Why Am I Starting a PowerShell Blog? A Funny Tale
Well, folks, I think it’s time I let you in on a little secret about why I decided to start a PowerShell blog. My story is not only educational but will hopefully put a smile on your faces too!
Roles: Ensuring Efficient Domain Management
In the world of Microsoft Active Directory, the Flexible Single Master Operation (FSMO) roles play a crucial part in maintaining the integrity and functionality of the domain. These specialized roles are responsible for managing specific domain-wide operations, ensuring that the directory services operate seamlessly and efficiently.
Understanding FSMO Roles: FSMO roles are assigned to specific domain controllers within an Active Directory environment. These roles are designed to handle specific tasks that require a single, authoritative source to maintain consistency and prevent conflicts. There are five FSMO roles in total, each with its own unique responsibilities:
Importance of FSMO Roles: The FSMO roles are crucial for the proper functioning of an Active Directory environment. If a FSMO role is not properly managed or if a domain controller holding a FSMO role becomes unavailable, it can lead to various issues, such as:
Maintaining FSMO Roles: To ensure the efficient management of FSMO roles, it is essential to follow best practices, such as:
By understanding and properly managing FSMO roles, IT administrators can ensure the stability, reliability, and efficient operation of their Active Directory environments, ultimately providing a seamless user experience and maintaining the overall integrity of the directory services.
# Function to get the current FSMO role holders
function Get-FSMORoleHolders {
$schemaMaster = (Get-ADDomain).SchemaMaster
$domainNamingMaster = (Get-ADDomain).DomainNamingMaster
$ridMaster = (Get-ADDomain).RIDMaster
$pdc = (Get-ADDomain).PDCEmulator
$infrastructureMaster = (Get-ADDomain).InfrastructureMaster
return [PSCustomObject]@{
"Schema Master" = $schemaMaster
"Domain Naming Master" = $domainNamingMaster
"RID Master" = $ridMaster
"PDC Emulator" = $pdc
"Infrastructure Master" = $infrastructureMaster
}
}
# Function to transfer FSMO roles
function Transfer-FSMORoles {
param (
[Parameter(Mandatory=$true)]
[string]$TargetDomainController
)
# Transfer Schema Master role
Set-ADDomainControllerPassword -Credential (Get-Credential) -Server $TargetDomainController
Move-ADDirectoryServerOperationMasterRole -Identity $TargetDomainController -OperationMasterRole SchemaMaster
# Transfer Domain Naming Master role
Move-ADDirectoryServerOperationMasterRole -Identity $TargetDomainController -OperationMasterRole DomainNamingMaster
# Transfer RID Master role
Move-ADDirectoryServerOperationMasterRole -Identity $TargetDomainController -OperationMasterRole RIDMaster
# Transfer PDC Emulator role
Move-ADDirectoryServerOperationMasterRole -Identity $TargetDomainController -OperationMasterRole PDCEmulator
# Transfer Infrastructure Master role
Move-ADDirectoryServerOperationMasterRole -Identity $TargetDomainController -OperationMasterRole InfrastructureMaster
}
# Example usage
$currentFSMORoleHolders = Get-FSMORoleHolders
$currentFSMORoleHolders
# Transfer FSMO roles to a new domain controller
Transfer-FSMORoles -TargetDomainController "NewDomainController.contoso.com"
Here’s how the script works:
Get-FSMORoleHoldersTransfer-FSMORoles function takes a target domain controller as a parameter and transfers all FSMO roles to that domain controller.
Set-ADDomainControllerPasswordMove-ADDirectoryServerOperationMasterRole To use the script, follow these steps:
FSMOManagement.ps1)..\FSMOManagement.ps1Transfer-FSMORoles function and provide the target domain controller name: Transfer-FSMORoles -TargetDomainController "NewDomainController.contoso.com""NewDomainController.contoso.com"This script provides a simple way to manage FSMO roles in your Active Directory environment. You can customize it further to fit your specific needs, such as adding error handling, logging, or scheduling the role transfer process.
<# .SYNOPSIS FSMO Analyzer Tool .DESCRIPTION This script analyzes FSMO roles in an Active Directory environment, providing detailed information about role holders, health status, and potential issues. .NOTES File Name : FSMOAnalyzer.ps1 Author : [Your Name] Prerequisite : PowerShell V5.1 or later, Active Directory module, and appropriate AD permissions Version : 1.0 Date : [Current Date] .EXAMPLE .\FSMOAnalyzer.ps1 #> # Import required modules Import-Module ActiveDirectory # Global variables $global:reportPath = "$env:USERPROFILE\Desktop\FSMO_Analysis_Report_$(Get-Date -Format 'yyyyMMdd_HHmmss').html" <# .SYNOPSIS Displays the main menu of the tool. #> function Show-Menu { Clear-Host Write-Host "=== FSMO Analyzer Tool ===" -ForegroundColor Cyan Write-Host "1. Identify FSMO Role Holders" Write-Host "2. Check FSMO Role Health" Write-Host "3. Analyze FSMO Role Transfer History" Write-Host "4. Verify FSMO Role Connectivity" Write-Host "5. Check for Orphaned FSMO Roles" Write-Host "6. Analyze FSMO Role Performance" Write-Host "7. Generate Comprehensive HTML Report" Write-Host "8. Exit" } <# .SYNOPSIS Identifies current FSMO role holders. .OUTPUTS PSObject containing FSMO role holder information. #> function Identify-FSMORoleHolders { Write-Host "`nIdentifying FSMO Role Holders..." -ForegroundColor Yellow $forest = Get-ADForest $domain = Get-ADDomain $fsmoRoles = [PSCustomObject]@{ SchemaMaster = $forest.SchemaMaster DomainNamingMaster = $forest.DomainNamingMaster PDCEmulator = $domain.PDCEmulator RIDMaster = $domain.RIDMaster InfrastructureMaster = $domain.InfrastructureMaster } $fsmoRoles | Format-List return $fsmoRoles } <# .SYNOPSIS Checks the health of FSMO roles. .OUTPUTS Array of PSObjects containing FSMO role health information. #> function Check-FSMORoleHealth { Write-Host "`nChecking FSMO Role Health..." -ForegroundColor Yellow $roles = Identify-FSMORoleHolders $healthResults = @() foreach ($role in $roles.PSObject.Properties) { $dcdiag = Invoke-Command -ComputerName $role.Value -ScriptBlock { dcdiag /test:KnowsOfRoleHolders /test:RegisterInDNS } -ErrorAction SilentlyContinue $healthResults += [PSCustomObject]@{ Role = $role.Name Holder = $role.Value KnowsOfRoleHolders = if ($dcdiag -match "passed test