Domain-Report.ps1

# DomainReport.ps1
# Emails a report of various metrics collected from every computer in the domain.
# This script is intended to be run automatically, on a schedule of once a day or so,
# to let us know how our domain is doing.

[string]$senderName   = "Domain Health Report"
[string]$senderAddr   = "powershell@email"
[string]$recptName    = "recipient name"
[string]$recptAddr    = "you@email"
[string]$emailSubject = "Domain Health Report"
[string]$smtpServer   = ""
[string]$emailBody    = ""
[int]$staleCompAcctDays = 60
[int]$staleUserAcctDays = 60
[int]$diskFreePercentThreshold = 10
[int]$SSIIndexThreshold = 7

Import-Module ActiveDirectory   # It will not hurt if the module is already loaded.

$localhost = Get-Content env:Computername
$domain = Get-ADDomain
$forest = Get-ADForest
$allComputerAccts = Get-ADComputer -Filter * -Properties *
$enabledComputerAccts = Get-ADComputer -Filter 'Enabled -eq $true' -Properties *
$allUserAccts = Get-ADUser -Filter * -Properties *
$enabledUserAccts = Get-ADUser -Filter 'Enabled -eq $true' -Properties *

Function Ping-Server
{
    param($hostName)
    trap
    {
        $false; continue
    }
    $object = New-Object System.Net.NetworkInformation.Ping
    $object.Send($hostName, 2000) #2000ms ping timeout
}

$emailBody += "<FONT STYLE=`"font-size:30px;`">"
$emailBody += "Domain Health Report"
$emailBody += "</FONT>"
$emailBody += "<FONT STYLE=`"font-size:9px;`">"
$emailBody += "<BR/>Report executed from $localhost at $(Get-Date)<HR/>"
$emailBody += "</FONT>"
$emailBody += "<FONT STYLE=`"font-family:Monospace;font-size:13px`"><BR/>"
$emailBody += "<strong>Forest Root Domain:</strong> $($forest.RootDomain) ($($forest.ForestMode))<BR/>"
$emailBody += "<strong>Current Domain:</strong> $($domain.Name), NetBIOS $($domain.NetBIOSName) ($($domain.DomainMode))<BR/>"
$emailBody += "<BR/>"
$emailBody += "<strong>Domain Controllers:</strong> $($domain.ReplicaDirectoryServers.Count) Writable, $($domain.ReadOnlyReplicaServers.Count) RODCs, $($forest.GlobalCatalogs.Count) Global Catalogs<BR/>"
$emailBody += "<strong>Schema Master:</strong> $($forest.SchemaMaster)<BR/>"
$emailBody += "<strong>Domain Naming Master:</strong> $($forest.DomainNamingMaster)<BR/>"
$emailBody += "<strong>Infrastructure Master:</strong> $($domain.InfrastructureMaster)<BR/>"
$emailBody += "<strong>RID Master:</strong> $($domain.RIDMaster)<BR/>"
$emailBody += "<strong>PDC Emulator:</strong> $($domain.PDCEmulator)<BR/>"
$emailBody += "<strong>Sites:</strong> $($forest.Sites)<BR/>"
$emailBody += "<BR/>"
$emailBody += "<strong>Computer Accounts:</strong> $($allComputerAccts.Count) found, $($enabledComputerAccts.Count) enabled<BR/>"
if($allComputerAccts.Count -gt $enabledComputerAccts.Count)
{
    $emailBody += "<strong>Disabled Computer Accounts:</strong> "
    ForEach($_ in $allComputerAccts)
    {
        if($_.Enabled -eq $false)
        {
            $emailBody += "$($_.CN)`, "
        }
    }
    $emailBody = $emailBody -Replace "..$" # Trim off the last two characters
    $emailBody += "<BR/>"
}
$emailBody += "<strong>Stale Computer Accounts<sup>*</sup>: </strong> "
ForEach($_ in $allComputerAccts)
{
    if($_.PasswordLastSet -lt $((Get-Date).AddDays(-$($staleCompAcctDays))))
    {
        $emailBody += "$($_.CN)`, "
    }
}
$emailBody += "<BR/><BR/>"
$emailBody += "<strong>User Accounts: </strong> $($allUserAccts.Count) found, $($enabledUserAccts.Count) enabled<BR/>"
if($allUserAccts.Count -gt $enabledUserAccts.Count)
{
    $emailBody += "<strong>Diabled User Accounts:</strong> "
    ForEach($_ in $allUserAccts)
    {
        if($_.Enabled -eq $false)
        {
            $emailBody += "$($_.SAMAccountName)`, "
        }
    }
    $emailBody = $emailBody -Replace "..$"
    $emailBody += "<BR/>"
}
$emailBody += "<strong>Stale User Accounts<sup>*</sup>: </strong> "
ForEach($_ in $enabledUserAccts)
{
    $lastLogon = [DateTime]::FromFileTime($_.LastLogonTimeStamp)
    if($lastLogon -lt $((Get-Date).AddDays(-$($staleUserAcctDays))))
    {
        $emailBody += "$($_.SAMAccountName)`, "
    }
}
$emailBody += "</FONT><BR/><BR/>"
$emailBody += "<FONT STYLE=`"font-size:9px;`">* A `"stale`" computer account is one that has not updated its machine password with AD in $staleCompAcctDays days."
$emailBody += "<BR/>* A `"stale`" user account is not disabled but has not logged on to the domain in $staleUserAcctDays days."
$emailBody += "</FONT>"
$emailBody += "<HR/><BR/>"

