• Ah, of course, forgot I'd need to expand the list of properties. Used that and have now resolved them all and documented them just incase.

    Thanks again.

  • Thank you for this, it's really helpful and puts my mind at ease to see a lot of green. I do have a query with regards to the 'Users with Password Not Required' line though. My report found;

    10,000 odd Total Users
    3000 enabled
    7000 disabled
    1100 inactive (how many days does it use for inactivity out of interest?)
    6000 users with password not required

    It's that last line that concerns me but looking into the script it's looking at all users where 'passwordnotrequired -eq $true'. I've ran that myself with get-aduser -filter * | where {$_.PasswordNotRequired -eq $true} and I get 0 results (which I'd expect). Any thoughts on why it's pulling 6000 as part of the wider script?

  • Hello Krishnamoorthi,
    I took your config.ini files and put it to the same location:
    PS C:ADcheck> dir

    Directory: C:ADcheck

    Mode LastWriteTime Length Name
    ---- ------------- ------ ----
    -a---- 1/8/2022 11:31 AM 33181 AD_SecurityCheck.ps1
    -a---- 1/11/2022 7:54 AM 241 Config.ini.txt
    -a---- 1/11/2022 7:54 AM 866 Log11_01_2022-07_54_25.log
    -a---- 1/11/2022 7:54 AM 15543 Reports11_01_2022-07_54_25.htm

    PS C:ADcheck>
    Result:
    PS C:ADcheck> .AD_SecurityCheck.ps1
    Cannot find path 'C:ADcheckConfig.ini' because it does not exist.
    At C:ADcheckAD_SecurityCheck.ps1:43 char:25
    + switch -regex -file $FilePath
    + ~~~~~~~~~
    + CategoryInfo : ObjectNotFound: (C:ADcheckConfig.ini:String) [], ItemNotFoundException
    + FullyQualifiedErrorId : PathNotFound

    You cannot call a method on a null-valued expression.
    At C:ADcheckAD_SecurityCheck.ps1:82 char:1

    I have even tried to copy config.ini to C: root, but no success. And thats why I am wondering, why that issue is.
    Thank you

    Tomas

  • Hello Michael,
    -the script uses hard variables which limits it to DCs in English
    -the try catch method is not efficient to return error
    -an AD module can be injected in order to be able to launch the script without prerequisite and from client
    -I even thought to make a simple GUI interface which displays the result and allows advance configuration .ini
    but like I said? is there more interest than pingCastel

  • Hello guys,what a nice script, I just noticed a little error in the variable of RID master.
    Can you please edit the line 551 with $domaininfo.RIDMaster instead of $domaininfo.DomainMode ?

    Thanks

  • Too young, we've to wait the SP1 or something like that.

  • Hello,
    I am no as good as I expected in PowerShell, I was try to run script but cannot go trough this:
    Cannot find path 'C:ADcheckConfig.ini' because it does not exist.

    Even that file is on expected path, no success. And I think this is, what stopped me from running it.
    I will appreciate any advices.
    Thank you
    Tomas

  • sorry, I'm not using -ComputerName, but -HostName 😉

  • Hi! Thanks for this post, very useful.

    When I try to connect (Windows 10 -> Linux (synology nas)), using this command:
    $s = New-PSSession -ComputerName myComputer -UserName userName -Port sshPort

    It ask me the password and then I have the following error message:
    OpenError: [192.168.0.10] The background process reported an error with the following message: The SSH client session has ended with error message: subsystem request failed on channel 0.

    Any idea why? (I didn't install anything on my Synology NAS, but activated ssh in the settings and I'm able to ssh using the standard command 'ssh username@ipaddress -p sshPort')

  • Hi,

    First thanks you for your script and for sharing, it is a aood idea, i tested it and every things work fine,
    i made also same adjustement, but i hesitate to contribute if it's worth it, because i wonder if pingcastle doesn't do the same with more details.

  • In the upcoming world of 2022, I had to do this nonsense to set colors that work with a black Fluent Terminal background:

    Get-PSReadlineOption  # list all.  (alias: just 'psreadlineoption')
    
    Set-PSReadLineOption -Colors @{ "Command"="White" }
    Set-PSReadLineOption -Colors @{ "Operator"="DarkBlue" }
    Set-PSReadLineOption -Colors @{ "String"="Yellow" }
    Set-PSReadLineOption -Colors @{ "Parameter"="Blue" }
    Set-PSReadLineOption -Colors @{ "Comment"="Gray" }
    
    # which syntax I found here:
    get-help Set-PSReadLineOption -examples
    
  • Found the answer by Googling it. Apparently in Github, you have to choose the "Raw" button. If you try to download the file, a bunch of Github junk comes down with the file.

