Merge pull request #220 from rebelinux/dev

rebelinux · web-flow · commit ca32c7fdb18c · 2025-12-11T09:43:00.000-04:00
v0.9.9 wip
diff --git a/AsBuiltReport.Microsoft.AD.psd1 b/AsBuiltReport.Microsoft.AD.psd1
@@ -12,7 +12,7 @@
     RootModule = 'AsBuiltReport.Microsoft.AD.psm1'
 
     # Version number of this module.
-    ModuleVersion = '0.9.8'
+    ModuleVersion = '0.9.9'
 
     # Supported PSEditions
     # CompatiblePSEditions = @()
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -7,6 +7,23 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ##### This project is community maintained and has no sponsorship from Microsoft, its employees or any of its affiliates.
 
+## [0.9.9] - Unreleased
+
+### Added
+
+- Add disclaimer warning to README.md about report usage and liability
+
+### Changed
+
+- Improve error logging and handling for initial Forest and Domain discovery process
+- Update module version to 0.9.9
+
+### Fixed
+
+- Fix cannot index into a null array error when generating Trusts diagrams for domains with no trusts defined
+- Fix Trusts diagram generation when multiple domains are present in the report
+- Fix issue with Global:Report variable
+
 ## [0.9.8] - 2025-12-09
 
 ### Added
diff --git a/Language/en-US/MicrosoftAD.psd1 b/Language/en-US/MicrosoftAD.psd1
@@ -11,7 +11,7 @@
     ReportModuleInfo6 = - Getting dependency information:
     ProjectWebsite = - Please refer to the AsBuiltReport.Microsoft.AD github website for more detailed information about this project.
     CommunityProject = - AsBuiltReport is a community-maintained open source project. It has no sponsorship, endorsement, or affiliation with any technology vendors, their employees, or affiliates.
-    DISCLAIMER = The information in this report has been gathered through automation and direct observation. The recommendations and conclusions are based on industry best practices, technical expertise, and empirical data. While comprehensive, this assessment may not cover all possible scenarios or configurations. Implementation of these recommendations should be carried out by qualified personnel with the appropriate knowledge and experience. The author(s) assume no responsibility for any damages, including but not limited to loss of business profits, business interruption, loss of data, or other financial losses resulting from the use of or reliance on this report.
+    DISCLAIMER = This report contains information gathered through automation and observations. All opinions, recommendations, and conclusions are based on professional insight and expertise, though this assessment is not exhaustive. Implementation of recommendations should be reviewed and executed by qualified personnel. The author(s) assume no liability for any damages—including lost profits, business interruption, or financial loss—arising from the use of this report or its recommendations.
 '@
 
     # Get-AbrADForest
diff --git a/Language/es-ES/MicrosoftAD.psd1 b/Language/es-ES/MicrosoftAD.psd1
@@ -11,7 +11,7 @@
     ReportModuleInfo6 = - Obteniendo información de dependencias:
     ProjectWebsite = - Por favor consulte el sitio web de github de AsBuiltReport.Microsoft.AD para obtener información más detallada sobre este proyecto.
     CommunityProject = - AsBuiltReport es un proyecto de código abierto mantenido por la comunidad. No tiene patrocinio, respaldo o afiliación con ningún proveedor de tecnología, sus empleados o afiliados.
-    DISCLAIMER = La información en este informe ha sido recopilada mediante automatización y observación directa. Las recomendaciones y conclusiones se basan en las mejores prácticas de la industria, experiencia técnica y datos empíricos. Aunque es exhaustivo, esta evaluación puede no cubrir todos los posibles escenarios o configuraciones. La implementación de estas recomendaciones debe ser realizada por personal calificado con el conocimiento y la experiencia adecuados. El(los) autor(es) no asumen ninguna responsabilidad por daños, incluidos, entre otros, la pérdida de beneficios comerciales, interrupción del negocio, pérdida de datos u otras pérdidas financieras derivadas del uso o la confianza en este informe.
+    DISCLAIMER = Este informe contiene información recopilada mediante automatización y observaciones. Todas las opiniones, recomendaciones y conclusiones se basan en el conocimiento y la experiencia profesional, aunque esta evaluación no es exhaustiva. La implementación de las recomendaciones debe ser revisada y ejecutada por personal calificado. El autor no asumen ninguna responsabilidad por daños, incluyendo, pero no limitado a, pérdida de ganancias, interrupción del negocio o pérdidas financieras, que surjan del uso de este informe o sus recomendaciones.
 '@
 