KnowsOfRoleHolders") { "Passed" } else { "Failed" } RegisteredInDNS = if ($dcdiag -match "passed test RegisterInDNS") { "Passed" } else { "Failed" } } } $healthResults | Format-Table -AutoSize return $healthResults } <# .SYNOPSIS Analyzes FSMO role transfer history. .OUTPUTS Array of PSObjects containing FSMO role transfer history. #> function Analyze-FSMORoleTransferHistory { Write-Host "`nAnalyzing FSMO Role Transfer History..." -ForegroundColor Yellow $domain = Get-ADDomain $forest = Get-ADForest $transferHistory = @() $events = Get-WinEvent -ComputerName $domain.PDCEmulator -FilterHashtable @{ LogName = 'Directory Service' ID = 1190, 1647, 2162 } -ErrorAction SilentlyContinue foreach ($event in $events) { $transferHistory += [PSCustomObject]@{ TimeStamp = $event.TimeCreated EventID = $event.Id Message = $event.Message } } $transferHistory | Format-Table -AutoSize return $transferHistory } <# .SYNOPSIS Verifies connectivity to FSMO role holders. .OUTPUTS Array of PSObjects containing FSMO role connectivity information. #> function Verify-FSMORoleConnectivity { Write-Host "`nVerifying FSMO Role Connectivity..." -ForegroundColor Yellow $roles = Identify-FSMORoleHolders $connectivityResults = @() foreach ($role in $roles.PSObject.Properties) { $pingResult = Test-Connection -ComputerName $role.Value -Count 1 -Quiet $portResult = Test-NetConnection -ComputerName $role.Value -Port 389 -WarningAction SilentlyContinue $connectivityResults += [PSCustomObject]@{ Role = $role.Name Holder = $role.Value Pingable = $pingResult LDAPAccessible = $portResult.TcpTestSucceeded } } $connectivityResults | Format-Table -AutoSize return $connectivityResults } <# .SYNOPSIS Checks for orphaned FSMO roles. .OUTPUTS Array of PSObjects containing orphaned FSMO role information. #> function Check-OrphanedFSMORoles { Write-Host "`nChecking for Orphaned FSMO Roles..." -ForegroundColor Yellow $roles = Identify-FSMORoleHolders $orphanedRoles = @() foreach ($role in $roles.PSObject.Properties) { $dcExists = Get-ADDomainController -Identity $role.Value -ErrorAction SilentlyContinue if (-not $dcExists) { $orphanedRoles += [PSCustomObject]@{ Role = $role.Name Holder = $role.Value Status = "Orphaned" } } } if ($orphanedRoles.Count -eq 0) { Write-Host "No orphaned FSMO roles found." -ForegroundColor Green } else { $orphanedRoles | Format-Table -AutoSize } return $orphanedRoles } <# .SYNOPSIS Analyzes FSMO role performance. .OUTPUTS Array of PSObjects containing FSMO role performance information. #> function Analyze-FSMORolePerformance { Write-Host "`nAnalyzing FSMO Role Performance..." -ForegroundColor Yellow $roles = Identify-FSMORoleHolders $performanceResults = @() foreach ($role in $roles.PSObject.Properties) { $cpu = Get-WmiObject Win32_Processor -ComputerName $role.Value | Measure-Object -Property LoadPercentage -Average | Select-Object -ExpandProperty Average $memory = Get-WmiObject Win32_OperatingSystem -ComputerName $role.Value | Select-Object @{Name="MemoryUsage";Expression={"{0:N2}" -f ((($_.TotalVisibleMemorySize - $_.FreePhysicalMemory)*100)/ $_.TotalVisibleMemorySize)}} $disk = Get-WmiObject Win32_LogicalDisk -ComputerName $role.Value -Filter "DeviceID='C:'" | Select-Object @{Name="FreeSpace";Expression={"{0:N2}" -f ($_.FreeSpace/1GB)}} $performanceResults += [PSCustomObject]@{ Role = $role.Name Holder = $role.Value CPUUsage = "$cpu%" MemoryUsage = "$($memory.MemoryUsage)%" FreeDiskSpace = "$($disk.FreeSpace) GB" } } $performanceResults | Format-Table -AutoSize return $performanceResults } <# .SYNOPSIS Generates a comprehensive HTML report of all analyses. .PARAMETER AllResults Hashtable containing all analysis results. .OUTPUTS Saves an HTML report to the desktop. #> function Generate-HTMLReport { param([hashtable]$AllResults) Write-Host "`nGenerating Comprehensive HTML Report..." -ForegroundColor Yellow $reportContent = @" <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>FSMO Role Analysis Report</title> <style> body { font-family: Arial, sans-serif; line-height: 1.6; color: #333; max-width: 1200px; margin: 0 auto; padding: 20px; } h1, h2, h3 { color: #0078D4; } table { border-collapse: collapse; width: 100%; margin-bottom: 20px; } th, td { border: 1px solid #ddd; padding: 8px; text-align: left; } th { background-color: #f2f2f2; } </style> </head> <body> <h1>FSMO Role Analysis Report</h1> <p>Generated on: $(Get-Date)</p> <h2>FSMO Role Holders</h2> $($AllResults.RoleHolders | ConvertTo-Html -Fragment) <h2>FSMO Role Health</h2> $($AllResults.RoleHealth | ConvertTo-Html -Fragment) <h2>FSMO Role Transfer History</h2> $($AllResults.TransferHistory | ConvertTo-Html -Fragment) <h2>FSMO Role Connectivity</h2> $($AllResults.RoleConnectivity | ConvertTo-Html -Fragment) <h2>Orphaned FSMO Roles</h2> $($AllResults.OrphanedRoles | ConvertTo-Html -Fragment) <h2>FSMO Role Performance</h2> $($AllResults.RolePerformance | ConvertTo-Html -Fragment) </body> </html> "@ $reportContent | Out-File -FilePath $global:reportPath Write-Host "Report generated and saved to: $global:reportPath" -ForegroundColor Green } # Main program loop $allResults = @{} do { Show-Menu $choice = Read-Host "`nEnter your choice (1-8)" switch ($choice) { "1" { $allResults.RoleHolders = Identify-FSMORoleHolders } "2" { $allResults.RoleHealth = Check-FSMORoleHealth } "3" { $allResults.TransferHistory = Analyze-FSMORoleTransferHistory } "4" { $allResults.RoleConnectivity = Verify-FSMORoleConnectivity } "5" { $allResults.OrphanedRoles = Check-OrphanedFSMORoles } "6" { $allResults.RolePerformance = Analyze-FSMORolePerformance } "7" { Generate-HTMLReport -AllResults $allResults } "8" { Write-Host "Exiting program..." -ForegroundColor Yellow; break } default { Write-Host "Invalid choice. Please try again." -ForegroundColor Red } } if ($choice -ne "8") { Read-Host "`nPress Enter to continue..." } } while ($choice -ne "8")
This FSMO Analyzer Tool includes:
Key features:
This tool is particularly useful for:
To use this script effectively:
This script provides a comprehensive overview of FSMO roles in an Active Directory environment, making it easier to identify issues, track changes, and ensure the health and performance of these critical roles. It can significantly streamline the process of maintaining and troubleshooting FSMO roles in organizations of any size.
