+1
Active Directory raporlama olarak kullanılabilecek küçük bir script, Bu sayede Son satırdaki Out-File -FilePath “C:\calısmalar\reports.html” kısmını istenilen yere alabilmekteyiz. Bununla Birlikte Ve $_.LINKSTO -eq “koray” domain adını buraya yazabilirsiniz.
$adreports = "<h1>Domains User and Computers Reports</h1>"
$domainadmins = Get-ADGroupMember -Identity "Domain Admins" | ConvertTo-Html -Property Name, objectClass -PreContent "<h2>Domain Admins</h2>"
$enterpriseadmin = Get-ADGroupMember -Identity "Enterprise Admins" | ConvertTo-Html -Property Name, objectClass -PreContent "<h2>Enterprise Admins</h2>"
$disableuser = get-aduser -Filter "Enabled -eq 'False'"| ConvertTo-Html -Property Name, SamAccountName -PreContent "<h2>Disable Users</h2>"
$passwordnotreq = get-aduser -Filter { PasswordNotRequired -eq $true } -Properties * | ConvertTo-Html -Property Name, SamAccountName -PreContent "<h2>Password Not Req Users</h2>"
$passwordneverexpire= get-aduser -Filter { PasswordNeverExpires -eq $true } -Properties * | ConvertTo-Html -Property Name, SamAccountName -PreContent "<h2>Password Never Expire</h2>"
$admincount = get-aduser -Filter { adminCount -eq 1 } -Properties * | ConvertTo-Html -Property Name, SamAccountName -PreContent "<h2>Admin Count</h2>"
##BURDA GÜNÜ AYARLAYABİLİRSİNİZ
$DaysInactive = 10
$time = (Get-Date).Adddays(- ($DaysInactive))
##AKTİF OLMAYAN BİLGİSAYARLAR
$inactivecomputers=Get-ADComputer -Filter { LastLogonTimeStamp -lt $time } -Properties LastLogonTimeStamp |select-object Name, @{ Name = "Stamp"; Expression = { [DateTime]::FromFileTime($_.lastLogonTimestamp) } } | ConvertTo-Html -PreContent "<h2>Computers Inactive 90 Days</h2>"
##MAİLİ BOŞ OLANLAR İSTENİRSE DİĞER ATTRIBUTE LARDA AYARLANABİLİR
$mailempty= Get-ADUser -LDAPFilter '(!(mail=*))' | ConvertTo-Html -Property sAMAccountName, givenName -PreContent "<h2>Mail Empty</h2>"
##SİLİNEN OBJELER
$deletedobject=Get-Adobject -includedeletedobjects -filter { (isdeleted -eq $true) -and (Modified -lt $time) -and (objectclass -eq "computer")}| Select-Object Name, objectClass | ConvertTo-Html -PreContent "<h2> 90 Days Deleted Computers</h2>"
##SON ZAMANLARDA OLUŞTURULAN KULLANICILAR
$recentlycreateduser = Get-ADUser -Filter * -Property whenCreated | Where { $_.whenCreated -gt $time } | ConvertTo-Html -Property Name, WhenCreated -PreContent "<h2>Recently Created Users</h2>"
## SON ZAMANLARDA DEĞİŞİKLİK YAPILAN KULLANICILAR
$recentlychangeduser = Get-ADUser -Filter * -Property whenCreated | Where { $_.whenChanged -gt $time } | ConvertTo-Html -Property Name, whenChanged -PreContent "<h2>Recently Changed Users</h2>"
##KİLİTLİ KULLANICILAR
$lockedusers = Search-ADAccount -LockedOut | ConvertTo-Html -Property Name -PreContent "<h2>Locked Users</h2>"
$expireaccount = Search-ADAccount -AccountExpired | ConvertTo-Html -Property Name -PreContent "<h2>Account Expired </h2>"
##BOŞ OULAR
$emptyou = Get-ADOrganizationalUnit -Filter * | Where-Object { -not (Get-ADObject -Filter * -SearchBase $_.Distinguishedname -SearchScope OneLevel -ResultSetSize 1) } | ConvertTo-Html -Property Name, objectclass -PreContent "<h2>Empty Ou</h2>"
##TÜM GPOLAR
$allgpo = Get-GPO -All | ConvertTo-Html -Property DisplayName, Id, CreationTime, -PreContent, ModificationTime, GPOStatus "<h2>All Gpo </h2>"
##KULLANILMAYAN GPO
$unusedgpo= Get-GPO -All | Where-Object { $_ | Get-GPOReport -ReportType XML | Select-String -NotMatch "<LinksTo>" } | Select-Object DisplayName, CreationTime, ModificationTime | ConvertTo-Html -PreContent "<h2>Not Linked Gpo</h2>"
