Skip to content

Commit 86c8cec

Browse files
rebelinuxrebelinux
committed
Refactor Active Directory Reporting Scripts
- Updated Get-AbrADOU.ps1 to utilize DNSRoot for domain references and improved error handling. - Modified Get-AbrADSecurityAssessment.ps1 to enhance domain information retrieval and output formatting. - Enhanced Get-AbrADSiteReplication.ps1 to streamline domain controller handling and improve logging messages. - Revised Get-AbrADTrust.ps1 to ensure consistent use of DNSRoot and improved trust information retrieval. - Updated Get-AbrDNSSection.ps1 to better handle domain status checks and improve logging clarity. - Refined Get-AbrDomainSection.ps1 to ensure consistent domain information retrieval and improved error handling. - Enhanced SharedUtilsFunctions.ps1 to improve session management and error handling for WinRM connections. - Updated Invoke-AsBuiltReport.Microsoft.AD.ps1 to improve domain and DC status reporting.
1 parent 9a270b0 commit 86c8cec

25 files changed

+811
-862
lines changed

.github/workflows/PSScriptAnalyzerSettings.psd1

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,7 @@
11
@{
22
ExcludeRules = @(
33
'PSUseToExportFieldsInManifest'
4+
'PSAvoidUsingWriteHost'
45
)
56
Rules = @{
67
PSAvoidExclaimOperator = @{
@@ -12,5 +13,11 @@
1213
UseCorrectCasing = @{
1314
Enable = $true
1415
}
16+
PSAvoidUsingCmdletAliases = @{
17+
Enable = $true
18+
}
19+
PSUseConsistentWhitespace = @{
20+
Enable = $true
21+
}
1522
}
1623
}

CHANGELOG.md

Lines changed: 9 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -28,7 +28,15 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
2828
- Improve Get-AbrADSite to handle cases where information cannot be collected from DCs, ensuring that the output remains informative and consistent.
2929
- Update existing functions to utilize new diagram features and handle domain status.
3030
- Improve error handling and reporting for offline domains and DCs.
31-
31+
- Updated Get-AbrDNSSection to better handle domain status checks and improve logging clarity.
32+
- Refined Get-AbrDomainSection to ensure consistent domain information retrieval and improved error handling.
33+
- Updated Get-AbrADOU to utilize DNSRoot for domain references and improved error handling.
34+
- Modified Get-AbrADSecurityAssessment to enhance domain information retrieval and output formatting.
35+
- Enhanced Get-AbrADSiteReplication to streamline domain controller handling and improve logging messages.
36+
- Revised Get-AbrADTrust to ensure consistent use of DNSRoot and improved trust information retrieval.
37+
- Enhanced SharedUtilsFunctions to improve session management and error handling for WinRM connections.
38+
- Get-ValidCIMSession
39+
- Get-ValidPSSession
3240

3341
### Fixed
3442

Src/Private/Get-AbrADDCRoleFeature.ps1

Lines changed: 0 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -16,10 +16,6 @@ function Get-AbrADDCRoleFeature {
1616
#>
1717
[CmdletBinding()]
1818
param (
19-
[Parameter (
20-
Position = 0,
21-
Mandatory)]
22-
[string]
2319
$DC
2420
)
2521

Src/Private/Get-AbrADDFSHealth.ps1

Lines changed: 21 additions & 27 deletions
Original file line numberDiff line numberDiff line change
@@ -16,28 +16,24 @@ function Get-AbrADDFSHealth {
1616
#>
1717
[CmdletBinding()]
1818
param (
19-
[Parameter (
20-
Position = 0,
21-
Mandatory)]
22-
[string]
23-
$Domain
19+
$Domain,
20+
[string[]]$DCs,
21+
$ValidDcFromDomain
2422
)
2523

2624
begin {
27-
Write-PScriboMessage "Collecting AD Domain DFS Health information on $Domain."
25+
Write-PScriboMessage "Collecting AD Domain DFS Health information on $($Domain.DNSRoot)."
2826
}
2927