<# .SYNOPSIS Domain Controller Analyzer Tool .DESCRIPTION This script analyzes Domain Controllers in an Active Directory environment, providing detailed information about DC health, replication status, performance metrics, and potential issues. .NOTES File Name : DCAnalyzer.ps1 Author : [Your Name] Prerequisite : PowerShell V5.1 or later, Active Directory module, and appropriate AD permissions Version : 1.0 Date : [Current Date] .EXAMPLE .\DCAnalyzer.ps1 #> # Import required modules Import-Module ActiveDirectory # Global variables $global:reportPath = "$env:USERPROFILE\Desktop\DC_Analysis_Report_$(Get-Date -Format 'yyyyMMdd_HHmmss').html" <# .SYNOPSIS Displays the main menu of the tool. #> function Show-Menu { Clear-Host Write-Host "=== Domain Controller Analyzer Tool ===" -ForegroundColor Cyan Write-Host "1. Perform DC Health Check" Write-Host "2. Analyze Replication Status" Write-Host "3. Check FSMO Roles" Write-Host "4. Analyze DC Performance Metrics" Write-Host "5. Check AD Services Status" Write-Host "6. Verify DNS Configuration" Write-Host "7. Analyze SYSVOL and NETLOGON Shares" Write-Host "8. Generate Comprehensive HTML Report" Write-Host "9. Exit" } <# .SYNOPSIS Performs a health check on all Domain Controllers. .OUTPUTS Array of PSObjects containing DC health check results. #> function Perform-DCHealthCheck { Write-Host "`nPerforming DC Health Check..." -ForegroundColor Yellow $dcs = Get-ADDomainController -Filter * $healthResults = @() foreach ($dc in $dcs) { $dcdiag = Invoke-Command -ComputerName $dc.HostName -ScriptBlock { dcdiag /test:services /test:advertising /test:fsmocheck /test:ridmanager /test:machineaccount /test:replications /test:netlogons /test:systemlog } -ErrorAction SilentlyContinue $healthResults += [PSCustomObject]@{ DomainController = $dc.HostName Services = if ($dcdiag -match "passed test Services") { "Passed" } else { "Failed" } Advertising = if ($dcdiag -match "passed test Advertising") { "Passed" } else { "Failed" } FSMORoles = if ($dcdiag -match "passed test FsmoCheck") { "Passed" } else { "Failed" } RidManager = if ($dcdiag -match "passed test RidManager") { "Passed" } else { "Failed" } MachineAccount = if ($dcdiag -match "passed test MachineAccount") { "Passed" } else { "Failed" } Replications = if ($dcdiag -match "passed test Replications") { "Passed" } else { "Failed" } Netlogons = if ($dcdiag -match "passed test NetLogons") { "Passed" } else { "Failed" } SystemLog = if ($dcdiag -match "passed test SystemLog") { "Passed" } else { "Failed" } } } $healthResults | Format-Table -AutoSize return $healthResults } <# .SYNOPSIS Analyzes replication status between Domain Controllers. .OUTPUTS Array of PSObjects containing replication status details. #> function Analyze-ReplicationStatus { Write-Host "`nAnalyzing Replication Status..." -ForegroundColor Yellow $replicationStatus = @() $dcs = Get-ADDomainController -Filter * foreach ($dc in $dcs) { $replStatus = repadmin /showrepl $dc.HostName | Select-String "Last attempt" -Context 2,0 foreach ($status in $replStatus) { $replicationStatus += [PSCustomObject]@{ SourceDC = $dc.HostName DestinationDC = ($status.Context.PreContext[0] -split ":")[1].Trim() LastAttempt = ($status.Line -split "@")[1].Trim() Result = $status.Context.PostContext[0].Trim() } } } $replicationStatus | Format-Table -AutoSize return $replicationStatus } <# .SYNOPSIS Checks FSMO roles distribution. .OUTPUTS PSObject containing FSMO roles information. #> function Check-FSMORoles { Write-Host "`nChecking FSMO Roles..." -ForegroundColor Yellow $forest = Get-ADForest $domain = Get-ADDomain $fsmoRoles = [PSCustomObject]@{ SchemaMaster = $forest.SchemaMaster DomainNamingMaster = $forest.DomainNamingMaster PDCEmulator = $domain.PDCEmulator RIDMaster = $domain.RIDMaster InfrastructureMaster = $domain.InfrastructureMaster } $fsmoRoles | Format-List return $fsmoRoles } <# .SYNOPSIS Analyzes performance metrics of Domain Controllers. .OUTPUTS Array of PSObjects containing DC performance metrics. #> function Analyze-DCPerformanceMetrics { Write-Host "`nAnalyzing DC Performance Metrics..." -ForegroundColor Yellow $dcs = Get-ADDomainController -Filter * $performanceMetrics = @() foreach ($dc in $dcs) { $cpu = Get-WmiObject Win32_Processor -ComputerName $dc.HostName | Measure-Object -Property LoadPercentage -Average | Select-Object -ExpandProperty Average $memory = Get-WmiObject Win32_OperatingSystem -ComputerName $dc.HostName | Select-Object @{Name="MemoryUsage";Expression={"{0:N2}" -f ((($_.TotalVisibleMemorySize - $_.FreePhysicalMemory)*100)/ $_.TotalVisibleMemorySize)}} $disk = Get-WmiObject Win32_LogicalDisk -ComputerName $dc.HostName -Filter "DeviceID='C:'" | Select-Object @{Name="FreeSpace";Expression={"{0:N2}" -f ($_.FreeSpace/1GB)}} $performanceMetrics += [PSCustomObject]@{ DomainController = $dc.HostName CPUUsage = "$cpu%" MemoryUsage = "$($memory.MemoryUsage)%" FreeDiskSpace = "$($disk.FreeSpace) GB" } } $performanceMetrics | Format-Table -AutoSize return $performanceMetrics } <# .SYNOPSIS Checks the status of critical AD services on Domain Controllers. .OUTPUTS Array of PSObjects containing AD services status. #> function Check-ADServicesStatus { Write-Host "`nChecking AD Services Status..." -ForegroundColor Yellow $dcs = Get-ADDomainController -Filter * $servicesStatus = @() $criticalServices = @("NTDS", "Netlogon", "DNS", "DFSR", "KDC") foreach ($dc in $dcs) { $services = Get-Service -ComputerName $dc.HostName -Name $criticalServices -ErrorAction SilentlyContinue $servicesStatus += [PSCustomObject]@{ DomainController = $dc.HostName NTDS = ($services | Where-Object {$_.Name -eq "NTDS"}).Status Netlogon = ($services | Where-Object {$_.Name -eq "Netlogon"}).Status DNS = ($services | Where-Object {$_.Name -eq "DNS"}).Status DFSR = ($services | Where-Object {$_.Name -eq "DFSR"}).Status KDC = ($services | Where-Object {$_.Name -eq "KDC"}).Status } } $servicesStatus | Format-Table -AutoSize return $servicesStatus } <# .SYNOPSIS Verifies DNS configuration on Domain Controllers. .OUTPUTS Array of PSObjects containing DNS configuration details. #> function Verify-DNSConfiguration { Write-Host "`nVerifying DNS Configuration..." -ForegroundColor Yellow $dcs = Get-ADDomainController -Filter * $dnsConfig = @() foreach ($dc in $dcs) { $dnsServers = Get-DnsClientServerAddress -CimSession $dc.HostName -AddressFamily IPv4 | Where-Object {$_.InterfaceAlias -notlike "*Loopback*"} $dnsConfig += [PSCustomObject]@{ DomainController = $dc.HostName DNSServers = ($dnsServers.ServerAddresses -join ", ") HasDNSRole = [bool](Get-WindowsFeature -ComputerName $dc.HostName -Name DNS).Installed } } $dnsConfig | Format-Table -AutoSize return $dnsConfig } <# .SYNOPSIS Analyzes SYSVOL and NETLOGON shares on Domain Controllers. .OUTPUTS Array of PSObjects containing SYSVOL and NETLOGON share details. #> function Analyze-SYSVOLandNETLOGON { Write-Host "`nAnalyzing SYSVOL and NETLOGON Shares..." -ForegroundColor Yellow $dcs = Get-ADDomainController -Filter * $shareAnalysis = @() foreach ($dc in $dcs) { $sysvol = Get-WmiObject -Class Win32_Share -ComputerName $dc.HostName -Filter "Name='SYSVOL'" $netlogon = Get-WmiObject -Class Win32_Share -ComputerName $dc.HostName -Filter "Name='NETLOGON'" $shareAnalysis += [PSCustomObject]@{ DomainController = $dc.HostName SYSVOLPath = $sysvol.Path NETLOGONPath = $netlogon.Path SYSVOLAccessible = Test-Path "\\$($dc.HostName)\SYSVOL" -ErrorAction SilentlyContinue NETLOGONAccessible = Test-Path "\\$($dc.HostName)\NETLOGON" -ErrorAction SilentlyContinue } } $shareAnalysis | Format-Table -AutoSize return $shareAnalysis } <# .SYNOPSIS Generates a comprehensive HTML report of all analyses. .PARAMETER AllResults Hashtable containing all analysis results. .OUTPUTS Saves an HTML report to the desktop. #> function Generate-HTMLReport { param([hashtable]$AllResults) Write-Host "`nGenerating Comprehensive HTML Report..." -ForegroundColor Yellow $reportContent = @" <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Domain Controller Analysis Report</title> <style> body { font-family: Arial, sans-serif; line-height: 1.6; color: #333; max-width: 1200px; margin: 0 auto; padding: 20px; } h1, h2, h3 { color: #0078D4; } table { border-collapse: collapse; width: 100%; margin-bottom: 20px; } th, td { border: 1px solid #ddd; padding: 8px; text-align: left; } th { background-color: #f2f2f2; } </style> </head> <body> <h1>Domain Controller Analysis Report</h1> <p>Generated on: $(Get-Date)</p> <h2>DC Health Check</h2> $($AllResults.HealthCheck | ConvertTo-Html -Fragment) <h2>Replication Status</h2> $($AllResults.ReplicationStatus | ConvertTo-Html -Fragment) <h2>FSMO Roles</h2> $($AllResults.FSMORoles | ConvertTo-Html -Fragment) <h2>DC Performance Metrics</h2> $($AllResults.PerformanceMetrics | ConvertTo-Html -Fragment) <h2>AD Services Status</h2> $($AllResults.ServicesStatus | ConvertTo-Html -Fragment) <h2>DNS Configuration</h2> $($AllResults.DNSConfig | ConvertTo-Html -Fragment) <h2>SYSVOL and NETLOGON Analysis</h2> $($AllResults.ShareAnalysis | ConvertTo-Html -Fragment) </body> </html> "@ $reportContent | Out-File -FilePath $global:reportPath Write-Host "Report generated and saved to: $global:reportPath" -ForegroundColor Green } # Main program loop $allResults = @{} do { Show-Menu $choice = Read-Host "`nEnter your choice (1-9)" switch ($choice) { "1" { $allResults.HealthCheck = Perform-DCHealthCheck } "2" { $allResults.ReplicationStatus = Analyze-ReplicationStatus } "3" { $allResults.FSMORoles = Check-FSMORoles } "4" { $allResults.PerformanceMetrics = Analyze-DCPerformanceMetrics } "5" { $allResults.ServicesStatus = Check-ADServicesStatus } "6" { $allResults.DNSConfig = Verify-DNSConfiguration } "7" { $allResults.ShareAnalysis = Analyze-SYSVOLandNETLOGON } "8" { Generate-HTMLReport -AllResults $allResults } "9" { Write-Host "Exiting program..." -ForegroundColor Yellow; break } default { Write-Host "Invalid choice. Please try again." -ForegroundColor Red } } if ($choice -ne "9") { Read-Host "`nPress Enter to continue..." } } while ($choice -ne "9")
This Domain Controller Analyzer Tool includes:
Key features:
This tool is particularly useful for:
To use this script effectively:
This script provides a comprehensive overview of Domain Controllers in an Active Directory environment, making it easier to identify issues, performance bottlenecks, or misconfigurations. It can significantly streamline the process of maintaining and troubleshooting Domain Controllers in organizations of any size.
