AD: Discover what you’ve got

Hey everyone, Theron (aka T-) here, Senior Consultant with Microsoft Consulting Services (MCS) specializing in Active Directory.

I wrote a really basic script that will scour your domain and return some valuable information regarding its configuration. There are probably several things in the script that could be done differently and if I was to go through it again, I’d probably change them, but this was quickly thrown together over a year ago for me to fulfill a customer’s request.

The script is written in PowerShell and located here.

It performs the following:

    – Writes outputs to the console.
        – Also creates a transcript output in your Documents folder.
    – Gets forest and domain information.
    – Gets forest and domain functional levels.
    – Gets domain creation date.
    – Gets FSMO role holders.
    – Gets AD schema version.
    – Gets tombstone lifetime.
    – Gets domain password policy.
    – Gets AD backup information.
    – Checks to see if AD Recycle Bin is enabled.
    – Gets AD Sites and Subnets.
    – Gets AD Site replication links.
    – Gets AD trust information.
    – Gets users and groups information.
        – Number of users
        – Number of groups
        – Inactive accounts based on 30, 60, 90 days.
    – Lists OUs with blocked inheritance.
    – Lists unlinked GPOs.
    – Lists duplicate SPNs.

Enjoy.

Roll Tide!

T-

2 thoughts on “AD: Discover what you’ve got

  1. Thank you very much for that script, very nice indeed!

    Just on small addition: Though no new features were introduced, Server 2019 actually got a new Schema version 88. So even though we are on Schema 88 / Server 2019, you script thinks we’re on 2008 or lower.

    Like

    1. Thanks for the input, Phil. Since the script was written pre-Server 2019, it’ll default to 2008 when returning the Schema version. I’ll get it updated ASAP.

      Like

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.