Skip to content

Commit

Permalink
Merge pull request #195 from rebelinux/dev
Browse files Browse the repository at this point in the history 
v0.9.2
  • Loading branch information
@rebelinux
rebelinux authored Jan 15, 2025
2 parents 76db86e + 6002962 commit 95cb1b9
Show file tree
Hide file tree
Showing 35 changed files with 708 additions and 400 deletions.
1 change: 0 additions & 1 deletion .github/workflows/PSScriptAnalyzerSettings.psd1
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,5 @@
@{
ExcludeRules = @(
'PSUseBOMForUnicodeEncodedFile',
'PSUseToExportFieldsInManifest'
)
Rules = @{
Expand Down
11 changes: 0 additions & 11 deletions .github/workflows/dependabot.yml
View file

This file was deleted.

6 changes: 5 additions & 1 deletion AsBuiltReport.Microsoft.AD.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,11 @@
},
"Include": {
"Domains": []
}
},
"WinRMSSL": false,
"WinRMFallbackToNoSSL": true,
"WinRMSSLPort": 5986,
"WinRMPort": 5985
},
"InfoLevel": {
"_comment_": "0 = Disabled, 1 = Enabled, 2 = Adv Summary, 3 = Detailed",
Expand Down
9 changes: 8 additions & 1 deletion CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,19 +11,26 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0

### Added

- Improve DC selection logic
- Add support for WinRM over SSL
- Add option to set the WinRM tcp port used for PSSession connection setup

### Changed

- Increase Diagrammer.Core minimum requirement
- Increase AsBuiltReport.Core to v1.4.1
- Improve DC selection logic
- Improve HealthCheck best practice recommendations (Copilot)

### Fixed

- Fix [#190](https://github.com/AsBuiltReport/AsBuiltReport.Microsoft.AD/issues/190)
- Fix [#191](https://github.com/AsBuiltReport/AsBuiltReport.Microsoft.AD/issues/191)
- Fix ConvertTo-HashToYN cmdlet not generating an ordereddictionary output

### Removed

- Remove dependabot action (Not supported in Abr Organization)

## [0.9.1] - 2024-11-15

### Added
Expand Down
7 changes: 6 additions & 1 deletion README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -174,12 +174,17 @@ The **Options** schema allows certain options within the report to be toggled on

| Sub-Schema | Setting | Default | Description |
| ----------------------- | ------------------ | --------- | ------------------------------------------------------------------------------------------------------------------------- |
| ShowDefinitionInfo | true/false | false | Toggle to enable/disable Microsoft AD term explanations |
| ShowDefinitionInfo | true/false | False | Toggle to enable/disable Microsoft AD term explanations |
| PSDefaultAuthentication | Negotiate/Kerberos | Negotiate | Allow to set the value of the PSRemoting authentication method. For Workgroup authentication Negotiate value is required. |
| Exclude.Domains | Array List | Empty | Allow to filter on AD Domain FQDN |
| Exclude.DCs | Array List | Empty | Allow to filter on AD Domain Controller Server FQDN. |
| Include.Domains | Array List | Empty | Allow only a list of Active Directory Domain Controller FQDN to document. |
| Include.DCs | Array List | Empty | Allow only a list of Active Directory Domain FQDN to document. |
| WinRMSSL | Bool | True | Allow to enable SSL for WINRM connection |
| WinRMFallbackToNoSSL | Bool | True | Allow to fallback to WINRM without SSL |
| WinRMSSLPort | Int | 5986 | Allow to set tcp port for WinRM over SSL |
| WinRMPort | Int | 5985 | Allow to set tcp port for WinRM |


### InfoLevel

Expand Down
6 changes: 3 additions & 3 deletions Src/Private/Get-AbrADCAAIA.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ function Get-AbrADCAAIA {
.DESCRIPTION
.NOTES
Version: 0.9.1
Version: 0.9.2
Author: Jonathan Colon
Twitter: @jcolonfzenpr
Github: rebelinux
Expand All @@ -23,13 +23,13 @@ function Get-AbrADCAAIA {
)

begin {
Write-PScriboMessage "Collecting AD Certification Authority Authority Information Access information."
Write-PScriboMessage "Collecting Active Directory Certification Authority Information Access details."
}

process {
if ($CA) {
Section -Style Heading3 "Authority Information Access (AIA)" {
Paragraph "The following section provides the Certification Authority Authority Information Access information."
Paragraph "The following section provides the Certification Authority Information Access details."
BlankLine
try {
$OutObj = @()
Expand Down
4 changes: 2 additions & 2 deletions Src/Private/Get-AbrADDCDiag.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ function Get-AbrADDCDiag {
}

