-
Notifications
You must be signed in to change notification settings - Fork 1
/
ADSS Audit (Enhanced) - Shows Orphans.ps1
91 lines (87 loc) · 3.47 KB
/
ADSS Audit (Enhanced) - Shows Orphans.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
<#
Active Directory Sites and Subnets Report
Release 1.0 Written by Jeremy@jhouseconsulting.com 13th September 2013
#>
#-------------------------------------------------------------
# Get the script path
$ScriptPath = 'C:\temp'
$SitesReport = $ScriptPath + "\ActiveDirectorySitesReport.csv"
$SubnetsReport = $ScriptPath + "\ActiveDirectorySubnetsReport.csv"
#-------------------------Site Report-------------------------
# This module was Written by Brian Seltzer
# List Sites and Subnets in Active Directory using PowerShell
# http://www.itadmintools.com/2011/08/list-sites-and-subnets-in-active.html
$siteDescription=@{}
$siteSubnets=@{}
$sitesDN="LDAP://CN=Sites," + $([adsi] "LDAP://RootDSE").Get("ConfigurationNamingContext")
$subnetsDN="LDAP://CN=Subnets,CN=Sites," + $([adsi] "LDAP://RootDSE").Get("ConfigurationNamingContext")
#get the site names and descriptions
foreach ($site in $([adsi] $sitesDN).psbase.children){
if($site.objectClass -eq "site"){
$siteName=([string]$site.cn).toUpper()
$siteDescription[$siteName]=$site.Description
$siteSubnets[$siteName]=@()
}
}
#get the subnets and associate them with the sites
foreach ($subnet in $([adsi] $subnetsDN).psbase.children){
$site=[adsi] "LDAP://$($subnet.siteObject)"
if($site.cn -ne $null){
$siteName=([string]$site.cn).toUpper()
$siteSubnets[$siteName] += $subnet.cn
}else{
$siteDescription["Orphaned"]="Subnets not associated with any site"
if($siteSubnets["Orphaned"] -eq $null){ $siteSubnets["Orphaned"] = @() }
$siteSubnets["Orphaned"] += $subnet.cn
}
}
#write output to screen
foreach ($siteName in $siteDescription.keys | sort){
"$siteName $($siteDescription[$siteName])"
foreach ($subnet in $siteSubnets[$siteName]){
"`t$subnet"
}
}
#-------------------------Site Report-------------------------
$allsites = @()
$sitesDN="LDAP://CN=Sites," + $([adsi] "LDAP://RootDSE").Get("ConfigurationNamingContext")
#get the site names and descriptions
foreach ($site in $([adsi] $sitesDN).psbase.children){
if($site.objectClass -eq "site"){
$data = "" | select Name, Description, Location
$data.Name = $($site.Name)
$data.Description = $($site.Description)
$data.Location = $($site.Location)
$allsites += $data
}
}
Write-Host -ForegroundColor Green $allsites.count "sites have been exported to $SitesReport"
$allsites | Sort-Object Name | Export-Csv -notype "$SitesReport"
# Remove the quotes
(get-content "$SitesReport") |% {$_ -replace '"',""} | out-file "$SitesReport" -Fo -En ascii
#-----------------------Subnet Report-------------------------
$allsubnets = @()
$subnetsDN="LDAP://CN=Subnets,CN=Sites," + $([adsi] "LDAP://RootDSE").Get("ConfigurationNamingContext")
foreach ($subnet in $([adsi] $subnetsDN).psbase.children){
$net = [ADSI]"$($subnet.Path)"
$data = "" | select Site, Name, Description, Location
If ($($net.cn).Contains("CNF:") -eq $False) {
$data.name = $($net.cn)
} else {
$data.name = [string]::join("\0A",($($net.cn).Split("`n")))
}
$data.Location = $($net.location)
$data.Description = $($net.description)
If ($net.siteobject -ne $NULL) {
$st = $($net.siteobject).split(",")
$data.site = $st[0].Replace("CN=","")
} Else {
$st = "*Orphaned"
$data.site = $st
}
$allsubnets += $data
}
Write-Host -ForegroundColor Green $allsubnets.count "subnets have been exported to $SubnetsReport"
$allsubnets | Sort-Object Site | Export-Csv -notype "$SubnetsReport"
# Remove the quotes
(get-content "$SubnetsReport") |% {$_ -replace '"',""} | out-file "$SubnetsReport" -Fo -En ascii