Skip to content

Commit

Permalink
Merge pull request #135 from AsBuiltReport/dev
Browse files Browse the repository at this point in the history
v0.7.15 public release
  • Loading branch information
rebelinux authored Oct 3, 2023
2 parents 9b5ffd0 + 0b6e557 commit 03f0cb8
Show file tree
Hide file tree
Showing 40 changed files with 782 additions and 470 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/Release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ jobs:
publish-to-gallery:
runs-on: windows-2019
steps:
- uses: actions/checkout@v2
- uses: actions/checkout@v3
- name: Set PSRepository to Trusted for PowerShell Gallery
shell: pwsh
run: |
Expand Down
1 change: 1 addition & 0 deletions AsBuiltReport.Microsoft.AD.Style.ps1
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ Style -Name 'Title 3' -Size 12 -Color '1F6BCF' -Align Left
Style -Name 'Heading 1' -Size 16 -Color '0078D4'
Style -Name 'Heading 2' -Size 14 -Color '00447C'
Style -Name 'Heading 3' -Size 13 -Color '0081FF'
Style -Name 'NO TOC Heading 3' -Size 13 -Color '0081FF'
Style -Name 'Heading 4' -Size 12 -Color '0077B7'
Style -Name 'NO TOC Heading 4' -Size 12 -Color '0077B7'
Style -Name 'Heading 5' -Size 11 -Color '1A9BA3'
Expand Down
4 changes: 2 additions & 2 deletions AsBuiltReport.Microsoft.AD.psd1
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@
RootModule = 'AsBuiltReport.Microsoft.AD.psm1'

# Version number of this module.
ModuleVersion = '0.7.14'
ModuleVersion = '0.7.15'

# Supported PSEditions
# CompatiblePSEditions = @()
Expand Down Expand Up @@ -117,7 +117,7 @@ PrivateData = @{
ProjectUri = 'https://github.com/AsBuiltReport/AsBuiltReport.Microsoft.AD'

# A URL to an icon representing this module.
IconUri = 'https://raw.githubusercontent.com/AsBuiltReport/AsBuiltReport/master/AsBuiltReport.png'
IconUri = 'https://github.com/AsBuiltReport.png'

# ReleaseNotes of this module
ReleaseNotes = 'https://raw.githubusercontent.com/AsBuiltReport/AsBuiltReport.Microsoft.AD/master/CHANGELOG.md'
Expand Down
7 changes: 7 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,5 +1,12 @@
# :arrows_clockwise: Microsoft AD As Built Report Changelog

## [0.7.15] - 2023-10-03

### Changed

- Improved verbose logging
- Improved PKI Section

## [0.7.14] - 2023-07-25

### Fixed
Expand Down
6 changes: 3 additions & 3 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
<!-- ********** DO NOT EDIT THESE LINKS ********** -->
<p align="center">
<a href="https://www.asbuiltreport.com/" alt="AsBuiltReport"></a>
<img src='https://raw.githubusercontent.com/AsBuiltReport/AsBuiltReport/master/AsBuiltReport.png' width="8%" height="8%" /></a>
<img src='https://avatars.githubusercontent.com/u/42958564' width="8%" height="8%" /></a>
</p>
<p align="center">
<a href="https://www.powershellgallery.com/packages/AsBuiltReport.Microsoft.AD/" alt="PowerShell Gallery Version">
Expand Down Expand Up @@ -85,7 +85,7 @@ This report does not support Linux or Mac due to the fact that the ActiveDirecto

A Microsoft AD As Built Report can be generated with Active Directory Enterprise Forest level privileges. Since this report relies extensively on the WinRM component, you should make sure that it is enabled and configured. [Reference](https://docs.microsoft.com/en-us/windows/win32/winrm/installation-and-configuration-for-windows-remote-management)