process {
if (Test-WSMan -Credential $Credential -Authentication $Options.PSDefaultAuthentication -ComputerName $DC -ErrorAction SilentlyContinue) {
if (Get-DCWinRMState -ComputerName $DC) {
try {
$DCDIAG = Invoke-DcDiag -DomainController $DC
if ($DCDIAG) {
Expand Down Expand Up @@ -87,7 +87,7 @@ function Get-AbrADDCDiag {
$OutObj | Sort-Object -Property 'Entity' | Table @TableParams
}
} else {
Write-PScriboMessage -IsWarning "No DCDiag information found in $DC, disabling the section."
Write-PScriboMessage "No DCDiag information found in $DC, Disabling this section."
}
} catch {
Write-PScriboMessage -IsWarning "Active Directory DCDiag Section: $($_.Exception.Message)"
Expand Down
16 changes: 7 additions & 9 deletions Src/Private/Get-AbrADDCRoleFeature.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ function Get-AbrADDCRoleFeature {
.DESCRIPTION
.NOTES
Version: 0.9.1
Version: 0.9.2
Author: Jonathan Colon
Twitter: @jcolonfzenpr
Github: rebelinux
Expand All @@ -29,15 +29,15 @@ function Get-AbrADDCRoleFeature {

process {
try {
$DCPssSession = try { New-PSSession -ComputerName $DC -Credential $Credential -Authentication $Options.PSDefaultAuthentication -Name 'ADDCRoleFeature' -ErrorAction Stop } catch {
if (-Not $_.Exception.MessageId) {
$ErrorMessage = $_.FullyQualifiedErrorId
} else {$ErrorMessage = $_.Exception.MessageId}
Write-PScriboMessage -IsWarning "Roles Section: New-PSSession: Unable to connect to $($DC): $ErrorMessage"
}
$DCPssSession = Get-ValidPSSession -ComputerName $DC -SessionName 'ADDCRoleFeature'
if ($DCPssSession) {
$Features = Invoke-Command -Session $DCPssSession -ScriptBlock { Get-WindowsFeature | Where-Object { $_.installed -eq "True" -and $_.FeatureType -eq 'Role' } }
Remove-PSSession -Session $DCPssSession
} else {
if (-Not $_.Exception.MessageId) {
$ErrorMessage = $_.FullyQualifiedErrorId
} else { $ErrorMessage = $_.Exception.MessageId }
Write-PScriboMessage -IsWarning "Roles Section: New-PSSession: Unable to connect to $($DC): $ErrorMessage"
}
if ($Features) {
Section -ExcludeFromTOC -Style NOTOCHeading5 $($DC.ToString().ToUpper().Split(".")[0]) {
Expand Down Expand Up @@ -82,7 +82,5 @@ function Get-AbrADDCRoleFeature {
Write-PScriboMessage -IsWarning "Roles Section: $($_.Exception.Message)"
}
}

end {}

}
38 changes: 19 additions & 19 deletions Src/Private/Get-AbrADDFSHealth.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -97,28 +97,28 @@ function Get-AbrADDFSHealth {
}
}
} else {
Write-PScriboMessage -IsWarning "No DFS information found in $Domain, disabling the section."
Write-PScriboMessage "No DFS information found in $Domain, Disabling this section."
}
} catch {
Write-PScriboMessage -IsWarning "Sysvol Replication Status Table Section: $($_.Exception.Message)"
}
try {
$DC = Get-ValidDCfromDomain -Domain $Domain

