Active Directory Audit 2.0

1. param(
2.     [string] $exportPath,
3.     [int] $daysInactive
4. )
5. #Requires -Modules   ActiveDirectory
6. Import-Module ActiveDirectory
7.  
8. #Function to check for export directory
9. #If directory is not present, creates directory
10. function folderCheck ($path)
11. {
12.     $pathTest = Test-Path -Path $path
13.     if ($pathTest -eq $true)
14.         {
15.             Write-Output "Verified $path exists"
16.         }
17.     else
18.         {
19.             Write-Output "$path does not exisit."
20.             Write-Output "Creating $path now"
21.             New-Item -ItemType Directory -Path $path|Out-Null
22.         }
23. }
24.  
25. #Function for Write-Progress on overall script progression
26. function overallProgress ($status)
27. {
28.     #calculates percentage of steps compelte
29.     $progressPercent = ($status/24)*100
30.     #Rounds percentage
31.     $percentage = [math]::Round($progressPercent)
32.     Write-Progress -Activity "Active Directory Audit" -Status "Progress" -PercentComplete $percentage
33. }
34.  
35. #Overall Progress Report 1
36. $overallStatus = 0
37. overallProgress -status $overallStatus
38. #end overall progress
39.  
40. #set default path
41. $defaultPath = "$env:USERPROFILE\desktop\AD Audit" #end set default path
42.  
43. #Begin verification $exportPath is not empty
44. if ([string]::IsNullOrWhiteSpace($exportPath))
45. {
46.     Write-Output "No path given for exporting data."
47.     $exportPath = $defaultPath
48.     Write-Output "Data will be exported to $exportPath"
49. }
50. else { Write-Output "Data will be exported to $exportPath"}#end $exportPath verification
51.  
52. #folder list array
53. $folders = @("$exportPath",
54. "$exportPath\AD Groups",
55. "$exportPath\Active AD Users",
56. "$exportPath\AD GPOs",
57. "$exportPath\GPO Reports",
58. "$exportPath\Inactive Items",
59. "$exportPath\Disabled Items",
60. "$exportPath\DC Information") #end folder list array
61.  
62. #Overall Progress Report 2
63. $overallStatus += 1
64. overallProgress -status $overallStatus #end Overall Progress Report
65.  
66. #default inacticty days
67. $defaultInactive = 30
68. #Begin verification $daysInactive is not empy
69. if ($daysInactive -eq 0)
70. {
71.  Write-Output "No data provided for number of days inactive"
72.  $daysInactive = $defaultInactive
73.  Write-Output "Set number of days inactive to $daysInactive"  
74. }
75. else {Write-Output "Account inactivty threshold is $daysInactive"}#end $daysInactive verification
76.  
77. #Overall Progress Report 3
78. $overallStatus += 1
79. overallProgress -status $overallStatus #end Overall Progress Report
80.  
81. #Set $time equal to $daysInactive from the date script is run
82. $time = (Get-Date).AddDays(-($daysInactive))#end setting $time
83.  
84. #Overall Progress Report 4
85. $overallStatus += 1
86. overallProgress -status $overallStatus #end Overall Progress Report
87.  
88. #gather all Groups and setting group variables
89. $adGroupList = Get-ADGroup -Filter * #end gather all AD Groups
90.  
91. #Overall Progress Report 5
92. $overallStatus += 1
93. overallProgress -status $overallStatus #end Overall Progress Report
94.  
95. #gather all enabled users in AD
96. $userList = Get-ADUser -Filter {enabled -eq $true} -Properties lastLogonTimestamp,enabled,Description,CanonicalName #end gather all enabled users in AD
97.  
98. #Overall Progress Report 6
99. $overallStatus += 1
100. overallProgress -status $overallStatus #end Overall Progress Report
101.  
102. #gather all GPOs
103. $gpos = Get-GPO -All #end gather all GPOs
104.  
105. #Overall Progress Report 7
106. $overallStatus += 1
107. overallProgress -status $overallStatus #end Overall Progress Report
108.  
109. #get inactive users
110. $inactiveUsers = Get-ADUser -Filter{LastLogonTimeStamp -le $time -and enabled -eq $true} -Properties lastLogonTimestamp,enabled,Description,CanonicalName #end gather inactive users
111.  
