Adaudit – Powershell Script To Do Domain Auditing Automation

PowerShell Script to accomplish a snappy AD audit

_____ ____     _____       _ _ _
| _ | | _ |_ _ _| |_| |_
| | | | | | | | . | | _|
|__|__|____/ |__|__|___|___|_|_|
by way of phillips321

If you’ve any respectable powershell one liners which may be used within the script please let me know. I’m seeking to stay this script as a unmarried report without a necessities on exterior equipment (rather than ntdsutil and cmd.exe)
Run without delay on a DC the use of a DA. If you do not accept as true with the code I recommend studying it first and you’ll be able to see it is all risk free! (But mustn’t you be doing that anyway with code you download off the web after which run as DA??)
audit (and checking SYSVOL for passwords)

  • Get-GPOtoFile
  • Get-GPOsPerOU
  • Get-SYSVOLXMLS
  • Check Generic Group AD Permissions
    • Get-OUPerms
  • Check For Existence of LAPS in area
    • Get-LAPSStatus
  • Check For Existence of Authentication Polices and Silos
    • Get-AuthenticationPoliciesAndSilos
  • Runtime Args
    The following switches can be utilized together

    • -hostdetails retrieves hostname and different helpful audit information
    • -domainaudit retrieves details about the AD comparable to purposeful stage
    • -trusts retrieves details about any doman trusts
    • -accounts identifies account problems comparable to expired, disabled, and many others…
    • -passwordpolicy retrieves password coverage knowledge
    • -ntds dumps the NTDS.dit report the use of ntdsutil
    • -oldboxes known out of date OSs like XP/2003 joined to the area
    • -gpo dumps the GPOs in XML and HTML for later research
    • -ouperms exams generic OU permission problems
    • -laps exams if LAPS is put in
    • -authpolsilos exams for existenece of authentication insurance policies and silos
    • -all runs all exams, e.g. AdvertAudit.ps1 -all
    Download Adaudit