filipnet/ADDS_Checks.ps1

## ADDS_Checks.ps1
<#
.SYNOPSIS
    Active Directory Domain Services (AD DS) Health and User Reports.

.DESCRIPTION
    This script performs various AD DS health checks, DNS diagnostics, replication status checks,
    and extracts domain admin and password expiry reports.

.PARAMETER LogPath
    Directory to store log and report files (default: C:\ADDS_Checks).

.EXAMPLE
    .\ADDS_Checks.ps1 -LogPath "C:\ADDS_Reports"
    Runs AD DS checks and stores logs in C:\ADDS_Reports.

.NOTES
    - Run as Administrator.
    - Requires Active Directory module.
    - Some commands require domain admin privileges.
#>

param (
    [string]$LogPath = "C:\ADDS_Checks"
)

# Ensure log directory exists
if (!(Test-Path $LogPath)) {
    New-Item -ItemType Directory -Path $LogPath | Out-Null
}

Write-Host "Starting Active Directory Domain Services (AD DS) Health Checks..." -ForegroundColor Cyan

# Active Directory Diagnostic Logs
$dcdiagLog = "$LogPath\dcdiag.log"
$dcdiagDNSLog = "$LogPath\dcdiagDNS.log"

Write-Host "Running DCDIAG..."
dcdiag /e /c /v /f:$dcdiagLog
Write-Host "DCDIAG log saved to $dcdiagLog"

Write-Host "Running DCDIAG DNS Test..."
dcdiag /test:DNS /e /v /f:$dcdiagDNSLog
Write-Host "DCDIAG DNS log saved to $dcdiagDNSLog"

# DNS Commands
Write-Host "Running DNS Checks..."
dnscmd /info
dnscmd /enumzones

# Domain Controllers & Trusts
Write-Host "Listing Domain Controllers and Trusts..."
nltest /dclist:$(Get-ADDomain).DNSRoot
nltest /DSQUERYDNS
nltest /DSGETDC:$(Get-ADDomain).DNSRoot
nltest /dnsgetdc:$(Get-ADDomain).DNSRoot
nltest /domain_trusts

# Replication Status
$replicationCSV = "$LogPath\replication_status.csv"
Write-Host "Checking Replication Status..."
repadmin /showreps
repadmin /replsummary
repadmin /showrepl * /csv > $replicationCSV
Write-Host "Replication status saved to $replicationCSV"

# Domain Admins List
$adminReport = "$LogPath\domain_admins.csv"
Write-Host "Extracting Domain Admins..."
Import-Module ActiveDirectory
Get-ADGroupMember "Domain Admins" | Get-ADUser -Property LastLogonDate |
    Select-Object Name, Surname, GivenName, DistinguishedName, LastLogonDate |
    Export-Csv -NoTypeInformation -Path $adminReport
Write-Host "Domain Admins report saved to $adminReport"

# Password Expiry Report
$expiryReport = "$LogPath\password_expiry.csv"
Write-Host "Checking Password Expiry Dates..."
Get-ADUser -SearchBase "OU=German,OU=Benutzer,DC=<Domain>,DC=<TLD>" -Filter {Enabled -eq $True -and PasswordNeverExpires -eq $False} -Properties "SamAccountName", "msDS-UserPasswordExpiryTimeComputed" |
    Select-Object -Property "SamAccountName", @{Name="Password Expiry Date"; Expression={[datetime]::FromFileTime($_."msDS-UserPasswordExpiryTimeComputed")}} |
    Export-Csv -NoTypeInformation -Path $expiryReport
Write-Host "Password expiry report saved to $expiryReport"

Write-Host "Active Directory Domain Services (AD DS) checks completed!" -ForegroundColor Green
	<#
	.SYNOPSIS
	Active Directory Domain Services (AD DS) Health and User Reports.

	.DESCRIPTION
	This script performs various AD DS health checks, DNS diagnostics, replication status checks,
	and extracts domain admin and password expiry reports.

	.PARAMETER LogPath
	Directory to store log and report files (default: C:\ADDS_Checks).

	.EXAMPLE
	.\ADDS_Checks.ps1 -LogPath "C:\ADDS_Reports"
	Runs AD DS checks and stores logs in C:\ADDS_Reports.

	.NOTES
	- Run as Administrator.
	- Requires Active Directory module.
	- Some commands require domain admin privileges.
	#>

	param (
	[string]$LogPath = "C:\ADDS_Checks"
	)

	# Ensure log directory exists
	if (!(Test-Path $LogPath)) {
	New-Item -ItemType Directory -Path $LogPath \| Out-Null
	}

	Write-Host "Starting Active Directory Domain Services (AD DS) Health Checks..." -ForegroundColor Cyan

	# Active Directory Diagnostic Logs
	$dcdiagLog = "$LogPath\dcdiag.log"
	$dcdiagDNSLog = "$LogPath\dcdiagDNS.log"

	Write-Host "Running DCDIAG..."
	dcdiag /e /c /v /f:$dcdiagLog
	Write-Host "DCDIAG log saved to $dcdiagLog"

	Write-Host "Running DCDIAG DNS Test..."
	dcdiag /test:DNS /e /v /f:$dcdiagDNSLog
	Write-Host "DCDIAG DNS log saved to $dcdiagDNSLog"

	# DNS Commands
	Write-Host "Running DNS Checks..."
	dnscmd /info
	dnscmd /enumzones

	# Domain Controllers & Trusts
	Write-Host "Listing Domain Controllers and Trusts..."
	nltest /dclist:$(Get-ADDomain).DNSRoot
	nltest /DSQUERYDNS
	nltest /DSGETDC:$(Get-ADDomain).DNSRoot
	nltest /dnsgetdc:$(Get-ADDomain).DNSRoot
	nltest /domain_trusts

	# Replication Status
	$replicationCSV = "$LogPath\replication_status.csv"
	Write-Host "Checking Replication Status..."
	repadmin /showreps
	repadmin /replsummary
	repadmin /showrepl * /csv > $replicationCSV
	Write-Host "Replication status saved to $replicationCSV"

	# Domain Admins List
	$adminReport = "$LogPath\domain_admins.csv"
	Write-Host "Extracting Domain Admins..."
	Import-Module ActiveDirectory
	Get-ADGroupMember "Domain Admins" \| Get-ADUser -Property LastLogonDate \|
	Select-Object Name, Surname, GivenName, DistinguishedName, LastLogonDate \|
	Export-Csv -NoTypeInformation -Path $adminReport
	Write-Host "Domain Admins report saved to $adminReport"

	# Password Expiry Report
	$expiryReport = "$LogPath\password_expiry.csv"
	Write-Host "Checking Password Expiry Dates..."
	Get-ADUser -SearchBase "OU=German,OU=Benutzer,DC=<Domain>,DC=<TLD>" -Filter {Enabled -eq $True -and PasswordNeverExpires -eq $False} -Properties "SamAccountName", "msDS-UserPasswordExpiryTimeComputed" \|
	Select-Object -Property "SamAccountName", @{Name="Password Expiry Date"; Expression={[datetime]::FromFileTime($_."msDS-UserPasswordExpiryTimeComputed")}} \|
	Export-Csv -NoTypeInformation -Path $expiryReport
	Write-Host "Password expiry report saved to $expiryReport"

	Write-Host "Active Directory Domain Services (AD DS) checks completed!" -ForegroundColor Green
No results found