Active Directory Computer Analysis Tool

/0 Comments/in /by 

<#
.SYNOPSIS
Active Directory Computer Analysis Tool

.DESCRIPTION
This script analyzes computer accounts in Active Directory, providing detailed information
about computer properties, group memberships, operating systems, and potential issues.

.NOTES
File Name      : ADComputerAnalyzer.ps1
Author         : [Your Name]
Prerequisite   : PowerShell V5.1 or later, Active Directory module, and appropriate AD permissions
Version        : 1.0
Date           : [Current Date]

.EXAMPLE
.\ADComputerAnalyzer.ps1
#>

# Import required modules
Import-Module ActiveDirectory

# Global variables
$global:reportPath = "$env:USERPROFILE\Desktop\AD_Computer_Analysis_Report_$(Get-Date -Format 'yyyyMMdd_HHmmss').html"

<#
.SYNOPSIS
Displays the main menu of the tool.
#>
function Show-Menu {
    Clear-Host
    Write-Host "=== Active Directory Computer Analysis Tool ===" -ForegroundColor Cyan
    Write-Host "1. Analyze Computer Account Statuses"
    Write-Host "2. Check Operating System Distribution"
    Write-Host "3. Analyze Group Memberships"
    Write-Host "4. Identify Inactive Computer Accounts"
    Write-Host "5. Check for Outdated Operating Systems"
    Write-Host "6. Analyze Computer Account Properties"
    Write-Host "7. Check DNS Registration Status"
    Write-Host "8. Generate Comprehensive HTML Report"
    Write-Host "9. Exit"
}

<#
.SYNOPSIS
Analyzes computer account statuses.

.OUTPUTS
Array of PSObjects containing computer account status details.
#>
function Analyze-ComputerAccountStatuses {
    Write-Host "`nAnalyzing Computer Account Statuses..." -ForegroundColor Yellow
    $computers = Get-ADComputer -Filter * -Properties Enabled, PasswordLastSet
    $statuses = @()
    foreach ($computer in $computers) {
        $statuses += [PSCustomObject]@{
            ComputerName = $computer.Name
            Enabled = $computer.Enabled
            PasswordLastSet = $computer.PasswordLastSet
            DaysSincePasswordSet = if ($computer.PasswordLastSet) { ((Get-Date) - $computer.PasswordLastSet).Days } else { "N/A" }
        }
    }
    $statuses | Format-Table -AutoSize
    return $statuses
}

<#
.SYNOPSIS
Checks operating system distribution.

.OUTPUTS
Array of PSObjects containing OS distribution details.
#>
function Check-OSDistribution {
    Write-Host "`nChecking Operating System Distribution..." -ForegroundColor Yellow
    $computers = Get-ADComputer -Filter * -Properties OperatingSystem
    $osDistribution = $computers | Group-Object -Property OperatingSystem | Select-Object Name, Count
    $osDistribution | Format-Table -AutoSize
    return $osDistribution
}

<#
.SYNOPSIS
Analyzes group memberships.

.OUTPUTS
Array of PSObjects containing group membership details.
#>
function Analyze-GroupMemberships {
    Write-Host "`nAnalyzing Group Memberships..." -ForegroundColor Yellow
    $computers = Get-ADComputer -Filter * -Properties MemberOf
    $memberships = @()
    foreach ($computer in $computers) {
        $groups = $computer.MemberOf | ForEach-Object { (Get-ADGroup $_).Name }
        $memberships += [PSCustomObject]@{
            ComputerName = $computer.Name
            GroupCount = $groups.Count
            Groups = $groups -join ", "
        }
    }
    $memberships | Format-Table -AutoSize
    return $memberships
}

<#
.SYNOPSIS
Identifies inactive computer accounts.