<# .SYNOPSIS Microsoft 365 Analyzer Tool .DESCRIPTION This script analyzes various aspects of a Microsoft 365 environment, including user accounts, licenses, Exchange Online, SharePoint Online, and Teams. .NOTES File Name : Microsoft365Analyzer.ps1 Author : [Your Name] Prerequisite : PowerShell V5.1 or later, Microsoft 365 PowerShell modules, and appropriate admin permissions Version : 1.0 Date : [Current Date] .EXAMPLE .\Microsoft365Analyzer.ps1 #> # Check and install required modules $requiredModules = @("MSOnline", "ExchangeOnlineManagement", "Microsoft.Online.SharePoint.PowerShell", "MicrosoftTeams") foreach ($module in $requiredModules) { if (!(Get-Module -ListAvailable -Name $module)) { Write-Host "Installing $module module..." -ForegroundColor Yellow Install-Module -Name $module -Force -AllowClobber } } # Import required modules Import-Module MSOnline Import-Module ExchangeOnlineManagement Import-Module Microsoft.Online.SharePoint.PowerShell Import-Module MicrosoftTeams # Global variables $global:reportPath = "$env:USERPROFILE\Desktop\Microsoft365_Analysis_Report_$(Get-Date -Format 'yyyyMMdd_HHmmss').html" <# .SYNOPSIS Displays the main menu of the tool. #> function Show-Menu { Clear-Host Write-Host "=== Microsoft 365 Analyzer Tool ===" -ForegroundColor Cyan Write-Host "1. Analyze User Accounts and Licenses" Write-Host "2. Check Exchange Online Configuration" Write-Host "3. Analyze SharePoint Online Usage" Write-Host "4. Review Teams Configuration" Write-Host "5. Check Security and Compliance Settings" Write-Host "6. Analyze Azure AD Configuration" Write-Host "7. Generate Comprehensive HTML Report" Write-Host "8. Exit" } <# .SYNOPSIS Connects to Microsoft 365 services. #> function Connect-Microsoft365Services { Write-Host "Connecting to Microsoft 365 services..." -ForegroundColor Yellow Connect-MsolService Connect-ExchangeOnline $orgName = (Get-MsolCompanyInformation).DisplayName $adminSiteUrl = "https://$($orgName.Replace(' ', ''))-admin.sharepoint.com" Connect-SPOService -Url $adminSiteUrl Connect-MicrosoftTeams } <# .SYNOPSIS Analyzes user accounts and licenses. .OUTPUTS PSObject containing user account and license analysis. #> function Analyze-UserAccountsAndLicenses { Write-Host "`nAnalyzing User Accounts and Licenses..." -ForegroundColor Yellow $users = Get-MsolUser -All $licenses = Get-MsolAccountSku $analysis = [PSCustomObject]@{ TotalUsers = $users.Count LicensedUsers = ($users | Where-Object {$_.IsLicensed -eq $true}).Count UnlicensedUsers = ($users | Where-Object {$_.IsLicensed -eq $false}).Count BlockedUsers = ($users | Where-Object {$_.BlockCredential -eq $true}).Count LicenseTypes = $licenses | Select-Object AccountSkuId, ActiveUnits, ConsumedUnits } $analysis | Format-List return $analysis } <# .SYNOPSIS Checks Exchange Online configuration. .OUTPUTS PSObject containing Exchange Online configuration details. #> function Check-ExchangeOnlineConfiguration { Write-Host "`nChecking Exchange Online Configuration..." -ForegroundColor Yellow $mailboxes = Get-Mailbox -ResultSize Unlimited $transportRules = Get-TransportRule $exchangeConfig = [PSCustomObject]@{ TotalMailboxes = $mailboxes.Count SharedMailboxes = ($mailboxes | Where-Object {$_.RecipientTypeDetails -eq "SharedMailbox"}).Count ResourceMailboxes = ($mailboxes | Where-Object {$_.RecipientTypeDetails -eq "RoomMailbox" -or $_.RecipientTypeDetails -eq "EquipmentMailbox"}).Count TransportRules = $transportRules.Count } $exchangeConfig | Format-List return $exchangeConfig } <# .SYNOPSIS Analyzes SharePoint Online usage. .OUTPUTS PSObject containing SharePoint Online usage details. #> function Analyze-SharePointOnlineUsage { Write-Host "`nAnalyzing SharePoint Online Usage..." -ForegroundColor Yellow $sites = Get-SPOSite -Limit All $oneDriveUsage = Get-SPOTenantOneDriveUsageReport $spUsage = [PSCustomObject]@{ TotalSites = $sites.Count TotalStorage = [math]::Round(($sites | Measure-Object StorageUsageCurrent -Sum).Sum / 1024, 2) AverageStoragePerSite = [math]::Round(($sites | Measure-Object StorageUsageCurrent -Average).Average / 1024, 2) OneDriveUsage = $oneDriveUsage } $spUsage | Format-List return $spUsage } <# .SYNOPSIS Reviews Teams configuration. .OUTPUTS PSObject containing Teams configuration details. #> function Review-TeamsConfiguration { Write-Host "`nReviewing Teams Configuration..." -ForegroundColor Yellow $teams = Get-Team $policies = Get-CsTeamsClientConfiguration $teamsConfig = [PSCustomObject]@{ TotalTeams = $teams.Count PublicTeams = ($teams | Where-Object {$_.Visibility -eq "Public"}).Count PrivateTeams = ($teams | Where-Object {$_.Visibility -eq "Private"}).Count AllowEmailIntoChannel = $policies.AllowEmailIntoChannel AllowGiphy = $policies.AllowGiphy AllowStickers = $policies.AllowStickers AllowUserEditMessages = $policies.AllowUserEditMessages } $teamsConfig | Format-List return $teamsConfig } <# .SYNOPSIS Checks security and compliance settings. .OUTPUTS PSObject containing security and compliance settings. #> function Check-SecurityAndComplianceSettings { Write-Host "`nChecking Security and Compliance Settings..." -ForegroundColor Yellow $mfaStatus = Get-MsolUser -All | Where-Object {$_.StrongAuthenticationRequirements.State} $alertPolicies = Get-ProtectionAlert $securitySettings = [PSCustomObject]@{ MFAEnabledUsers = $mfaStatus.Count AlertPolicies = $alertPolicies.Count } $securitySettings | Format-List return $securitySettings } <# .SYNOPSIS Analyzes Azure AD configuration. .OUTPUTS PSObject containing Azure AD configuration details. #> function Analyze-AzureADConfiguration { Write-Host "`nAnalyzing Azure AD Configuration..." -ForegroundColor Yellow $domains = Get-MsolDomain $devices = Get-MsolDevice -All $azureADConfig = [PSCustomObject]@{ TotalDomains = $domains.Count VerifiedDomains = ($domains | Where-Object {$_.Status -eq "Verified"}).Count TotalDevices = $devices.Count AzureADJoinedDevices = ($devices | Where-Object {$_.DeviceTrustType -eq "Azure AD Joined"}).Count } $azureADConfig | Format-List return $azureADConfig } <# .SYNOPSIS Generates a comprehensive HTML report of all analyses. .PARAMETER AllResults Hashtable containing all analysis results. .OUTPUTS Saves an HTML report to the desktop. #> function Generate-HTMLReport { param([hashtable]$AllResults) Write-Host "`nGenerating Comprehensive HTML Report..." -ForegroundColor Yellow $reportContent = @" <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Microsoft 365 Analysis Report</title> <style> body { font-family: Arial, sans-serif; line-height: 1.6; color: #333; max-width: 1200px; margin: 0 auto; padding: 20px; } h1, h2, h3 { color: #0078D4; } table { border-collapse: collapse; width: 100%; margin-bottom: 20px; } th, td { border: 1px solid #ddd; padding: 8px; text-align: left; } th { background-color: #f2f2f2; } </style> </head> <body> <h1>Microsoft 365 Analysis Report</h1> <p>Generated on: $(Get-Date)</p> <h2>User Accounts and Licenses</h2> $($AllResults.UserAccountsAndLicenses | ConvertTo-Html -Fragment) <h2>Exchange Online Configuration</h2> $($AllResults.ExchangeOnlineConfig | ConvertTo-Html -Fragment) <h2>SharePoint Online Usage</h2> $($AllResults.SharePointOnlineUsage | ConvertTo-Html -Fragment) <h2>Teams Configuration</h2> $($AllResults.TeamsConfig | ConvertTo-Html -Fragment) <h2>Security and Compliance Settings</h2> $($AllResults.SecuritySettings | ConvertTo-Html -Fragment) <h2>Azure AD Configuration</h2> $($AllResults.AzureADConfig | ConvertTo-Html -Fragment) </body> </html> "@ $reportContent | Out-File -FilePath $global:reportPath Write-Host "Report generated and saved to: $global:reportPath" -ForegroundColor Green } # Main program loop Connect-Microsoft365Services $allResults = @{} do { Show-Menu $choice = Read-Host "`nEnter your choice (1-8)" switch ($choice) { "1" { $allResults.UserAccountsAndLicenses = Analyze-UserAccountsAndLicenses } "2" { $allResults.ExchangeOnlineConfig = Check-ExchangeOnlineConfiguration } "3" { $allResults.SharePointOnlineUsage = Analyze-SharePointOnlineUsage } "4" { $allResults.TeamsConfig = Review-TeamsConfiguration } "5" { $allResults.SecuritySettings = Check-SecurityAndComplianceSettings } "6" { $allResults.AzureADConfig = Analyze-AzureADConfiguration } "7" { Generate-HTMLReport -AllResults $allResults } "8" { Write-Host "Exiting program..." -ForegroundColor Yellow; break } default { Write-Host "Invalid choice. Please try again." -ForegroundColor Red } } if ($choice -ne "8") { Read-Host "`nPress Enter to continue..." } } while ($choice -ne "8") # Disconnect from services Disconnect-ExchangeOnline -Confirm:$false Disconnect-SPOService Disconnect-MicrosoftTeams
This Microsoft 365 Analyzer Tool includes:
Key features:
This tool is particularly useful for:
To use this script effectively:
This script provides a comprehensive overview of a Microsoft 365 environment, making it easier to identify configuration issues, security concerns, or areas for optimization. It can significantly streamline the process of auditing and maintaining Microsoft 365 services in organizations of any size.
