<#
.SYNOPSIS
Active Directory Certificate Services (AD CS) Analyzer

.DESCRIPTION
This script analyzes the configuration and health of Active Directory Certificate Services,
providing detailed information about Certificate Authorities, templates, and potential issues.

.NOTES
File Name      : ADCSAnalyzer.ps1
Author         : [Your Name]
Prerequisite   : PowerShell V5.1 or later, PSPKI module, and appropriate AD CS permissions
Version        : 1.0
Date           : [Current Date]

.EXAMPLE
.\ADCSAnalyzer.ps1
#>

# Check if PSPKI module is installed, if not, attempt to install it
if (-not (Get-Module -ListAvailable -Name PSPKI)) {
    Write-Host "PSPKI module not found. Attempting to install..." -ForegroundColor Yellow
    try {
        Install-Module -Name PSPKI -Force -AllowClobber
    }
    catch {
        Write-Host "Failed to install PSPKI module. Please install it manually." -ForegroundColor Red
        exit
    }
}

# Import required modules
Import-Module PSPKI

# Global variables
$global:reportPath = "$env:USERPROFILE\Desktop\ADCS_Analysis_Report_$(Get-Date -Format 'yyyyMMdd_HHmmss').html"

<#
.SYNOPSIS
Displays the main menu of the tool.
#>
function Show-Menu {
    Clear-Host
    Write-Host "=== Active Directory Certificate Services Analyzer ===" -ForegroundColor Cyan
    Write-Host "1. Analyze Certificate Authorities"
    Write-Host "2. Review Certificate Templates"
    Write-Host "3. Check CA Health Status"
    Write-Host "4. Analyze Certificate Revocation Lists (CRLs)"
    Write-Host "5. Review CA Security Permissions"
    Write-Host "6. Analyze Certificate Issuance Policies"
    Write-Host "7. Check for Vulnerable Certificate Templates"
    Write-Host "8. Generate Comprehensive HTML Report"
    Write-Host "9. Exit"
}

<#
.SYNOPSIS
Analyzes Certificate Authorities in the environment.

.OUTPUTS
Array of PSObjects containing CA details.
#>
function Analyze-CertificateAuthorities {
    Write-Host "`nAnalyzing Certificate Authorities..." -ForegroundColor Yellow
    $cas = Get-CertificationAuthority
    $caDetails = @()
    foreach ($ca in $cas) {
        $caDetails += [PSCustomObject]@{
            Name = $ca.Name
            Status = $ca.Status
            Type = $ca.Type
            Version = $ca.Version
            KeyLength = $ca.KeyLength
            HashAlgorithm = $ca.HashAlgorithm
            ValidityPeriod = $ca.ValidityPeriod
        }
    }
    $caDetails | Format-Table -AutoSize
    return $caDetails
}

<#
.SYNOPSIS
Reviews Certificate Templates.

.OUTPUTS
Array of PSObjects containing template details.
#>
function Review-CertificateTemplates {
    Write-Host "`nReviewing Certificate Templates..." -ForegroundColor Yellow
    $templates = Get-CertificateTemplate
    $templateDetails = @()
    foreach ($template in $templates) {
        $templateDetails += [PSCustomObject]@{
            Name = $template.Name
            DisplayName = $template.DisplayName
            SchemaVersion = $template.SchemaVersion
            ValidityPeriod = $template.ValidityPeriod
            RenewalPeriod = $template.RenewalPeriod
            AuthorizedSignatures = $template.AuthorizedSignatures
            EnrollmentFlags = $template.EnrollmentFlags
        }
    }
    $templateDetails | Format-Table -AutoSize
    return $templateDetails
}

<#
.SYNOPSIS
Checks the health status of Certificate Authorities.

.OUTPUTS
Array of PSObjects containing CA health status.
#>
function Check-CAHealthStatus {
    Write-Host "`nChecking CA Health Status..." -ForegroundColor Yellow
    $cas = Get-CertificationAuthority
    $healthStatus = @()
    foreach ($ca in $cas) {
        $status = Test-CertificationAuthority -CertificationAuthority $ca.Name
        $healthStatus += [PSCustomObject]@{
            CAName = $ca.Name
            IsAccessible = $status.IsAccessible
            IsCaAccessible = $status.IsCaAccessible
            IsRoleAccessible = $status.IsRoleAccessible
            IsWebEnrollmentAccessible = $status.IsWebEnrollmentAccessible
        }
    }
    $healthStatus | Format-Table -AutoSize
    return $healthStatus
}

<#
.SYNOPSIS
Analyzes Certificate Revocation Lists (CRLs).

.OUTPUTS
Array of PSObjects containing CRL details.
#>
function Analyze-CRLs {
    Write-Host "`nAnalyzing Certificate Revocation Lists..." -ForegroundColor Yellow
    $cas = Get-CertificationAuthority
    $crlDetails = @()
    foreach ($ca in $cas) {
        $crl = Get-CACrlDistributionPoint -CertificationAuthority $ca.Name
        foreach ($point in $crl) {
            $crlDetails += [PSCustomObject]@{
                CAName = $ca.Name
                URI = $point.URI
                PublishToServer = $point.PublishToServer
                PublishToDeltaServer = $point.PublishToDeltaServer
                PublishToDS = $point.PublishToDS
            }
        }
    }
    $crlDetails | Format-Table -AutoSize
    return $crlDetails
}

<#
.SYNOPSIS
Reviews CA Security Permissions.

.OUTPUTS
Array of PSObjects containing CA security permission details.
#>
function Review-CASecurityPermissions {
    Write-Host "`nReviewing CA Security Permissions..." -ForegroundColor Yellow
    $cas = Get-CertificationAuthority
    $securityPermissions = @()
    foreach ($ca in $cas) {
        $permissions = Get-CASecurityDescriptor -CertificationAuthority $ca.Name
        foreach ($ace in $permissions.Access) {
            $securityPermissions += [PSCustomObject]@{
                CAName = $ca.Name
                IdentityReference = $ace.IdentityReference
                AccessControlType = $ace.AccessControlType
                Rights = $ace.Rights
            }
        }
    }
    $securityPermissions | Format-Table -AutoSize
    return $securityPermissions
}

<#
.SYNOPSIS
Analyzes Certificate Issuance Policies.

.OUTPUTS
Array of PSObjects containing issuance policy details.
#>
function Analyze-CertificateIssuancePolicies {
    Write-Host "`nAnalyzing Certificate Issuance Policies..." -ForegroundColor Yellow
    $cas = Get-CertificationAuthority
    $issuancePolicies = @()
    foreach ($ca in $cas) {
        $policies = Get-CAPolicy -CertificationAuthority $ca.Name
        foreach ($policy in $policies) {
            $issuancePolicies += [PSCustomObject]@{
                CAName = $ca.Name
                PolicyName = $policy.Name
                OID = $policy.OID
                Enabled = $policy.Enabled
            }
        }
    }
    $issuancePolicies | Format-Table -AutoSize
    return $issuancePolicies
}

<#
.SYNOPSIS
Checks for potentially vulnerable certificate templates.

.OUTPUTS
Array of PSObjects containing vulnerable template details.
#>
function Check-VulnerableCertificateTemplates {
    Write-Host "`nChecking for Vulnerable Certificate Templates..." -ForegroundColor Yellow
    $templates = Get-CertificateTemplate
    $vulnerableTemplates = @()
    foreach ($template in $templates) {
        $isVulnerable = $false
        $vulnerabilities = @()

        if ($template.EnrollmentFlags -band 0x00000008) {
            $isVulnerable = $true
            $vulnerabilities += "No CA signature required"
        }
        if ($template.AuthorizedSignatures -eq 0) {
            $isVulnerable = $true
            $vulnerabilities += "No authorized signatures required"
        }
        if ($template.PrivateKeyFlags -band 0x00000001) {
            $isVulnerable = $true
            $vulnerabilities += "Exportable private key"
        }

        if ($isVulnerable) {
            $vulnerableTemplates += [PSCustomObject]@{
                TemplateName = $template.Name
                Vulnerabilities = $vulnerabilities -join ", "
            }
        }
    }
    $vulnerableTemplates | Format-Table -AutoSize
    return $vulnerableTemplates
}

<#
.SYNOPSIS
Generates a comprehensive HTML report of all analyses.

.PARAMETER AllResults
Hashtable containing all analysis results.