.OUTPUTS
Array of PSObjects containing inactive computer account details.
#>
function Identify-InactiveComputerAccounts {
    Write-Host "`nIdentifying Inactive Computer Accounts..." -ForegroundColor Yellow
    $inactiveThreshold = (Get-Date).AddDays(-90)
    $computers = Get-ADComputer -Filter {Enabled -eq $true} -Properties LastLogonDate
    $inactiveComputers = @()
    foreach ($computer in $computers) {
        if ($computer.LastLogonDate -lt $inactiveThreshold) {
            $inactiveComputers += [PSCustomObject]@{
                ComputerName = $computer.Name
                LastLogonDate = $computer.LastLogonDate
                DaysSinceLastLogon = ((Get-Date) - $computer.LastLogonDate).Days
            }
        }
    }
    $inactiveComputers | Format-Table -AutoSize
    return $inactiveComputers
}

<#
.SYNOPSIS
Checks for outdated operating systems.

.OUTPUTS
Array of PSObjects containing outdated OS details.
#>
function Check-OutdatedOS {
    Write-Host "`nChecking for Outdated Operating Systems..." -ForegroundColor Yellow
    $computers = Get-ADComputer -Filter * -Properties OperatingSystem, OperatingSystemVersion
    $outdatedOS = @()
    foreach ($computer in $computers) {
        if ($computer.OperatingSystem -like "*Windows 7*" -or 
            $computer.OperatingSystem -like "*Windows 8*" -or 
            $computer.OperatingSystem -like "*Windows Server 2008*" -or 
            $computer.OperatingSystem -like "*Windows Server 2012*") {
            $outdatedOS += [PSCustomObject]@{
                ComputerName = $computer.Name
                OperatingSystem = $computer.OperatingSystem
                OSVersion = $computer.OperatingSystemVersion
            }
        }
    }
    $outdatedOS | Format-Table -AutoSize
    return $outdatedOS
}

<#
.SYNOPSIS
Analyzes computer account properties.

.OUTPUTS
Array of PSObjects containing computer account property details.
#>
function Analyze-ComputerAccountProperties {
    Write-Host "`nAnalyzing Computer Account Properties..." -ForegroundColor Yellow
    $computers = Get-ADComputer -Filter * -Properties *
    $properties = @()
    foreach ($computer in $computers) {
        $properties += [PSCustomObject]@{
            ComputerName = $computer.Name
            OperatingSystem = $computer.OperatingSystem
            IPAddress = $computer.IPv4Address
            Created = $computer.Created
            LastModified = $computer.Modified
            Description = $computer.Description
        }
    }
    $properties | Format-Table -AutoSize
    return $properties
}

<#
.SYNOPSIS
Checks DNS registration status.

.OUTPUTS
Array of PSObjects containing DNS registration status details.
#>
function Check-DNSRegistrationStatus {
    Write-Host "`nChecking DNS Registration Status..." -ForegroundColor Yellow
    $computers = Get-ADComputer -Filter * -Properties DNSHostName
    $dnsStatus = @()
    foreach ($computer in $computers) {
        $pingResult = Test-Connection -ComputerName $computer.DNSHostName -Count 1 -ErrorAction SilentlyContinue
        $dnsStatus += [PSCustomObject]@{
            ComputerName = $computer.Name
            DNSHostName = $computer.DNSHostName
            Pingable = if ($pingResult) { $true } else { $false }
        }
    }
    $dnsStatus | Format-Table -AutoSize
    return $dnsStatus
}

<#
.SYNOPSIS
Generates a comprehensive HTML report of all analyses.

.PARAMETER AllResults
Hashtable containing all analysis results.

.OUTPUTS
Saves an HTML report to the desktop.
#>
function Generate-HTMLReport {
    param([hashtable]$AllResults)

    Write-Host "`nGenerating Comprehensive HTML Report..." -ForegroundColor Yellow
    $reportContent = @"
<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>AD Computer Analysis Report</title>
    <style>
        body { font-family: Arial, sans-serif; line-height: 1.6; color: #333; max-width: 1200px; margin: 0 auto; padding: 20px; }
        h1, h2, h3 { color: #0078D4; }
        table { border-collapse: collapse; width: 100%; margin-bottom: 20px; }
        th, td { border: 1px solid #ddd; padding: 8px; text-align: left; }
        th { background-color: #f2f2f2; }
    </style>
</head>
<body>
    <h1>Active Directory Computer Analysis Report</h1>
    <p>Generated on: $(Get-Date)</p>