<# .SYNOPSIS Active Directory Computer Analysis Tool .DESCRIPTION This script analyzes computer accounts in Active Directory, providing detailed information about computer properties, group memberships, operating systems, and potential issues. .NOTES File Name : ADComputerAnalyzer.ps1 Author : [Your Name] Prerequisite : PowerShell V5.1 or later, Active Directory module, and appropriate AD permissions Version : 1.0 Date : [Current Date] .EXAMPLE .\ADComputerAnalyzer.ps1 #> # Import required modules Import-Module ActiveDirectory # Global variables $global:reportPath = "$env:USERPROFILE\Desktop\AD_Computer_Analysis_Report_$(Get-Date -Format 'yyyyMMdd_HHmmss').html" <# .SYNOPSIS Displays the main menu of the tool. #> function Show-Menu { Clear-Host Write-Host "=== Active Directory Computer Analysis Tool ===" -ForegroundColor Cyan Write-Host "1. Analyze Computer Account Statuses" Write-Host "2. Check Operating System Distribution" Write-Host "3. Analyze Group Memberships" Write-Host "4. Identify Inactive Computer Accounts" Write-Host "5. Check for Outdated Operating Systems" Write-Host "6. Analyze Computer Account Properties" Write-Host "7. Check DNS Registration Status" Write-Host "8. Generate Comprehensive HTML Report" Write-Host "9. Exit" } <# .SYNOPSIS Analyzes computer account statuses. .OUTPUTS Array of PSObjects containing computer account status details. #> function Analyze-ComputerAccountStatuses { Write-Host "`nAnalyzing Computer Account Statuses..." -ForegroundColor Yellow $computers = Get-ADComputer -Filter * -Properties Enabled, PasswordLastSet $statuses = @() foreach ($computer in $computers) { $statuses += [PSCustomObject]@{ ComputerName = $computer.Name Enabled = $computer.Enabled PasswordLastSet = $computer.PasswordLastSet DaysSincePasswordSet = if ($computer.PasswordLastSet) { ((Get-Date) - $computer.PasswordLastSet).Days } else { "N/A" } } } $statuses | Format-Table -AutoSize return $statuses } <# .SYNOPSIS Checks operating system distribution. .OUTPUTS Array of PSObjects containing OS distribution details. #> function Check-OSDistribution { Write-Host "`nChecking Operating System Distribution..." -ForegroundColor Yellow $computers = Get-ADComputer -Filter * -Properties OperatingSystem $osDistribution = $computers | Group-Object -Property OperatingSystem | Select-Object Name, Count $osDistribution | Format-Table -AutoSize return $osDistribution } <# .SYNOPSIS Analyzes group memberships. .OUTPUTS Array of PSObjects containing group membership details. #> function Analyze-GroupMemberships { Write-Host "`nAnalyzing Group Memberships..." -ForegroundColor Yellow $computers = Get-ADComputer -Filter * -Properties MemberOf $memberships = @() foreach ($computer in $computers) { $groups = $computer.MemberOf | ForEach-Object { (Get-ADGroup $_).Name } $memberships += [PSCustomObject]@{ ComputerName = $computer.Name GroupCount = $groups.Count Groups = $groups -join ", " } } $memberships | Format-Table -AutoSize return $memberships } <# .SYNOPSIS Identifies inactive computer accounts. .OUTPUTS Array of PSObjects containing inactive computer account details. #> function Identify-InactiveComputerAccounts { Write-Host "`nIdentifying Inactive Computer Accounts..." -ForegroundColor Yellow $inactiveThreshold = (Get-Date).AddDays(-90) $computers = Get-ADComputer -Filter {Enabled -eq $true} -Properties LastLogonDate $inactiveComputers = @() foreach ($computer in $computers) { if ($computer.LastLogonDate -lt $inactiveThreshold) { $inactiveComputers += [PSCustomObject]@{ ComputerName = $computer.Name LastLogonDate = $computer.LastLogonDate DaysSinceLastLogon = ((Get-Date) - $computer.LastLogonDate).Days } } } $inactiveComputers | Format-Table -AutoSize return $inactiveComputers } <# .SYNOPSIS Checks for outdated operating systems. .OUTPUTS Array of PSObjects containing outdated OS details. #> function Check-OutdatedOS { Write-Host "`nChecking for Outdated Operating Systems..." -ForegroundColor Yellow $computers = Get-ADComputer -Filter * -Properties OperatingSystem, OperatingSystemVersion $outdatedOS = @() foreach ($computer in $computers) { if ($computer.OperatingSystem -like "*Windows 7*" -or $computer.OperatingSystem -like "*Windows 8*" -or $computer.OperatingSystem -like "*Windows Server 2008*" -or $computer.OperatingSystem -like "*Windows Server 2012*") { $outdatedOS += [PSCustomObject]@{ ComputerName = $computer.Name OperatingSystem = $computer.OperatingSystem OSVersion = $computer.OperatingSystemVersion } } } $outdatedOS | Format-Table -AutoSize return $outdatedOS } <# .SYNOPSIS Analyzes computer account properties. .OUTPUTS Array of PSObjects containing computer account property details. #> function Analyze-ComputerAccountProperties { Write-Host "`nAnalyzing Computer Account Properties..." -ForegroundColor Yellow $computers = Get-ADComputer -Filter * -Properties * $properties = @() foreach ($computer in $computers) { $properties += [PSCustomObject]@{ ComputerName = $computer.Name OperatingSystem = $computer.OperatingSystem IPAddress = $computer.IPv4Address Created = $computer.Created LastModified = $computer.Modified Description = $computer.Description } } $properties | Format-Table -AutoSize return $properties } <# .SYNOPSIS Checks DNS registration status. .OUTPUTS Array of PSObjects containing DNS registration status details. #> function Check-DNSRegistrationStatus { Write-Host "`nChecking DNS Registration Status..." -ForegroundColor Yellow $computers = Get-ADComputer -Filter * -Properties DNSHostName $dnsStatus = @() foreach ($computer in $computers) { $pingResult = Test-Connection -ComputerName $computer.DNSHostName -Count 1 -ErrorAction SilentlyContinue $dnsStatus += [PSCustomObject]@{ ComputerName = $computer.Name DNSHostName = $computer.DNSHostName Pingable = if ($pingResult) { $true } else { $false } } } $dnsStatus | Format-Table -AutoSize return $dnsStatus } <# .SYNOPSIS Generates a comprehensive HTML report of all analyses. .PARAMETER AllResults Hashtable containing all analysis results. .OUTPUTS Saves an HTML report to the desktop. #> function Generate-HTMLReport { param([hashtable]$AllResults) Write-Host "`nGenerating Comprehensive HTML Report..." -ForegroundColor Yellow $reportContent = @" <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>AD Computer Analysis Report</title> <style> body { font-family: Arial, sans-serif; line-height: 1.6; color: #333; max-width: 1200px; margin: 0 auto; padding: 20px; } h1, h2, h3 { color: #0078D4; } table { border-collapse: collapse; width: 100%; margin-bottom: 20px; } th, td { border: 1px solid #ddd; padding: 8px; text-align: left; } th { background-color: #f2f2f2; } </style> </head> <body> <h1>Active Directory Computer Analysis Report</h1> <p>Generated on: $(Get-Date)</p> <h2>Computer Account Statuses</h2> $($AllResults.AccountStatuses | ConvertTo-Html -Fragment) <h2>Operating System Distribution</h2> $($AllResults.OSDistribution | ConvertTo-Html -Fragment) <h2>Group Memberships</h2> $($AllResults.GroupMemberships | ConvertTo-Html -Fragment) <h2>Inactive Computer Accounts</h2> $($AllResults.InactiveAccounts | ConvertTo-Html -Fragment) <h2>Outdated Operating Systems</h2> $($AllResults.OutdatedOS | ConvertTo-Html -Fragment) <h2>Computer Account Properties</h2> $($AllResults.AccountProperties | ConvertTo-Html -Fragment) <h2>DNS Registration Status</h2> $($AllResults.DNSStatus | ConvertTo-Html -Fragment) </body> </html> "@ $reportContent | Out-File -FilePath $global:reportPath Write-Host "Report generated and saved to: $global:reportPath" -ForegroundColor Green } # Main program loop $allResults = @{} do { Show-Menu $choice = Read-Host "`nEnter your choice (1-9)" switch ($choice) { "1" { $allResults.AccountStatuses = Analyze-ComputerAccountStatuses } "2" { $allResults.OSDistribution = Check-OSDistribution } "3" { $allResults.GroupMemberships = Analyze-GroupMemberships } "4" { $allResults.InactiveAccounts = Identify-InactiveComputerAccounts } "5" { $allResults.OutdatedOS = Check-OutdatedOS } "6" { $allResults.AccountProperties = Analyze-ComputerAccountProperties } "7" { $allResults.DNSStatus = Check-DNSRegistrationStatus } "8" { Generate-HTMLReport -AllResults $allResults } "9" { Write-Host "Exiting program..." -ForegroundColor Yellow; break } default { Write-Host "Invalid choice. Please try again." -ForegroundColor Red } } if ($choice -ne "9") { Read-Host "`nPress Enter to continue..." } } while ($choice -ne "9")
This Active Directory Computer Analysis Tool includes:
Key features:
This tool is particularly useful for:
To use this script effectively:
This script provides a comprehensive overview of computer accounts in an Active Directory environment, making it easier to identify security issues, outdated systems, or potential network problems. It can significantly streamline the process of auditing and maintaining computer accounts in large or complex AD environments.
<# .SYNOPSIS Active Directory User Analysis Tool .DESCRIPTION This script analyzes user accounts in Active Directory, providing detailed information about user properties, group memberships, account statuses, and potential security issues. .NOTES File Name : ADUserAnalyzer.ps1 Author : [Your Name] Prerequisite : PowerShell V5.1 or later, Active Directory module, and appropriate AD permissions Version : 1.0 Date : [Current Date] .EXAMPLE .\ADUserAnalyzer.ps1 #> # Import required modules Import-Module ActiveDirectory # Global variables $global:reportPath = "$env:USERPROFILE\Desktop\AD_User_Analysis_Report_$(Get-Date -Format 'yyyyMMdd_HHmmss').html" <# .SYNOPSIS Displays the main menu of the tool. #> function Show-Menu { Clear-Host Write-Host "=== Active Directory User Analysis Tool ===" -ForegroundColor Cyan Write-Host "1. Analyze User Account Statuses" Write-Host "2. Check Password Policies Compliance" Write-Host "3. Analyze Group Memberships" Write-Host "4. Identify Inactive User Accounts" Write-Host "5. Check for Privileged Accounts" Write-Host "6. Analyze User Account Properties" Write-Host "7. Check for Expired Accounts" Write-Host "8. Generate Comprehensive HTML Report" Write-Host "9. Exit" } <# .SYNOPSIS Analyzes user account statuses. .OUTPUTS Array of PSObjects containing user account status details. #> function Analyze-UserAccountStatuses { Write-Host "`nAnalyzing User Account Statuses..." -ForegroundColor Yellow $users = Get-ADUser -Filter * -Properties Enabled, LockedOut, PasswordExpired, PasswordNeverExpires $statuses = @() foreach ($user in $users) { $statuses += [PSCustomObject]@{ Username = $user.SamAccountName Enabled = $user.Enabled LockedOut = $user.LockedOut PasswordExpired = $user.PasswordExpired PasswordNeverExpires = $user.PasswordNeverExpires } } $statuses | Format-Table -AutoSize return $statuses } <# .SYNOPSIS Checks password policies compliance. .OUTPUTS Array of PSObjects containing password policy compliance details. #> function Check-PasswordPoliciesCompliance { Write-Host "`nChecking Password Policies Compliance..." -ForegroundColor Yellow $defaultPolicy = Get-ADDefaultDomainPasswordPolicy $users = Get-ADUser -Filter * -Properties PasswordLastSet, PasswordNeverExpires $compliance = @() foreach ($user in $users) { $passwordAge = (Get-Date) - $user.PasswordLastSet $compliance += [PSCustomObject]@{ Username = $user.SamAccountName PasswordLastSet = $user.PasswordLastSet PasswordAge = "$($passwordAge.Days) days" CompliantMaxAge = if ($user.PasswordNeverExpires) { "N/A" } elseif ($passwordAge.Days -le $defaultPolicy.MaxPasswordAge.Days) { $true } else { $false } PasswordNeverExpires = $user.PasswordNeverExpires } } $compliance | Format-Table -AutoSize return $compliance } <# .SYNOPSIS Analyzes group memberships. .OUTPUTS Array of PSObjects containing group membership details. #> function Analyze-GroupMemberships { Write-Host "`nAnalyzing Group Memberships..." -ForegroundColor Yellow $users = Get-ADUser -Filter * -Properties MemberOf $memberships = @() foreach ($user in $users) { $groups = $user.MemberOf | ForEach-Object { (Get-ADGroup $_).Name } $memberships += [PSCustomObject]@{ Username = $user.SamAccountName GroupCount = $groups.Count Groups = $groups -join ", " } } $memberships | Format-Table -AutoSize return $memberships } <# .SYNOPSIS Identifies inactive user