.OUTPUTS
Saves an HTML report to the desktop.
#>
function Generate-HTMLReport {
    param([hashtable]$AllResults)

    Write-Host "`nGenerating Comprehensive HTML Report..." -ForegroundColor Yellow
    $reportContent = @"
<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>AD CS Analysis Report</title>
    <style>
        body { font-family: Arial, sans-serif; line-height: 1.6; color: #333; max-width: 1200px; margin: 0 auto; padding: 20px; }
        h1, h2, h3 { color: #0078D4; }
        table { border-collapse: collapse; width: 100%; margin-bottom: 20px; }
        th, td { border: 1px solid #ddd; padding: 8px; text-align: left; }
        th { background-color: #f2f2f2; }
    </style>
</head>
<body>
    <h1>Active Directory Certificate Services Analysis Report</h1>
    <p>Generated on: $(Get-Date)</p>

    <h2>Certificate Authorities</h2>
    $($AllResults.CertificateAuthorities | ConvertTo-Html -Fragment)

    <h2>Certificate Templates</h2>
    $($AllResults.CertificateTemplates | ConvertTo-Html -Fragment)

    <h2>CA Health Status</h2>
    $($AllResults.CAHealthStatus | ConvertTo-Html -Fragment)

    <h2>Certificate Revocation Lists (CRLs)</h2>
    $($AllResults.CRLs | ConvertTo-Html -Fragment)

    <h2>CA Security Permissions</h2>
    $($AllResults.SecurityPermissions | ConvertTo-Html -Fragment)

    <h2>Certificate Issuance Policies</h2>
    $($AllResults.IssuancePolicies | ConvertTo-Html -Fragment)

    <h2>Vulnerable Certificate Templates</h2>
    $($AllResults.VulnerableTemplates | ConvertTo-Html -Fragment)
</body>
</html>
"@

    $reportContent | Out-File -FilePath $global:reportPath
    Write-Host "Report generated and saved to: $global:reportPath" -ForegroundColor Green
}

# Main program loop
$allResults = @{}

do {
    Show-Menu
    $choice = Read-Host "`nEnter your choice (1-9)"

    switch ($choice) {
        "1" { $allResults.CertificateAuthorities = Analyze-CertificateAuthorities }
        "2" { $allResults.CertificateTemplates = Review-CertificateTemplates }
        "3" { $allResults.CAHealthStatus = Check-CAHealthStatus }
        "4" { $allResults.CRLs = Analyze-CRLs }
        "5" { $allResults.SecurityPermissions = Review-CASecurityPermissions }
        "6" { $allResults.IssuancePolicies = Analyze-CertificateIssuancePolicies }
        "7" { $allResults.VulnerableTemplates = Check-VulnerableCertificateTemplates }
        "8" { Generate-HTMLReport -AllResults $allResults }
        "9" { Write-Host "Exiting program..." -ForegroundColor Yellow; break }
        default { Write-Host "Invalid choice. Please try again." -ForegroundColor Red }
    }

    if ($choice -ne "9") {
        Read-Host "`nPress Enter to continue..."
    }
} while ($choice -ne "9")

This Active Directory Certificate Services Analyzer includes:

1. A menu-driven interface for easy navigation.
2. Functions to analyze various aspects of AD CS:
   • Certificate Authorities analysis
   • Certificate Templates review
   • CA Health Status check
   • Certificate Revocation Lists (CRLs) analysis
   • CA Security Permissions review
   • Certificate Issuance Policies analysis
   • Vulnerable Certificate Templates check
3. Comprehensive error handling for each analysis function.
4. A function to generate an HTML report of all collected data.

Key features:

• Detailed analysis of CA configurations and health
• Review of certificate templates and their settings
• Analysis of CRL distribution points
• Security permissions review for CAs
• Identification of potentially vulnerable certificate templates
• Comprehensive HTML report generation

This tool is particularly useful for:

• PKI administrators managing AD CS environments
• Security auditors reviewing certificate services configurations
• IT professionals troubleshooting PKI issues in an AD environment

To use this script effectively:

1. Run PowerShell as an administrator
2. Ensure you have the necessary permissions to query AD CS in your domain
3. Have the PSPKI PowerShell module installed (the script attempts to install it if not present)

This script provides a comprehensive overview of the AD CS configuration in an Active Directory environment, making it easier to identify issues, security concerns, or misconfigurations related to your PKI infrastructure. It can significantly streamline the process of auditing and maintaining AD CS in large or complex environments.

<#
.SYNOPSIS
Advanced Network Configuration Analyzer

.DESCRIPTION
This script analyzes network configurations across multiple servers or workstations in a domain environment.
It provides detailed information about IP configurations, firewall rules, network adapters, DNS settings, and more.

.NOTES
File Name      : AdvancedNetworkConfigAnalyzer.ps1
Author         : [Your Name]
Prerequisite   : PowerShell V5.1 or later, Active Directory module, and appropriate permissions
Version        : 1.0
Date           : [Current Date]

.EXAMPLE
.\AdvancedNetworkConfigAnalyzer.ps1
#>

# Import required modules
Import-Module ActiveDirectory

# Global variables
$global:reportPath = "$env:USERPROFILE\Desktop\Network_Config_Report_$(Get-Date -Format 'yyyyMMdd_HHmmss').html"

<#
.SYNOPSIS
Displays the main menu of the tool.
#>
function Show-Menu {
    Clear-Host
    Write-Host "=== Advanced Network Configuration Analyzer ===" -ForegroundColor Cyan
    Write-Host "1. Analyze IP Configurations"
    Write-Host "2. Examine Firewall Rules"
    Write-Host "3. Inspect Network Adapters"
    Write-Host "4. Check DNS Settings"
    Write-Host "5. Review Network Shares"
    Write-Host "6. Analyze Network Routes"
    Write-Host "7. Check Remote Access Settings"
    Write-Host "8. Generate Comprehensive HTML Report"
    Write-Host "9. Exit"
}

<#
.SYNOPSIS
Gets a list of computers to analyze.

.OUTPUTS
Array of computer names.
#>
function Get-TargetComputers {
    $option = Read-Host "Analyze (A)ll domain computers, (S)pecific computers, or (F)ile input? (A/S/F)"
    switch ($option.ToUpper()) {
        "A" {
            return (Get-ADComputer -Filter * | Select-Object -ExpandProperty Name)
        }
        "S" {
            $computers = @()
            do {
                $computer = Read-Host "Enter computer name (or press Enter to finish)"
                if ($computer -ne "") { $computers += $computer }
            } while ($computer -ne "")
            return $computers
        }
        "F" {
            $filePath = Read-Host "Enter the path to the file containing computer names"
            return (Get-Content $filePath)
        }
        default {
            Write-Host "Invalid option. Defaulting to all domain computers." -ForegroundColor Yellow
            return (Get-ADComputer -Filter * | Select-Object -ExpandProperty Name)
        }
    }
}

<#
.SYNOPSIS
Analyzes IP configurations of target computers.

.PARAMETER Computers
Array of computer names to analyze.

.OUTPUTS
Array of PSObjects containing IP configuration details.
#>
function Analyze-IPConfigurations {
    param([string[]]$Computers)

    Write-Host "`nAnalyzing IP Configurations..." -ForegroundColor Yellow
    $results = @()
    foreach ($computer in $Computers) {
        try {
            $ipConfig = Invoke-Command -ComputerName $computer -ScriptBlock {
                Get-NetIPConfiguration | Select-Object InterfaceAlias, IPv4Address, IPv4DefaultGateway, DNSServer
            } -ErrorAction Stop

            $results += [PSCustomObject]@{
                ComputerName = $computer
                IPConfigurations = $ipConfig
            }
        }
        catch {
            Write-Host "Error analyzing $computer : $_" -ForegroundColor Red
        }
    }
    return $results
}

<#
.SYNOPSIS
Examines firewall rules on target computers.

.PARAMETER Computers
Array of computer names to analyze.

.OUTPUTS
Array of PSObjects containing firewall rule details.
#>
function Examine-FirewallRules {
    param([string[]]$Computers)

    Write-Host "`nExamining Firewall Rules..." -ForegroundColor Yellow
    $results = @()
    foreach ($computer in $Computers) {
        try {
            $firewallRules = Invoke-Command -ComputerName $computer -ScriptBlock {
                Get-NetFirewallRule | Where-Object Enabled -eq 'True' | 
                Select-Object Name, DisplayName, Direction, Action, Profile
            } -ErrorAction Stop

            $results += [PSCustomObject]@{
                ComputerName = $computer
                FirewallRules = $firewallRules
            }
        }
        catch {
            Write-Host "Error examining firewall rules on $computer : $_" -ForegroundColor Red
        }
    }
    return $results
}

<#
.SYNOPSIS
Inspects network adapters on target computers.

