Merge pull request #202 from rebelinux/dev

v0.9.4 WIP

Author: rebelinux

.github/workflows/PSScriptAnalyzerSettings.psd1

@@ -1,6 +1,7 @@
 @{
     ExcludeRules = @(
         'PSUseToExportFieldsInManifest'
+        'PSAvoidUsingWriteHost'
     )
     Rules = @{
         PSAvoidExclaimOperator = @{
@@ -12,5 +13,11 @@
         UseCorrectCasing = @{
             Enable = $true
         }
+        PSAvoidUsingCmdletAliases = @{
+            Enable = $true
+        }
+        PSUseConsistentWhitespace = @{
+            Enable = $true
+        }
     }
 }

AsBuiltReport.Microsoft.AD.json

@@ -21,7 +21,26 @@
         "WinRMSSL": false,
         "WinRMFallbackToNoSSL": true,
         "WinRMSSLPort": 5986,
-        "WinRMPort": 5985
+        "WinRMPort": 5985,
+        "EnableDiagrams": true,
+        "EnableDiagramDebug": false,
+        "DiagramTheme": "White",
+        "DiagramObjDebug": false,
+        "DiagramWaterMark": "",
+        "DiagramType": {
+            "CertificateAuthority": false,
+            "Forest": false,
+            "Sites": false,
+            "SitesInventory": false,
+            "Trusts": false
+        },
+        "ExportDiagrams": false,
+        "ExportDiagramsFormat": [
+            "png"
+        ],
+        "EnableDiagramSignature": false,
+        "SignatureAuthorName": "",
+        "SignatureCompanyName": ""
     },
     "InfoLevel": {
         "_comment_": "0 = Disabled, 1 = Enabled, 2 = Adv Summary, 3 = Detailed",
@@ -56,12 +75,11 @@
             "DP": true,
             "Zones": true,
             "BestPractice": true
-
         },
         "CA": {
             "Status": true,
             "Statistics": true,
             "BestPractice": true
         }
     }
-}
+}

AsBuiltReport.Microsoft.AD.psd1

@@ -66,11 +66,11 @@
         },
         @{
             ModuleName = 'Diagrammer.Microsoft.AD';
-            ModuleVersion = '0.2.9'
+            ModuleVersion = '0.2.14'
         },
         @{
             ModuleName = 'Diagrammer.Core';
-            ModuleVersion = '0.2.19'
+            ModuleVersion = '0.2.24'
         }
 
     )

CHANGELOG.md

@@ -7,13 +7,36 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ##### This project is community maintained and has no sponsorship from Microsoft, its employees or any of its affiliates.
 
-## [0.9.4] - Unreleased
+## [0.9.4] - 2025-04-24
+
+### Added
+
+- Add a new section in Get-AbrDomainSection to retrieve and sort DCs while excluding specified ones, enhancing the overall structure and clarity of the script.
+- Add diagram options to configuration file for various sections.
+- Introduced Get-AbrDiagrammer function to generate diagrams in multiple formats.
 
 ### Changed
 
 - Increase AsBuiltReport.Core to v1.4.3
 - Increase Diagrammer.Core minimum requirement
 - Increase Diagrammer.Microsoft.AD minumum requirement
+- Improve Get-ValidCimSession,Get-ValidPSSession to detect current connected DC
+  - Reuse the WinRM session
+  - Reuse the CIM session
+- Improve DNS settings retrieval by filtering only active network adapters in Get-AbrADDomainController function
+- Update Sample report
+- Improve Get-AbrADSite to handle cases where information cannot be collected from DCs, ensuring that the output remains informative and consistent.
+- Update existing functions to utilize new diagram features and handle domain status.
+- Improve error handling and reporting for offline domains and DCs.
+- Updated Get-AbrDNSSection to better handle domain status checks and improve logging clarity.
+- Refined Get-AbrDomainSection to ensure consistent domain information retrieval and improved error handling.
+- Updated Get-AbrADOU to utilize DNSRoot for domain references and improved error handling.
+- Modified Get-AbrADSecurityAssessment to enhance domain information retrieval and output formatting.
+- Enhanced Get-AbrADSiteReplication to streamline domain controller handling and improve logging messages.
+- Revised Get-AbrADTrust to ensure consistent use of DNSRoot and improved trust information retrieval.
+- Enhanced SharedUtilsFunctions to improve session management and error handling for WinRM connections.
+  - Get-ValidCIMSession
+  - Get-ValidPSSession
 
