Src/Private/Get-AbrADDomain.ps1
|
function Get-AbrADDomain { <# .SYNOPSIS Used by As Built Report to retrieve Microsoft AD Domain information from Domain Controller .DESCRIPTION .NOTES Version: 0.9.1 Author: Jonathan Colon Twitter: @jcolonfzenpr Github: rebelinux .EXAMPLE .LINK #> [CmdletBinding()] param ( [Parameter ( Position = 0, Mandatory)] [string] $Domain ) begin { Write-PScriboMessage "Collecting AD Domain information on forest $Forestinfo." } process { $OutObj = @() if ($Domain) { try { $DomainInfo = Invoke-Command -Session $TempPssSession { Get-ADDomain $using:Domain -ErrorAction Stop } $DC = $DomainInfo | Select-Object -ExpandProperty ReplicaDirectoryServers | Select-Object -First 1 $RIDPool = Invoke-Command -Session $TempPssSession { Get-ADObject -Server $using:DC -Identity "CN=RID Manager$,CN=System,$(($using:DomainInfo).DistinguishedName)" -Properties rIDAvailablePool -ErrorAction SilentlyContinue } $RIDavailable = $RIDPool.rIDAvailablePool [int32] $CompleteSIDS = $($RIDavailable) / ([math]::Pow(2, 32)) [int64] $TEMP = $CompleteSIDS * ([math]::Pow(2, 32)) $RIDsIssued = [int32]($($RIDavailable) - $TEMP) $RIDsRemaining = $CompleteSIDS - $RIDsIssued if ($DomainInfo) { $inObj = [ordered] @{ 'Domain Name' = $DomainInfo.Name 'NetBIOS Name' = $DomainInfo.NetBIOSName 'Domain SID' = $DomainInfo.DomainSID 'Domain Functional Level' = $DomainInfo.DomainMode 'Domains' = $DomainInfo.Domains 'Forest' = $DomainInfo.Forest 'Parent Domain' = $DomainInfo.ParentDomain 'Replica Directory Servers' = $DomainInfo.ReplicaDirectoryServers 'Child Domains' = $DomainInfo.ChildDomains 'Domain Path' = ConvertTo-ADCanonicalName -DN $DomainInfo.DistinguishedName -Domain $Domain 'Computers Container' = $DomainInfo.ComputersContainer 'Domain Controllers Container' = $DomainInfo.DomainControllersContainer 'Systems Container' = $DomainInfo.SystemsContainer 'Users Container' = $DomainInfo.UsersContainer 'Deleted Objects Container' = $DomainInfo.DeletedObjectsContainer 'Foreign Security Principals Container' = $DomainInfo.ForeignSecurityPrincipalsContainer 'Lost And Found Container' = $DomainInfo.LostAndFoundContainer 'Quotas Container' = $DomainInfo.QuotasContainer 'ReadOnly Replica Directory Servers' = $DomainInfo.ReadOnlyReplicaDirectoryServers 'ms-DS-MachineAccountQuota' = Invoke-Command -Session $TempPssSession { (Get-ADObject -Server $using:DC -Identity (($using:DomainInfo).DistinguishedName) -Properties ms-DS-MachineAccountQuota -ErrorAction SilentlyContinue).'ms-DS-MachineAccountQuota' } 'RID Issued/Available' = try { "$($RIDsIssued) / $($RIDsRemaining) ($([math]::Truncate($CompleteSIDS / $RIDsRemaining))% Issued)" } catch { "$($RIDsIssued)/$($RIDsRemaining)" } } $OutObj += [pscustomobject](ConvertTo-HashToYN $inObj) if ($HealthCheck.Domain.BestPractice) { if ([math]::Truncate($CompleteSIDS / $RIDsRemaining) -gt 80) { $OutObj | Set-Style -Style Warning -Property 'RID Issued/Available' } } $TableParams = @{ Name = "Domain Summary - $($Domain.ToString().ToUpper())" List = $true ColumnWidths = 40, 60 } if ($Report.ShowTableCaptions) { $TableParams['Caption'] = "- $($TableParams.Name)" } $OutObj | Table @TableParams if ($HealthCheck.Domain.BestPractice -and ([math]::Truncate($CompleteSIDS / $RIDsRemaining) -gt 80)) { Paragraph "Health Check:" -Bold -Underline BlankLine Paragraph { Text "Best Practice:" -Bold Text "The RID Issued is greater than 80%, a thorough evaluation of their utilization is recommended to prevent RIDs from being exhausted." } BlankLine Paragraph { Text "Reference:" -Bold Text "https://techcommunity.microsoft.com/t5/ask-the-directory-services-team/managing-rid-pool-depletion/ba-p/399736" -Color blue } } } } catch { Write-PScriboMessage -IsWarning "AD Domain Summary Section: $($_.Exception.Message)" } } } end {} } |