Merge pull request #195 from rebelinux/dev

v0.9.2

Author: rebelinux

.github/workflows/PSScriptAnalyzerSettings.psd1

@@ -1,6 +1,5 @@
 @{
     ExcludeRules = @(
-        'PSUseBOMForUnicodeEncodedFile',
         'PSUseToExportFieldsInManifest'
     )
     Rules = @{

.github/workflows/dependabot.yml

@@ -17,7 +17,11 @@
         },
         "Include": {
             "Domains": []
-        }
+        },
+        "WinRMSSL": false,
+        "WinRMFallbackToNoSSL": true,
+        "WinRMSSLPort": 5986,
+        "WinRMPort": 5985
     },
     "InfoLevel": {
         "_comment_": "0 = Disabled, 1 = Enabled, 2 = Adv Summary, 3 = Detailed",

AsBuiltReport.Microsoft.AD.json

@@ -11,19 +11,26 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ### Added
 
-- Improve DC selection logic
+- Add support for WinRM over SSL
+- Add option to set the WinRM tcp port used for PSSession connection setup
 
 ### Changed
 
 - Increase Diagrammer.Core minimum requirement
 - Increase AsBuiltReport.Core to v1.4.1
+- Improve DC selection logic
+- Improve HealthCheck best practice recommendations (Copilot)
 
 ### Fixed
 
 - Fix [#190](https://github.com/AsBuiltReport/AsBuiltReport.Microsoft.AD/issues/190)
 - Fix [#191](https://github.com/AsBuiltReport/AsBuiltReport.Microsoft.AD/issues/191)
 - Fix ConvertTo-HashToYN cmdlet not generating an ordereddictionary output
 
+### Removed
+
+- Remove dependabot action (Not supported in Abr Organization)
+
 ## [0.9.1] - 2024-11-15
 
 ### Added

CHANGELOG.md

@@ -174,12 +174,17 @@ The **Options** schema allows certain options within the report to be toggled on
 
 | Sub-Schema              | Setting            | Default   | Description                                                                                                               |
 | ----------------------- | ------------------ | --------- | ------------------------------------------------------------------------------------------------------------------------- |
-| ShowDefinitionInfo      | true/false         | false     | Toggle to enable/disable Microsoft AD term explanations                                                                   |
+| ShowDefinitionInfo      | true/false         | False     | Toggle to enable/disable Microsoft AD term explanations                                                                   |
 | PSDefaultAuthentication | Negotiate/Kerberos | Negotiate | Allow to set the value of the PSRemoting authentication method. For Workgroup authentication Negotiate value is required. |
 | Exclude.Domains         | Array List         | Empty     | Allow to filter on AD Domain FQDN                                                                                         |
 | Exclude.DCs             | Array List         | Empty     | Allow to filter on AD Domain Controller Server FQDN.                                                                      |
 | Include.Domains         | Array List         | Empty     | Allow only a list of Active Directory Domain Controller FQDN to document.                                                 |
 | Include.DCs             | Array List         | Empty     | Allow only a list of Active Directory Domain FQDN to document.                                                            |
+| WinRMSSL                | Bool               | True      | Allow to enable SSL for WINRM connection                                                                                  |
+| WinRMFallbackToNoSSL | Bool               | True      | Allow to fallback to WINRM without SSL                                                                                    |
+| WinRMSSLPort            | Int                | 5986      | Allow to set tcp port for WinRM over SSL                                                                                  |
+| WinRMPort               | Int                | 5985      | Allow to set tcp port for WinRM                                                                                           |
+
 
 ### InfoLevel
 

README.md

@@ -5,7 +5,7 @@ function Get-AbrADCAAIA {
     .DESCRIPTION
 
     .NOTES
-        Version:        0.9.1
+        Version:        0.9.2
         Author:         Jonathan Colon
         Twitter:        @jcolonfzenpr
         Github:         rebelinux
@@ -23,13 +23,13 @@ function Get-AbrADCAAIA {
     )
 
     begin {
-        Write-PScriboMessage "Collecting AD Certification Authority Authority Information Access information."
+        Write-PScriboMessage "Collecting Active Directory Certification Authority Information Access details."
     }
 
     process {
         if ($CA) {
             Section -Style Heading3 "Authority Information Access (AIA)" {
-                Paragraph "The following section provides the Certification Authority Authority Information Access information."
+                Paragraph "The following section provides the Certification Authority Information Access details."
                 BlankLine
                 try {
                     $OutObj = @()