 ### Fixed
 

Samples/Sample Microsoft AD As Built Report.html

@@ -16,10 +16,6 @@ function Get-AbrADDCRoleFeature {
     #>
     [CmdletBinding()]
     param (
-        [Parameter (
-            Position = 0,
-            Mandatory)]
-        [string]
         $DC
     )
 
@@ -29,7 +25,7 @@ function Get-AbrADDCRoleFeature {
 
     process {
         try {
-            $DCPssSession = Get-ValidPSSession -ComputerName $DC -SessionName $($DC)
+            $DCPssSession = Get-ValidPSSession -ComputerName $DC -SessionName $($DC) -PSSTable ([ref]$PSSTable)
             if ($DCPssSession) {
                 $Features = Invoke-Command -Session $DCPssSession -ScriptBlock { Get-WindowsFeature | Where-Object { $_.installed -eq "True" -and $_.FeatureType -eq 'Role' } }
             } else {

Src/Private/Get-AbrADDCRoleFeature.ps1

@@ -16,41 +16,56 @@ function Get-AbrADDFSHealth {
     #>
     [CmdletBinding()]
     param (
-        [Parameter (
-            Position = 0,
-            Mandatory)]
-        [string]
-        $Domain
+        $Domain,
+        [string[]]$DCs,
+        $ValidDcFromDomain
     )
 
     begin {
-        Write-PScriboMessage "Collecting AD Domain DFS Health information on $Domain."
+        Write-PScriboMessage "Collecting AD Domain DFS Health information on $($Domain.DNSRoot)."
     }
 
     process {
         if ($HealthCheck.Domain.DFS) {
             try {
                 if ($Options.Exclude.DCs) {
-                    $DFS = Get-WinADDFSHealth -Domain $Domain -Credential $Credential | Where-Object { $_.DomainController -notin ($Options.Exclude.DCs).split(".", 2)[0] }
-                } Else { $DFS = Get-WinADDFSHealth -Domain $Domain -Credential $Credential }
+                    $DFS = Get-WinADDFSHealth -Domain $Domain.DNSRoot -Credential $Credential -ExcludeDomains $Options.Exclude.Domains -ExcludeDomainControllers $Options.Exclude.DCs
+                } Else { $DFS = Get-WinADDFSHealth -Domain $Domain.DNSRoot -Credential $Credential -ExcludeDomains $Options.Exclude.Domains }
                 if ($DFS) {
                     Section -ExcludeFromTOC -Style NOTOCHeading4 'Sysvol Replication Status' {
-                        Paragraph "The following section details the sysvol folder replication status for Domain $($Domain.ToString().ToUpper())."
+                        Paragraph "The following section details the sysvol folder replication status for Domain $($Domain.DNSRoot.ToString().ToUpper())."
                         BlankLine
                         $OutObj = @()
-                        foreach ($DCStatus in $DFS) {
+                        foreach ($Controller in $DCs) {
                             try {
+                                $RepState = $DFS | Where-Object { $_.DomainController -eq $Controller.Split('.')[0] } | Select-Object -Property ReplicationState, GroupPolicyCount, SysvolCount, IdenticalCount, StopReplicationOnAutoRecovery
                                 $inObj = [ordered] @{
-                                    'DC Name' = $DCStatus.DomainController
-                                    'Replication Status' = Switch ([string]::IsNullOrEmpty($DCStatus.ReplicationState)) {
-                                        $true { "Unknown" }
-                                        $false { $DCStatus.ReplicationState }
+                                    'DC Name' = $Controller.Split('.')[0]
+                                    'Replication Status' = Switch ([string]::IsNullOrEmpty($RepState.ReplicationState)) {
+                                        $true { "Offline" }
+                                        $false { $RepState.ReplicationState }
+                                        default { "--" }
+                                    }
+                                    'GPO Count' = switch ([string]::IsNullOrEmpty($RepState.GroupPolicyCount)) {
+                                        $true { "0" }
+                                        $false { $RepState.GroupPolicyCount }
+                                        default { "--" }
+                                    }
+                                    'Sysvol Count' = switch ([string]::IsNullOrEmpty($RepState.SysvolCount)) {
+                                        $true { "0" }
+                                        $false { $RepState.SysvolCount }
+                                        default { "--" }
+                                    }
+                                    'Identical Count' = switch ([string]::IsNullOrEmpty($RepState.IdenticalCount)) {
+                                        $true { "0" }
+                                        $false { $RepState.IdenticalCount }
+                                        default { "--" }
+                                    }
+                                    'Stop Replication On AutoRecovery' = switch ([string]::IsNullOrEmpty($RepState.StopReplicationOnAutoRecovery)) {
+                                        $true { "0" }
+                                        $false { $RepState.StopReplicationOnAutoRecovery }
                                         default { "--" }
                                     }
-                                    'GPO Count' = $DCStatus.GroupPolicyCount
-                                    'Sysvol Count' = $DCStatus.SysvolCount
-                                    'Identical Count' = $DCStatus.IdenticalCount
-                                    'Stop Replication On AutoRecovery' = $DCStatus.StopReplicationOnAutoRecovery
 