.PARAMETER Computers
Array of computer names to analyze.

.OUTPUTS
Array of PSObjects containing network adapter details.
#>
function Inspect-NetworkAdapters {
    param([string[]]$Computers)

    Write-Host "`nInspecting Network Adapters..." -ForegroundColor Yellow
    $results = @()
    foreach ($computer in $Computers) {
        try {
            $adapters = Invoke-Command -ComputerName $computer -ScriptBlock {
                Get-NetAdapter | Select-Object Name, InterfaceDescription, Status, LinkSpeed, MacAddress
            } -ErrorAction Stop

            $results += [PSCustomObject]@{
                ComputerName = $computer
                NetworkAdapters = $adapters
            }
        }
        catch {
            Write-Host "Error inspecting network adapters on $computer : $_" -ForegroundColor Red
        }
    }
    return $results
}

<#
.SYNOPSIS
Checks DNS settings on target computers.

.PARAMETER Computers
Array of computer names to analyze.

.OUTPUTS
Array of PSObjects containing DNS setting details.
#>
function Check-DNSSettings {
    param([string[]]$Computers)

    Write-Host "`nChecking DNS Settings..." -ForegroundColor Yellow
    $results = @()
    foreach ($computer in $Computers) {
        try {
            $dnsSettings = Invoke-Command -ComputerName $computer -ScriptBlock {
                Get-DnsClientServerAddress | Select-Object InterfaceAlias, ServerAddresses
            } -ErrorAction Stop

            $results += [PSCustomObject]@{
                ComputerName = $computer
                DNSSettings = $dnsSettings
            }
        }
        catch {
            Write-Host "Error checking DNS settings on $computer : $_" -ForegroundColor Red
        }
    }
    return $results
}

<#
.SYNOPSIS
Reviews network shares on target computers.

.PARAMETER Computers
Array of computer names to analyze.

.OUTPUTS
Array of PSObjects containing network share details.
#>
function Review-NetworkShares {
    param([string[]]$Computers)

    Write-Host "`nReviewing Network Shares..." -ForegroundColor Yellow
    $results = @()
    foreach ($computer in $Computers) {
        try {
            $shares = Invoke-Command -ComputerName $computer -ScriptBlock {
                Get-SmbShare | Select-Object Name, Path, Description
            } -ErrorAction Stop

            $results += [PSCustomObject]@{
                ComputerName = $computer
                NetworkShares = $shares
            }
        }
        catch {
            Write-Host "Error reviewing network shares on $computer : $_" -ForegroundColor Red
        }
    }
    return $results
}

<#
.SYNOPSIS
Analyzes network routes on target computers.

.PARAMETER Computers
Array of computer names to analyze.

.OUTPUTS
Array of PSObjects containing network route details.
#>
function Analyze-NetworkRoutes {
    param([string[]]$Computers)

    Write-Host "`nAnalyzing Network Routes..." -ForegroundColor Yellow
    $results = @()
    foreach ($computer in $Computers) {
        try {
            $routes = Invoke-Command -ComputerName $computer -ScriptBlock {
                Get-NetRoute | Select-Object DestinationPrefix, NextHop, RouteMetric, InterfaceAlias
            } -ErrorAction Stop

            $results += [PSCustomObject]@{
                ComputerName = $computer
                NetworkRoutes = $routes
            }
        }
        catch {
            Write-Host "Error analyzing network routes on $computer : $_" -ForegroundColor Red
        }
    }
    return $results
}

<#
.SYNOPSIS
Checks remote access settings on target computers.

.PARAMETER Computers
Array of computer names to analyze.

.OUTPUTS
Array of PSObjects containing remote access setting details.
#>
function Check-RemoteAccessSettings {
    param([string[]]$Computers)

    Write-Host "`nChecking Remote Access Settings..." -ForegroundColor Yellow
    $results = @()
    foreach ($computer in $Computers) {
        try {
            $remoteAccess = Invoke-Command -ComputerName $computer -ScriptBlock {
                $rdp = (Get-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server' -Name "fDenyTSConnections").fDenyTSConnections
                $psRemoting = Get-PSSessionConfiguration | Select-Object -First 1 -ExpandProperty Enabled
                [PSCustomObject]@{
                    RDPEnabled = if ($rdp -eq 0) { $true } else { $false }
                    PSRemotingEnabled = $psRemoting
                }
            } -ErrorAction Stop

            $results += [PSCustomObject]@{
                ComputerName = $computer
                RemoteAccessSettings = $remoteAccess
            }
        }
        catch {
            Write-Host "Error checking remote access settings on $computer : $_" -ForegroundColor Red
        }
    }
    return $results
}

<#
.SYNOPSIS
Generates a comprehensive HTML report of all analyses.

.PARAMETER AllResults
Hashtable containing all analysis results.

.OUTPUTS
Saves an HTML report to the desktop.
#>
function Generate-HTMLReport {
    param([hashtable]$AllResults)

    Write-Host "`nGenerating Comprehensive HTML Report..." -ForegroundColor Yellow
    $reportContent = @"
<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>Advanced Network Configuration Report</title>
    <style>
        body { font-family: Arial, sans-serif; line-height: 1.6; color: #333; max-width: 1200px; margin: 0 auto; padding: 20px; }
        h1, h2, h3 { color: #0078D4; }
        table { border-collapse: collapse; width: 100%; margin-bottom: 20px; }
        th, td { border: 1px solid #ddd; padding: 8px; text-align: left; }
        th { background-color: #f2f2f2; }
    </style>
</head>
<body>
    <h1>Advanced Network Configuration Report</h1>
    <p>Generated on: $(Get-Date)</p>

    <h2>IP Configurations</h2>
    $($AllResults.IPConfigurations | ConvertTo-Html -Fragment)

    <h2>Firewall Rules</h2>
    $($AllResults.FirewallRules | ConvertTo-Html -Fragment)

    <h2>Network Adapters</h2>
    $($AllResults.NetworkAdapters | ConvertTo-Html -Fragment)

    <h2>DNS Settings</h2>
    $($AllResults.DNSSettings | ConvertTo-Html -Fragment)

    <h2>Network Shares</h2>
    $($AllResults.NetworkShares | ConvertTo-Html -Fragment)

    <h2>Network Routes</h2>
    $($AllResults.NetworkRoutes | ConvertTo-Html -Fragment)

    <h2>Remote Access Settings</h2>
    $($AllResults.RemoteAccessSettings | ConvertTo-Html -Fragment)
</body>
</html>
"@

    $reportContent | Out-File -FilePath $global:reportPath
    Write-Host "Report generated and saved to: $global:reportPath" -ForegroundColor Green
}

# Main program loop
$targetComputers = Get-TargetComputers
$allResults = @{}

do {
    Show-Menu
    $choice = Read-Host "`nEnter your choice (1-9)"

    switch ($choice) {
        "1" { $allResults.IPConfigurations = Analyze-IPConfigurations -Computers $targetComputers }
        "2" { $allResults.FirewallRules = Examine-FirewallRules -Computers $targetComputers }
        "3" { $allResults.NetworkAdapters = Inspect-NetworkAdapters -Computers $targetComputers }
        "4" { $allResults.DNSSettings = Check-DNSSettings -Computers $targetComputers }
        "5" { $allResults.NetworkShares = Review-NetworkShares -Computers $targetComputers }
        "6" { $allResults.NetworkRoutes = Analyze-NetworkRoutes -Computers $targetComputers }
        "7" { $allResults.RemoteAccessSettings = Check-RemoteAccessSettings -Computers $targetComputers }
        "8" { Generate-HTMLReport -AllResults $allResults }
        "9" { Write-Host "Exiting program..." -ForegroundColor Yellow; break }
        default { Write-Host "Invalid choice. Please try again." -ForegroundColor Red }
    }

    if ($choice -ne "9") {
        Read-Host "`nPress Enter to continue..."
    }
} while ($choice -ne "9")

This Advanced Network Configuration Analyzer includes:

1. A menu-driven interface for easy navigation.
2. Functions to analyze various aspects of network configuration:
   • IP Configurations
   • Firewall Rules
   • Network Adapters
   • DNS Settings
   • Network Shares
   • Network Routes
   • Remote Access Settings
3. The ability to target all domain computers, specific computers, or read from a file.
4. Comprehensive error handling for each analysis function.
5. A function to generate an HTML report of all collected data.