Due to a limitation of the WinRM component, a domain-joined machine is needed, also it is required to use the FQDN of the DC instead of its IP address.
Due to a limitation of the WinRM component, a domain-joined machine is needed, also it is required to use the FQDN of the DC instead of it's IP address.
[Reference](https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_remote_troubleshooting?view=powershell-7.1#how-to-use-an-ip-address-in-a-remote-command)

## :package: Module Installation
Expand Down Expand Up @@ -222,7 +222,7 @@ PS C:\> New-AsBuiltReport -Report Microsoft.AD -Target 'admin-dc-01v.contoso.loc

- Issues with WinRM when using the IP address instead of the "Fully Qualified Domain Name".
- This project relies heavily on the remote connection function through WinRM. For this reason the use of a Windows 10 client is specifically used as a jumpbox.
- The report provides the ability to extract the configuration of the DHCP/DNS services. In order to obtain this information it is required that the servers running these services have powershell modules installed for each service (RSAT-DNS-Server & RSAT-AD-PowerShell).
- The report provides the ability to extract the configuration of the DNS services. In order to obtain this information it is required that the servers running these services have powershell modules installed for each service (RSAT-DNS-Server & RSAT-AD-PowerShell).
- This report assumes that the DNS Server service is running on the same server where Domain Controller is running (Cohost).
- In some cases when trying to update the report, an error similar to this is generated:
- "PackageManagement\Install-Package : Authenticode issuer 'CN="xyz, INC.", O="xyz, INC.", L=San Jose, S=California on the previusly-installed module 'PSPKI'. If you still want to install or update, use -SkipPublisherCheck parameter."
Expand Down
4 changes: 2 additions & 2 deletions Src/Private/Get-AbrADCAAIA.ps1
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ function Get-AbrADCAAIA {
.DESCRIPTION
.NOTES
Version: 0.7.13
Version: 0.7.15
Author: Jonathan Colon
Twitter: @jcolonfzenpr
Github: rebelinux
Expand All @@ -28,7 +28,7 @@ function Get-AbrADCAAIA {

process {
if ($CA) {
Section -Style Heading4 "Authority Information Access (AIA)" {
Section -Style Heading3 "Authority Information Access (AIA)" {
Paragraph "The following section provides the Certification Authority Authority Information Access information."
BlankLine
try {
Expand Down
12 changes: 6 additions & 6 deletions Src/Private/Get-AbrADCACRLSetting.ps1
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ function Get-AbrADCACRLSetting {
.DESCRIPTION
.NOTES
Version: 0.7.13
Version: 0.7.15
Author: Jonathan Colon
Twitter: @jcolonfzenpr
Github: rebelinux
Expand All @@ -28,10 +28,10 @@ function Get-AbrADCACRLSetting {

