
        "3"  { Get-DiskInfo }
        "4"  { Get-NetworkStats }
        "5"  { Get-TopProcesses }
        "6"  { Get-SystemUptime }
        "7"  { Get-WindowsUpdates }
        "8"  { Get-EventLogSummary }
        "9"  { Get-ServicesStatus }
        "10" { Get-BatteryStatus }
        "11" { Write-Host "Exiting program..." -ForegroundColor Yellow; break }
        default { Write-Host "Invalid choice. Please try again." -ForegroundColor Red }
    }

    if ($choice -ne "11") {
        Read-Host "`nPress Enter to continue..."
    }
} while ($choice -ne "11")

This Advanced System Health Monitor includes:

  1. A comprehensive menu with 11 options
  2. Detailed functions for various system health checks:
    • CPU information and real-time usage
    • Detailed memory usage including page file information
    • Disk space, usage, and health status
    • Network statistics for active adapters
    • Top CPU and memory-consuming processes
    • System uptime and last boot time
    • Recent Windows updates
    • Event log summary for the last 24 hours
    • Status of critical system services
    • Battery status for laptops
  3. Use of advanced PowerShell cmdlets and WMI objects
  4. Formatted output for better readability
  5. More comprehensive system information gathering

This tool provides a detailed overview of system health and performance metrics. It’s useful for:

  • Advanced system monitoring and troubleshooting
  • Identifying potential issues across various system components
  • Gathering comprehensive system information for diagnostics
  • Monitoring critical services and system events

This script is suitable for IT professionals, system administrators, or advanced users who need detailed system health information. It provides a single interface to access a wide range of system metrics and statuses, which would otherwise require navigating through multiple system tools or running several different commands.