112. #Overall Progress Report 8
113. $overallStatus += 1
114. overallProgress -status $overallStatus #end Overall Progress Report
115.  
116. #get inactive computers
117. $inactiveComputers = Get-ADComputer -Filter {LastLogonDate -le $time} -Properties LastLogonDate,CanonicalName #end get inactive computers
118.  
119. #Overall Progress Report 9
120. $overallStatus += 1
121. overallProgress -status $overallStatus #end Overall Progress Report
122.  
123. #get disabled users
124. $disabledUsers = Get-ADUser -Filter {enabled -eq $false} -Properties lastLogonTimestamp,enabled,Description,CanonicalName #end get disabled users
125.  
126. #Overall Progress Report 10
127. $overallStatus += 1
128. overallProgress -status $overallStatus #end Overall Progress Report
129.  
130. #get disabled computers
131. $disabledComputers = Get-ADComputer -Filter {enabled -eq $false} -Properties LastLogonDate,CanonicalName #end get disabled computers
132.  
133. #Overall Progress Report 11
134. $overallStatus += 1
135. overallProgress -status $overallStatus #end Overall Progress Report
136.  
137. #check for directories
138. $folderCount = $folders.Count
139. $foldersProccessed = 0
140. foreach ($folder in $folders)
141. {
142.     Write-Output "Running folderCheck on $folder"
143.     $folderPercantage = (($foldersProccessed/$folderCount)*100)
144.     $folderRound = [math]::Round($folderPercantage)
145.     Write-Progress -Activity "Folder Directory Verification" -Status "Progress" -PercentComplete $folderRound
146.     folderCheck -path $folder
147.     $foldersProccessed += 1
148. } #end check for directories
149.  
150. #Overall Progress Report 12
151. $overallStatus += 1
152. overallProgress -status $overallStatus #end Overall Progress Report
153.  
154. #export group lists
155. $adGroupList|Select-Object name,groupcategory,groupscope,samaccountname| Export-Csv -path "$exportPath\AD Groups\All Groups.csv" -NoTypeInformation #end export group lists
156.  
157. #Overall Progress Report 13
158. $overallStatus += 1
159. overallProgress -status $overallStatus #end Overall Progress Report
160.  
161. #gather all users in groups
162. $groupProcessed = 0
163. $groupCount = $adGroupList.count
164.  
165. foreach ($group in $adGroupList)
166. {
167.     $groupPercentage = ($groupProcessed/$groupCount)*100
168.     $groupRound = [math]::Round($groupPercentage)
169.     $groupName = $group.samaccountname
170.     $fileName = $group.name
171.     Write-Progress -Activity "Export members of AD Groups" -Status "Progress" -PercentComplete $groupRound
172.     $groupProcessed += 1
173.     Get-ADGroupMember -Identity $groupName| Select-Object name,samaccountname,objectclass|Export-Csv -Path "$exportPath\AD Groups\$fileName.csv" -NoTypeInformation
174. }
175.  
176. #Overall Progress Report 14
177. $overallStatus += 1
178. overallProgress -status $overallStatus #end Overall Progress Report
179.  
180. #export enabled users
181. $userList|Select-Object Name,SamAccountName,Description,CanonicalName,lastLogonTimestamp|Export-Csv -Path "$exportPath\Active AD Users\All Active Users.csv" -NoTypeInformation #end export enabled users
182.  
183. #Overall Progress Report 15
184. $overallStatus += 1
185. overallProgress -status $overallStatus #end Overall Progress Report
186.  
187. #export GPOs
188. $gpos|Select-Object DisplayName,Owner,GpoStatus|Export-Csv -Path "$exportPath\AD GPOs\AllGPOs.csv" -NoTypeInformation #end export GPOs
189.  
190. #export gpo reports
191. $gpoCount = $gpos.count
192. $gpoProcessed = 0
193. foreach($gpo in $gpos)
194. {
195.     $gpoPercentage = ($gpoProcessed/$gpoCount)*100
196.     $gpoRound = [math]::Round($gpoPercentage)
197.     $gpoName = $gpo.DisplayName
198.     $gpoNameTrim = $gpoName -replace ' ','' -replace ':','' -replace [regex]::Escape('\'),''
199.     Write-Progress -Activity "GPO Report Generation" -Status "Progress" -PercentComplete $gpoRound
200.     Get-GPOReport -Name $gpoName -ReportType HTML -Path "$exportPath\GPO Reports\$gpoNameTrim.html"
201.     $gpoProcessed += 1
202. }
203.  