Src/Private/Get-AbrADCAAIA.ps1

@@ -30,7 +30,7 @@ function Get-AbrADDCDiag {
     }
 
     process {
-        if (Test-WSMan -Credential $Credential -Authentication $Options.PSDefaultAuthentication -ComputerName $DC -ErrorAction SilentlyContinue) {
+        if (Get-DCWinRMState -ComputerName $DC) {
             try {
                 $DCDIAG = Invoke-DcDiag -DomainController $DC
                 if ($DCDIAG) {
@@ -87,7 +87,7 @@ function Get-AbrADDCDiag {
                         $OutObj | Sort-Object -Property 'Entity' | Table @TableParams
                     }
                 } else {
-                    Write-PScriboMessage -IsWarning "No DCDiag information found in $DC, disabling the section."
+                    Write-PScriboMessage "No DCDiag information found in $DC, Disabling this section."
                 }
             } catch {
                 Write-PScriboMessage -IsWarning "Active Directory DCDiag Section: $($_.Exception.Message)"

Src/Private/Get-AbrADDCDiag.ps1

@@ -5,7 +5,7 @@ function Get-AbrADDCRoleFeature {
     .DESCRIPTION
 
     .NOTES
-        Version:        0.9.1
+        Version:        0.9.2
         Author:         Jonathan Colon
         Twitter:        @jcolonfzenpr
         Github:         rebelinux
@@ -29,15 +29,15 @@ function Get-AbrADDCRoleFeature {
 
     process {
         try {
-            $DCPssSession = try { New-PSSession -ComputerName $DC -Credential $Credential -Authentication $Options.PSDefaultAuthentication -Name 'ADDCRoleFeature' -ErrorAction Stop } catch {
-                if (-Not $_.Exception.MessageId) {
-                    $ErrorMessage = $_.FullyQualifiedErrorId
-                } else {$ErrorMessage = $_.Exception.MessageId}
-                Write-PScriboMessage -IsWarning "Roles Section: New-PSSession: Unable to connect to $($DC): $ErrorMessage"
-            }
+            $DCPssSession = Get-ValidPSSession -ComputerName $DC -SessionName 'ADDCRoleFeature'
             if ($DCPssSession) {
                 $Features = Invoke-Command -Session $DCPssSession -ScriptBlock { Get-WindowsFeature | Where-Object { $_.installed -eq "True" -and $_.FeatureType -eq 'Role' } }
                 Remove-PSSession -Session $DCPssSession
+            } else {
+                if (-Not $_.Exception.MessageId) {
+                    $ErrorMessage = $_.FullyQualifiedErrorId
+                } else { $ErrorMessage = $_.Exception.MessageId }
+                Write-PScriboMessage -IsWarning "Roles Section: New-PSSession: Unable to connect to $($DC): $ErrorMessage"
             }
             if ($Features) {
                 Section -ExcludeFromTOC -Style NOTOCHeading5 $($DC.ToString().ToUpper().Split(".")[0]) {
@@ -82,7 +82,5 @@ function Get-AbrADDCRoleFeature {
             Write-PScriboMessage -IsWarning "Roles Section: $($_.Exception.Message)"
         }
     }
-
     end {}
-
 }

Src/Private/Get-AbrADDCRoleFeature.ps1

@@ -97,28 +97,28 @@ function Get-AbrADDFSHealth {
                         }
                     }
                 } else {
-                    Write-PScriboMessage -IsWarning "No DFS information found in $Domain, disabling the section."
+                    Write-PScriboMessage "No DFS information found in $Domain, Disabling this section."
                 }
             } catch {
                 Write-PScriboMessage -IsWarning "Sysvol Replication Status Table Section: $($_.Exception.Message)"
             }
             try {
                 $DC = Get-ValidDCfromDomain -Domain $Domain
 