3028
process {
3129
if ($HealthCheck.Domain.DFS) {
3230
try {
33-
$DCs = Invoke-Command -Session $TempPssSession { Get-ADDomain -Identity $using:Domain | Select-Object -ExpandProperty ReplicaDirectoryServers | Where-Object { $_ -notin ($using:Options).Exclude.DCs } } | Sort-Object
34-
3531
if ($Options.Exclude.DCs) {
36-
$DFS = Get-WinADDFSHealth -Domain $Domain -Credential $Credential -ExcludeDomains $Options.Exclude.Domains -ExcludeDomainControllers $Options.Exclude.DCs
37-
} Else { $DFS = Get-WinADDFSHealth -Domain $Domain -Credential $Credential -ExcludeDomains $Options.Exclude.Domains }
32+
$DFS = Get-WinADDFSHealth -Domain $Domain.DNSRoot -Credential $Credential -ExcludeDomains $Options.Exclude.Domains -ExcludeDomainControllers $Options.Exclude.DCs
33+
} Else { $DFS = Get-WinADDFSHealth -Domain $Domain.DNSRoot -Credential $Credential -ExcludeDomains $Options.Exclude.Domains }
3834
if ($DFS) {
3935
Section -ExcludeFromTOC -Style NOTOCHeading4 'Sysvol Replication Status' {
40-
Paragraph "The following section details the sysvol folder replication status for Domain $($Domain.ToString().ToUpper())."
36+
Paragraph "The following section details the sysvol folder replication status for Domain $($Domain.DNSRoot.ToString().ToUpper())."
4137
BlankLine
4238
$OutObj = @()
4339
foreach ($Controller in $DCs) {
@@ -96,7 +92,7 @@ function Get-AbrADDFSHealth {
9692
}
9793

9894
$TableParams = @{
99-
Name = "Sysvol Replication Status - $($Domain.ToString().ToUpper())"
95+
Name = "Sysvol Replication Status - $($Domain.DNSRoot.ToString().ToUpper()))"
10096
List = $false
10197
ColumnWidths = 20, 16, 16, 16, 16, 16
10298
}
@@ -116,18 +112,17 @@ function Get-AbrADDFSHealth {
116112
}
117113
}
118114
} else {
119-
Write-PScriboMessage "No DFS information found in $Domain, Disabling this section."
115+
Write-PScriboMessage "No DFS information found in $($Domain.DNSRoot), Disabling this section."
120116
}
121117
} catch {
122118
Write-PScriboMessage -IsWarning "Sysvol Replication Status Table Section: $($_.Exception.Message)"
123119
}
124120
try {
125-
$DC = Get-ValidDCfromDomain -Domain $Domain -DCStatus ([ref]$DCStatus)
126121

127-
$DCPssSession = Get-ValidPSSession -ComputerName $DC -SessionName $($DC) -PSSTable ([ref]$PSSTable)
122+
$DCPssSession = Get-ValidPSSession -ComputerName $ValidDcFromDomain -SessionName $($ValidDcFromDomain) -PSSTable ([ref]$PSSTable)
128123
if ($DCPssSession) {
129124
# Code taken from ClaudioMerola (https://github.com/ClaudioMerola/ADxRay)
130-
$SYSVOLFolder = Invoke-Command -Session $DCPssSession { Get-ChildItem -Path $('\\' + $using:Domain + '\SYSVOL\' + $using:Domain) -Recurse | Where-Object -FilterScript { $_.PSIsContainer -eq $false } | Group-Object -Property Extension | ForEach-Object -Process {
125+
$SYSVOLFolder = Invoke-Command -Session $DCPssSession { Get-ChildItem -Path $('\\' + ($using:Domain).DNSRoot + '\SYSVOL\' + ($using:Domain).DNSRoot) -Recurse | Where-Object -FilterScript { $_.PSIsContainer -eq $false } | Group-Object -Property Extension | ForEach-Object -Process {
131126
New-Object -TypeName PSObject -Property @{
132127
'Extension' = $_.name
133128
'Count' = $_.count
@@ -137,11 +132,11 @@ function Get-AbrADDFSHealth {
137132
if (-Not $_.Exception.MessageId) {
138133
$ErrorMessage = $_.FullyQualifiedErrorId
139134
} else { $ErrorMessage = $_.Exception.MessageId }
140-
Write-PScriboMessage -IsWarning "Sysvol Content Status Section: New-PSSession: Unable to connect to $($DC): $ErrorMessage"
135+
Write-PScriboMessage -IsWarning "Sysvol Content Status Section: New-PSSession: Unable to connect to $($ValidDcFromDomain): $ErrorMessage"
141136
}
142137
if ($SYSVOLFolder) {
143138
Section -ExcludeFromTOC -Style NOTOCHeading4 'Sysvol Content Status' {
144-
Paragraph "The following section details domain $($Domain.ToString().ToUpper()) sysvol health status."
139+
Paragraph "The following section details domain $($Domain.DNSRoot.ToString().ToUpper())) sysvol health status."
145140
BlankLine
146141
$OutObj = @()
147142
foreach ($Extension in $SYSVOLFolder) {
@@ -162,7 +157,7 @@ function Get-AbrADDFSHealth {
162157
}
163158

164159
$TableParams = @{
165-
Name = "Sysvol Content Status - $($Domain.ToString().ToUpper())"
160+
Name = "Sysvol Content Status - $($Domain.DNSRoot.ToString().ToUpper())"
166161
List = $false
167162
ColumnWidths = 33, 33, 34
168163
}
@@ -181,17 +176,16 @@ function Get-AbrADDFSHealth {
181176
}
182177
}
183178
} else {
184-
Write-PScriboMessage "No SYSVOL folder information found in $Domain, Disabling this section."
179+
Write-PScriboMessage "No SYSVOL folder information found in $($Domain.DNSRoot), Disabling this section."
185180
}
186181
} catch {
187182
Write-PScriboMessage -IsWarning "Sysvol Health Table Section: $($_.Exception.Message)"
188183
}
189184
try {
190-
$DC = Get-ValidDCfromDomain -Domain $Domain -DCStatus ([ref]$DCStatus)
191-
$DCPssSession = Get-ValidPSSession -ComputerName $DC -SessionName $($DC) -PSSTable ([ref]$PSSTable)
185+
$DCPssSession = Get-ValidPSSession -ComputerName $ValidDcFromDomain -SessionName $($ValidDcFromDomain) -PSSTable ([ref]$PSSTable)
192186
if ($DCPssSession) {
193187
# Code taken from ClaudioMerola (https://github.com/ClaudioMerola/ADxRay)
194-
$NetlogonFolder = Invoke-Command -Session $DCPssSession { Get-ChildItem -Path $('\\' + $using:Domain + '\NETLOGON\') -Recurse | Where-Object -FilterScript { $_.PSIsContainer -eq $false } | Group-Object -Property Extension | ForEach-Object -Process {
188+
$NetlogonFolder = Invoke-Command -Session $DCPssSession { Get-ChildItem -Path $('\\' + ($using:Domain).DNSRoot + '\NETLOGON\') -Recurse | Where-Object -FilterScript { $_.PSIsContainer -eq $false } | Group-Object -Property Extension | ForEach-Object -Process {
195189
New-Object -TypeName PSObject -Property @{
196190
'Extension' = $_.name
197191
'Count' = $_.count
@@ -201,11 +195,11 @@ function Get-AbrADDFSHealth {
201195
if (-Not $_.Exception.MessageId) {
202196
$ErrorMessage = $_.FullyQualifiedErrorId
203197
} else { $ErrorMessage = $_.Exception.MessageId }
204-
Write-PScriboMessage -IsWarning "Netlogon Content Status Section: New-PSSession: Unable to connect to $($DC): $ErrorMessage"
198+
Write-PScriboMessage -IsWarning "Netlogon Content Status Section: New-PSSession: Unable to connect to $($ValidDcFromDomain): $ErrorMessage"
205199
}
206200
if ($NetlogonFolder) {
207201
Section -ExcludeFromTOC -Style NOTOCHeading4 'Netlogon Content Status' {
208-
Paragraph "The following section details domain $($Domain.ToString().ToUpper()) netlogon health status."
202+
Paragraph "The following section details domain $($Domain.DNSRoot.ToString().ToUpper())) netlogon health status."
209203
BlankLine
210204
$OutObj = @()
211205
foreach ($Extension in $NetlogonFolder) {
@@ -226,7 +220,7 @@ function Get-AbrADDFSHealth {
226220
}
227221

228222
$TableParams = @{
229-
Name = "Netlogon Content Status - $($Domain.ToString().ToUpper())"
223+
Name = "Netlogon Content Status - $($Domain.DNSRoot.ToString().ToUpper())"
230224
List = $false
231225
ColumnWidths = 33, 33, 34
232226
}
@@ -245,7 +239,7 @@ function Get-AbrADDFSHealth {
245239
}
246240
}
247241
} else {
248-
Write-PScriboMessage "No NETLOGON folder information found in $Domain, Disabling this section."
242+
Write-PScriboMessage "No NETLOGON folder information found in $($Domain.DNSRoot), Disabling this section."
249243
}
250244
} catch {
251245
Write-PScriboMessage -IsWarning "Netlogon Content Status Section: $($_.Exception.Message)"

Src/Private/Get-AbrADDNSInfrastructure.ps1

Lines changed: 10 additions & 28 deletions
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,7 @@ function Get-AbrADDNSInfrastructure {
55
.DESCRIPTION
66
77
.NOTES
8-
Version: 0.9.2
8+
Version: 0.9.4
99
Author: Jonathan Colon
1010
Twitter: @jcolonfzenpr
1111
Github: rebelinux
@@ -16,20 +16,16 @@ function Get-AbrADDNSInfrastructure {
1616
#>
1717
[CmdletBinding()]
1818
param (
19-
[Parameter (
20-
Position = 0,
21-
Mandatory)]
22-
[string]
23-
$Domain
19+
$Domain,
20+
[string[]]$DCs
2421
)
2522

2623
begin {
27-
Write-PScriboMessage "Collecting Active Directory Domain Name System Infrastructure information for $Domain"
24+
Write-PScriboMessage "Collecting Active Directory Domain Name System Infrastructure information for $($Domain.DNSRoot)"
2825
}
2926

3027
process {
3128
try {
32-
$DCs = Invoke-Command -Session $TempPssSession { Get-ADDomain -Identity $using:Domain | Select-Object -ExpandProperty ReplicaDirectoryServers | Where-Object { $_ -notin ($using:Options).Exclude.DCs } }
3329
if ($DCs) {
3430
Section -Style Heading3 "Infrastructure Summary" {
3531
Paragraph "The following section provides a summary of the DNS Infrastructure configuration."
@@ -51,13 +47,11 @@ function Get-AbrADDNSInfrastructure {
5147
} catch {
5248
Write-PScriboMessage -IsWarning "DNS Infrastructure Summary Section: $($_.Exception.Message)"
5349
}
54-
} else {
55-
Write-PScriboMessage -IsWarning "DNS Infrastructure Summary Section: Unable to connect to DC server $DC"
5650
}
5751
}
5852

5953
$TableParams = @{
60-
Name = "Infrastructure Summary - $($Domain.ToString().ToUpper())"
54+
Name = "Infrastructure Summary - $($Domain.DNSRoot.ToString().ToUpper())"
6155
List = $false
6256
ColumnWidths = 30, 10, 9, 10, 11, 30
6357
}
@@ -112,8 +106,6 @@ function Get-AbrADDNSInfrastructure {
112106
} catch {
113107
Write-PScriboMessage -IsWarning "Directory Partitions Table Section: $($_.Exception.Message)"
114108
}
115-
} else {
116-
Write-PScriboMessage -IsWarning "DNS Directory Partition Section: Unable to connect to DC server $DC"
117109
}
118110
}
119111
}
@@ -146,13 +138,11 @@ function Get-AbrADDNSInfrastructure {
146138
} catch {
147139
Write-PScriboMessage -IsWarning "$($_.Exception.Message) (Response Rate Limiting (RRL) Item)"
148140
}
149-
} else {
150-
Write-PScriboMessage -IsWarning "DNS Response Rate Limiting (RRL) Section: Unable to connect to DC server $DC"
151141
}
152142
}
153143

154144
$TableParams = @{
155-
Name = "Response Rate Limiting - $($Domain.ToString().ToUpper())"
145+
Name = "Response Rate Limiting - $($Domain.DNSRoot.ToString().ToUpper())"
156146
List = $false
157147
ColumnWidths = 30, 10, 12, 12, 12, 12, 12
158148
}
@@ -196,8 +186,6 @@ function Get-AbrADDNSInfrastructure {
196186
} catch {
197187
Write-PScriboMessage -IsWarning "$($_.Exception.Message) (Scavenging Item)"
198188
}
199-
} else {
200-
Write-PScriboMessage -IsWarning "DNS Scavenging Section: Unable to connect to DC server $DC"
201189
}
202190
}
203191

@@ -206,7 +194,7 @@ function Get-AbrADDNSInfrastructure {
206194
}
207195

208196
$TableParams = @{
209-
Name = "Scavenging - $($Domain.ToString().ToUpper())"
197+
Name = "Scavenging - $($Domain.DNSRoot.ToString().ToUpper())"
210198
List = $false
211199
ColumnWidths = 25, 15, 15, 15, 15, 15
212200
}
@@ -249,8 +237,6 @@ function Get-AbrADDNSInfrastructure {
249237
} catch {
250238
Write-PScriboMessage -IsWarning "$($_.Exception.Message) (Forwarder Item)"
251239
}
252-
} else {
253-
Write-PScriboMessage -IsWarning "DNS Forwarder Section: Unable to connect to DC server $DC"
254240
}
255241
}
256242

@@ -260,7 +246,7 @@ function Get-AbrADDNSInfrastructure {
260246
}
261247

262248
$TableParams = @{
263-
Name = "Forwarders - $($Domain.ToString().ToUpper())"
249+
Name = "Forwarders - $($Domain.DNSRoot.ToString().ToUpper())"
264250
List = $false
265251
ColumnWidths = 35, 15, 15, 15, 20
266252
}
@@ -301,7 +287,7 @@ function Get-AbrADDNSInfrastructure {
301287
if ($InfoLevel.DNS -ge 2) {
302288
try {
303289
Section -Style Heading4 "Root Hints" {
304-
Paragraph "The following section provides Root Hints information from domain $($Domain)."
290+
Paragraph "The following section provides Root Hints information from domain $($Domain.DNSRoot)."
305291
BlankLine
306292
foreach ($DC in $DCs) {
307293
if (Get-DCWinRMState -ComputerName $DC -DCStatus ([ref]$DCStatus)) {
@@ -392,8 +378,6 @@ function Get-AbrADDNSInfrastructure {
392378
} catch {
393379
Write-PScriboMessage -IsWarning "$($_.Exception.Message) (Root Hints Table)"
394380
}
395-
} else {
396-
Write-PScriboMessage -IsWarning "DNS Root Hints Section: Unable to connect to DC server $DC"
397381
}
398382
}
399383
}
@@ -425,13 +409,11 @@ function Get-AbrADDNSInfrastructure {
425409
} catch {
426410
Write-PScriboMessage -IsWarning "$($_.Exception.Message) (Zone Scope Recursion Item)"
427411
}
428-
} else {
429-
Write-PScriboMessage -IsWarning "DNS Zone Scope Recursion Section: Unable to connect to DC server $DC"
430412
}
431413
}
432414

433415
$TableParams = @{
434-
Name = "Zone Scope Recursion - $($Domain.ToString().ToUpper())"
416+
Name = "Zone Scope Recursion - $($Domain.DNSRoot.ToString().ToUpper())"
435417
List = $false
436418
ColumnWidths = 35, 25, 20, 20
437419
}

0 commit comments

Comments
 (0)