     # Get-AbrADForest
diff --git a/README.md b/README.md
@@ -25,6 +25,9 @@
 </p>
 <!-- ********** DO NOT EDIT THESE LINKS ********** -->
 
+> [!WARNING]
+> This report contains information gathered through automation and observations. All opinions, recommendations, and conclusions are based on professional insight and expertise, though this assessment is not exhaustive. Implementation of recommendations should be reviewed and executed by qualified personnel. The author(s) assume no liability for any damages—including lost profits, business interruption, or financial loss—arising from the use of this report or its recommendations.
+
 #### This project is community maintained and has no sponsorship from Microsoft, its employees or any of its affiliates.
 
 # Microsoft AD As Built Report
diff --git a/Src/Private/Get-AbrDiagrammer.ps1 b/Src/Private/Get-AbrDiagrammer.ps1
@@ -127,7 +127,7 @@ function Get-AbrDiagrammer {
                             $FileName = "$($FileName).$($Format)"
                             $Graph = New-ADDiagram @DiagramParams -DiagramType $DiagramType -Format $Format -Filename $FileName
                         } else {
-                            $FileName = "AsBuiltReport.$($Global:Report)-($($DiagramType)).$($Format)"
+                            $FileName = "AsBuiltReport.Microsoft.AD-($($DiagramType)).$($Format)"
                             $Graph = New-ADDiagram @DiagramParams -DiagramType $DiagramType -Format $Format -Filename $FileName
                         }
                         if ($Graph) {
diff --git a/Src/Private/Get-ValidPSSession.ps1 b/Src/Private/Get-ValidPSSession.ps1
@@ -5,7 +5,7 @@ function Get-ValidPSSession {
     .DESCRIPTION
         Function to generate a valid WinRM session from a computer string.
     .NOTES
-        Version:        0.9.6
+        Version:        0.9.9
         Author:         Jonathan Colon
     .EXAMPLE
         PS C:\Users\JohnDoe> Get-ValidPSSession -ComputerName 'server-dc-01v.pharmax.local'
@@ -24,8 +24,8 @@ function Get-ValidPSSession {
         [Parameter(Mandatory)]
         [ValidateNotNullOrEmpty()]
         [string]$SessionName,
-        [ref]$PSSTable
-
+        [ref]$PSSTable,
+        [bool]$InitialForrestConnection = $false
     )
 