accounts. .OUTPUTS Array of PSObjects containing inactive user account details. #> function Identify-InactiveUserAccounts { Write-Host "`nIdentifying Inactive User Accounts..." -ForegroundColor Yellow $inactiveThreshold = (Get-Date).AddDays(-90) $users = Get-ADUser -Filter {Enabled -eq $true} -Properties LastLogonDate $inactiveUsers = @() foreach ($user in $users) { if ($user.LastLogonDate -lt $inactiveThreshold) { $inactiveUsers += [PSCustomObject]@{ Username = $user.SamAccountName LastLogonDate = $user.LastLogonDate DaysSinceLastLogon = ((Get-Date) - $user.LastLogonDate).Days } } } $inactiveUsers | Format-Table -AutoSize return $inactiveUsers } <# .SYNOPSIS Checks for privileged accounts. .OUTPUTS Array of PSObjects containing privileged account details. #> function Check-PrivilegedAccounts { Write-Host "`nChecking for Privileged Accounts..." -ForegroundColor Yellow $privilegedGroups = @("Domain Admins", "Enterprise Admins", "Schema Admins", "Administrators") $privilegedAccounts = @() foreach ($group in $privilegedGroups) { $members = Get-ADGroupMember -Identity $group -Recursive | Where-Object {$_.objectClass -eq "user"} foreach ($member in $members) { $privilegedAccounts += [PSCustomObject]@{ Username = $member.SamAccountName PrivilegedGroup = $group } } } $privilegedAccounts | Format-Table -AutoSize return $privilegedAccounts } <# .SYNOPSIS Analyzes user account properties. .OUTPUTS Array of PSObjects containing user account property details. #> function Analyze-UserAccountProperties { Write-Host "`nAnalyzing User Account Properties..." -ForegroundColor Yellow $users = Get-ADUser -Filter * -Properties * $properties = @() foreach ($user in $users) { $properties += [PSCustomObject]@{ Username = $user.SamAccountName FullName = $user.Name Email = $user.EmailAddress Department = $user.Department Title = $user.Title Manager = if ($user.Manager) { (Get-ADUser $user.Manager).Name } else { "N/A" } Created = $user.Created LastModified = $user.Modified } } $properties | Format-Table -AutoSize return $properties } <# .SYNOPSIS Checks for expired accounts. .OUTPUTS Array of PSObjects containing expired account details. #> function Check-ExpiredAccounts { Write-Host "`nChecking for Expired Accounts..." -ForegroundColor Yellow $users = Get-ADUser -Filter {Enabled -eq $true -and AccountExpirationDate -lt (Get-Date)} -Properties AccountExpirationDate $expiredAccounts = @() foreach ($user in $users) { $expiredAccounts += [PSCustomObject]@{ Username = $user.SamAccountName ExpirationDate = $user.AccountExpirationDate DaysExpired = ((Get-Date) - $user.AccountExpirationDate).Days } } $expiredAccounts | Format-Table -AutoSize return $expiredAccounts } <# .SYNOPSIS Generates a comprehensive HTML report of all analyses. .PARAMETER AllResults Hashtable containing all analysis results. .OUTPUTS Saves an HTML report to the desktop. #> function Generate-HTMLReport { param([hashtable]$AllResults) Write-Host "`nGenerating Comprehensive HTML Report..." -ForegroundColor Yellow $reportContent = @" <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>AD User Analysis Report</title> <style> body { font-family: Arial, sans-serif; line-height: 1.6; color: #333; max-width: 1200px; margin: 0 auto; padding: 20px; } h1, h2, h3 { color: #0078D4; } table { border-collapse: collapse; width: 100%; margin-bottom: 20px; } th, td { border: 1px solid #ddd; padding: 8px; text-align: left; } th { background-color: #f2f2f2; } </style> </head> <body> <h1>Active Directory User Analysis Report</h1> <p>Generated on: $(Get-Date)</p> <h2>User Account Statuses</h2> $($AllResults.AccountStatuses | ConvertTo-Html -Fragment) <h2>Password Policies Compliance</h2> $($AllResults.PasswordCompliance | ConvertTo-Html -Fragment) <h2>Group Memberships</h2> $($AllResults.GroupMemberships | ConvertTo-Html -Fragment) <h2>Inactive User Accounts</h2> $($AllResults.InactiveAccounts | ConvertTo-Html -Fragment) <h2>Privileged Accounts</h2> $($AllResults.PrivilegedAccounts | ConvertTo-Html -Fragment) <h2>User Account Properties</h2> $($AllResults.AccountProperties | ConvertTo-Html -Fragment) <h2>Expired Accounts</h2> $($AllResults.ExpiredAccounts | ConvertTo-Html -Fragment) </body> </html> "@ $reportContent | Out-File -FilePath $global:reportPath Write-Host "Report generated and saved to: $global:reportPath" -ForegroundColor Green } # Main program loop $allResults = @{} do { Show-Menu $choice = Read-Host "`nEnter your choice (1-9)" switch ($choice) { "1" { $allResults.AccountStatuses = Analyze-UserAccountStatuses } "2" { $allResults.PasswordCompliance = Check-PasswordPoliciesCompliance } "3" { $allResults.GroupMemberships = Analyze-GroupMemberships } "4" { $allResults.InactiveAccounts = Identify-InactiveUserAccounts } "5" { $allResults.PrivilegedAccounts = Check-PrivilegedAccounts } "6" { $allResults.AccountProperties = Analyze-UserAccountProperties } "7" { $allResults.ExpiredAccounts = Check-ExpiredAccounts } "8" { Generate-HTMLReport -AllResults $allResults } "9" { Write-Host "Exiting program..." -ForegroundColor Yellow; break } default { Write-Host "Invalid choice. Please try again." -ForegroundColor Red } } if ($choice -ne "9") { Read-Host "`nPress Enter to continue..." } } while ($choice -ne "9")
This Active Directory User Analysis Tool includes:
Key features:
This tool is particularly useful for:
To use this script effectively:
This script provides a comprehensive overview of user accounts in an Active Directory environment, making it easier to identify security issues, compliance problems, or outdated account information. It can significantly streamline the process of auditing and maintaining user accounts in large or complex AD environments.
Windows PowerShell: Automate tasks and streamline IT operations with Microsoft’s powerful command-line shell and scripting language. Boost productivity, manage systems efficiently, and harness the full potential of Windows and cloud platforms. Discover the power of PowerShell today!
PowerShell Book:
https://www.powershellbook.com
Amazon Books:
https://amazon.com/author/bocso
PowerShell Book Series:
— Email —
hello@powershellblog.com