AD Audit Report with Powershell: Part 3

This is my third and final major update to my AD auditing script. This includes a handful of new useful sections such as domain published printers, NPS servers, DHCP servers, as well as SCCM sites and DPs. Other improvements include easier to use script parameters and bug fixes.

Here is a general list of improvements in version 1.6 of the script:

  • Added registered NPS devices
  • Added registered DHCP devices
  • Added domain registered print devices
  • Added SCCM servers and sites
  • Added wrapper parameters to entire script with some most used options for directly running the script from a powershell prompt.
  • Added ability to prompt for input for all major global variables.
  • Fixed verbose calling for priv groups and users
  • Updated lastlogontimestamp for user export normalization to show never logged in instead of a date from the 1600’s.
  • Added date translation for account expiration in account normalization
  • Updated ad gathering functions to account for inability to connect to a domain and silently exit.
  • Slight rearrangement of report sections.

Unless I missed anything really cool in AD which can be gathered with a regular domain user, this will be my last major update to this script. Get the updated script at the Microsoft Technet Gallery. As always I welcome feedback.

Comments (13)

  1. 4:15 AM, 09/29/2017Paul  / Reply

    Great coding here…. I see 2 warnings in the output : but I guess that’s no issue..

    WARNING: Search-AD: Filter –
    (&((objectCategory=msExchFedSharingRelationship))): Root – : Error – Exception calling “FindAll” with “0” argument(s):

    Wondering if there ever was an update (its now 1.7) of this cool and nifty piece of coding?

    Chrs P

  2. 12:03 PM, 12/16/2014John  / Reply

    Back in April, you said you were updating the reporting engine. Has that been shelved?

    • 12:34 PM, 12/16/2014Zachary Loeber  / Reply

      Sorry, it is just taking me much longer than anticipated as I’m also trying to rewrite the code to support remotely targeting a different forest from that of the machine which is running the script. So I wouldn’t call the efforts shelved but rather held back by other priorities (though I am making slow progress on this project regardless).

  3. 7:49 AM, 04/07/2014John P  / Reply

    Thanks! I looked at the script to see if I could figure out how to also account for an ‘exception’ group for the above case but still being new to Powershell, that’s not happening.

  4. 7:39 AM, 04/03/2014John P  / Reply

    The reports are awesome! My only suggestion would be to include smartcard requirement. We are required to change our passwords every 60 days and when using smartcard logon, the password age can be astronomical. If it is highlighted that they require smartcard logon, the password age could be ignored.

    • 3:13 PM, 04/04/2014Zachary Loeber  / Reply

      Good point! I’m updating the entire reporting engine soon and will include this in my next update for the AD report.

  5. 9:02 AM, 02/11/2014kidgeek  / Reply

    Hu Zachary,

    Thank you so much for your hard work on this script, awesome work.

    Not sure if I have found a bug but on the Domain.html under User Account Statistics -> Password Does Not Expire, the value is 0 for me but the script does identify users with No Pwd Expiry.

    Thought I’d bring it up.

    Thanks once again.

    • 2:26 PM, 02/11/2014Zachary Loeber  / Reply

      I’ll take a look into it and see if I can replicate what you are experiencing. Thanks for the feedback and bug report.

  6. 9:15 AM, 02/04/2014animatco  / Reply

    nice looking script, but a quick question. If I just want to report on one Domain in a Forest, is there away to specify which domain I wish to scan.

    • 9:50 AM, 02/04/2014Zachary Loeber  / Reply

      Right now it only works on the domain/forest which the machine resides unfortunately.

  7. 8:25 AM, 01/27/2014serkan  / Reply

    Hi Zachary Loeber,
    At first thank you very much for your articles.All are really usefull articles. Many times you saved my time.
    I want to list a specific user’s login time and client ip adresses during last 3 months. Do you know any script or any other solution.
    I am using exchange server 2010 with 8000 users.
    Thanks in advance.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.


Get every new post delivered to your Inbox

Join other followers