     if ((-not $Options.WinRMFallbackToNoSSL) -and ($PSSTable.Value | Where-Object { $_.DCName -eq $ComputerName -and $_.Status -eq 'Offline' -and $_.Protocol -eq 'PSSessionSSL' })) {
@@ -85,13 +85,17 @@ function Get-ValidPSSession {
                                 return $SessionObject
                             }
                         } catch {
-                            Write-PScriboMessage -Message "Unable to Connect to '$ComputerName' through PSSession."
                             $PSSTable.Value += @{
                                 DCName = $ComputerName
                                 Status = 'Offline'
                                 Protocol = 'PSSession'
                                 Id = 'None'
                             }
+                            if ($InitialForrestConnection) {
+                                throw "Unable to Connect to '$ComputerName' through PSSession. Error details: $($_.Exception.Message)"
+                            } else {
+                                Write-PScriboMessage -Message "Unable to Connect to '$ComputerName' through PSSession."
+                            }
                         }
                     }
                 } else {
@@ -118,13 +122,17 @@ function Get-ValidPSSession {
                     return $SessionObject
                 }
             } catch {
-                Write-PScriboMessage -Message "Unable to Connect to '$ComputerName' through PSSession."
                 $PSSTable.Value += @{
                     DCName = $ComputerName
                     Status = 'Offline'
                     Protocol = 'PSSession'
                     Id = 'None'
                 }
+                if ($InitialForrestConnection) {
+                    throw "Unable to Connect to '$ComputerName' through PSSession. Error details: $($_.Exception.Message)"
+                } else {
+                    Write-PScriboMessage -Message "Unable to Connect to '$ComputerName' through PSSession."
+                }
             }
         }
     }
diff --git a/Src/Private/Get-WinADDFSHealth.ps1 b/Src/Private/Get-WinADDFSHealth.ps1
@@ -21,14 +21,11 @@ function Get-WinADDFSHealth {
         [alias('Domain', 'Domains')][string[]] $IncludeDomains,
         [alias('DomainControllers')][string[]] $IncludeDomainControllers,
         [switch] $SkipRODC,
-        [int] $EventDays = 1,
         [switch] $SkipGPO,
         [switch] $SkipAutodetection,
         [System.Collections.IDictionary] $ExtendedForestInformation,
         [pscredential] $Credential
     )
-    $Today = (Get-Date)
-    $Yesterday = (Get-Date -Hour 0 -Second 0 -Minute 0 -Millisecond 0).AddDays(-$EventDays)
 