                                 }
                                 $OutObj += [pscustomobject](ConvertTo-HashToYN $inObj)
@@ -77,7 +92,7 @@ function Get-AbrADDFSHealth {
                         }
 
                         $TableParams = @{
-                            Name = "Sysvol Replication Status - $($Domain.ToString().ToUpper())"
+                            Name = "Sysvol Replication Status - $($Domain.DNSRoot.ToString().ToUpper()))"
                             List = $false
                             ColumnWidths = 20, 16, 16, 16, 16, 16
                         }
@@ -97,18 +112,17 @@ function Get-AbrADDFSHealth {
                         }
                     }
                 } else {
-                    Write-PScriboMessage "No DFS information found in $Domain, Disabling this section."
+                    Write-PScriboMessage "No DFS information found in $($Domain.DNSRoot), Disabling this section."
                 }
             } catch {
                 Write-PScriboMessage -IsWarning "Sysvol Replication Status Table Section: $($_.Exception.Message)"
             }
             try {
-                $DC = Get-ValidDCfromDomain -Domain $Domain
 
-                $DCPssSession = Get-ValidPSSession -ComputerName $DC -SessionName $($DC)
+                $DCPssSession = Get-ValidPSSession -ComputerName $ValidDcFromDomain -SessionName $($ValidDcFromDomain) -PSSTable ([ref]$PSSTable)
                 if ($DCPssSession) {
                     # Code taken from ClaudioMerola (https://github.com/ClaudioMerola/ADxRay)
-                    $SYSVOLFolder = Invoke-Command -Session $DCPssSession { Get-ChildItem -Path $('\\' + $using:Domain + '\SYSVOL\' + $using:Domain) -Recurse | Where-Object -FilterScript { $_.PSIsContainer -eq $false } | Group-Object -Property Extension | ForEach-Object -Process {
+                    $SYSVOLFolder = Invoke-Command -Session $DCPssSession { Get-ChildItem -Path $('\\' + ($using:Domain).DNSRoot + '\SYSVOL\' + ($using:Domain).DNSRoot) -Recurse | Where-Object -FilterScript { $_.PSIsContainer -eq $false } | Group-Object -Property Extension | ForEach-Object -Process {
                             New-Object -TypeName PSObject -Property @{
                                 'Extension' = $_.name
                                 'Count' = $_.count
@@ -118,11 +132,11 @@ function Get-AbrADDFSHealth {
                     if (-Not $_.Exception.MessageId) {
                         $ErrorMessage = $_.FullyQualifiedErrorId
                     } else { $ErrorMessage = $_.Exception.MessageId }
-                    Write-PScriboMessage -IsWarning "Sysvol Content Status Section: New-PSSession: Unable to connect to $($DC): $ErrorMessage"
+                    Write-PScriboMessage -IsWarning "Sysvol Content Status Section: New-PSSession: Unable to connect to $($ValidDcFromDomain): $ErrorMessage"
                 }
                 if ($SYSVOLFolder) {
                     Section -ExcludeFromTOC -Style NOTOCHeading4 'Sysvol Content Status' {
-                        Paragraph "The following section details domain $($Domain.ToString().ToUpper()) sysvol health status."
+                        Paragraph "The following section details domain $($Domain.DNSRoot.ToString().ToUpper())) sysvol health status."
                         BlankLine
                         $OutObj = @()
                         foreach ($Extension in $SYSVOLFolder) {
@@ -143,7 +157,7 @@ function Get-AbrADDFSHealth {
                         }
 