204. #Overall Progress Report 16
205. $overallStatus += 1
206. overallProgress -status $overallStatus #end Overall Progress Report
207.  
208. #export inactive users
209. $inactiveUsers|Select-Object Name,SamAccountName,Description,CanonicalName,@{Name="Stamp"; expression={[DateTime]::FromFileTime($_.lastLogonTimestamp).ToString('yyyy-MM-dd_hh:mm:ss')}}|Export-Csv -Path "$exportPath\Inactive Items\Inactive Users.csv" -NoTypeInformation #end export inactive users
210.  
211. #Overall Progress Report 17
212. $overallStatus += 1
213. overallProgress -status $overallStatus #end Overall Progress Report
214.  
215. #export inactive computers
216. $inactiveComputers|Select-Object name,CanonicalName,LastLogonDate| export-csv -path "$exportPath\Inactive Items\Inactive Computers.csv" -NoTypeInformation #end export inactive computers
217.  
218. #Overall Progress Report 18
219. $overallStatus += 1
220. overallProgress -status $overallStatus #end Overall Progress Report
221.  
222. #export disabled users
223. $disabledUsers|Select-Object givenname,surname,name,samaccountname,enabled|Export-Csv -Path "$exportPath\Disabled Items\Disabled Users.csv" -NoTypeInformation #end export disabled users
224.  
225. #Overall Progress Report 19
226. $overallStatus += 1
227. overallProgress -status $overallStatus #end Overall Progress Report
228.  
229. #export disbaled computers
230. $disabledComputers|Select-Object name,DistinguishedName,LastLogonDate,Enabled|Export-Csv -Path "$exportPath\Disabled Items\Disabled Computers.csv" -NoTypeInformation #end export disabled users
231.  
232. #Overall Progress Report 20
233. $overallStatus += 1
234. overallProgress -status $overallStatus #end Overall Progress Report
235.  
236. #gather domain controller list
237. $dcs = (Get-ADDomain).ReplicaDirectoryServers
238. $dcs += (Get-ADDomain).ReadOnlyReplicaDirectoryServers #end gather domain controller list
239. $dcCount = $dcs.count
240. $dcProcess = 0
241.  
242. #Overall Progress Report 21
243. $overallStatus += 1
244. overallProgress -status $overallStatus #end Overall Progress Report
245.  
246. #gather information about Domain Controller
247. Foreach ($dc in $dcs)
248. {
249.     $dcPercentage = ($dcProcess/$dcCount)*100
250.     $dcRound = [math]::Round($dcPercentage)
251.     Write-Progress -Activity "Gathering information on Domain Controllers" -Status "Progress" -PercentComplete $dcRound
252.     Write-Output "Gathering information for $dc"
253.     Get-ADDomainController -Identity $dc|Export-Csv "$exportPath\DC Information\DC Information.csv" -Append -NoTypeInformation
254.     Write-Output "Running dcdiag on $dc"
255.     dcdiag /s:$dc > "$exportPath\DC Information\$dc.txt"
256.     $dcProcess += 1
257. } #end gather information about domain controller
258.  
259. #Overall Progress Report 22
260. $overallStatus += 1
261. overallProgress -status $overallStatus #end Overall Progress Report
262.  
263. #gather FSMO information
264. NetDOM /query FSMO > "$exportPath\DC Information\FSMO.txt" #end gather FSMO information
265.  
266. #Overall Progress Report 23
267. $overallStatus += 1
268. overallProgress -status $overallStatus #end Overall Progress Report
269.  
270. #gather replication stauts
271. Get-ADReplicationFailure -Scope Domain|Export-Csv -Path "$exportPath\DC Information\Replication Status.csv" -NoTypeInformation #end gather replication status
272.  
273. #Overall Progress Report 24
274. $overallStatus += 1
275. overallProgress -status $overallStatus #end Overall Progress Report