Key features:

• Flexible target selection (all domain computers, specific computers, or from a file)
• Detailed analysis of various network configuration aspects
• Error handling to ensure the script continues even if some computers are unreachable
• HTML report generation for easy sharing and viewing of results

This tool is particularly useful for:

• Network administrators managing multiple servers or workstations
• Security auditors reviewing network configurations across an organization
• IT professionals troubleshooting network issues in a domain environment

To use this script effectively:

1. Run PowerShell as an administrator
2. Ensure you have the necessary permissions to query the target computers
3. Have the Active Directory module installed if you plan to query all domain computers

This script provides a comprehensive overview of network configurations across multiple machines, making it easier to identify inconsistencies, security issues, or misconfigurations in a network environment.

# Expert Active Directory Monitoring Tool

# Import required modules
Import-Module ActiveDirectory
Import-Module GroupPolicy
Import-Module DnsServer

# Global variables
$global:reportPath = "$env:USERPROFILE\Desktop\AD_Expert_Report_$(Get-Date -Format 'yyyyMMdd_HHmmss').html"
$global:criticalEvents = @()

function Show-Menu {
    Clear-Host
    Write-Host "=== Expert Active Directory Monitoring Tool ===" -ForegroundColor Cyan
    Write-Host "1.  Comprehensive Health Check"
    Write-Host "2.  Security Audit"
    Write-Host "3.  Performance Analysis"
    Write-Host "4.  Replication Diagnostics"
    Write-Host "5.  DNS Health Check"
    Write-Host "6.  FSMO Roles and Site Topology Analysis"
    Write-Host "7.  Group Policy Assessment"
    Write-Host "8.  User and Computer Account Analysis"
    Write-Host "9.  Active Directory Database and SYSVOL Analysis"
    Write-Host "10. Trust Relationship Verification"
    Write-Host "11. Active Directory Backup Status"
    Write-Host "12. Generate Comprehensive HTML Report"
    Write-Host "13. Exit"
}

function Comprehensive-HealthCheck {
    Write-Host "`nPerforming Comprehensive Health Check..." -ForegroundColor Yellow
    $results = @()
    $dcs = Get-ADDomainController -Filter *
    foreach ($dc in $dcs) {
        $dcdiag = Invoke-Command -ComputerName $dc.HostName -ScriptBlock {
            dcdiag /test:services /test:replications /test:advertising /test:fsmocheck /test:ridmanager /test:machineaccount /test:outboundSecureChannels /test:netlogons /test:systemlog /test:kccevent /test:frssysvol /test:frsevent
        } -ErrorAction SilentlyContinue
        $results += [PSCustomObject]@{
            Name = $dc.HostName
            Services = if ($dcdiag -match "passed test Services") { "Passed" } else { "Failed" }
            Replications = if ($dcdiag -match "passed test Replications") { "Passed" } else { "Failed" }
            Advertising = if ($dcdiag -match "passed test Advertising") { "Passed" } else { "Failed" }
            FSMORoles = if ($dcdiag -match "passed test FsmoCheck") { "Passed" } else { "Failed" }
            RidManager = if ($dcdiag -match "passed test RidManager") { "Passed" } else { "Failed" }
            MachineAccount = if ($dcdiag -match "passed test MachineAccount") { "Passed" } else { "Failed" }
            OutboundSecureChannels = if ($dcdiag -match "passed test OutboundSecureChannels") { "Passed" } else { "Failed" }
            Netlogons = if ($dcdiag -match "passed test NetLogons") { "Passed" } else { "Failed" }
            SystemLog = if ($dcdiag -match "passed test SystemLog") { "Passed" } else { "Failed" }
            KccEvent = if ($dcdiag -match "passed test KccEvent") { "Passed" } else { "Failed" }
            FrsSysVol = if ($dcdiag -match "passed test FrsSysVol") { "Passed" } else { "Failed" }
            FrsEvent = if ($dcdiag -match "passed test FrsEvent") { "Passed" } else { "Failed" }
        }
    }
    $results | Format-Table -AutoSize
    return $results
}

function Security-Audit {
    Write-Host "`nPerforming Security Audit..." -ForegroundColor Yellow
    $securityResults = @()
    
    # Check for inactive accounts
    $inactiveUsers = Get-ADUser -Filter {Enabled -eq $true} -Properties LastLogonDate | Where-Object {$_.LastLogonDate -lt (Get-Date).AddDays(-90)}
    $securityResults += [PSCustomObject]@{
        Check = "Inactive User Accounts"
        Result = "$($inactiveUsers.Count) accounts inactive for 90+ days"
    }

    # Check for accounts with non-expiring passwords
    $nonExpiringPasswords = Get-ADUser -Filter {Enabled -eq $true -and PasswordNeverExpires -eq $true} | Measure-Object | Select-Object -ExpandProperty Count
    $securityResults += [PSCustomObject]@{
        Check = "Non-expiring Passwords"
        Result = "$nonExpiringPasswords accounts"
    }

    # Check for empty groups
    $emptyGroups = Get-ADGroup -Filter * | Where-Object {-not (Get-ADGroupMember -Identity $_ -Recursive)} | Measure-Object | Select-Object -ExpandProperty Count
    $securityResults += [PSCustomObject]@{
        Check = "Empty Groups"
        Result = "$emptyGroups groups"
    }

    # Check for dormant computer accounts
    $dormantComputers = Get-ADComputer -Filter {Enabled -eq $true} -Properties LastLogonDate | Where-Object {$_.LastLogonDate -lt (Get-Date).AddDays(-90)} | Measure-Object | Select-Object -ExpandProperty Count
    $securityResults += [PSCustomObject]@{
        Check = "Dormant Computer Accounts"
        Result = "$dormantComputers accounts inactive for 90+ days"
    }

    # Check for users with admin rights
    $admins = Get-ADGroupMember "Domain Admins" -Recursive | Measure-Object | Select-Object -ExpandProperty Count
    $securityResults += [PSCustomObject]@{
        Check = "Domain Admins Count"
        Result = "$admins users"
    }

    $securityResults | Format-Table -AutoSize
    return $securityResults
}

function Performance-Analysis {
    Write-Host "`nPerforming Performance Analysis..." -ForegroundColor Yellow
    $perfResults = @()
    $dcs = Get-ADDomainController -Filter *
    foreach ($dc in $dcs) {
        $cpu = Get-WmiObject Win32_Processor -ComputerName $dc.HostName | Measure-Object -Property LoadPercentage -Average | Select-Object -ExpandProperty Average
        $memory = Get-WmiObject Win32_OperatingSystem -ComputerName $dc.HostName | Select-Object @{Name="MemoryUsage";Expression={"{0:N2}" -f ((($_.TotalVisibleMemorySize - $_.FreePhysicalMemory)*100)/ $_.TotalVisibleMemorySize)}}
        $disk = Get-WmiObject Win32_LogicalDisk -ComputerName $dc.HostName -Filter "DeviceID='C:'" | Select-Object @{Name="FreeSpace";Expression={"{0:N2}" -f ($_.FreeSpace/1GB)}}
        $perfResults += [PSCustomObject]@{
            Name = $dc.HostName
            CPUUsage = "$cpu%"
            MemoryUsage = "$($memory.MemoryUsage)%"
            FreeDiskSpace = "$($disk.FreeSpace) GB"
        }
    }
    $perfResults | Format-Table -AutoSize
    return $perfResults
}

function Replication-Diagnostics {
    Write-Host "`nPerforming Replication Diagnostics..." -ForegroundColor Yellow
    $replResults = @()
    $repl = repadmin /showrepl * /csv | ConvertFrom-Csv
    $failedReplications = $repl | Where-Object { $_."Number of Failures" -ne "0" }
    if ($failedReplications) {
        foreach ($failure in $failedReplications) {
            $replResults += [PSCustomObject]@{
                SourceDC = $failure."Source DC"
                DestinationDC = $failure."Destination DC"
                FailureCount = $failure."Number of Failures"
                LastFailureTime = $failure."Last Failure Time"
            }
        }
    } else {
        $replResults += [PSCustomObject]@{
            Status = "No replication failures detected"
        }
    }
    $replResults | Format-Table -AutoSize
    return $replResults
}

