Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #1 from f-bader:InitalReportPR
Inital set of reports
- Loading branch information
Showing
4 changed files
with
108 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,40 @@ | ||
<# | ||
.SYNOPSIS | ||
Create a report of every trust one can reach in an environment | ||
The output includes | ||
* primaryDomain | ||
* trustedDomain | ||
* NETBIOSName | ||
* trustType | ||
* trustDirection | ||
The complete code only relies on the default Active Directory PowerShell cmdlets and checks the trustedDomain objects within a domain for information | ||
.NOTES | ||
Author: Fabian Bader (fabian.bader@toolsection.info) | ||
#> | ||
# https://msdn.microsoft.com/en-us/library/cc223768.aspx | ||
$trustDirection = @{ | ||
0 = "The trust relationship exists but has been disabled" | ||
1 = "The trusted domain trusts the primary domain to perform operations such as name lookups and authentication (InBound)" | ||
2 = "The primary domain trusts the trusted domain to perform operations such as name lookups and authentication (OutBound)" | ||
3 = "Both domains trust one another for operations such as name lookups and authentication" | ||
} | ||
|
||
# https://msdn.microsoft.com/en-us/library/cc223771.aspx | ||
$trustType = @{ | ||
1 = "The trusted domain is a Windows domain not running Active Directory" | ||
2 = "The trusted domain is a Windows domain running Active Directory" | ||
3 = "The trusted domain is running a non-Windows, RFC4120-compliant Kerberos distribution" | ||
4 = "Historical reference; this value is not used in Windows" | ||
} | ||
|
||
$RootDomain = Get-ADDomain | ||
$TrustedDomains = Get-ADObject -Filter { ObjectClass -eq "trustedDomain" } -Properties * -Server $RootDomain.PDCEmulator | ||
$AllDomains = @($RootDomain.DNSRoot) | ||
$AllDomains += $($TrustedDomains.trustPartner) | ||
|
||
foreach ($CurrentDomain in $AllDomains) { | ||
$TrustedDomains = Get-ADObject -Filter { ObjectClass -eq "trustedDomain" } -Properties * -Server $CurrentDomain | ||
$TrustedDomains | Select-Object @{L = 'primaryDomain'; E = { $CurrentDomain } }, @{L = 'trustedDomain'; E = { $_.trustPartner } }, @{L = 'NETBIOSName'; E = { $_.flatName } }, @{L = 'trustType'; E = { $trustType[$($_.trustType)] } }, @{L = 'trustDirection'; E = { $trustDirection[$($_.trustDirection)] } } | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1 +1,9 @@ | ||
# PowerShellReports | ||
# PowerShell Reports | ||
|
||
In this repository I collect PowerShell Snippets for reporting purposes, because everybody loves their Excel files ;). Those reports include all possible technologies and are not limit to one product. | ||
|
||
The purpose is to make it easier for everybody to create reports in their daily business and not have to reinvent the wheel. Feel free to contribute if you also have a great report in your script snippets. | ||
|
||
## The only rule of this repository | ||
|
||
Reports do not change anything but the output of the report! |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,29 @@ | ||
<# | ||
.SYNOPSIS | ||
Creates a list of all Group Policies which define a WSUS server. This makes it easy to find clients with wrong WSUS configuration through GPOs | ||
.PARAMETER DomainName | ||
The name of the domain to check | ||
.NOTES | ||
Author: Fabian Bader (fabian.bader@toolsection.info) | ||
#> | ||
#requires -Modules GPO | ||
param( | ||
[Parameter(Mandatory = $true)] | ||
[string]$DomainName | ||
) | ||
$AllGPOs = Get-GPO -All -Server $DomainName | ||
foreach ($GPO in $AllGPOs) { | ||
$GPRegistryValue = Get-GPRegistryValue -Name $GPO.DisplayName -Key "HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate" -ValueName "WUServer" -Domain $GPO.DomainName -ErrorAction SilentlyContinue | ||
if ($GPRegistryValue) { | ||
[pscustomobject]@{ | ||
DisplayName = $GPO.DisplayName | ||
ValueName = $GPRegistryValue.ValueName | ||
Hive = $GPRegistryValue.Hive | ||
PolicyState = $GPRegistryValue.PolicyState | ||
Value = $GPRegistryValue.Value | ||
Type = $GPRegistryValue.Type | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,30 @@ | ||
<# | ||
.SYNOPSIS | ||
List every product category a WSUS service is serving updates. | ||
.PARAMETER ServerName | ||
FQDN of the WSUS server | ||
.PARAMETER WSUSPort | ||
Port of the WSUS webservice. Default 8530 | ||
.NOTES | ||
Author: Fabian Bader (fabian.bader@toolsection.info) | ||
#> | ||
#requires -Modules WSUS | ||
[CmdletBinding()] | ||
param( | ||
[Parameter(Mandatory = $true, | ||
ValueFromPipeline = $true, | ||
ValueFromPipelineByPropertyName = $true)] | ||
[string[]]$ServerName, | ||
|
||
[Parameter(Mandatory = $false)] | ||
$WSUSPort = 8530 | ||
) | ||
|
||
Process { | ||
$WsusServerObject = Get-WsusServer -Name $ServerName -PortNumber $WSUSPort | ||
$WsusSubscription = $WSUSServerObject.GetSubscription() | ||
$wsusSubscription.GetUpdateCategories() | Add-Member -MemberType NoteProperty -Name "WsusServer" -Value $ServerName -PassThru | ||
} |