     if (-not $SkipAutodetection) {
         $ForestInformation = Get-WinADForestDetail -Forest $Forest -IncludeDomains $IncludeDomains -ExcludeDomains $ExcludeDomains -ExcludeDomainControllers $ExcludeDomainControllers -IncludeDomainControllers $IncludeDomainControllers -SkipRODC:$SkipRODC -ExtendedForestInformation $ExtendedForestInformation -Extended -Credential $Credential
diff --git a/Src/Private/Get-WinADDuplicateObject.ps1 b/Src/Private/Get-WinADDuplicateObject.ps1
@@ -42,48 +42,48 @@ function Get-WinADDuplicateObject {
             Credential = $Credential
         }
         $Objects = Get-ADObject @getADObjectSplat
-        foreach ($_ in $Objects) {
+        foreach ($Object in $Objects) {
             # Lets allow users to filter on it
             if ($ExcludeObjectClass) {
-                if ($ExcludeObjectClass -contains $_.ObjectClass) {
+                if ($ExcludeObjectClass -contains $Object.ObjectClass) {
                     continue
                 }
             }
             if ($IncludeObjectClass) {
-                if ($IncludeObjectClass -notcontains $_.ObjectClass) {
+                if ($IncludeObjectClass -notcontains $Object.ObjectClass) {
                     continue
                 }
             }
             if ($PartialMatchDistinguishedName) {
-                if ($_.DistinguishedName -notlike $PartialMatchDistinguishedName) {
+                if ($Object.DistinguishedName -notlike $PartialMatchDistinguishedName) {
                     continue
                 }
             }
             if ($NoPostProcessing) {
-                $_
+                $Object
                 continue
             }
-            $DomainName = ConvertFrom-DistinguishedName -DistinguishedName $_.DistinguishedName -ToDomainCN
+            $DomainName = ConvertFrom-DistinguishedName -DistinguishedName $Object.DistinguishedName -ToDomainCN
             # Lets create separate objects for different purpoeses
             $ConflictObject = [ordered] @{
-                ConflictDN = $_.DistinguishedName
-                ConflictWhenChanged = $_.WhenChanged
+                ConflictDN = $Object.DistinguishedName
+                ConflictWhenChanged = $Object.WhenChanged
                 DomainName = $DomainName
-                ObjectClass = $_.ObjectClass
+                ObjectClass = $Object.ObjectClass
             }
             $LiveObjectData = [ordered] @{
                 LiveDn = "N/A"
                 LiveWhenChanged = "N/A"
             }
             $RestData = [ordered] @{
-                DisplayName = $_.DisplayName
-                Name = $_.Name.Replace("`n", ' ')
-                SamAccountName = $_.SamAccountName
-                ObjectCategory = $_.ObjectCategory
-                WhenCreated = $_.WhenCreated
-                WhenChanged = $_.WhenChanged
-                ProtectedFromAccidentalDeletion = $_.ProtectedFromAccidentalDeletion
-                ObjectGUID = $_.ObjectGUID.Guid
+                DisplayName = $Object.DisplayName
+                Name = $Object.Name.Replace("`n", ' ')
+                SamAccountName = $Object.SamAccountName
+                ObjectCategory = $Object.ObjectCategory
+                WhenCreated = $Object.WhenCreated
+                WhenChanged = $Object.WhenChanged
+                ProtectedFromAccidentalDeletion = $Object.ProtectedFromAccidentalDeletion
+                ObjectGUID = $Object.ObjectGUID.Guid
             }
             if ($Extended) {
                 $LiveObject = $null
diff --git a/Src/Private/Get-WinADForestDetail.ps1 b/Src/Private/Get-WinADForestDetail.ps1
@@ -278,22 +278,22 @@ function Get-WinADForestDetail {
         # this makes sure we ask once for all AD stuff and then subsequent calls just filter out things
         # this should be much faster then asking again and again for stuff from AD
         $Findings = Copy-DictionaryManual -Dictionary $ExtendedForestInformation
-        [Array] $Findings['Domains'] = foreach ($_ in $Findings.Domains) {
+        [Array] $Findings['Domains'] = foreach ($Dom in $Findings.Domains) {
             if ($IncludeDomains) {
-                if ($_ -in $IncludeDomains) {
-                    $_.ToLower()
+                if ($Dom -in $IncludeDomains) {
+                    $Dom.ToLower()
                 }
                 # We skip checking for exclusions
                 continue
             }
-            if ($_ -notin $ExcludeDomains) {
-                $_.ToLower()
+            if ($Dom -notin $ExcludeDomains) {
+                $Dom.ToLower()
             }
         }
         # Now that we have Domains we need to remove all DCs that are not from domains we excluded or included
-        foreach ($_ in [string[]] $Findings.DomainDomainControllers.Keys) {
-            if ($_ -notin $Findings.Domains) {
-                $Findings.DomainDomainControllers.Remove($_)
+        foreach ($DCkey in [string[]] $Findings.DomainDomainControllers.Keys) {
+            if ($DCkey -notin $Findings.Domains) {
+                $Findings.DomainDomainControllers.Remove($DCkey)
             }
         }
         # Same as above but for query servers - we don't remove queried servers
@@ -303,10 +303,10 @@ function Get-WinADForestDetail {
         #    }
         #}
         # Now that we have Domains we need to remove all Domains that are excluded or included
-        foreach ($_ in [string[]] $Findings.DomainsExtended.Keys) {
-            if ($_ -notin $Findings.Domains) {
-                $Findings.DomainsExtended.Remove($_)
-                $NetBiosName = $Findings.DomainsExtended.$_.'NetBIOSName'
+        foreach ($DomainExtendedKey in [string[]] $Findings.DomainsExtended.Keys) {
+            if ($DomainExtendedKey -notin $Findings.Domains) {
+                $Findings.DomainsExtended.Remove($DomainExtendedKey)
+                $NetBiosName = $Findings.DomainsExtended.$DomainExtendedKey.'NetBIOSName'
                 if ($NetBiosName) {
                     $Findings.DomainsExtendedNetBIOS.Remove($NetBiosName)
                 }
diff --git a/Src/Public/Invoke-AsBuiltReport.Microsoft.AD.ps1 b/Src/Public/Invoke-AsBuiltReport.Microsoft.AD.ps1
@@ -5,7 +5,7 @@ function Invoke-AsBuiltReport.Microsoft.AD {
     .DESCRIPTION
         Documents the configuration of Microsoft AD in Word/HTML/Text formats using PScribo.
     .NOTES
-        Version:        0.9.7
+        Version:        0.9.9
         Author:         Jonathan Colon
         Twitter:        @jcolonfzenpr
         Github:         rebelinux
@@ -114,7 +114,7 @@ function Invoke-AsBuiltReport.Microsoft.AD {
         $PSSTable = @()
 