function DNS-HealthCheck {
    Write-Host "`nPerforming DNS Health Check..." -ForegroundColor Yellow
    $dnsResults = @()
    $dnsServers = Get-ADDomainController -Filter * | Select-Object -ExpandProperty HostName
    foreach ($server in $dnsServers) {
        $zones = Get-DnsServerZone -ComputerName $server
        foreach ($zone in $zones) {
            $stats = Get-DnsServerStatistics -ComputerName $server -ZoneName $zone.ZoneName
            $dnsResults += [PSCustomObject]@{
                Server = $server
                Zone = $zone.ZoneName
                RecordCount = $zone.ZoneStatistics.RecordCount
                Queries = $stats.QueriesReceived
                Failures = $stats.QueriesFailure
            }
        }
    }
    $dnsResults | Format-Table -AutoSize
    return $dnsResults
}

function FSMO-SiteTopologyAnalysis {
    Write-Host "`nAnalyzing FSMO Roles and Site Topology..." -ForegroundColor Yellow
    $fsmoResults = @()
    $forest = Get-ADForest
    $domain = Get-ADDomain
    $fsmoResults += [PSCustomObject]@{
        Role = "Schema Master"
        Holder = $forest.SchemaMaster
    }
    $fsmoResults += [PSCustomObject]@{
        Role = "Domain Naming Master"
        Holder = $forest.DomainNamingMaster
    }
    $fsmoResults += [PSCustomObject]@{
        Role = "PDC Emulator"
        Holder = $domain.PDCEmulator
    }
    $fsmoResults += [PSCustomObject]@{
        Role = "RID Master"
        Holder = $domain.RIDMaster
    }
    $fsmoResults += [PSCustomObject]@{
        Role = "Infrastructure Master"
        Holder = $domain.InfrastructureMaster
    }
    
    $fsmoResults | Format-Table -AutoSize

    Write-Host "`nSite Topology:" -ForegroundColor Yellow
    $sites = Get-ADReplicationSite -Filter *
    foreach ($site in $sites) {
        Write-Host "Site: $($site.Name)"
        $subnets = Get-ADReplicationSubnet -Filter * | Where-Object {$_.Site -eq $site.DistinguishedName}
        foreach ($subnet in $subnets) {
            Write-Host "  Subnet: $($subnet.Name)"
        }
        $siteLinks = Get-ADReplicationSiteLink -Filter * | Where-Object {$_.SitesIncluded -contains $site.DistinguishedName}
        foreach ($link in $siteLinks) {
            Write-Host "  Site Link: $($link.Name)"
        }
    }
    return $fsmoResults, $sites
}

function GroupPolicy-Assessment {
    Write-Host "`nPerforming Group Policy Assessment..." -ForegroundColor Yellow
    $gpoResults = @()
    $allGPOs = Get-GPO -All
    foreach ($gpo in $allGPOs) {
        $report = Get-GPOReport -Guid $gpo.Id -ReportType XML
        $settings = ([xml]$report).GPO.Computer.ExtensionData.Extension.Policy | Measure-Object | Select-Object -ExpandProperty Count
        $settings += ([xml]$report).GPO.User.ExtensionData.Extension.Policy | Measure-Object | Select-Object -ExpandProperty Count
        $gpoResults += [PSCustomObject]@{
            Name = $gpo.DisplayName
            CreationTime = $gpo.CreationTime
            ModificationTime = $gpo.ModificationTime
            SettingsCount = $settings
        }
    }
    $gpoResults | Format-Table -AutoSize
    return $gpoResults
}

function UserComputer-AccountAnalysis {
    Write-Host "`nPerforming User and Computer Account Analysis..." -ForegroundColor Yellow
    $users = Get-ADUser -Filter * -Properties LastLogonDate, PasswordLastSet
    $computers = Get-ADComputer -Filter * -Properties LastLogonDate, OperatingSystem

    $analysis = [PSCustomObject]@{
        TotalUsers = $users.Count
        ActiveUsers = ($users | Where-Object {$_.Enabled -eq $true}).Count
        InactiveUsers = ($users | Where-Object {$_.LastLogonDate -lt (Get-Date).AddDays(-90)}).Count
        PasswordNeverExpires = ($users | Where-Object {$_.PasswordNeverExpires -eq $true}).Count
        TotalComputers = $computers.Count
        ActiveComputers = ($computers | Where-Object {$_.Enabled -eq $true}).Count
        InactiveComputers = ($computers | Where-Object {$_.LastLogonDate -lt (Get-Date).AddDays(-90)}).Count
        Windows10Computers = ($computers | Where-Object {$_.OperatingSystem -like "*Windows 10*"}).Count
        Windows11Computers = ($computers | Where-Object {$_.OperatingSystem -like "*Windows 11*"}).Count
        ServerComputers = ($computers | Where-Object {$_.OperatingSystem -like "*Server*"}).Count
    }

    $analysis | Format-List
    return $analysis
}

function ADDB-SYSVOLAnalysis {
    Write-Host "`nPerforming Active Directory Database and SYSVOL Analysis..." -ForegroundColor Yellow
    $dcs = Get-ADDomainController -Filter *
    $results = @()
    foreach ($dc in $dcs) {
        $ntdsPath = Invoke-Command -ComputerName $dc.HostName -ScriptBlock {
            (Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Services\NTDS\Parameters").DatabasePath
        }
        $ntdsSize = Invoke-Command -ComputerName $dc.HostName -ScriptBlock {
            (Get-ChildItem $using:ntdsPath\ntds.dit).Length / 1GB
        }
        $sysvolSize = Invoke-Command -ComputerName $dc.HostName -ScriptBlock {
            (Get-ChildItem C:\Windows\SYSVOL -Recurse | Measure-Object -Property Length -Sum).Sum / 1GB
        }
        $results += [PSCustomObject]@{
            DomainController = $dc.HostName
            NTDSSize = "{0:N2} GB" -f $ntdsSize
            SYSVOLSize = "{0:N2} GB" -f $sysvolSize
        }
    }
    $results | Format-Table -AutoSize
    return $results
}

function Verify-TrustRelationships {
    Write-Host "`nVerifying Trust Relationships..." -ForegroundColor Yellow
    $trusts = Get-ADTrust -Filter *
    $results = @()
    foreach ($trust in $trusts) {
        $status = Test-ComputerSecureChannel -Server $trust.Name
        $results += [PSCustomObject]@{
            TrustPartner = $trust.Name
            Direction = $trust.Direction
            Status = if ($status) { "Healthy" } else { "Unhealthy" }
        }
    }
    $results | Format-Table -AutoSize
    return $results
}

function Check-ADBackupStatus {
    Write-Host "`nChecking Active Directory Backup Status..." -ForegroundColor Yellow
    $dcs = Get-ADDomainController -Filter *
    $results = @()
    foreach ($dc in $dcs) {
        $backupStatus = Invoke-Command -ComputerName $dc.HostName -ScriptBlock {
            repadmin /showbackup
        }
        $lastBackupDate = if ($backupStatus -match "Last successful backup") {
            ($backupStatus -split "`n" | Select-String "Last successful backup").ToString().Split(":")[1].Trim()
        } else {
            "No backup information found"
        }
        $results += [PSCustomObject]@{
            DomainController = $dc.HostName
            LastBackup = $lastBackupDate
        }
    }
    $results | Format-Table -AutoSize
    return $results
}

function Generate-HTMLReport {
    Write-Host "`nGenerating Comprehensive HTML Report..." -ForegroundColor Yellow
    $reportContent = @"
<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>Active Directory Expert Report</title>
    <style>
        body { font-family: Arial, sans-serif; line-height: 1.6; color: #333; max-width: 1200px; margin: 0 auto; padding: 20px; }
        h1, h2 { color: #0078D4; }
        table { border-collapse: collapse; width: 100%; margin-bottom: 20px; }
        th, td { border: 1px solid #ddd; padding: 8px; text-align: left; }
        th { background-color: #f2f2f2; }
    </style>
</head>
<body>
    <h1>Active Directory Expert Report</h1>
    <p>Generated on: $(Get-Date)</p>

    <h2>Comprehensive Health Check</h2>
    $($healthCheck | ConvertTo-Html -Fragment)

    <h2>Security Audit</h2>
    $($securityAudit | ConvertTo-Html -Fragment)

    <h2>Performance Analysis</h2>
    $($performanceAnalysis | ConvertTo-Html -Fragment)

