Adaudit – Powershell Script To Do Domain Auditing Automation

PowerShell Script to accomplish a snappy AD audit

_____ ____     _____       _ _ _
| _ | | _ |_ _ _| |_| |_
| | | | | | | | . | | _|
|__|__|____/ |__|__|___|___|_|_|
through phillips321

If you might have any respectable powershell one liners which may be used within the script please let me know. I’m seeking to stay this script as a unmarried record with out a requirements on exterior equipment (rather than ntdsutil and cmd.exe)
Run at once on a DC the use of a DA. If you do not consider the code I counsel studying it first and you can see it is all innocuous! (But mustn’t you be doing that anyway with code you download off the web after which run as DA??)
audit (and checking SYSVOL for passwords)

  • Get-GPOtoFile
  • Get-GPOsPerOU
  • Get-SYSVOLXMLS
  • Check Generic Group AD Permissions
    • Get-OUPerms
  • Check For Existence of LAPS in area
    • Get-LAPSStatus
  • Check For Existence of Authentication Polices and Silos
    • Get-AuthenticationPoliciesAndSilos
  • Runtime Args
    The following switches can be utilized together

    • -hostdetails retrieves hostname and different helpful audit information
    • -domainaudit retrieves details about the AD similar to purposeful degree
    • -trusts retrieves details about any doman trusts
    • -accounts identifies account problems similar to expired, disabled, and so on…
    • -passwordpolicy retrieves password coverage knowledge
    • -ntds dumps the NTDS.dit record the use of ntdsutil
    • -oldboxes known old-fashioned OSs like XP/2003 joined to the area
    • -gpo dumps the GPOs in XML and HTML for later research
    • -ouperms assessments generic OU permission problems
    • -laps assessments if LAPS is put in
    • -authpolsilos assessments for existenece of authentication insurance policies and silos
    • -all runs all assessments, e.g. AdvertAudit.ps1 -all
    Download Adaudit