$DCPssSession = try { New-PSSession -ComputerName $DC -Credential $Credential -Authentication $Options.PSDefaultAuthentication -Name 'DomainSysvolHealth' -ErrorAction Stop } catch {
if (-Not $_.Exception.MessageId) {
$ErrorMessage = $_.FullyQualifiedErrorId
} else { $ErrorMessage = $_.Exception.MessageId }
Write-PScriboMessage -IsWarning "Sysvol Content Status Section: New-PSSession: Unable to connect to $($DC): $ErrorMessage"
}
# Code taken from ClaudioMerola (https://github.com/ClaudioMerola/ADxRay)
$DCPssSession = Get-ValidPSSession -ComputerName $DC -SessionName 'DomainSysvolHealth'
if ($DCPssSession) {
# Code taken from ClaudioMerola (https://github.com/ClaudioMerola/ADxRay)
$SYSVOLFolder = Invoke-Command -Session $DCPssSession { Get-ChildItem -Path $('\\' + $using:Domain + '\SYSVOL\' + $using:Domain) -Recurse | Where-Object -FilterScript { $_.PSIsContainer -eq $false } | Group-Object -Property Extension | ForEach-Object -Process {
New-Object -TypeName PSObject -Property @{
'Extension' = $_.name
'Count' = $_.count
'TotalSize' = '{0:N2}' -f ((($_.group | Measure-Object length -Sum).Sum) / 1MB)
} } | Sort-Object -Descending -Property 'Totalsize' }
} else {
if (-Not $_.Exception.MessageId) {
$ErrorMessage = $_.FullyQualifiedErrorId
} else { $ErrorMessage = $_.Exception.MessageId }
Write-PScriboMessage -IsWarning "Sysvol Content Status Section: New-PSSession: Unable to connect to $($DC): $ErrorMessage"
}
if ($SYSVOLFolder) {
Section -ExcludeFromTOC -Style NOTOCHeading4 'Sysvol Content Status' {
Expand Down Expand Up @@ -157,12 +157,12 @@ function Get-AbrADDFSHealth {
BlankLine
Paragraph {
Text "Corrective Actions:" -Bold
Text "Make sure Sysvol folder has no malicious extensions or unnecessary content."
Text "Review the files and extensions listed above and ensure they are necessary for the operation of your domain. Remove any files that are not required or that appear suspicious. Regularly monitor the Sysvol folder to maintain a healthy and secure Active Directory environment."
}
}
}
} else {
Write-PScriboMessage -IsWarning "No SYSVOL folder information found in $Domain, disabling the section."
Write-PScriboMessage "No SYSVOL folder information found in $Domain, Disabling this section."
}
if ($DCPssSession) {
Remove-PSSession -Session $DCPssSession
Expand All @@ -172,20 +172,20 @@ function Get-AbrADDFSHealth {
}
try {
$DC = Get-ValidDCfromDomain -Domain $Domain
$DCPssSession = try { New-PSSession -ComputerName $DC -Credential $Credential -Authentication $Options.PSDefaultAuthentication -Name 'NetlogonHealth' -ErrorAction Stop } catch {
if (-Not $_.Exception.MessageId) {
$ErrorMessage = $_.FullyQualifiedErrorId
} else { $ErrorMessage = $_.Exception.MessageId }
Write-PScriboMessage -IsWarning "Netlogon Content Status Section: New-PSSession: Unable to connect to $($DC): $ErrorMessage"
}
# Code taken from ClaudioMerola (https://github.com/ClaudioMerola/ADxRay)
$DCPssSession = Get-ValidPSSession -ComputerName $DC -SessionName 'NetlogonHealth'
if ($DCPssSession) {
# Code taken from ClaudioMerola (https://github.com/ClaudioMerola/ADxRay)
$NetlogonFolder = Invoke-Command -Session $DCPssSession { Get-ChildItem -Path $('\\' + $using:Domain + '\NETLOGON\') -Recurse | Where-Object -FilterScript { $_.PSIsContainer -eq $false } | Group-Object -Property Extension | ForEach-Object -Process {
New-Object -TypeName PSObject -Property @{
'Extension' = $_.name
'Count' = $_.count
'TotalSize' = '{0:N2}' -f ((($_.group | Measure-Object length -Sum).Sum) / 1MB)
} } | Sort-Object -Descending -Property 'Totalsize' }
} else {
if (-Not $_.Exception.MessageId) {
$ErrorMessage = $_.FullyQualifiedErrorId
} else { $ErrorMessage = $_.Exception.MessageId }
Write-PScriboMessage -IsWarning "Netlogon Content Status Section: New-PSSession: Unable to connect to $($DC): $ErrorMessage"
}
if ($NetlogonFolder) {
Section -ExcludeFromTOC -Style NOTOCHeading4 'Netlogon Content Status' {
Expand Down Expand Up @@ -224,12 +224,12 @@ function Get-AbrADDFSHealth {
BlankLine
Paragraph {
Text "Corrective Actions:" -Bold
Text "Make sure Netlogon folder has no malicious extensions or unnecessary content."
Text "Review the files and extensions listed above and ensure they are necessary for the operation of your domain. Remove any files that are not required or that appear suspicious. Regularly monitor the Netlogon folder to maintain a healthy and secure Active Directory environment."
}
}
}
} else {
Write-PScriboMessage -IsWarning "No NETLOGON folder information found in $Domain, disabling the section."
Write-PScriboMessage "No NETLOGON folder information found in $Domain, Disabling this section."
}
if ($DCPssSession) {
Remove-PSSession -Session $DCPssSession
Expand Down
Loading

0 comments on commit 95cb1b9

Please sign in to comment.