Active Directory Audit

1. #used for an initial audit of AD
2. #only collects and exports information
3. param(
4.     [string] $exportPath,
5.     [int] $daysInactive
6. )
7. Import-Module ActiveDirectory
8. function folderCheck ($path)
9.     {
10.     $pathTest = Test-Path -Path $path
11.     if ($pathTest -eq $true)
12.         {
13.             echo "Verified $path exists"
14.         }
15.     elseif ($pathTest -ne $true)
16.         {
17.             echo "$path does not exisit. Creating $path now"
18.             New-Item -ItemType Directory -Path $path
19.         }
20.     }
21. #all variables created here
22. $time = (Get-Date).AddDays(-($daysInactive))
23.    #gather all Groups
24. echo "Gathering list of AD Groups"
25. $adGroupList = Get-ADGroup -Filter * -Properties *
26.    #gather all enabled users in AD
27. echo "Gathering list of all enabled users"
28. $userList = Get-ADUser -Filter {enabled -eq $true} -Properties *
29.    #get list of GPO
30. echo "Gathering list of all GPOs"
31. $gpos = Get-GPO -All
32.    #get inactive items
33. echo "Gathering list of all inactive users"
34. $inactiveUsers = Get-ADUser -Filter{LastLogonTimeStamp -le $time -and enabled -eq $true} -Properties *
35.    #get inactive computers
36. echo "Gathering list of all inactive computers"
37. $inactiveComputers = Get-ADComputer -Filter {LastLogonDate -le $time} -Properties *
38.    #get disabled items
39. echo "Gathering all disabled users"
40. $disabledUsers = Get-ADUser -Filter {enabled -eq $false} -Properties *
41. echo "Gathering all disabled computers"
42. $disabledComputers = Get-ADComputer -Filter {enabled -eq $false} -Properties *
43. #check for directories
44. echo "Checking directories now"
45. folderCheck -path $exportPath
46. folderCheck -path "$exportPath\AD Groups"
47. folderCheck -path "$exportPath\Active AD Users"
48. folderCheck -path "$exportPath\AD GPOs"
49. folderCheck -path "$exportPath\AD GPOs\GPO Reports"
50. folderCheck -path "$exportPath\Inactive Items"
51. folderCheck -path "$exportPath\Disabled Items"
52. folderCheck -path "$exportPath\DC Information"
53. #export group lists
54. echo "Exporting all AD Groups"
55. $adGroupList|select name,groupcategory,samaccountname| Export-Csv -path "$exportPath\AD Groups\All Groups.csv" -NoTypeInformation
56. #gather all users in groups
57. echo "Starting export of members in AD Groups"
58. foreach ($group in $adGroupList)
59.     {
60.     $groupName = $group.samaccountname
61.     $fileName = $group.name
62.     echo "Exporting all group members for $groupName"
63.     Get-ADGroupMember -Identity $groupName| select name,samaccountname,objectclass|Export-Csv -Path "$exportPath\AD Groups\$fileName.csv" -NoTypeInformation   
64.     }
65. echo "Exporting enabled user list"
66. $userList|select Name,SamAccountName,Description,CanonicalName,LastLogonDate|Export-Csv -Path "$exportPath\Active AD Users\All Active Users.csv" -NoTypeInformation
67. echo "Exporting GPOs"
68. $gpos|select DisplayName,Owner,GpoStatus|Export-Csv -Path "$exportPath\AD GPOs\AllGPOs.csv" -NoTypeInformation
69. #get GPO report
70. echo "Starting GPO Reports"
71. foreach ($gpo in $gpos)
72.     {
73.         $gpoName = $gpo.DisplayName
74.         echo "Running GPO Report on $gpoName"
75.         Get-GPOReport -Name $gpoName -ReportType XML -Path "$exportPath\AD GPOs\GPO Reports\$gpoName.xml"
76.     }
77. echo "Exporting inactive users"
78. $inactiveUsers|select givenname,surname,name,samaccountname,enabled,@{Name="Stamp"; expression={[DateTime]::FromFileTime($_.lastLogonTimestamp).ToString('yyyy-MM-dd_hh:mm:ss')}},DistinguishedName|Export-Csv -Path "$exportPath\Inactive Items\Inactive Users.csv" -NoTypeInformation
79. echo "Exporting inactive computers"
80. $inactiveComputers|select name,DistinguishedName,LastLogonDate| export-csv -path "$exportPath\Inactive Items\Inactive Computers.csv" -NoTypeInformation
81. echo "Exporting disabled users"
82. $disabledUsers|select givenname,surname,name,samaccountname,enabled|Export-Csv -Path "$exportPath\Disabled Items\Disabled Users.csv" -NoTypeInformation
83. echo "Exporting disabled computers"
84. $disabledComputers|select name,DistinguishedName,LastLogonDate,Enabled|Export-Csv -Path "$exportPath\Disabled Items\Disabled Computers.csv" -NoTypeInformation
85. echo "Gathering all Domain Controllers"
86. $dcs = (Get-ADDomain).ReplicaDirectoryServers
87. $dcs += (Get-ADDomain).ReadOnlyReplicaDirectoryServers
88. Foreach ($dc in $dcs)
89.     {
90.     echo "Gathering information for $dc"
91.     Get-ADDomainController -Identity $dc|Export-Csv "$exportPath\DC Information\DC Information.csv" -Append -NoTypeInformation
92.     echo "Running dcdiag on $dc"
93.     dcdiag /s:$dc > "$exportPath\DC Information\$dc.txt"
94.     }
95. echo "Gathering FSMO roles"
96. NetDOM /query FSMO > "$exportPath\DC Information\FSMO.txt"
97. echo "Gathering Replication Status for domain"
98. Get-ADReplicationFailure -Scope Domain|Export-Csv -Path "$exportPath\DC Information\Replication Status.csv" -NoTypeInformation