    <h2>Computer Account Statuses</h2>
    $($AllResults.AccountStatuses | ConvertTo-Html -Fragment)

    <h2>Operating System Distribution</h2>
    $($AllResults.OSDistribution | ConvertTo-Html -Fragment)

    <h2>Group Memberships</h2>
    $($AllResults.GroupMemberships | ConvertTo-Html -Fragment)

    <h2>Inactive Computer Accounts</h2>
    $($AllResults.InactiveAccounts | ConvertTo-Html -Fragment)

    <h2>Outdated Operating Systems</h2>
    $($AllResults.OutdatedOS | ConvertTo-Html -Fragment)

    <h2>Computer Account Properties</h2>
    $($AllResults.AccountProperties | ConvertTo-Html -Fragment)

    <h2>DNS Registration Status</h2>
    $($AllResults.DNSStatus | ConvertTo-Html -Fragment)
</body>
</html>
"@

    $reportContent | Out-File -FilePath $global:reportPath
    Write-Host "Report generated and saved to: $global:reportPath" -ForegroundColor Green
}

# Main program loop
$allResults = @{}

do {
    Show-Menu
    $choice = Read-Host "`nEnter your choice (1-9)"

    switch ($choice) {
        "1" { $allResults.AccountStatuses = Analyze-ComputerAccountStatuses }
        "2" { $allResults.OSDistribution = Check-OSDistribution }
        "3" { $allResults.GroupMemberships = Analyze-GroupMemberships }
        "4" { $allResults.InactiveAccounts = Identify-InactiveComputerAccounts }
        "5" { $allResults.OutdatedOS = Check-OutdatedOS }
        "6" { $allResults.AccountProperties = Analyze-ComputerAccountProperties }
        "7" { $allResults.DNSStatus = Check-DNSRegistrationStatus }
        "8" { Generate-HTMLReport -AllResults $allResults }
        "9" { Write-Host "Exiting program..." -ForegroundColor Yellow; break }
        default { Write-Host "Invalid choice. Please try again." -ForegroundColor Red }
    }

    if ($choice -ne "9") {
        Read-Host "`nPress Enter to continue..."
    }
} while ($choice -ne "9")

This Active Directory Computer Analysis Tool includes:

  1. A menu-driven interface for easy navigation.
  2. Functions to analyze various aspects of computer accounts:
    • Computer account statuses (enabled, password last set)
    • Operating system distribution
    • Group memberships
    • Inactive computer accounts
    • Outdated operating systems
    • Computer account properties
    • DNS registration status
  3. Comprehensive error handling for each analysis function.
  4. A function to generate an HTML report of all collected data.

Key features:

  • Detailed analysis of computer account statuses and properties
  • Overview of operating system distribution across the domain
  • Identification of inactive computer accounts
  • Detection of outdated operating systems
  • Analysis of group memberships for computer accounts
  • Checking DNS registration status and connectivity
  • HTML report generation for easy sharing and viewing of results

This tool is particularly useful for:

  • Active Directory administrators managing computer accounts
  • IT security professionals auditing computer account security
  • System administrators planning OS upgrades or migrations
  • Network administrators troubleshooting DNS and connectivity issues

To use this script effectively:

  1. Run PowerShell as an administrator
  2. Ensure you have the necessary permissions to query AD computer information
  3. Have the Active Directory PowerShell module installed

This script provides a comprehensive overview of computer accounts in an Active Directory environment, making it easier to identify security issues, outdated systems, or potential network problems. It can significantly streamline the process of auditing and maintaining computer accounts in large or complex AD environments.

You might also like
Local Admin User and Group Toolkit
Advanced System Health Monitor
Script Template for PowerShell
Domain Check Toolkit
Microsoft 365 Security Check Tool
Network Traffic Analyzer Tool
0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *