Skip to content

Commit 8de184b

Browse files
rebelinuxrebelinux
authored
V0.6.0 (#14)
* Added CA Section * Updated sample html report * Added ShowDefinitionInfo Variable also delete unfinished sections * Fix try/catch logic * Added Site Subnet Section * Fix Minor Heading Text * Added Domain Controller DNS IP Configuration * Added Zone Transfers also fix Heading and empty content * Added GPO Central Store Repository * added ShowDefinitionInfo variable to main report also fix heading text * Added ShowDefinitionInfo content to ReadMe file * Added v0.5.0 changes * Enabled CA section globaly * Added CA AIA information * Added CA CRL section * Added CA Key Recovery Agent information * Added CA Cryptography Configuration Section * Fix Heading Text * Added CA Security Information * Added CA Template information * Fix Section Heading Text also added more CA section content to main report * Added CA InfoLevel information * Updated Changelog v0.6.0
1 parent 5f88598 commit 8de184b

12 files changed

+820
-57
lines changed

AsBuiltReport.Microsoft.AD.json

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -16,7 +16,8 @@
1616
"Forest": 1,
1717
"Domain": 1,
1818
"DHCP": 1,
19-
"DNS": 1
19+
"DNS": 1,
20+
"CA": 2
2021
},
2122
"HealthCheck": {
2223
"Domain": {

CHANGELOG.md

Lines changed: 17 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,22 @@
11
# :arrows_counterclockwise: Microsoft AD As Built Report Changelog
22

3+
## [0.6.0] - 2021-12-02
4+
5+
### Added
6+
7+
- Added more CA Sections (Need More Testing)
8+
- Added CRL Repository
9+
- Added AIA Information
10+
- Added Security Section
11+
- Added Template Information
12+
- Added Key Recovery Agent Information
13+
- Added Cryptography Configuration Information
14+
15+
### Changed
16+
17+
- The spelling of the section title has been revised.
18+
- Enabled CA InfoLevels Option.
19+
320
## [0.5.0] - 2021-10-29
421

522
### Added

README.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -167,6 +167,7 @@ The table below outlines the default and maximum **InfoLevel** settings for each
167167
| Domain | 1 | 3 |
168168
| DNS | 1 | 2 |
169169
| DHCP | 1 | 2 |
170+
| CA | 2 | 2 |
170171

171172
### Healthcheck
172173

Src/Private/Get-AbrADCAAIA.ps1

Lines changed: 72 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,72 @@
1+
function Get-AbrADCAAIA {
2+
<#
3+
.SYNOPSIS
4+
Used by As Built Report to retrieve Microsoft Active Directory CA Authority Information Access information.
5+
.DESCRIPTION
6+
7+
.NOTES
8+
Version: 0.5.0
9+
Author: Jonathan Colon
10+
Twitter: @jcolonfzenpr
11+
Github: rebelinux
12+
.EXAMPLE
13+
14+
.LINK
15+
16+
#>
17+
[CmdletBinding()]
18+
param (
19+
)
20+
21+
begin {
22+
Write-PscriboMessage "Collecting AD Certification Authority Authority Information Access information."
23+
}
24+
25+
process {
26+
try {
27+
Section -Style Heading4 "Authority Information Access (AIA) Summary" {
28+
Paragraph "The following section provides the Certification Authority Authority Information Access information."
29+
BlankLine
30+
Write-PscriboMessage "Discovering Active Directory Certification Authority information on $($ForestInfo.toUpper())."
31+
$CAs = Get-CertificationAuthority -Enterprise
32+
if ($CAs) {Write-PscriboMessage "Discovered '$(($CAs | Measure-Object).Count)' Active Directory Certification Authority in forest $ForestInfo."}
33+
foreach ($CA in $CAs) {
34+
Section -Style Heading5 "$($CA.Name) AIA" {
35+
Paragraph "The following section provides the Certification Authority Authority Information Access information."
36+
BlankLine
37+
$OutObj = @()
38+
Write-PscriboMessage "Collecting AD CA Authority Information Access information on $CA."
39+
$AIA = Get-AuthorityInformationAccess -CertificationAuthority $CA
40+
foreach ($URI in $AIA.URI) {
41+
$inObj = [ordered] @{
42+
'Reg URI' = $URI.RegURI
43+
'Config URI' = $URI.ConfigURI
44+
'Flags' = ConvertTo-EmptyToFiller ($URI.Flags -join ", ")
45+
'Server Publish' = ConvertTo-TextYN $URI.ServerPublish
46+
'Include To Extension' = ConvertTo-TextYN $URI.IncludeToExtension
47+
'OCSP' = ConvertTo-TextYN $URI.OCSP
48+
}
49+
$OutObj += [pscustomobject]$inobj
50+
}
51+
52+
$TableParams = @{
53+
Name = "Authority Information Access - $($CA.Name)"
54+
List = $true
55+
ColumnWidths = 40, 60
56+
}
57+
if ($Report.ShowTableCaptions) {
58+
$TableParams['Caption'] = "- $($TableParams.Name)"
59+
}
60+
$OutObj | Table @TableParams
61+
}
62+
}
63+
}
64+
}
65+
catch {
66+
Write-PscriboMessage -IsWarning "$($_.Exception.Message) (Authority Information Access)"
67+
}
68+
}
69+
70+
end {}
71+
72+
}

Src/Private/Get-AbrADCACRLSetting.ps1

Lines changed: 188 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,188 @@
1+
function Get-AbrADCACRLSetting {
2+
<#
3+
.SYNOPSIS
4+
Used by As Built Report to retrieve Microsoft Active Directory CA CRL Distribution Point information.
5+
.DESCRIPTION
6+
7+
.NOTES
8+
Version: 0.5.0
9+
Author: Jonathan Colon
10+
Twitter: @jcolonfzenpr
11+
Github: rebelinux
12+
.EXAMPLE
13+
14+
.LINK
15+
16+
#>
17+
[CmdletBinding()]
18+
param (
19+
)
20+
21+
begin {
22+
Write-PscriboMessage "Collecting AD Certification Authority Certificate Revocation List information."
23+
}
24+
25+
process {
26+
try {
27+
Section -Style Heading4 "Certificate Revocation List (CRL) Configuration" {
28+
Paragraph "The following section provides the Certification Authority CRL Distribution Point information."
29+
BlankLine
30+
Section -Style Heading5 "CRL Validity Period" {
31+
Paragraph "The following section provides the Certification Authority CRL Validity Period information."
32+
BlankLine
33+
$OutObj = @()
34+
Write-PscriboMessage "Discovering Active Directory Certification Authority information on $($ForestInfo.toUpper())."
35+
$CAs = Get-CertificationAuthority -Enterprise
36+
if ($CAs) {Write-PscriboMessage "Discovered '$(($CAs | Measure-Object).Count)' Active Directory Certification Authority in forest $ForestInfo."}
37+
foreach ($CA in $CAs) {
38+
Write-PscriboMessage "Collecting AD CA CRL Validity Period information on $CA."
39+
$CRLs = Get-CRLValidityPeriod -CertificationAuthority $CA
40+
foreach ($VP in $CRLs) {
41+
$inObj = [ordered] @{
42+
'CA Name' = $VP.Name
43+
'Base CRL' = $VP.BaseCRL
44+
'Base CRL Overlap' = $VP.BaseCRLOverlap
45+
'Delta CRL' = $VP.DeltaCRL
46+
'Delta CRL Overlap' = $VP.DeltaCRLOverlap
47+
}
48+
$OutObj += [pscustomobject]$inobj
49+
}
50+
}
51+
52+
$TableParams = @{
53+
Name = "CRL Validity Preriod - $($ForestInfo.toUpper())"
54+
List = $false
55+
ColumnWidths = 40, 15, 15, 15, 15
56+
}
57+
if ($Report.ShowTableCaptions) {
58+
$TableParams['Caption'] = "- $($TableParams.Name)"
59+
}
60+
$OutObj | Table @TableParams
61+
}
62+
Section -Style Heading5 "CRL Flags Settings" {
63+
Paragraph "The following section provides the Certification Authority CRL Flags information."
64+
BlankLine
65+
$OutObj = @()
66+
Write-PscriboMessage "Discovering Active Directory Certification Authority information on $($ForestInfo.toUpper())."
67+
$CAs = Get-CertificationAuthority -Enterprise
68+
if ($CAs) {Write-PscriboMessage "Discovered '$(($CAs | Measure-Object).Count)' Active Directory Certification Authority in forest $ForestInfo."}
69+
foreach ($CA in $CAs) {
70+
Write-PscriboMessage "Collecting AD CA CRL Distribution Point information on $CA."
71+
$CRLs = Get-CertificateRevocationListFlag -CertificationAuthority $CA
72+
foreach ($Flag in $CRLs) {
73+
$inObj = [ordered] @{
74+
'CA Name' = $Flag.Name
75+
'Server Name' = $Flag.ComputerName.ToString().ToUpper().Split(".")[0]
76+
'CRL Flags' = $Flag.CRLFlags
77+
}
78+
$OutObj += [pscustomobject]$inobj
79+
}
80+
}
81+
82+
$TableParams = @{
83+
Name = "CRL Flags - $($ForestInfo.toUpper())"
84+
List = $false
85+
ColumnWidths = 40, 25, 35
86+
}
87+
if ($Report.ShowTableCaptions) {
88+
$TableParams['Caption'] = "- $($TableParams.Name)"
89+
}
90+
$OutObj | Table @TableParams
91+
}
92+
Section -Style Heading5 "CRL Distribution Point" {
93+
Paragraph "The following section provides the Certification Authority CRL Distribution Point information."
94+
BlankLine
95+
Write-PscriboMessage "Discovering Active Directory Certification Authority information on $($ForestInfo.toUpper())."
96+
$CAs = Get-CertificationAuthority -Enterprise
97+
if ($CAs) {Write-PscriboMessage "Discovered '$(($CAs | Measure-Object).Count)' Active Directory Certification Authority in forest $ForestInfo."}
98+
foreach ($CA in $CAs) {
99+
Section -Style Heading6 "$($CA.Name) Distribution Point" {
100+
Paragraph "The following section provides the Certification Authority CRL Distribution Point information."
101+
BlankLine
102+
$OutObj = @()
103+
Write-PscriboMessage "Collecting AD CA CRL Distribution Point information on $CA."
104+
$CRL = Get-CRLDistributionPoint -CertificationAuthority $CA
105+
foreach ($URI in $CRL.URI) {
106+
$inObj = [ordered] @{
107+
'Reg URI' = $URI.RegURI
108+
'Config URI' = $URI.ConfigURI
109+
'Url Scheme' = $URI.UrlScheme
110+
'ProjectedURI' = $URI.ProjectedURI
111+
'Flags' = ConvertTo-EmptyToFiller ($URI.Flags -join ", ")
112+
'CRL Publish' = ConvertTo-TextYN $URI.IncludeToExtension
113+
'Delta CRL Publish' = ConvertTo-TextYN $URI.DeltaCRLPublish
114+
'Add To Cert CDP' = ConvertTo-TextYN $URI.AddToCertCDP
115+
'Add To Fresh est CRL' = ConvertTo-TextYN $URI.AddToFreshestCRL
116+
'Add To Crl cdp' = ConvertTo-TextYN $URI.AddToCrlcdp
117+
}
118+
$OutObj += [pscustomobject]$inobj
119+
}
120+
121+
$TableParams = @{
122+
Name = "CRL Distribution Point - $($CA.Name)"
123+
List = $true
124+
ColumnWidths = 40, 60
125+
}
126+
if ($Report.ShowTableCaptions) {
127+
$TableParams['Caption'] = "- $($TableParams.Name)"
128+
}
129+
$OutObj | Table @TableParams
130+
}
131+
}
132+
}
133+
}
134+
}
135+
catch {
136+
Write-PscriboMessage -IsWarning "$($_.Exception.Message) (CRL Distribution Point)"
137+
}
138+
try {
139+
Section -Style Heading4 "AIA and CDP Health Status" {
140+
Paragraph "The following section is intended to perform Certification Authority health status checking by CA certificate chain status and validating all CRL Distribution Point (CDP) and Authority Information Access (AIA) URLs for each certificate in the chain."
141+
BlankLine
142+
$OutObj = @()
143+
if ($ForestInfo) {
144+
Write-PscriboMessage "Discovering Active Directory Certification Authority Health information in $($ForestInfo.toUpper())."
145+
$CAs = Get-CertificationAuthority -Enterprise
146+
foreach ($CA in $CAs) {
147+
Write-PscriboMessage "Discovered '$(($CAs | Measure-Object).Count)' Active Directory Certification Authority in domain $ForestInfo."
148+
try {
149+
Write-PscriboMessage "Collecting AD Certification Authority Health information of $CA."
150+
$CAHealth = Get-EnterprisePKIHealthStatus -CertificateAuthority $CA
151+
foreach ($Health in $CAHealth) {
152+
$inObj = [ordered] @{
153+
'CA Name' = $Health.Name
154+
'Childs' = ($Health.Childs).Name
155+
'Health' = $Health.Status
156+
}
157+
$OutObj += [pscustomobject]$inobj
158+
}
159+
}
160+
catch {
161+
Write-PscriboMessage -IsWarning $_.Exception.Message
162+
}
163+
}
164+
}
165+
166+
if ($HealthCheck.CA.Status) {
167+
$OutObj | Where-Object { $_.'Health' -notlike 'OK'} | Set-Style -Style Critical -Property 'Health'
168+
}
169+
170+
$TableParams = @{
171+
Name = "Certification Authority Health Information - $($ForestInfo.ToString().ToUpper())"
172+
List = $false
173+
ColumnWidths = 40, 40, 20
174+
}
175+
if ($Report.ShowTableCaptions) {
176+
$TableParams['Caption'] = "- $($TableParams.Name)"
177+
}
178+
$OutObj | Table @TableParams
179+
}
180+
}
181+
catch {
182+
Write-PscriboMessage -IsWarning $_.Exception.Message
183+
}
184+
}
185+
186+
end {}
187+
188+
}

Src/Private/Get-AbrADCACryptographyConfig.ps1

Lines changed: 67 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,67 @@
1+
function Get-AbrADCACryptographyConfig {
2+
<#
3+
.SYNOPSIS
4+
Used by As Built Report to retrieve Microsoft Active Directory CA Cryptography Config information.
5+
.DESCRIPTION
6+
7+
.NOTES
8+
Version: 0.5.0
9+
Author: Jonathan Colon
10+
Twitter: @jcolonfzenpr
11+
Github: rebelinux
12+
.EXAMPLE
13+
14+
.LINK
15+
16+
#>
17+
[CmdletBinding()]
18+
param (
19+
)
20+
21+
begin {
22+
Write-PscriboMessage "Collecting AD Certification Authority Cryptography Config information."
23+
}
24+
25+
process {
26+
try {
27+
Section -Style Heading4 "Cryptography Configuration" {
28+
Paragraph "The following section provides the Certification Authority Cryptography Configuration information."
29+
BlankLine
30+
$OutObj = @()
31+
Write-PscriboMessage "Discovering Active Directory Certification Authority information on $($ForestInfo.toUpper())."
32+
$CAs = Get-CertificationAuthority -Enterprise
33+
if ($CAs) {Write-PscriboMessage "Discovered '$(($CAs | Measure-Object).Count)' Active Directory Certification Authority in forest $ForestInfo."}
34+
foreach ($CA in $CAs) {
35+
Write-PscriboMessage "Collecting AD Certification Authority Summary information of $CA."
36+
$CryptoConfig = Get-CACryptographyConfig -CertificationAuthority $CA
37+
$inObj = [ordered] @{
38+
'CA Name' = $CryptoConfig.Name
39+
'Server Name' = $CryptoConfig.ComputerName.ToString().ToUpper().Split(".")[0]
40+
'PublicKey Algorithm' = $CryptoConfig.PublicKeyAlgorithm | Select-Object -ExpandProperty FriendlyName
41+
'Hashing Algorithm' = ($CryptoConfig.HashingAlgorithm | Select-Object -ExpandProperty FriendlyName).ToUpper()
42+
'Provider Name' = $CryptoConfig.ProviderName
43+
'Alternate Signature Algorithm' = ConvertTo-TextYN $CryptoConfig.AlternateSignatureAlgorithm
44+
'Provider Is CNG' = ConvertTo-TextYN $CryptoConfig.ProviderIsCNG
45+
}
46+
$OutObj += [pscustomobject]$inobj
47+
}
48+
49+
$TableParams = @{
50+
Name = "Cryptography Configuration - $($ForestInfo.ToString().ToUpper())"
51+
List = $true
52+
ColumnWidths = 40, 60
53+
}
54+
if ($Report.ShowTableCaptions) {
55+
$TableParams['Caption'] = "- $($TableParams.Name)"
56+
}
57+
$OutObj | Table @TableParams
58+
}
59+
}
60+
catch {
61+
Write-PscriboMessage -IsWarning $_.Exception.Message
62+
}
63+
}
64+
65+
end {}
66+
67+
}

0 commit comments

Comments
 (0)