         try {
-            $script:TempPssSession = Get-ValidPSSession -ComputerName $System -SessionName $System -PSSTable ([ref]$PSSTable)
+            $script:TempPssSession = Get-ValidPSSession -ComputerName $System -SessionName $System -PSSTable ([ref]$PSSTable) -InitialForrestConnection $true
         } catch {
             throw "Failed to establish a PSSession ($WinRMType) with the Domain Controller '$System': $($_.Exception.Message)"
         }
@@ -130,7 +130,7 @@ function Invoke-AsBuiltReport.Microsoft.AD {
             Write-PScriboMessage -Message "Connecting to retrieve Forest information from Domain Controller '$System'."
             $script:ADSystem = Invoke-CommandWithTimeout -Session $TempPssSession -ScriptBlock { Get-ADForest -ErrorAction Stop }
         } catch {
-            throw "Unable to retrieve Forest information from Domain Controller '$System'."
+            throw "Unable to retrieve Forest information from Domain Controller '$System'. Please ensure that the provided system is a Domain Controller and that the provided credentials have sufficient permissions to query Active Directory Forest information. Error Details: $($_.Exception.Message)"
         }
 
         $script:ForestInfo = $ADSystem.RootDomain.toUpper()
@@ -140,7 +140,12 @@ function Invoke-AsBuiltReport.Microsoft.AD {
         } else {
             [array]$ChildDomains = $ADSystem.Domains | Where-Object { $_ -ne $RootDomains -and $_ -notin $Options.Exclude.Domains }
         }
-        [array] $script:OrderedDomains = @($RootDomains, $ChildDomains)
+
+        $script:OrderedDomains = @($RootDomains)
+
+        if ($ChildDomains) {
+            $OrderedDomains += $ChildDomains
+        }
 
         # Forest Section
         Get-AbrForestSection
@@ -164,12 +169,16 @@ function Invoke-AsBuiltReport.Microsoft.AD {
             $Options.DiagramType.PSobject.Properties | ForEach-Object {
                 if ($_.Value -and $_.Name -eq 'Trusts') {
                     foreach ($Domain in $OrderedDomains) {
-                        $ValidDC = Get-ValidDCfromDomain -Domain $Domain[0] -DCStatus ([ref]$DCStatus)
-                        if ($ValidDC) {
-                            $DCPssSession = Get-ValidPSSession -ComputerName $ValidDC -SessionName $($ValidDC) -PSSTable ([ref]$PSSTable)
-                            if ($DCPssSession) {
-                                Get-AbrDiagrammer -DiagramType $_.Name -PSSessionObject $DCPssSession -Domain $Domain[0] -FileName "AsBuiltReport.$($Global:Report)-($($_.Name))-$($Domain[0])"
+                        try {
+                            $ValidDC = Get-ValidDCfromDomain -Domain $Domain -DCStatus ([ref]$DCStatus)
+                            if ($ValidDC) {
+                                $DCPssSession = Get-ValidPSSession -ComputerName $ValidDC -SessionName $($ValidDC) -PSSTable ([ref]$PSSTable)
+                                if ($DCPssSession) {
+                                    Get-AbrDiagrammer -DiagramType $_.Name -PSSessionObject $DCPssSession -Domain $Domain -FileName "AsBuiltReport.Microsoft.AD-($($_.Name))-$($Domain)"
+                                }
                             }
+                        } catch {
+                            Write-PScriboMessage -IsWarning -Message "Unable to generate 'Trusts' diagram for domain '$Domain': $($_.Exception.Message)"
                         }
                     }
                 } elseif ($_.Value) {