  • Getting a ton of these types of errors
    t C:UsersDesktopAD_SecurityCheck.ps1:261 char:138
    + ... -primary text-bold py-2" data-hydro-click="{"event_type":&q ...
    + ~
    The ampersand (&) character is not allowed. The & operator is reserved for future use; wrap an
    ampersand in double quotation marks ("&") to pass it as part of a string.
    At C:UsersMFAdminDesktopAD_SecurityCheck.ps1:261 char:145
    + ... y text-bold py-2" data-hydro-click="{"event_type":"ana ...
    + ~
    The ampersand (&) character is not allowed. The & operator is reserved for future use; wrap an
    ampersand in double quotation marks ("&") to pass it as part of a string.

  • I have tried clicking on a few of the links and either I get a 404 error or they just don't work at all.
    Thanks for at least posting it seems like it would help out.

    avatar
  • You know I am not trying to sound like a jerk, but I didn't see your previous post.
    Is there something wrong with posting it again? Not everyone posts or replies
    at the same time. Plus we do miss posts. But that's ok I will just ask some of your other colleague's who probably wouldn't mind assisting me.

  • Looks nice.. but yeah got errors also.. And got no idea what it should be...

    At C:InstallAD_Securitycheck.ps1:46 char:15
    +         �^[(.+)]� # Section
    +               ~
    Missing statement block in switch statement clause.
    At C:InstallAD_Securitycheck.ps1:46 char:19
    +         �^[(.+)]� # Section
    +                   ~
    Missing statement block in switch statement clause.
    At C:InstallAD_Securitycheck.ps1:52 char:13
    +         �^(;.*)$� # Comment
    +             ~
    Missing statement block in switch statement clause.
    At C:InstallAD_Securitycheck.ps1:52 char:14
    +         �^(;.*)$� # Comment
    +              ~
    An expression was expected after '('.
    At C:InstallAD_Securitycheck.ps1:52 char:14
    +         �^(;.*)$� # Comment
    +              ~
    Missing closing ')' in expression.
    At C:InstallAD_Securitycheck.ps1:52 char:14
    +         �^(;.*)$� # Comment
    +              ~
    Missing statement block in switch statement clause.
    At C:InstallAD_Securitycheck.ps1:52 char:17
    +         �^(;.*)$� # Comment
    +                 ~
    Missing statement block in switch statement clause.
    At C:InstallAD_Securitycheck.ps1:52 char:17
    +         �^(;.*)$� # Comment
    +                 ~
    Missing condition in switch statement clause.
    At C:InstallAD_Securitycheck.ps1:42 char:1
    + {
    + ~
    Missing closing '}' in statement block or type definition.
    At C:InstallAD_Securitycheck.ps1:52 char:17
    +         �^(;.*)$� # Comment
    +                 ~
    Unexpected token ')' in expression or statement.
    Not all parse errors were reported.  Correct the reported errors and try again.
        + CategoryInfo          : ParserError: (:) [], ParentContainsErrorRecordException
        + FullyQualifiedErrorId : MissingSwitchStatementClause
  • PS C:userswrdownloads> .AD_SecurityCheck.ps1
    At C:userswrdownloadsAD_SecurityCheck.ps1:46 char:15
    +         �^[(.+)]� # Section
    +               ~
    Missing statement block in switch statement clause.
    At C:userswrdownloadsAD_SecurityCheck.ps1:46 char:19
    +         �^[(.+)]� # Section
    +                   ~
    Missing statement block in switch statement clause.
    At C:userswrdownloadsAD_SecurityCheck.ps1:52 char:13
    +         �^(;.*)$� # Comment
    +             ~
    Missing statement block in switch statement clause.
    At C:userswrdownloadsAD_SecurityCheck.ps1:52 char:14
    +         �^(;.*)$� # Comment
    +              ~
    An expression was expected after '('.
    At C:userswrdownloadsAD_SecurityCheck.ps1:52 char:14
    +         �^(;.*)$� # Comment
    +              ~
    Missing closing ')' in expression.
    At C:userswrdownloadsAD_SecurityCheck.ps1:52 char:14
    +         �^(;.*)$� # Comment
    +              ~
    Missing statement block in switch statement clause.
    At C:userswrdownloadsAD_SecurityCheck.ps1:52 char:17
    +         �^(;.*)$� # Comment
    +                 ~
    Missing statement block in switch statement clause.
    At C:userswrdownloadsAD_SecurityCheck.ps1:52 char:17
    +         �^(;.*)$� # Comment
    +                 ~
    Missing condition in switch statement clause.
    At C:userswrdownloadsAD_SecurityCheck.ps1:42 char:1
    + {
    + ~
    Missing closing '}' in statement block or type definition.
    At C:userswridownloadsAD_SecurityCheck.ps1:52 char:17
    +         �^(;.*)$� # Comment
  • You need to replace � with "
    and ofcourse create a config.ini

  • Load More
© 4sysops 2006 - 2022

CONTACT US

Please ask IT administration questions in the forums. Any other messages are welcome.

Sending

Log in with your credentials

or    

Forgot your details?

Create Account