process {
try {
Section -Style Heading4 "Certificate Revocation List (CRL)" {
Section -Style Heading3 "Certificate Revocation List (CRL)" {
Paragraph "The following section provides the Certification Authority CRL Distribution Point information."
BlankLine
Section -Style Heading5 "CRL Validity Period" {
Section -Style Heading4 "CRL Validity Period" {
$OutObj = @()
try {
Write-PscriboMessage "Collecting AD CA CRL Validity Period information on $($CA.Name)."
Expand Down Expand Up @@ -67,7 +67,7 @@ function Get-AbrADCACRLSetting {
$OutObj | Sort-Object -Property 'CA Name' | Table @TableParams
}
try {
Section -Style Heading5 "CRL Flags Settings" {
Section -Style Heading4 "CRL Flags Settings" {
$OutObj = @()
try {
Write-PscriboMessage "Collecting AD CA CRL Distribution Point information on $($CA.Name)."
Expand Down Expand Up @@ -105,7 +105,7 @@ function Get-AbrADCACRLSetting {
Write-PscriboMessage -IsWarning "CRL Validity Period Section: $($_.Exception.Message)"
}
try {
Section -Style Heading5 "CRL Distribution Point" {
Section -Style Heading4 "CRL Distribution Point" {
Paragraph "The following section provides the Certification Authority CRL Distribution Point information."
BlankLine
try {
Expand Down Expand Up @@ -157,7 +157,7 @@ function Get-AbrADCACRLSetting {
Write-PscriboMessage -IsWarning "$($_.Exception.Message) (CRL Distribution Point)"
}
try {
Section -Style Heading4 "AIA and CDP Health Status" {
Section -Style Heading3 "AIA and CDP Health Status" {
Paragraph "The following section is intended to perform Certification Authority health status checking by CA certificate chain status and validating all CRL Distribution Point (CDP) and Authority Information Access (AIA) URLs for each certificate in the chain."
BlankLine
$OutObj = @()
Expand Down
4 changes: 2 additions & 2 deletions Src/Private/Get-AbrADCACryptographyConfig.ps1
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ function Get-AbrADCACryptographyConfig {
.DESCRIPTION
.NOTES
Version: 0.7.9
Version: 0.7.15
Author: Jonathan Colon
Twitter: @jcolonfzenpr
Github: rebelinux
Expand All @@ -30,7 +30,7 @@ function Get-AbrADCACryptographyConfig {
if ($CA) {
$CryptoConfig = Get-CACryptographyConfig -CertificationAuthority $CA
if ($CryptoConfig) {
Section -Style Heading4 "Cryptography Configuration" {
Section -Style Heading3 "Cryptography Configuration" {
Paragraph "The following section provides the Certification Authority Cryptography Configuration information."
BlankLine
$OutObj = @()
Expand Down
5 changes: 2 additions & 3 deletions Src/Private/Get-AbrADCAKeyRecoveryAgent.ps1
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ function Get-AbrADCAKeyRecoveryAgent {
.DESCRIPTION
.NOTES
Version: 0.7.9
Version: 0.7.15
Author: Jonathan Colon
Twitter: @jcolonfzenpr
Github: rebelinux
Expand All @@ -31,7 +31,6 @@ function Get-AbrADCAKeyRecoveryAgent {
try {
$KRA = Get-CAKRACertificate -CertificationAuthority $CA
if ($KRA.Certificate) {
Write-PscriboMessage "Collecting Key Recovery Agent Certificate Certificate information of $($KRA.DisplayName)."
$inObj = [ordered] @{
'CA Name' = $KRA.DisplayName
'Server Name' = $KRA.ComputerName.ToString().ToUpper().Split(".")[0]
Expand All @@ -45,7 +44,7 @@ function Get-AbrADCAKeyRecoveryAgent {
}

if ($OutObj) {
Section -Style Heading4 "Key Recovery Agent Certificate" {
Section -Style Heading3 "Key Recovery Agent Certificate" {
Paragraph "The following section provides the Key Recovery Agent certificate used to encrypt user's certificate private key and store it in CA database. In the case when user cannot access his or her certificate private key it is possible to recover it by Key Recovery Agent if Key Archival procedure was taken against particular certificate."
BlankLine
foreach ($Item in $OutObj) {
Expand Down
10 changes: 6 additions & 4 deletions Src/Private/Get-AbrADCARoot.ps1
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ function Get-AbrADCARoot {
.DESCRIPTION
.NOTES
Version: 0.7.9
Version: 0.7.15
Author: Jonathan Colon
Twitter: @jcolonfzenpr
Github: rebelinux
Expand All @@ -24,10 +24,8 @@ function Get-AbrADCARoot {

process {
try {
Write-PscriboMessage "Discovering Active Directory Certification Authority information in $($ForestInfo.toUpper())."
Write-PscriboMessage "Discovered '$(($CAs | Measure-Object).Count)' Active Directory Certification Authority in domain $ForestInfo."
if ($CAs | Where-Object {$_.IsRoot -like 'True'}) {
Section -Style Heading3 "Enterprise Root Certificate Authority" {
Section -Style Heading2 "Enterprise Root Certificate Authority" {
Paragraph "The following section provides the Enterprise Root CA information."
BlankLine
$OutObj = @()
Expand All @@ -40,13 +38,17 @@ function Get-AbrADCARoot {
'Config String' = $CA.ConfigString
'Operating System' = $CA.OperatingSystem
'Certificate' = $CA.Certificate
'Auditing' = &{
(Find-AuditingIssue -ADCSObjects (Get-ADCSObject $ForestInfo) | Where-Object {$_.Name -eq $CA.DisplayName}).Issue
}
'Status' = $CA.ServiceStatus
}
$OutObj += [pscustomobject]$inobj
}