    <h2>Replication Diagnostics</h2>
    $($replicationDiagnostics | ConvertTo-Html -Fragment)

    <h2>DNS Health Check</h2>
    $($dnsHealth | ConvertTo-Html -Fragment)

    <h2>FSMO Roles and Site Topology</h2>
    $($fsmoAnalysis | ConvertTo-Html -Fragment)

    <h2>Group Policy Assessment</h2>
    $($gpoAssessment | ConvertTo-Html -Fragment)

    <h2>User and Computer Account Analysis</h2>
    $($accountAnalysis | ConvertTo-Html -Fragment)

    <h2>AD Database and SYSVOL Analysis</h2>
    $($dbAnalysis | ConvertTo-Html -Fragment)

    <h2>Trust Relationships</h2>
    $($trustRelationships | ConvertTo-Html -Fragment)

    <h2>AD Backup Status</h2>
    $($backupStatus | ConvertTo-Html -Fragment)
</body>
</html>
"@

    $reportContent | Out-File -FilePath $global:reportPath
    Write-Host "Report generated and saved to: $global:reportPath" -ForegroundColor Green
}

# Main program loop
do {
    Show-Menu
    $choice = Read-Host "`nEnter your choice (1-13)"

    switch ($choice) {
        "1"  { $healthCheck = Comprehensive-HealthCheck }
        "2"  { $securityAudit = Security-Audit }
        "3"  { $performanceAnalysis = Performance-Analysis }
        "4"  { $replicationDiagnostics = Replication-Diagnostics }
        "5"  { $dnsHealth = DNS-HealthCheck }
        "6"  { $fsmoAnalysis = FSMO-SiteTopologyAnalysis }
        "7"  { $gpoAssessment = GroupPolicy-Assessment }
        "8"  { $accountAnalysis = UserComputer-AccountAnalysis }
        "9"  { $dbAnalysis = ADDB-SYSVOLAnalysis }
        "10" { $trustRelationships = Verify-TrustRelationships }
        "11" { $backupStatus = Check-ADBackupStatus }
        "12" { Generate-HTMLReport }
        "13" { Write-Host "Exiting program..." -ForegroundColor Yellow; break }
        default { Write-Host "Invalid choice. Please try again." -ForegroundColor Red }
    }

    if ($choice -ne "13") {
        Read-Host "`nPress Enter to continue..."
    }
} while ($choice -ne "13")

This Expert Active Directory Monitoring Tool includes:

1. A comprehensive menu with 13 options
2. Advanced functions for various AD monitoring and analysis tasks:
   • Comprehensive health check using dcdiag
   • Security audit
   • Performance analysis of domain controllers
   • Replication diagnostics
   • DNS health check
   • FSMO roles and site topology analysis
   • Group Policy assessment
   • User and computer account analysis
   • AD database and SYSVOL analysis
   • Trust relationship verification
   • AD backup status check
3. Use of multiple PowerShell modules (ActiveDirectory, GroupPolicy, DnsServer)
4. Detailed output and reporting capabilities, including HTML report generation

Key features:

• Comprehensive Health Check: Uses dcdiag to perform extensive tests on all domain controllers
• Security Audit: Checks for inactive accounts, non-expiring passwords, empty groups, and more
• Performance Analysis: Monitors CPU, memory, and disk usage on domain controllers
• Replication Diagnostics: Identifies any replication failures across the domain
• DNS Health Check: Verifies DNS zones and statistics
• FSMO Roles and Site Topology: Analyzes FSMO role holders and AD site structure
• Group Policy Assessment: Reviews all GPOs, including creation and modification times
• User and Computer Account Analysis: Provides statistics on user and computer accounts
• AD Database and SYSVOL Analysis: Checks the size of NTDS.dit and SYSVOL on each DC
• Trust Relationships: Verifies the health of all trust relationships
• AD Backup Status: Checks the last successful backup date for each DC

This tool provides a comprehensive analysis of an Active Directory environment. It’s particularly useful for:

• Conducting regular AD health checks
• Preparing for audits
• Troubleshooting complex AD issues
• Capacity planning and performance optimization
• Generating detailed reports for management or compliance purposes

Note: To use this script effectively, you need to:

1. Run PowerShell as an administrator
2. Have the necessary PowerShell modules installed (ActiveDirectory, GroupPolicy, DnsServer)
3. Have appropriate permissions in the AD environment (Domain Admin or equivalent)
4. Run this script from a domain-joined machine, preferably a domain controller

This script is suitable for experienced AD administrators who need comprehensive monitoring and analysis capabilities for managing complex Active Directory environments.

# Advanced Active Directory Monitoring Tool

# Import required modules
Import-Module ActiveDirectory
Import-Module GroupPolicy

function Show-Menu {
    Clear-Host
    Write-Host "=== Advanced Active Directory Monitoring Tool ===" -ForegroundColor Cyan
    Write-Host "1.  Check Domain Controllers Health"
    Write-Host "2.  Analyze User Accounts"
    Write-Host "3.  Monitor Group Policy Changes"
    Write-Host "4.  Audit Active Directory Replication"
    Write-Host "5.  Check DNS Health"
    Write-Host "6.  Monitor FSMO Roles"
    Write-Host "7.  Analyze Active Directory Structure"
    Write-Host "8.  Check Trust Relationships"
    Write-Host "9.  Monitor Active Directory Services"
    Write-Host "10. Generate Comprehensive Report"
    Write-Host "11. Exit"
}

function Check-DomainControllersHealth {
    Write-Host "`nChecking Domain Controllers Health..." -ForegroundColor Yellow
    $dcs = Get-ADDomainController -Filter *
    $results = @()
    foreach ($dc in $dcs) {
        $status = Test-Connection -ComputerName $dc.HostName -Count 1 -Quiet
        $dcdiag = Invoke-Command -ComputerName $dc.HostName -ScriptBlock { dcdiag /test:services /test:advertising /test:fsmocheck } -ErrorAction SilentlyContinue
        $results += [PSCustomObject]@{
            Name = $dc.HostName
            Online = if ($status) { "Yes" } else { "No" }
            Services = if ($dcdiag -match "passed test Services") { "Passed" } else { "Failed" }
            Advertising = if ($dcdiag -match "passed test Advertising") { "Passed" } else { "Failed" }
            FSMORoles = if ($dcdiag -match "passed test FsmoCheck") { "Passed" } else { "Failed" }
        }
    }
    $results | Format-Table -AutoSize
}

function Analyze-UserAccounts {
    Write-Host "`nAnalyzing User Accounts..." -ForegroundColor Yellow
    $inactiveThreshold = (Get-Date).AddDays(-90)
    $users = Get-ADUser -Filter * -Properties LastLogonDate, PasswordLastSet, PasswordNeverExpires, Enabled
    $userAnalysis = @{
        TotalUsers = $users.Count
        ActiveUsers = ($users | Where-Object { $_.Enabled -eq $true }).Count
        InactiveUsers = ($users | Where-Object { $_.LastLogonDate -lt $inactiveThreshold }).Count
        PasswordNeverExpires = ($users | Where-Object { $_.PasswordNeverExpires -eq $true }).Count
        RecentlyCreated = ($users | Where-Object { $_.Created -gt (Get-Date).AddDays(-30) }).Count
    }
    $userAnalysis | Format-Table -AutoSize
}

function Monitor-GroupPolicyChanges {
    Write-Host "`nMonitoring Group Policy Changes..." -ForegroundColor Yellow
    $domain = Get-ADDomain
    $gpos = Get-GPO -All -Domain $domain.DNSRoot
    $recentChanges = $gpos | Where-Object { $_.ModificationTime -gt (Get-Date).AddDays(-7) }
    $recentChanges | Select-Object DisplayName, ModificationTime, Owner | Format-Table -AutoSize
}

function Audit-ADReplication {
    Write-Host "`nAuditing Active Directory Replication..." -ForegroundColor Yellow
    $results = repadmin /showrepl * /csv | ConvertFrom-Csv
    $failedReplications = $results | Where-Object { $_."Number of Failures" -ne "0" }
    if ($failedReplications) {
        $failedReplications | Select-Object "Source DC", "Destination DC", "Number of Failures", "Last Failure Time" | Format-Table -AutoSize
    } else {
        Write-Host "No replication failures detected." -ForegroundColor Green
    }
}