ForEach($_ in $enabledComputerAccts)
{
    $emailBody += "<FONT STYLE=`"font-size:16px;`">"
    $emailBody += "<strong>$($_.CN)</strong> <BR/>"
    $emailBody += "</FONT>"
    $emailBody += "<div style=`"border-width:1px;border-style:solid;margin:2px;padding:2px;`">"
    $emailBody += "<FONT STYLE=`"font-family:Monospace;font-size:13px`">"
    $pingNode = Ping-Server $($_.CN)
    $emailBody += "<strong>Ping:</strong> "
    if($pingNode.Status -ne "Success")
    {
        $emailBody += "<FONT STYLE=`"color:red;`"><strong>NO REPLY!</strong></FONT><BR/>"
    }
    else
    {
        $emailBody += "$($pingNode.RoundTripTime) ms reply from $($pingNode.Address)<BR/>"
    }
    $computerSystem = Get-WmiObject Win32_ComputerSystem -ComputerName $($_.CN)
    $emailBody += "<strong>System: </strong> $($computerSystem.Manufacturer) $($computerSystem.Model)<BR/>"
    $latestStabilityIndex = Get-WmiObject Win32_ReliabilityStabilityMetrics -ComputerName $($_.CN) | Select-Object -First 1 | ForEach {$_.SystemStabilityIndex}
    $emailBody += "<strong>Latest SSI<sup>*</sup>: </strong>"
    if($latestStabilityIndex -gt 0 -and $latestStabilityIndex -le 10)
    {
        if($latestStabilityIndex -lt $SSIIndexThreshold)
        {
            $emailBody += "<FONT STYLE=`"color:red;`"><strong>$latestStabilityIndex<BR/></strong></FONT>"
        }
        else
        {
            $emailBody += "$latestStabilityIndex<BR/>"
        }
    }
    else
    {
        $emailBody += "<FONT STYLE=`"color:red;`"><strong>NO DATA!</strong></FONT><BR/>"
    }

    ## Don't want to use $log.Count here because it seems to be implemented inconsistently in the Get-Eventlog cmdlet,
    ## e.g. sometimes it is null when it should be zero, and vice versa, and still other times it throws an exception
    ## for no matches found.