if ($HealthCheck.CA.Status) {
$OutObj | Where-Object { $_.'Service Status' -notlike 'Running'} | Set-Style -Style Critical -Property 'Service Status'
$OutObj | Where-Object { $_.'Auditing' -notlike 'Running'} | Set-Style -Style Critical -Property 'Auditing'
}

$TableParams = @{
Expand Down
8 changes: 4 additions & 4 deletions Src/Private/Get-AbrADCASecurity.ps1
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ function Get-AbrADCASecurity {
.DESCRIPTION
.NOTES
Version: 0.7.9
Version: 0.7.15
Author: Jonathan Colon
Twitter: @jcolonfzenpr
Github: rebelinux
Expand All @@ -31,7 +31,7 @@ function Get-AbrADCASecurity {
try {
$CFP = Get-CertificateValidityPeriod -CertificationAuthority $CA
if ($CFP) {
Section -Style Heading4 "Certificate Validity Period" {
Section -Style Heading3 "Certificate Validity Period" {
Paragraph "The following section provides the Certification Authority Certificate Validity Period information."
BlankLine
$OutObj = @()
Expand Down Expand Up @@ -66,7 +66,7 @@ function Get-AbrADCASecurity {
try {
$ACLs = Get-CertificationAuthorityAcl -CertificationAuthority $CA
if ($ACLs) {
Section -Style Heading5 "Access Control List (ACL)" {
Section -Style Heading4 "Access Control List (ACL)" {
$OutObj = @()
try {
Write-PscriboMessage "Collecting Certification Authority Access Control List information of $($CA.Name)."
Expand Down Expand Up @@ -98,7 +98,7 @@ function Get-AbrADCASecurity {
}
$OutObj | Sort-Object -Property 'DC Name' | Table @TableParams
try {
Section -Style Heading6 "Access Rights" {
Section -Style Heading5 "Access Rights" {
$OutObj = @()
Write-PscriboMessage "Collecting AD Certification Authority Access Control List information of $($CA.Name)."
foreach ($ACL in $ACLs.Access) {
Expand Down
10 changes: 7 additions & 3 deletions Src/Private/Get-AbrADCASubordinate.ps1
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ function Get-AbrADCASubordinate {
.DESCRIPTION
.NOTES
Version: 0.7.9
Version: 0.7.15
Author: Jonathan Colon
Twitter: @jcolonfzenpr
Github: rebelinux
Expand All @@ -24,10 +24,10 @@ function Get-AbrADCASubordinate {

process {
try {
Write-PscriboMessage "Discovering Active Directory Certification Authority information in $($ForestInfo.toUpper())."
Write-PscriboMessage "Discovering Active Directory CA Enterprise Subordinate information in $($ForestInfo.toUpper())."
if ($CAs | Where-Object {$_.IsRoot -like 'False'}) {
Write-PscriboMessage "Discovered '$(($CAs | Measure-Object).Count)' Active Directory Certification Authority in domain $ForestInfo."
Section -Style Heading3 "Enterprise Subordinate Certificate Authority" {
Section -Style Heading2 "Enterprise Subordinate Certificate Authority" {
Paragraph "The following section provides the Enterprise Subordinate CA information."
BlankLine
$OutObj = @()
Expand All @@ -41,12 +41,16 @@ function Get-AbrADCASubordinate {
'Config String' = $CA.ConfigString
'Operating System' = $CA.OperatingSystem
'Certificate' = $CA.Certificate
'Auditing' = &{
(Find-AuditingIssue -ADCSObjects (Get-ADCSObject $ForestInfo) | Where-Object {$_.Name -eq $CA.DisplayName}).Issue
}
'Status' = $CA.ServiceStatus
}
$OutObj = [pscustomobject]$inobj

if ($HealthCheck.CA.Status) {
$OutObj | Where-Object { $_.'Service Status' -notlike 'Running'} | Set-Style -Style Critical -Property 'Service Status'
$OutObj | Where-Object { $_.'Auditing' -notlike 'Running'} | Set-Style -Style Critical -Property 'Auditing'
}