-                $DCPssSession = try { New-PSSession -ComputerName $DC -Credential $Credential -Authentication $Options.PSDefaultAuthentication -Name 'DomainSysvolHealth' -ErrorAction Stop } catch {
-                    if (-Not $_.Exception.MessageId) {
-                        $ErrorMessage = $_.FullyQualifiedErrorId
-                    } else { $ErrorMessage = $_.Exception.MessageId }
-                    Write-PScriboMessage -IsWarning "Sysvol Content Status Section: New-PSSession: Unable to connect to $($DC): $ErrorMessage"
-                }
-                # Code taken from ClaudioMerola (https://github.com/ClaudioMerola/ADxRay)
+                $DCPssSession = Get-ValidPSSession -ComputerName $DC -SessionName 'DomainSysvolHealth'
                 if ($DCPssSession) {
+                    # Code taken from ClaudioMerola (https://github.com/ClaudioMerola/ADxRay)
                     $SYSVOLFolder = Invoke-Command -Session $DCPssSession { Get-ChildItem -Path $('\\' + $using:Domain + '\SYSVOL\' + $using:Domain) -Recurse | Where-Object -FilterScript { $_.PSIsContainer -eq $false } | Group-Object -Property Extension | ForEach-Object -Process {
                             New-Object -TypeName PSObject -Property @{
                                 'Extension' = $_.name
                                 'Count' = $_.count
                                 'TotalSize' = '{0:N2}' -f ((($_.group | Measure-Object length -Sum).Sum) / 1MB)
                             } } | Sort-Object -Descending -Property 'Totalsize' }
+                } else {
+                    if (-Not $_.Exception.MessageId) {
+                        $ErrorMessage = $_.FullyQualifiedErrorId
+                    } else { $ErrorMessage = $_.Exception.MessageId }
+                    Write-PScriboMessage -IsWarning "Sysvol Content Status Section: New-PSSession: Unable to connect to $($DC): $ErrorMessage"
                 }
                 if ($SYSVOLFolder) {
                     Section -ExcludeFromTOC -Style NOTOCHeading4 'Sysvol Content Status' {
@@ -157,12 +157,12 @@ function Get-AbrADDFSHealth {
                             BlankLine
                             Paragraph {
                                 Text "Corrective Actions:" -Bold
-                                Text "Make sure Sysvol folder has no malicious extensions or unnecessary content."
+                                Text "Review the files and extensions listed above and ensure they are necessary for the operation of your domain. Remove any files that are not required or that appear suspicious. Regularly monitor the Sysvol folder to maintain a healthy and secure Active Directory environment."
                             }
                         }
                     }
                 } else {
-                    Write-PScriboMessage -IsWarning "No SYSVOL folder information found in $Domain, disabling the section."
+                    Write-PScriboMessage "No SYSVOL folder information found in $Domain, Disabling this section."
                 }
                 if ($DCPssSession) {
                     Remove-PSSession -Session $DCPssSession
@@ -172,20 +172,20 @@ function Get-AbrADDFSHealth {
             }
             try {
                 $DC = Get-ValidDCfromDomain -Domain $Domain
-                $DCPssSession = try { New-PSSession -ComputerName $DC -Credential $Credential -Authentication $Options.PSDefaultAuthentication -Name 'NetlogonHealth' -ErrorAction Stop } catch {
-                    if (-Not $_.Exception.MessageId) {
-                        $ErrorMessage = $_.FullyQualifiedErrorId
-                    } else { $ErrorMessage = $_.Exception.MessageId }
-                    Write-PScriboMessage -IsWarning "Netlogon Content Status Section: New-PSSession: Unable to connect to $($DC): $ErrorMessage"
-                }
-                # Code taken from ClaudioMerola (https://github.com/ClaudioMerola/ADxRay)
+                $DCPssSession = Get-ValidPSSession -ComputerName $DC -SessionName 'NetlogonHealth'
                 if ($DCPssSession) {
+                    # Code taken from ClaudioMerola (https://github.com/ClaudioMerola/ADxRay)
                     $NetlogonFolder = Invoke-Command -Session $DCPssSession { Get-ChildItem -Path $('\\' + $using:Domain + '\NETLOGON\') -Recurse | Where-Object -FilterScript { $_.PSIsContainer -eq $false } | Group-Object -Property Extension | ForEach-Object -Process {
                             New-Object -TypeName PSObject -Property @{
                                 'Extension' = $_.name
                                 'Count' = $_.count
                                 'TotalSize' = '{0:N2}' -f ((($_.group | Measure-Object length -Sum).Sum) / 1MB)
                             } } | Sort-Object -Descending -Property 'Totalsize' }
+                } else {
+                    if (-Not $_.Exception.MessageId) {
+                        $ErrorMessage = $_.FullyQualifiedErrorId
+                    } else { $ErrorMessage = $_.Exception.MessageId }
+                    Write-PScriboMessage -IsWarning "Netlogon Content Status Section: New-PSSession: Unable to connect to $($DC): $ErrorMessage"
                 }
                 if ($NetlogonFolder) {
                     Section -ExcludeFromTOC -Style NOTOCHeading4 'Netlogon Content Status' {
@@ -224,12 +224,12 @@ function Get-AbrADDFSHealth {
                             BlankLine
                             Paragraph {
                                 Text "Corrective Actions:" -Bold
-                                Text "Make sure Netlogon folder has no malicious extensions or unnecessary content."
+                                Text "Review the files and extensions listed above and ensure they are necessary for the operation of your domain. Remove any files that are not required or that appear suspicious. Regularly monitor the Netlogon folder to maintain a healthy and secure Active Directory environment."
                             }
                         }
                     }
                 } else {
-                    Write-PScriboMessage -IsWarning "No NETLOGON folder information found in $Domain, disabling the section."
+                    Write-PScriboMessage "No NETLOGON folder information found in $Domain, Disabling this section."
                 }
                 if ($DCPssSession) {
                     Remove-PSSession -Session $DCPssSession