@mvelezwhitesbs
Sign in to post a link or comment!
mupa joined the group
PowerShell 15 hours, 27 minutes ago
Sponsor posted an update in the group
PowerShell 1 day, 6 hours ago
PowerShell is great but together with ScriptRunner it becomes a real solution for every organization.
With the new ScriptRunner features it is super easy to securely delegate administrative tasks to your help desk team and even end-users. The ScriptRunner reports and dashboards help you now to visualize infrastructure analyses and the time your organization saved by automating with ScriptRunner.
Register for free
Joachim Otahal commented on
Install and schedule Windows updates with PowerShell 2 days, 5 hours agoWe have 2022 January, and it still works from Powershell 2.0 on Windows Vista / Server 2008 (without R2) up to Windows 11 newest insider build. Just tested...
-
Mehdi commented on
Perform Active Directory security assessment using PowerShell 5 days, 8 hours agoHi,
i made some progress, the script can be used from Computer Client like Win10, and he dont need to import Active Directory modules,
also dont need to enter config.ini DC information, it will be get automatically -
Jonathan Droesch commented on
Perform Active Directory security assessment using PowerShell 6 days, 7 hours agoSorry my bad, 551 was good, it's the 567 that need to be change.
551 : $domaininfo.RIDMaster --> $domaininfo.DomainMode
567 : $domaininfo.DomainMode --> $domaininfo.RIDMaster -
Mehdi commented on
Perform Active Directory security assessment using PowerShell 6 days, 16 hours agoHi Krishnamoorthi,
as I explained above, there is the possibility of packaging the AD module, to launch the script from a client, it will be more secure than doing it on the DC itself, adjust it too to remove the static variables will be interesting, as well as a GUI, if you agree you can tell me how to contact you to optimize it 
Krishnamoorthi Gopal commented on
Perform Active Directory security assessment using PowerShell 1 week agoMake sure Powershell AD Module is exists from where u running the script
-
First of all, thank for the script.
Unlikely I'm just getting one User out of the script with the following error in PowerShell:
Get-ADUser : Not a valid Win32-FileTime.
Parametername: fileTime -
Krishnamoorthi Gopal commented on
Perform Active Directory security assessment using PowerShell 1 week agoThanks for reminding... Its updated
-
Thank you very much Krishnamoorthi. That was it. I am so sorry about such a stupid mistake. 🙂
Thank you, I appreciate your help.Tomas
-
Ah, of course, forgot I'd need to expand the list of properties. Used that and have now resolved them all and documented them just incase.
Thanks again.
-
Krishnamoorthi Gopal commented on
Perform Active Directory security assessment using PowerShell 1 week agoget-aduser -filter * -properties * | where {$_.PasswordNotRequired -eq $true}
Try the above one
-
Krishnamoorthi Gopal commented on
Perform Active Directory security assessment using PowerShell 1 week agoPls remove txt from the INI file format..It is Config.ini.txt currently
-
Thank you for this, it's really helpful and puts my mind at ease to see a lot of green. I do have a query with regards to the 'Users with Password Not Required' line though. My report found;
10,000 odd Total Users
3000 enabled
7000 disabled
1100 inactive (how many days does it use for inactivity out of interest?)
6000 users with password not requiredIt's that last line that concerns me but looking into the script it's looking at all users where 'passwordnotrequired -eq $true'. I've ran that myself with get-aduser -filter * | where {$_.PasswordNotRequired -eq $true} and I get 0 results (which I'd expect). Any thoughts on why it's pulling 6000 as part of the wider script?
-
Hello Krishnamoorthi,
I took your config.ini files and put it to the same location:
PS C:ADcheck> dirDirectory: C:ADcheck
Mode LastWriteTime Length Name
---- ------------- ------ ----
-a---- 1/8/2022 11:31 AM 33181 AD_SecurityCheck.ps1
-a---- 1/11/2022 7:54 AM 241 Config.ini.txt
-a---- 1/11/2022 7:54 AM 866 Log11_01_2022-07_54_25.log
-a---- 1/11/2022 7:54 AM 15543 Reports11_01_2022-07_54_25.htmPS C:ADcheck>
Result:
PS C:ADcheck> .AD_SecurityCheck.ps1
Cannot find path 'C:ADcheckConfig.ini' because it does not exist.
At C:ADcheckAD_SecurityCheck.ps1:43 char:25
+ switch -regex -file $FilePath
+ ~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (C:ADcheckConfig.ini:String) [], ItemNotFoundException
+ FullyQualifiedErrorId : PathNotFoundYou cannot call a method on a null-valued expression.
At C:ADcheckAD_SecurityCheck.ps1:82 char:1I have even tried to copy config.ini to C: root, but no success. And thats why I am wondering, why that issue is.
Thank youTomas
-
Hello Michael,
-the script uses hard variables which limits it to DCs in English
-the try catch method is not efficient to return error
-an AD module can be injected in order to be able to launch the script without prerequisite and from client
-I even thought to make a simple GUI interface which displays the result and allows advance configuration .ini
but like I said? is there more interest than pingCastel -
Jonathan Droesch commented on
Perform Active Directory security assessment using PowerShell 1 week agoHello guys,what a nice script, I just noticed a little error in the variable of RID master.
Can you please edit the line 551 with $domaininfo.RIDMaster instead of $domaininfo.DomainMode ?Thanks
-
Krishnamoorthi Gopal commented on
Perform Active Directory security assessment using PowerShell 1 week agoScript and INI file should be there in the same directory. Post the screenshot if you looking for the further help.
You can take INI file from here - https://github.com/gkm-automation/AD-Security-Assessment
-
Hello,
I am no as good as I expected in PowerShell, I was try to run script but cannot go trough this:
Cannot find path 'C:ADcheckConfig.ini' because it does not exist.Even that file is on expected path, no success. And I think this is, what stopped me from running it.
I will appreciate any advices.
Thank you
Tomas 
Michael Pietroforte commented on
Perform Active Directory security assessment using PowerShell 1 week, 1 day agoMehdi, don't be shy. It is fine to share your adjustments here.
- Load More