                         $TableParams = @{
-                            Name = "Sysvol Content Status - $($Domain.ToString().ToUpper())"
+                            Name = "Sysvol Content Status - $($Domain.DNSRoot.ToString().ToUpper())"
                             List = $false
                             ColumnWidths = 33, 33, 34
                         }
@@ -162,17 +176,16 @@ function Get-AbrADDFSHealth {
                         }
                     }
                 } else {
-                    Write-PScriboMessage "No SYSVOL folder information found in $Domain, Disabling this section."
+                    Write-PScriboMessage "No SYSVOL folder information found in $($Domain.DNSRoot), Disabling this section."
                 }
             } catch {
                 Write-PScriboMessage -IsWarning "Sysvol Health Table Section: $($_.Exception.Message)"
             }
             try {
-                $DC = Get-ValidDCfromDomain -Domain $Domain
-                $DCPssSession = Get-ValidPSSession -ComputerName $DC -SessionName $($DC)
+                $DCPssSession = Get-ValidPSSession -ComputerName $ValidDcFromDomain -SessionName $($ValidDcFromDomain) -PSSTable ([ref]$PSSTable)
                 if ($DCPssSession) {
                     # Code taken from ClaudioMerola (https://github.com/ClaudioMerola/ADxRay)
-                    $NetlogonFolder = Invoke-Command -Session $DCPssSession { Get-ChildItem -Path $('\\' + $using:Domain + '\NETLOGON\') -Recurse | Where-Object -FilterScript { $_.PSIsContainer -eq $false } | Group-Object -Property Extension | ForEach-Object -Process {
+                    $NetlogonFolder = Invoke-Command -Session $DCPssSession { Get-ChildItem -Path $('\\' + ($using:Domain).DNSRoot + '\NETLOGON\') -Recurse | Where-Object -FilterScript { $_.PSIsContainer -eq $false } | Group-Object -Property Extension | ForEach-Object -Process {
                             New-Object -TypeName PSObject -Property @{
                                 'Extension' = $_.name
                                 'Count' = $_.count
@@ -182,11 +195,11 @@ function Get-AbrADDFSHealth {
                     if (-Not $_.Exception.MessageId) {
                         $ErrorMessage = $_.FullyQualifiedErrorId
                     } else { $ErrorMessage = $_.Exception.MessageId }
-                    Write-PScriboMessage -IsWarning "Netlogon Content Status Section: New-PSSession: Unable to connect to $($DC): $ErrorMessage"
+                    Write-PScriboMessage -IsWarning "Netlogon Content Status Section: New-PSSession: Unable to connect to $($ValidDcFromDomain): $ErrorMessage"
                 }
                 if ($NetlogonFolder) {
                     Section -ExcludeFromTOC -Style NOTOCHeading4 'Netlogon Content Status' {
-                        Paragraph "The following section details domain $($Domain.ToString().ToUpper()) netlogon health status."
+                        Paragraph "The following section details domain $($Domain.DNSRoot.ToString().ToUpper())) netlogon health status."
                         BlankLine
                         $OutObj = @()
                         foreach ($Extension in $NetlogonFolder) {
@@ -207,7 +220,7 @@ function Get-AbrADDFSHealth {
                         }
 
                         $TableParams = @{
-                            Name = "Netlogon Content Status - $($Domain.ToString().ToUpper())"
+                            Name = "Netlogon Content Status - $($Domain.DNSRoot.ToString().ToUpper())"
                             List = $false
                             ColumnWidths = 33, 33, 34
                         }
@@ -226,7 +239,7 @@ function Get-AbrADDFSHealth {
                         }
                     }
                 } else {
-                    Write-PScriboMessage "No NETLOGON folder information found in $Domain, Disabling this section."
+                    Write-PScriboMessage "No NETLOGON folder information found in $($Domain.DNSRoot), Disabling this section."
                 }
             } catch {
                 Write-PScriboMessage -IsWarning "Netlogon Content Status Section: $($_.Exception.Message)"