Disclaimer
This is my personal blog. The opinions and views I express are my own. The information I provide is on an as-is basis. I make no representations as to accuracy, completeness, currentness, suitability, or validity of any information on this blog and will not be liable for any errors, omissions, or delays in this information or any losses, injuries or damages arising from its use.

Create an HTML report of Active Directory Forest Information with PowerShell

The intent of this script is to quickly get some basic information about an Active Directory infrastructure. I have used it when I’m doing some work on an environment I’m not familiar with, it gives you a quick look at what you’re dealing with without a whole lot of effort. I originally used Zachary Loeber’s script that you can find in the Microsoft Script Center (https://gallery.technet.microsoft.com/office/Active-Directory-Audit-7754a877). His script is much more detailed and gives you a lot more information that mine does, it was just overkill for what I needed.

NOTE: I tested this code exclusively on a domain with Windows Server 2012 R2 and Windows Server 2016 Domain Controllers with PowerShell V5 and V5.1

All I’ve done here is take the basic concepts behind Zachary’s script and simplified it a bit. My script will display the following information:

  • Forest Information
    • Forest Root Domain
    • Forest Functional Level
    • Domains in the forest
    • AD Recycle BIN status
  • Domain Information
    • Domain Functional Level
    • NETBIOS name
  • FSMO Roles
    • Domain Naming Master
    • Schema Master
    • PDC Emulator
    • RID Maste
    • Infrastructure Master
  • Domain Controller Information
    • Domain
    • Forest
    • Computer Name
    • IP Address
    • Global Catalog
    • Read Only
    • Operating System
    • Operating System Version
    • Site
  • DNS Information
    • Primary Zones
    • NS Records
    • MX Records
    • Forwards
    • Scavenging Enabled
    • Aging Enabled
  • DHCP Information
    • Computer Name
    • IP Address
  • Site Information
    • Site Names
    • Intersite Links
    • Name
    • Site Included
    • Site Cost
    • Site Replication Frequency
  • GPO Information
    • Domain Name
    • Display Name
    • Creation Time
    • Modification Time
  • Privileged Account Information
    • Enterprise Admin Group Members
    • Domain Admin Group Members
    • Schema Admin Group Members
    • Accounts that Passwords Never Expire
  • Exchange Information
    • Organization Management Group Members
    • Exchange Server

Feel free to take the code and make it your own.

 

3 Comments

  1. William Jimenez | | Reply

    Do we have to specify our domain or does it detect everything automatically?

    • SignalWarrant | | Reply

      It should find your domain name via line 103 above

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.