Original file line number	Diff line number	Diff line change
`@@ -127,7 +127,7 @@ function Get-AbrDiagrammer {`
`127`	`127`	`$FileName = "$($FileName).$($Format)"`
`128`	`128`	`$Graph = New-ADDiagram @DiagramParams -DiagramType $DiagramType -Format $Format -Filename $FileName`
`129`	`129`	`} else {`
`130`		`- $FileName = "AsBuiltReport.$($Global:Report)-($($DiagramType)).$($Format)"`
	`130`	`+ $FileName = "AsBuiltReport.Microsoft.AD-($($DiagramType)).$($Format)"`
`131`	`131`	`$Graph = New-ADDiagram @DiagramParams -DiagramType $DiagramType -Format $Format -Filename $FileName`
`132`	`132`	`}`
`133`	`133`	`if ($Graph) {`
Original file line number	Diff line number	Diff line change
`@@ -5,7 +5,7 @@ function Get-ValidPSSession {`
`5`	`5`	`.DESCRIPTION`
`6`	`6`	`Function to generate a valid WinRM session from a computer string.`
`7`	`7`	`.NOTES`
`8`		`- Version: 0.9.6`
	`8`	`+ Version: 0.9.9`
`9`	`9`	`Author: Jonathan Colon`
`10`	`10`	`.EXAMPLE`
`11`	`11`	`PS C:\Users\JohnDoe> Get-ValidPSSession -ComputerName 'server-dc-01v.pharmax.local'`
`@@ -24,8 +24,8 @@ function Get-ValidPSSession {`
`24`	`24`	`[Parameter(Mandatory)]`
`25`	`25`	`[ValidateNotNullOrEmpty()]`
`26`	`26`	`[string]$SessionName,`
`27`		`- [ref]$PSSTable`
`28`		`-`
	`27`	`+ [ref]$PSSTable,`
	`28`	`+ [bool]$InitialForrestConnection = $false`
`29`	`29`	`)`
`30`	`30`
`31`	`31`	`if ((-not $Options.WinRMFallbackToNoSSL) -and ($PSSTable.Value \| Where-Object { $_.DCName -eq $ComputerName -and $_.Status -eq 'Offline' -and $_.Protocol -eq 'PSSessionSSL' })) {`
`@@ -85,13 +85,17 @@ function Get-ValidPSSession {`
`85`	`85`	`return $SessionObject`
`86`	`86`	`}`
`87`	`87`	`} catch {`
`88`		`- Write-PScriboMessage -Message "Unable to Connect to '$ComputerName' through PSSession."`
`89`	`88`	`$PSSTable.Value += @{`
`90`	`89`	`DCName = $ComputerName`
`91`	`90`	`Status = 'Offline'`
`92`	`91`	`Protocol = 'PSSession'`
`93`	`92`	`Id = 'None'`
`94`	`93`	`}`
	`94`	`+ if ($InitialForrestConnection) {`
	`95`	`+ throw "Unable to Connect to '$ComputerName' through PSSession. Error details: $($_.Exception.Message)"`
	`96`	`+ } else {`
	`97`	`+ Write-PScriboMessage -Message "Unable to Connect to '$ComputerName' through PSSession."`
	`98`	`+ }`
`95`	`99`	`}`
`96`	`100`	`}`
`97`	`101`	`} else {`
`@@ -118,13 +122,17 @@ function Get-ValidPSSession {`
`118`	`122`	`return $SessionObject`
`119`	`123`	`}`
`120`	`124`	`} catch {`
`121`		`- Write-PScriboMessage -Message "Unable to Connect to '$ComputerName' through PSSession."`
`122`	`125`	`$PSSTable.Value += @{`
`123`	`126`	`DCName = $ComputerName`
`124`	`127`	`Status = 'Offline'`
`125`	`128`	`Protocol = 'PSSession'`
`126`	`129`	`Id = 'None'`
`127`	`130`	`}`
	`131`	`+ if ($InitialForrestConnection) {`
	`132`	`+ throw "Unable to Connect to '$ComputerName' through PSSession. Error details: $($_.Exception.Message)"`
	`133`	`+ } else {`
	`134`	`+ Write-PScriboMessage -Message "Unable to Connect to '$ComputerName' through PSSession."`
	`135`	`+ }`
`128`	`136`	`}`
`129`	`137`	`}`
`130`	`138`	`}`