function Get-GPOLink
{
[CmdletBinding()]
param (
[Parameter(Mandatory,
ValueFromPipeline,
ValueFromPipelineByPropertyName)]
[Alias('DisplayName')]
[string[]]$Name
)
PROCESS
{
foreach ($n in $Name)
{
$problem = $false
try
{
Write-Verbose -Message "Attempting to produce XML report for GPO: $n"
[xml]$report = Get-GPOReport -Name $n -ReportType Xml -ErrorAction Stop
}
catch
{
$problem = $true
Write-Warning -Message "An error occured while attempting to query GPO: $n"
}
if (-not ($problem))
{
Write-Verbose -Message "Returning results for GPO: $n"
[PSCustomObject]@{
'GPOName' = $report.GPO.Name
'LinksTo' = $report.GPO.LinksTo.SOMName
'Enabled' = $report.GPO.LinksTo.Enabled
'NoOverride' = $report.GPO.LinksTo.NoOverride
'CreatedDate' = ([datetime]$report.GPO.CreatedTime).ToShortDateString()
'ModifiedDate' = ([datetime]$report.GPO.ModifiedTime).ToShortDateString()
}
}
}
}
}
##LİNKLENEN GPO LAR
$gpolink = Get-GPO -All | Get-GPOLink | Select-Object GPONAME, @{ Name = "Links"; Expression = { ($_.LINKSTO) -join ',' } } | ConvertTo-Html -PreContent "<h2>Linked Gpo</h2>"
##SİTE A LİNKENMİŞ GPOLAR
$gpositelink = Get-GPO -All | Get-GPOLink | Where-Object { $_.LINKSTO -eq "koray" }| Select-Object GPONAME, @{ Name = "Links"; Expression = { ($_.LINKSTO) -join ',' } } | ConvertTo-Html -PreContent "<h2> Site Linked Gpo</h2>"
$groupwithnomembers= Get-ADGroup -Filter * -Properties Members | where { -not $_.members } | select Name, DistinguishedName | ConvertTo-Html -PreContent "<h2>Groups With No Members</h2>"
$totaluser = Get-ADUser -Filter * | Measure-Object | ConvertTo-Html -Property Count -PreContent "<h2>Total Users</h2>"
$totalgroups = Get-ADGroup -Filter * | Measure-Object | ConvertTo-Html -Property Count -PreContent "<h2>Total Groups</h2>"
$totalcomputers = Get-ADComputer -Filter * | Measure-Object | ConvertTo-Html -Property Count -PreContent "<h2>Total Computers</h2>"
$header = @"
<style>
h1 {
font-family: Arial, Helvetica, sans-serif;
color: #e68a00;
font-size: 28px;
}
h2 {
font-family: Arial, Helvetica, sans-serif;
color: #000099;
font-size: 16px;
}
table {
font-size: 12px;
border: 0px;
font-family: Arial, Helvetica, sans-serif;
}
td {
padding: 4px;
margin: 0px;
border: 0;
}
th {
background: #395870;
background: linear-gradient(#49708f, #293f50);
color: #fff;
font-size: 11px;
text-transform: uppercase;
padding: 10px 15px;
vertical-align: middle;
}
tbody tr:nth-child(even) {
background: #f0f0f2;
}
#CreationDate {
font-family: Arial, Helvetica, sans-serif;
color: #ff3300;
font-size: 12px;
}
</style>
"@
$Report = ConvertTo-HTML -Head $header -Body "$adreports,$domainadmins,$enterpriseadmin,$disableuser,$passwordnotreq,$passwordneverexpire,$admincount,$inactivecomputers,$mailempty,$deletedobject,$recentlycreateduser,$recentlychangeduser,$lockedusers,$expireaccount,$emptyou,$allgpo,$unusedgpo,$gpolink,$gpositelink,$groupwithnomembers,$totaluser,$totalgroups,$totalcomputers" -Title "AD Reports" -PostContent "<p>Creation Date: $(Get-Date)<p>" | Out-File -FilePath "C:\calısmalar\reports.html"
Son olarak Bu çalışmada kısmında çoğu kısmı raporladığımız ve html olarak kullandığımız script yukarıda hazırdır.
- Account
- Active Directory
- Active Directory Güvenlik
- Genel
- Group Policy
- Hyper-V
- PowerBi
- Raporlama
- SCCM
- Script
- SQL
- Veeam Backup & Replication
- Windows
- WSUS
+1
1 Yorum
Damla Koç
Teşekkürler