function Check-DNSHealth {
    Write-Host "`nChecking DNS Health..." -ForegroundColor Yellow
    $dnsServers = Get-ADDomainController -Filter * | Select-Object -ExpandProperty HostName
    foreach ($server in $dnsServers) {
        $result = Invoke-Command -ComputerName $server -ScriptBlock { dnscmd /info }
        if ($result -match "DNS Server is running") {
            Write-Host "$server: DNS Service is running" -ForegroundColor Green
        } else {
            Write-Host "$server: DNS Service is not running" -ForegroundColor Red
        }
    }
}

function Monitor-FSMORoles {
    Write-Host "`nMonitoring FSMO Roles..." -ForegroundColor Yellow
    $roles = Get-ADDomain | Select-Object PDCEmulator, RIDMaster, InfrastructureMaster
    $roles | Add-Member -MemberType NoteProperty -Name "SchemaMaster" -Value (Get-ADForest).SchemaMaster
    $roles | Add-Member -MemberType NoteProperty -Name "DomainNamingMaster" -Value (Get-ADForest).DomainNamingMaster
    $roles | Format-List
}

function Analyze-ADStructure {
    Write-Host "`nAnalyzing Active Directory Structure..." -ForegroundColor Yellow
    $domainInfo = Get-ADDomain
    $forestInfo = Get-ADForest
    Write-Host "Domain: $($domainInfo.DNSRoot)"
    Write-Host "Forest: $($forestInfo.Name)"
    Write-Host "Domain Controllers: $((Get-ADDomainController -Filter *).Count)"
    Write-Host "OUs: $((Get-ADOrganizationalUnit -Filter *).Count)"
    Write-Host "Groups: $((Get-ADGroup -Filter *).Count)"
    Write-Host "Users: $((Get-ADUser -Filter *).Count)"
    Write-Host "Computers: $((Get-ADComputer -Filter *).Count)"
}

function Check-TrustRelationships {
    Write-Host "`nChecking Trust Relationships..." -ForegroundColor Yellow
    $trusts = Get-ADTrust -Filter *
    foreach ($trust in $trusts) {
        $status = Test-ComputerSecureChannel -Server $trust.Name
        Write-Host "Trust with $($trust.Name): $(if ($status) { 'Healthy' } else { 'Unhealthy' })"
    }
}

function Monitor-ADServices {
    Write-Host "`nMonitoring Active Directory Services..." -ForegroundColor Yellow
    $dcs = Get-ADDomainController -Filter *
    foreach ($dc in $dcs) {
        $services = Invoke-Command -ComputerName $dc.HostName -ScriptBlock {
            Get-Service -Name "NTDS", "DNS", "Netlogon", "KDC" | Select-Object Name, Status
        }
        Write-Host "Services on $($dc.HostName):"
        $services | Format-Table -AutoSize
    }
}

function Generate-ComprehensiveReport {
    Write-Host "`nGenerating Comprehensive Report..." -ForegroundColor Yellow
    $report = @"
===== Active Directory Comprehensive Report =====
Generated on: $(Get-Date)

"@
    $report += "`n--- Domain Controllers Health ---`n"
    $dcs = Get-ADDomainController -Filter *
    foreach ($dc in $dcs) {
        $status = Test-Connection -ComputerName $dc.HostName -Count 1 -Quiet
        $report += "$($dc.HostName): $(if ($status) { 'Online' } else { 'Offline' })`n"
    }

    $report += "`n--- User Account Summary ---`n"
    $users = Get-ADUser -Filter * -Properties LastLogonDate, PasswordLastSet, PasswordNeverExpires, Enabled
    $report += "Total Users: $($users.Count)`n"
    $report += "Active Users: $(($users | Where-Object { $_.Enabled -eq $true }).Count)`n"
    $report += "Inactive Users (90+ days): $(($users | Where-Object { $_.LastLogonDate -lt (Get-Date).AddDays(-90) }).Count)`n"

    $report += "`n--- Recent Group Policy Changes (Last 7 Days) ---`n"
    $gpos = Get-GPO -All
    $recentChanges = $gpos | Where-Object { $_.ModificationTime -gt (Get-Date).AddDays(-7) }
    foreach ($gpo in $recentChanges) {
        $report += "$($gpo.DisplayName) - Modified: $($gpo.ModificationTime)`n"
    }

    $report += "`n--- FSMO Roles ---`n"
    $roles = Get-ADDomain | Select-Object PDCEmulator, RIDMaster, InfrastructureMaster
    $roles | Add-Member -MemberType NoteProperty -Name "SchemaMaster" -Value (Get-ADForest).SchemaMaster
    $roles | Add-Member -MemberType NoteProperty -Name "DomainNamingMaster" -Value (Get-ADForest).DomainNamingMaster
    $report += $roles | Out-String

    $report += "`n--- Trust Relationships ---`n"
    $trusts = Get-ADTrust -Filter *
    foreach ($trust in $trusts) {
        $status = Test-ComputerSecureChannel -Server $trust.Name
        $report += "Trust with $($trust.Name): $(if ($status) { 'Healthy' } else { 'Unhealthy' })`n"
    }

    $reportPath = "$env:USERPROFILE\Desktop\AD_Report_$(Get-Date -Format 'yyyyMMdd_HHmmss').txt"
    $report | Out-File -FilePath $reportPath
    Write-Host "Report generated and saved to: $reportPath" -ForegroundColor Green
}

do {
    Show-Menu
    $choice = Read-Host "`nEnter your choice (1-11)"

    switch ($choice) {
        "1"  { Check-DomainControllersHealth }
        "2"  { Analyze-UserAccounts }
        "3"  { Monitor-GroupPolicyChanges }
        "4"  { Audit-ADReplication }
        "5"  { Check-DNSHealth }
        "6"  { Monitor-FSMORoles }
        "7"  { Analyze-ADStructure }
        "8"  { Check-TrustRelationships }
        "9"  { Monitor-ADServices }
        "10" { Generate-ComprehensiveReport }
        "11" { Write-Host "Exiting program..." -ForegroundColor Yellow; break }
        default { Write-Host "Invalid choice. Please try again." -ForegroundColor Red }
    }

    if ($choice -ne "11") {
        Read-Host "`nPress Enter to continue..."
    }
} while ($choice -ne "11")

This Advanced Active Directory Monitoring Tool includes:

1. A comprehensive menu with 11 options
2. Advanced functions for various AD monitoring and analysis tasks:
   • Detailed Domain Controller health check
   • User account analysis
   • Group Policy change monitoring
   • AD replication auditing
   • DNS health check
   • FSMO roles monitoring
   • AD structure analysis
   • Trust relationship verification
   • AD services monitoring
   • Comprehensive report generation
3. Use of advanced Active Directory PowerShell cmdlets and system tools
4. Detailed output and reporting capabilities

Key features:

• Comprehensive DC Health Check: Includes service status and DCDIAG tests
• User Account Analysis: Provides statistics on active, inactive, and recently created accounts
• Group Policy Monitoring: Tracks recent changes to Group Policies
• Replication Audit: Checks for replication failures across the domain
• DNS Health: Verifies DNS service status on all DCs
• FSMO Roles: Displays the current holders of all FSMO roles
• AD Structure Analysis: Gives an overview of the AD structure including counts of OUs, groups, users, and computers
• Trust Relationships: Checks the health of trust relationships
• Service Monitoring: Checks critical AD services across all DCs
• Comprehensive Report: Generates a detailed report covering multiple aspects of AD health

This tool provides an in-depth analysis of an Active Directory environment. It’s particularly useful for:

• Proactive monitoring of AD health
• Troubleshooting complex AD issues
• Regular AD maintenance and health checks
• Generating reports for audits or management review

Note: To use this script effectively, you need to:

1. Run PowerShell as an administrator
2. Have the Active Directory and Group Policy PowerShell modules installed
3. Have appropriate permissions in the AD environment (Domain Admin or equivalent)
4. Some functions may require running on a Domain Controller

This script is suitable for experienced AD administrators who need comprehensive monitoring and analysis capabilities for managing complex Active Directory environments.