    $emailBody += "<strong>Application Log Errors Last 24hrs: </strong>"
    Try
    {
        $appLogErrors = Get-EventLog -Log Application -EntryType Error -After $(Get-Date).AddHours(-24) -ComputerName $($_.CN)
        if($appLogErrors -eq $null)
        {
            $emailBody += "0<BR/>"
        }
        else
        {
            ## This technique doesn't work if $log is null. $counter goes to 1 when it should stay at 0.
            $counter = 0
            $appLogErrors | ForEach-Object { $counter++ }
            $emailBody += "$counter<BR/>"
        }
    }
    Catch
    {
        $emailBody += "<FONT STYLE=`"color:red;`"><strong>$($_.Exception.Message.ToString())</strong></FONT><BR/>"
    }

    $emailBody += "<strong>System Log Errors Last 24hrs: </strong>"
    Try
    {
        $sysLogErrors = Get-EventLog -Log System -EntryType Error -After $(Get-Date).AddHours(-24) -ComputerName $($_.CN)
        if($sysLogErrors -eq $null)
        {
            $emailBody += "0<BR/>"
        }
        else
        {
            $counter = 0
            $sysLogErrors | ForEach-Object { $counter++ }
            $emailBody += "$counter<BR/>"
        }

    }
    Catch
    {
        $emailBody += "<FONT STYLE=`"color:red;`"><strong>$($_.Exception.Message.ToString())</strong></FONT><BR/>"
    }

    $emailBody += "<strong>Security Audit Failures Last 24hrs: </strong>"
    Try
    {
        $secLogErrors = Get-EventLog -Log Security -EntryType FailureAudit -After $(Get-Date).AddHours(-24) -ComputerName $($_.CN)
        if($secLogErrors -eq $null)
        {
            $emailBody += "0<BR/>"
        }
        else
        {
            $counter = 0
            $secLogErrors | ForEach-Object { $counter++ }
            $emailBody += "$counter<BR/>"
        }

    }
    Catch
    {
        $emailBody += "<FONT STYLE=`"color:red;`"><strong>$($_.Exception.Message.ToString())</strong></FONT><BR/>"
    }

    $emailBody += "<strong>Total RAM: </strong>$([math]::Round($computerSystem.TotalPhysicalMemory/1GB,0)) GB <BR/>"
    $emailBody += "<strong>Logical Disks:</strong>"
    $emailBody += "<div style=`"border-width:1px;border-style:dashed;margin:8px;padding:8px;background-color:`#dddddd`">"
    $computer = $($_.CN)
    ForEach($_ in $(Get-WMIObject -Query "SELECT DeviceID FROM Win32_Logicaldisk WHERE DriveType=3" -Computer $computer | ForEach { $_.DeviceID }))
    {
        $logicalDisk = Get-WMIObject -Query "SELECT * FROM Win32_Logicaldisk WHERE DeviceID='$_'" -Computer $computer
        $freespace = [math]::Round($logicalDisk.FreeSpace/1GB,0)
        $totalSize = [math]::Round($logicalDisk.Size/1GB,0)
        if((($freespace/$totalSize)*100) -lt $diskFreePercentThreshold)
        {
            $emailBody += "<strong><FONT STYLE=`"color:red;`">$($logicalDisk.DeviceID) ($($logicalDisk.VolumeName)) $freespace GB free out of $totalSize GB </FONT></strong><BR/>"
        }
        else
        {
            $emailBody += "$($logicalDisk.DeviceID) ($($logicalDisk.VolumeName)) $freespace GB free out of $totalSize GB <BR/>"
        }
    }
    $emailBody += "</DIV>"
    $emailBody += "</FONT></DIV><BR/><BR/>"
}

$emailBody += "</FONT>"
$emailBody += "<FONT STYLE=`"font-size:9px;`">* SSI = Windows System Stability Index. Configure WMI Reliability Providers across your domain via Group Policy and ensure that the RAC scheduled task is running on the machines in order to gather this data.<BR/>"
$emailBody += "* The Remote Registry service must be running on remote computers in order to gather event log data."
$emailBody += "</FONT>"

Send-MailMessage -From "$senderName <$senderAddr>" -To "$recptName <$recptAddr>" -Subject "$emailSubject" -Body $emailBody -SMTPServer $smtpServer -BodyAsHTML