Merge pull request #29 from AsBuiltReport/dev

v0.7.0 public release

Author: rebelinux

.github/workflows/Release.yml

@@ -29,3 +29,18 @@ jobs:
         shell: pwsh
         run: |
           Publish-Module -Path ./ -NuGetApiKey ${{ secrets.PSGALLERY_API_KEY }} -Verbose
+  tweet:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: Eomm/why-don-t-you-tweet@v1
+        # We don't want to tweet if the repository is not a public one
+        if: ${{ !github.event.repository.private }}
+        with:
+          # GitHub event payload
+          # https://docs.github.com/en/developers/webhooks-and-events/webhooks/webhook-events-and-payloads#release
+          tweet-message: "[New Release] ${{ github.event.repository.name }} ${{ github.event.release.tag_name }}! Check out what's new! ${{ github.event.release.html_url }} #AsBuiltReport #PowerShell #Microsoft #Activedirectory #MVP"
+        env:
+          TWITTER_CONSUMER_API_KEY: ${{ secrets.TWITTER_CONSUMER_API_KEY }}
+          TWITTER_CONSUMER_API_SECRET: ${{ secrets.TWITTER_CONSUMER_API_SECRET }}
+          TWITTER_ACCESS_TOKEN: ${{ secrets.TWITTER_ACCESS_TOKEN }}
+          TWITTER_ACCESS_TOKEN_SECRET: ${{ secrets.TWITTER_ACCESS_TOKEN_SECRET }}

AsBuiltReport.Microsoft.AD.json

@@ -23,19 +23,26 @@
     "HealthCheck": {
         "Domain": {
             "GMSA": true,
-            "GPO": true
+            "GPO": true,
+            "Backup": true,
+            "DFS": true,
+            "SPN": true,
+            "DuplicateObject": true,
+            "Security": true
         },
         "DomainController": {
             "Diagnostic": true,
             "Services": true,
             "Software": true
         },
         "Site": {
-            "Replication": true
+            "Replication": true,
+            "BestPractice": true
         },
         "DNS": {
             "Aging": true,
-            "DP": true
+            "DP": true,
+            "Zones": true
         },
         "DHCP": {
             "Summary": true,

AsBuiltReport.Microsoft.AD.psd1

@@ -12,7 +12,7 @@
 RootModule = 'AsBuiltReport.Microsoft.AD.psm1'
 
 # Version number of this module.
-ModuleVersion = '0.6.3'
+ModuleVersion = '0.7.0'
 
 # Supported PSEditions
 # CompatiblePSEditions = @()
@@ -59,6 +59,10 @@ RequiredModules = @(
     @{
         ModuleName = 'PSPKI';
         ModuleVersion = '3.7.2'
+    },
+    @{
+        ModuleName = 'PSSharedGoods';
+        ModuleVersion = '0.0.224'
     }
 )
 

CHANGELOG.md

@@ -1,5 +1,27 @@
 # :arrows_counterclockwise: Microsoft AD As Built Report Changelog
 
+## [0.7.0] - 2022-03-14
+
+### Added
+
+- Implemented health check explanations.
+- Added Health Check:
+  - Search for Duplicate Object.
+  - Search for Duplicate SID.
+  - DFS Health Status
+  - Search for Account Security Issues.
+- Added Naming Context Backup information.
+
+### Changed
+
+- Improve Health Check content.
+- Added enabled status on Forest Optional Features section.
+
+### Fixed
+
+- Fix DNS section issues.
+- Sort "Organizational Unit" section by path. Closes #27
+
 ## [0.6.3] - 2022-01-30
 
 ### Changed

README.md

@@ -68,6 +68,7 @@ PowerShell 5.1 or PowerShell 7, and the following PowerShell modules are require
 - [GroupPolicy Module](https://docs.microsoft.com/en-us/powershell/module/grouppolicy/?view=windowsserver2019-ps)
 - [DhcpServer Module](https://docs.microsoft.com/en-us/powershell/module/dhcpserver/?view=windowsserver2019-ps)
 - [DnsServer Module](https://docs.microsoft.com/en-us/powershell/module/dnsserver/?view=windowsserver2019-ps)
+- [PSSharedGoods Module](https://www.powershellgallery.com/packages/PSSharedGoods/)
 
 ### Linux & macOS
 

Samples/Sample Microsoft AD As Built Report.html

@@ -5,7 +5,7 @@ function Get-AbrADDCDiag {
     .DESCRIPTION
 
     .NOTES
-        Version:        0.6.3
+        Version:        0.7.0
         Author:         Jonathan Colon
         Twitter:        @jcolonfzenpr
         Github:         rebelinux
@@ -36,8 +36,6 @@ function Get-AbrADDCDiag {
                 $DCDIAG = Invoke-DcDiag -DomainController $DC
                 if ($DCDIAG) {
                     Section -Style Heading5 "$($DC.ToString().split('.')[0].ToUpper())" {
-                        Paragraph "The following section provides a summary of the Active Directory DC Diagnostic."
-                        BlankLine
                         $OutObj = @()
                         Write-PscriboMessage "Discovered Active Directory DCDiag information for DC $DC."
                         foreach ($Result in $DCDIAG) {

Src/Private/Get-AbrADDCDiag.ps1

@@ -34,8 +34,6 @@ function Get-AbrADDCRoleFeature {
             if ($DCPssSession) {
                 Write-PscriboMessage "Discovered Active Directory DC Role & Features information of $DC."
                 Section -Style Heading6 "$($DC.ToString().ToUpper().Split(".")[0])" {
-                    Paragraph "The following section provides a summary of the Domain Controller Role & Features information."
-                    BlankLine
                     $OutObj = @()
                     $Features = Invoke-Command -Session $DCPssSession -ScriptBlock {Get-WindowsFeature | Where-Object {$_.installed -eq "True" -and $_.FeatureType -eq 'Role'}}
                     Remove-PSSession -Session $DCPssSession

Src/Private/Get-AbrADDCRoleFeature.ps1

@@ -0,0 +1,86 @@
+function Get-AbrADDFSHealth {
+    <#
+    .SYNOPSIS
+    Used by As Built Report to retrieve Microsoft AD Domain DFS Health information.
+    .DESCRIPTION
+
+    .NOTES
+        Version:        0.7.0
+        Author:         Jonathan Colon
+        Twitter:        @jcolonfzenpr
+        Github:         rebelinux
+    .EXAMPLE
+
+    .LINK
+
+    #>
+    [CmdletBinding()]
+    param (
+        [Parameter (
+            Position = 0,
+            Mandatory)]
+            [string]
+            $Domain
+    )
+
+    begin {
+        Write-PscriboMessage "Discovering AD Domain DFS Health information on $Domain."
+    }
+
+    process {
+        if ($Domain -and $HealthCheck.Domain.DFS) {
+            try {
+                $DFS =  Get-WinADDFSHealth -Domain $Domain
+                Write-PscriboMessage "Discovered AD Domain DFS Health information from $Domain."
+                if ($DFS) {
+                    Section -Style Heading4 'Health Check - DFS Health' {
+                        Paragraph "The following section details Distributed File System health status for Domain $($Domain.ToString().ToUpper())."
+                        BlankLine
+                        $OutObj = @()
+                        foreach ($DCStatus in $DFS) {
+                            try {
+                                Write-PscriboMessage "Collecting DFS information from $($Domain)."
+                                $inObj = [ordered] @{
+                                    'DC Name' = $DCStatus.DomainController
+                                    'Replication State' = $DCStatus.ReplicationState
+                                    'GPO Count' = $DCStatus.GroupPolicyCount
+                                    'Sysvol Count' = $DCStatus.SysvolCount
+                                    'Identical Count' = ConvertTo-TextYN $DCStatus.IdenticalCount
+                                    'Stop Replication On AutoRecovery' = ConvertTo-TextYN $DCStatus.StopReplicationOnAutoRecovery
+
+                                }
+                                $OutObj += [pscustomobject]$inobj
+                            }
+                            catch {
+                                Write-PscriboMessage -IsWarning "$($_.Exception.Message) (DFS Health Item)"
+                            }
+                        }
+
+                        if ($HealthCheck.Domain.DFS) {
+                            $OutObj | Where-Object { $_.'Identical Count' -like 'No' } | Set-Style -Style Warning -Property 'Identical Count'
+                        }
+
+                        $TableParams = @{
+                            Name = "Domain Last Backup - $($Domain.ToString().ToUpper())"
+                            List = $false
+                            ColumnWidths = 20, 16, 16, 16, 16, 16
+                        }
+
+                        if ($Report.ShowTableCaptions) {
+                            $TableParams['Caption'] = "- $($TableParams.Name)"
+                        }
+                        $OutObj | Sort-Object -Property 'Naming Context' | Table @TableParams
+                        Paragraph "Health Check:" -Italic -Bold -Underline
+                        Paragraph "Corrective Actions: Ensure an identical GPO/SYSVOL content for the domain controller in all Active Directory domains." -Italic -Bold
+                    }
+                }
+            }
+            catch {
+                Write-PscriboMessage -IsWarning "$($_.Exception.Message) (DFS Health Table)"
+            }
+        }
+    }
+
+    end {}
+
+}

Src/Private/Get-AbrADDFSHealth.ps1

@@ -143,6 +143,10 @@ function Get-AbrADDHCPInfrastructure {
                                 $TableParams['Caption'] = "- $($TableParams.Name)"
                             }
                             $OutObj | Sort-Object -Property 'DC Name' | Table @TableParams
+                            if ($HealthCheck.DHCP.BP -and ($OutObj | Where-Object { $_.'User Name' -eq "-"})) {
+                                Paragraph "Health Check:" -Italic -Bold -Underline
+                                Paragraph "Best Practice: Credentials for DNS update should be configured if secure dynamic DNS update is enabled and the domain controller is on the same host as the DHCP server." -Italic -Bold
+                            }
                         }
                     }
                     catch {