# Advanced System Health Monitor

function Show-Menu {
    Clear-Host
    Write-Host "=== Advanced System Health Monitor ===" -ForegroundColor Cyan
    Write-Host "1.  CPU Information and Usage"
    Write-Host "2.  Memory Usage Details"
    Write-Host "3.  Disk Space and Health"
    Write-Host "4.  Network Statistics"
    Write-Host "5.  Top Resource-Consuming Processes"
    Write-Host "6.  System Uptime and Last Boot Time"
    Write-Host "7.  Installed Windows Updates"
    Write-Host "8.  Event Log Summary"
    Write-Host "9.  Services Status"
    Write-Host "10. Battery Status (for laptops)"
    Write-Host "11. Exit"
}

function Get-CPUInfo {
    Write-Host "`nCPU Information and Usage:" -ForegroundColor Yellow
    $cpu = Get-WmiObject Win32_Processor
    Write-Host "CPU Model: $($cpu.Name)"
    Write-Host "Number of Cores: $($cpu.NumberOfCores)"
    Write-Host "Number of Logical Processors: $($cpu.NumberOfLogicalProcessors)"
    
    $usage = (Get-Counter '\Processor(_Total)\% Processor Time').CounterSamples.CookedValue
    Write-Host "Current CPU Usage: $([math]::Round($usage, 2))%"
}

function Get-MemoryDetails {
    Write-Host "`nMemory Usage Details:" -ForegroundColor Yellow
    $os = Get-CimInstance Win32_OperatingSystem
    $totalMemory = [math]::Round($os.TotalVisibleMemorySize / 1MB, 2)
    $freeMemory = [math]::Round($os.FreePhysicalMemory / 1MB, 2)
    $usedMemory = $totalMemory - $freeMemory
    $percentUsed = [math]::Round(($usedMemory / $totalMemory) * 100, 2)

    Write-Host "Total Memory: $totalMemory GB"
    Write-Host "Used Memory: $usedMemory GB"
    Write-Host "Free Memory: $freeMemory GB"
    Write-Host "Memory Usage: $percentUsed%"

    $pageFile = Get-WmiObject Win32_PageFileUsage
    Write-Host "Page File Size: $([math]::Round($pageFile.AllocatedBaseSize / 1024, 2)) GB"
    Write-Host "Page File Usage: $([math]::Round($pageFile.CurrentUsage / 1024, 2)) GB"
}

function Get-DiskInfo {
    Write-Host "`nDisk Space and Health:" -ForegroundColor Yellow
    $disks = Get-WmiObject Win32_LogicalDisk | Where-Object {$_.DriveType -eq 3}
    foreach ($disk in $disks) {
        $freeSpace = [math]::Round($disk.FreeSpace / 1GB, 2)
        $totalSpace = [math]::Round($disk.Size / 1GB, 2)
        $usedSpace = $totalSpace - $freeSpace
        $percentFree = [math]::Round(($freeSpace / $totalSpace) * 100, 2)
        
        Write-Host "Drive $($disk.DeviceID):"
        Write-Host "  Total: $totalSpace GB"
        Write-Host "  Used: $usedSpace GB"
        Write-Host "  Free: $freeSpace GB"
        Write-Host "  Percent Free: $percentFree%"
    }

    Write-Host "`nDisk Health:"
    Get-PhysicalDisk | ForEach-Object {
        Write-Host "  $($_.FriendlyName): $($_.HealthStatus)"
    }
}

function Get-NetworkStats {
    Write-Host "`nNetwork Statistics:" -ForegroundColor Yellow
    $adapters = Get-NetAdapter | Where-Object Status -eq "Up"
    foreach ($adapter in $adapters) {
        Write-Host "Adapter: $($adapter.Name)"
        $stats = $adapter | Get-NetAdapterStatistics
        Write-Host "  Bytes Received: $([math]::Round($stats.ReceivedBytes / 1MB, 2)) MB"
        Write-Host "  Bytes Sent: $([math]::Round($stats.SentBytes / 1MB, 2)) MB"
    }
}

function Get-TopProcesses {
    Write-Host "`nTop Resource-Consuming Processes:" -ForegroundColor Yellow
    Get-Process | Sort-Object CPU -Descending | Select-Object -First 5 | 
        Format-Table Name, @{Name='CPU (s)'; Expression={$_.CPU.ToString('N2')}}, @{Name='Memory (MB)'; Expression={[math]::Round($_.WorkingSet / 1MB, 2)}} -AutoSize

    Write-Host "`nTop Memory-Consuming Processes:"
    Get-Process | Sort-Object WorkingSet -Descending | Select-Object -First 5 | 
        Format-Table Name, @{Name='Memory (MB)'; Expression={[math]::Round($_.WorkingSet / 1MB, 2)}}, @{Name='CPU (s)'; Expression={$_.CPU.ToString('N2')}} -AutoSize
}

function Get-SystemUptime {
    Write-Host "`nSystem Uptime and Last Boot Time:" -ForegroundColor Yellow
    $os = Get-CimInstance Win32_OperatingSystem
    $uptime = (Get-Date) - $os.LastBootUpTime
    Write-Host "Last Boot Time: $($os.LastBootUpTime)"
    Write-Host "System Uptime: $($uptime.Days) days, $($uptime.Hours) hours, $($uptime.Minutes) minutes"
}

function Get-WindowsUpdates {
    Write-Host "`nLast 5 Installed Windows Updates:" -ForegroundColor Yellow
    Get-HotFix | Sort-Object InstalledOn -Descending | Select-Object -First 5 | 
        Format-Table HotFixID, Description, InstalledOn -AutoSize
}

function Get-EventLogSummary {
    Write-Host "`nEvent Log Summary (Last 24 Hours):" -ForegroundColor Yellow
    $startTime = (Get-Date).AddHours(-24)
    $logs = @('System', 'Application')
    foreach ($log in $logs) {
        $events = Get-WinEvent -LogName $log -MaxEvents 1000 | Where-Object { $_.TimeCreated -ge $startTime }
        $errorCount = ($events | Where-Object { $_.LevelDisplayName -eq 'Error' }).Count
        $warningCount = ($events | Where-Object { $_.LevelDisplayName -eq 'Warning' }).Count
        Write-Host "$log Log:"
        Write-Host "  Errors: $errorCount"
        Write-Host "  Warnings: $warningCount"
    }
}

function Get-ServicesStatus {
    Write-Host "`nCritical Services Status:" -ForegroundColor Yellow
    $services = @('wuauserv', 'WinDefend', 'BITS', 'Dhcp', 'Dnscache', 'LanmanServer')
    foreach ($service in $services) {
        $status = (Get-Service $service).Status
        Write-Host "$service : $status"
    }
}

function Get-BatteryStatus {
    Write-Host "`nBattery Status:" -ForegroundColor Yellow
    $battery = Get-WmiObject Win32_Battery
    if ($battery) {
        Write-Host "Battery Level: $($battery.EstimatedChargeRemaining)%"
        Write-Host "Status: $($battery.BatteryStatus)"
    } else {
        Write-Host "No battery detected. This might be a desktop computer."
    }
}

do {
    Show-Menu
    $choice = Read-Host "`nEnter your choice (1-11)"

    switch ($choice) {
        "1"  { Get-CPUInfo }
        "2"  { Get-MemoryDetails }
        "3"  { Get-DiskInfo }
        "4"  { Get-NetworkStats }
        "5"  { Get-TopProcesses }
        "6"  { Get-SystemUptime }
        "7"  { Get-WindowsUpdates }
        "8"  { Get-EventLogSummary }
        "9"  { Get-ServicesStatus }
        "10" { Get-BatteryStatus }
        "11" { Write-Host "Exiting program..." -ForegroundColor Yellow; break }
        default { Write-Host "Invalid choice. Please try again." -ForegroundColor Red }
    }

    if ($choice -ne "11") {
        Read-Host "`nPress Enter to continue..."
    }
} while ($choice -ne "11")

This Advanced System Health Monitor includes:

1. A comprehensive menu with 11 options
2. Detailed functions for various system health checks:
   • CPU information and real-time usage
   • Detailed memory usage including page file information
   • Disk space, usage, and health status
   • Network statistics for active adapters
   • Top CPU and memory-consuming processes
   • System uptime and last boot time
   • Recent Windows updates
   • Event log summary for the last 24 hours
   • Status of critical system services
   • Battery status for laptops
3. Use of advanced PowerShell cmdlets and WMI objects
4. Formatted output for better readability
5. More comprehensive system information gathering

This tool provides a detailed overview of system health and performance metrics. It’s useful for:

• Advanced system monitoring and troubleshooting
• Identifying potential issues across various system components
• Gathering comprehensive system information for diagnostics
• Monitoring critical services and system events

This script is suitable for IT professionals, system administrators, or advanced users who need detailed system health information. It provides a single interface to access a wide range of system metrics and statuses, which would otherwise require navigating through multiple system tools or running several different commands.