Active Directory Audit Report With Powershell

Create a full blown Active Directory HTML/PDF/Excel report with powershell which can be produced with any non-privileged domain user account and without any special powershell modules or administrative consoles.

 
 
 
 
 
4.8 Star
(51)
30,598 times
Add to favorites
Active Directory
2/28/2014
E-mail Twitter del.icio.us Digg Facebook
Sign in to ask a question


  • Update of all Users in the HTML Report
    1 Posts | Last post May 10, 2018
    • Hi, Could you please guide me how can I get all the users and the status on the HTML Report
  • Missing CSS and structure
    1 Posts | Last post April 18, 2018
    • Hey Zachary, kudos for this tool / script... however; some ++ criticism.. :)
      The PS1 script references a few links, CSS and image directorys not included in the zip..
      directories like CSS and images, footer, not present as well as your images..
      
      Possible you could reach out to me and share your whole structure?
      Example:
      background: url(/images/bodyback.png);
  • Cylance?
    1 Posts | Last post April 17, 2018
    • Virus Total detected Cylance?
      
      https://www.virustotal.com/#/file/9ad53a7b2b599ffa33bb0814a1189a317f4c43d88c494d032524bd126cd6f172/detection
  • Is anything hapenning?
    2 Posts | Last post March 22, 2018
    • Hi, I believe I'm running the script OK, but all that I see hapenning is a few lines of verbose output, and then absolutely nothing...
      Do you want verbose output?
      [Y] Yes  [N] No  [?] Help (default is "Y"): y
      VERBOSE: New-SelfContainedAssetReport: Invoking information gathering script...
      VERBOSE: Get-ADForestReportInformation xxxxxxxxxxxxx.com.au: Forest Info - 0.390039
      VERBOSE: Get-ADForestReportInformation xxxxxxxxxxxxx.com.au: Exchange - 0.140014
      VERBOSE: Get-ADForestReportInformation xxxxxxxxxxxxx.com.au: Lync/OCS - 0.1470147
      VERBOSE: Get-ADForestReportInformation xxxxxxxxxxxxx.com.au: Site Subnets - 0.3560356
      VERBOSE: Get-ADForestReportInformation xxxxxxxxxxxxx.com.au: Sites - 0.2190219
      VERBOSE: Get-ADForestReportInformation xxxxxxxxxxxxx.com.au: Site Links - 2.0292029
      VERBOSE: Get-ADForestReportInformation xxxxxxxxxxxxx.com.au: Domains - 0.1380138
      VERBOSE: Get-ADForestReportInformation xxxxxxxxxxxxx.com.au: DCs - 0.0550055
      
      At which point it has just stopped apparently... the console has not returned the prompt, so I guess it must still be doing something, but it's been 20 minutes or so now... - is it just taking a *really* long time to do something?  Thus far, I have no output files appearing in the script folder...
      
      How can I tell what is going on? - How long should I leave it?
      
      Cheers!
      
      Paul G.
      
      
      
    • I have the exact same issue after using this script for two years without issues. It hangs on the DCs. What has changed is that we now have DC's in Azure. Could this maybe be the issue? 
  • Enterprise Admins is not listing all members
    2 Posts | Last post February 27, 2018
    • Hello,
      
      I run the script and it seems to execute perfectly however it doesn't pull every member of enterprise administrators. Any idea why it lists some members but not others? 
    • Looks like if the user's Primary group membership is 'domain admins' it doesn't put them in the list. 
  • EXE file failed to run
    2 Posts | Last post September 20, 2017
    • Hi Zac,
      
      When I try to run the EXE file from my local Win7 computer, I receive and error message "AD Asset Report GUI Has stopped working" with options to close or debug the program. 
      If I select debug, I can get the following details:
      ===========
      An unhandled exception of type 'System.IO.FileNotFoundException' occurred in AD Asset Report GUI.exe
      
      Additional information: Could not load file or assembly 'System.Management.Automation, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35' or one of its dependencies. The system cannot find the file specified.
      ============
      
      Initially, I though I had to run the EXE with elevated privileges or on DC, but the issue seems to be different.
      
      Please advise how I can fix that.
      Thank you in advance!
      regards,
      
    • The .Net Framework version is 4.6.2
  • Query different domains
    1 Posts | Last post February 28, 2017
    • How can I query different domains without individually logging into the DC?
      Do you have a variable for this or a place we can inject one?
      
      Excellent script btw!
  • Trust-Diagram, How?
    2 Posts | Last post December 20, 2016
    • Hello Zachary,
      thank you for you script! Can you run me through the Setup of GVEditProtable to output the Trust-Diagram?
      Thank you!
    • Hello MS_84,
      
      What I 've done to generate GraphViz Domain Trust Diagram :
      
      - Downloaded from https://code.google.com/p/graph-viz-portable/downloads/list 
      - Installed/Extracted to "C:\Program Files (x86)\GraphVizPortable"
      - on "New-ADAssetRepport.ps1" file change "Custom Static Variable" as :
        $Graphviz_Path = 'C:\Program Files (x86)\GraphVizPortable\App\bin\'
      
      The Diagrams in .PNG format are generated on the Path where New-ADAssetRepport.ps1 was launched.
      
      The Diagrams are only in PNG file on the current Folder, they are not integrated/shown in the HTML file (will be great)
      
      Hope this helps
      Regards.
  • SendEmail nbot working ... or dunno how to use it
    1 Posts | Last post December 20, 2016
    • Hi Zachary,
      
      Very good and usefull script !
      But I can't use (or I don't understand) the $SendMail function, I fill as expected :
      
      [Parameter( HelpMessage='Email server to relay report through')]
              [string]
              $EmailRelay = 'smtp.XXX.be',
              
              [Parameter( HelpMessage='Email sender')]
              [string]
              $EmailSender='skender@staff.XXX.be',
           
              [Parameter( HelpMessage='Email recipient')]
              [string]
              $EmailRecipient='skender@staff.XXX.be',
      
      I've got no errors and no email recieved, event with "-Debug" and/or "-Verbose" switch :(
      
      $EmailRelay shouold be used with simple-quote ' or double-quote " ? ('or") ?
      
      How can I force usage of $SendMail  ? 
      Can I launch from cli like :
      .\New-ADAssetReport.ps1 $SendMail 
      
      Or should I change parameter "$SendMail," as "$SendMail = $True" 
      
      Thanks in advance.
      Great job! 
      
      Regards.
  • Run as a schedule task
    2 Posts | Last post October 12, 2016
    • i'am wonder if the exe can made to run as schedule task and dump payload at define location. Hopefully i get an answer. Cheers :).
      
    • Sorry, the exe doesn't accept any parameters and thusly will not work as a scheduled task. Clever task scheduler work with the powershell version of the script should be doable though.
1 - 10 of 32 Items