$TableParams = @{
Expand Down
2 changes: 0 additions & 2 deletions Src/Private/Get-AbrADCASummary.ps1
Original file line number Diff line number Diff line change
Expand Up @@ -25,9 +25,7 @@ function Get-AbrADCASummary {
process {
$OutObj = @()
if ($ForestInfo) {
Write-PscriboMessage "Discovering Active Directory Certification Authority information in $($ForestInfo.toUpper())."
foreach ($CA in $CAs) {
Write-PscriboMessage "Discovered '$(($CAs | Measure-Object).Count)' Active Directory Certification Authority in domain $ForestInfo."
try {
Write-PscriboMessage "Collecting AD Certification Authority Summary information of $($CA.DisplayName)."
$inObj = [ordered] @{
Expand Down
11 changes: 5 additions & 6 deletions Src/Private/Get-AbrADCATemplate.ps1
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ function Get-AbrADCATemplate {
.DESCRIPTION
.NOTES
Version: 0.7.9
Version: 0.7.15
Author: Jonathan Colon
Twitter: @jcolonfzenpr
Github: rebelinux
Expand All @@ -30,7 +30,7 @@ function Get-AbrADCATemplate {
$Templates = Get-CATemplate -CertificationAuthority $CA.ComputerName | Select-Object -ExpandProperty Templates
if ($Templates) {
try {
Section -Style Heading4 "Certificate Template Summary" {
Section -Style Heading3 "Certificate Template Summary" {
Paragraph "The following section provides the certificate templates that are assigned to a specified Certification Authority (CA). CA server can issue certificates only based on assigned templates."
BlankLine
$OutObj = @()
Expand Down Expand Up @@ -61,14 +61,14 @@ function Get-AbrADCATemplate {
$OutObj | Sort-Object -Property 'Template Name' | Table @TableParams
if ($InfoLevel.CA -ge 3) {
try {
Section -Style Heading5 "Issued Certificate Template ACLs" {
Section -Style Heading4 "Issued Certificate Template ACLs" {
Paragraph "The following section provides the certificate templates Access Control List that are assigned to a specified Certification Authority (CA)."
BlankLine
foreach ($Template in $Templates) {
try {
$Rights = Get-CertificateTemplateAcl -Template $Template.Name | Select-Object -ExpandProperty Access
if ($Rights) {
Section -ExcludeFromTOC -Style NOTOCHeading6 "$($Template.DisplayName)" {
Section -ExcludeFromTOC -Style NOTOCHeading5 "$($Template.DisplayName)" {
$OutObj = @()
foreach ($Right in $Rights) {
try {
Expand Down Expand Up @@ -110,11 +110,10 @@ function Get-AbrADCATemplate {
try {
$Templates = Get-CertificateTemplate
if ($Templates) {
Section -Style Heading5 "Certificate Template In Active Directory" {
Section -Style Heading4 "Certificate Template In Active Directory" {
Paragraph "The following section provides registered certificate templates from Active Directory."
BlankLine
$OutObj = @()
Write-PscriboMessage "Discovered '$(($Templates | Measure-Object).Count)' Certification Authority Template in domain $ForestInfo."
foreach ($Template in $Templates) {
try {
Write-PscriboMessage "Collecting $($Template.DisplayName) Certificate Template In Active Directory."
Expand Down
Loading

0 comments on commit 03f0cb8

Please sign in to comment.