ACTIVE DIRECTORY RAPORLAMA SCRIPT

Adreports Script için İndir

Active Directory raporlama olarak kullanılabilecek küçük bir script, Bu sayede Son satırdaki Out-File -FilePath “C:\calısmalar\reports.html” kısmını istenilen yere alabilmekteyiz. Bununla Birlikte Ve $_.LINKSTO -eq “koray” domain adını buraya yazabilirsiniz.

$adreports = "<h1>Domains User and Computers Reports</h1>"


$domainadmins = Get-ADGroupMember -Identity "Domain Admins" | ConvertTo-Html -Property Name, objectClass -PreContent "<h2>Domain Admins</h2>"


$enterpriseadmin = Get-ADGroupMember -Identity "Enterprise Admins" | ConvertTo-Html -Property Name, objectClass -PreContent "<h2>Enterprise Admins</h2>"


$disableuser = get-aduser -Filter "Enabled -eq 'False'"| ConvertTo-Html -Property Name, SamAccountName -PreContent "<h2>Disable Users</h2>"


$passwordnotreq = get-aduser -Filter { PasswordNotRequired -eq $true } -Properties * | ConvertTo-Html -Property Name, SamAccountName -PreContent "<h2>Password Not Req Users</h2>"


$passwordneverexpire= get-aduser -Filter { PasswordNeverExpires -eq $true } -Properties * | ConvertTo-Html -Property Name, SamAccountName -PreContent "<h2>Password Never Expire</h2>"


$admincount = get-aduser -Filter { adminCount -eq 1 } -Properties * | ConvertTo-Html -Property Name, SamAccountName -PreContent "<h2>Admin Count</h2>"


##BURDA GÜNÜ AYARLAYABİLİRSİNİZ
$DaysInactive = 10
$time = (Get-Date).Adddays(- ($DaysInactive))


##AKTİF OLMAYAN BİLGİSAYARLAR

$inactivecomputers=Get-ADComputer -Filter { LastLogonTimeStamp -lt $time } -Properties LastLogonTimeStamp |select-object Name, @{ Name = "Stamp"; Expression = { [DateTime]::FromFileTime($_.lastLogonTimestamp) } } | ConvertTo-Html -PreContent "<h2>Computers Inactive 90 Days</h2>"


##MAİLİ BOŞ OLANLAR İSTENİRSE DİĞER ATTRIBUTE LARDA AYARLANABİLİR

$mailempty= Get-ADUser -LDAPFilter '(!(mail=*))' | ConvertTo-Html -Property sAMAccountName, givenName -PreContent "<h2>Mail Empty</h2>"


##SİLİNEN OBJELER

$deletedobject=Get-Adobject -includedeletedobjects -filter { (isdeleted -eq $true) -and (Modified -lt $time) -and (objectclass -eq "computer")}| Select-Object Name, objectClass | ConvertTo-Html -PreContent "<h2> 90 Days Deleted Computers</h2>"


##SON ZAMANLARDA  OLUŞTURULAN KULLANICILAR

$recentlycreateduser = Get-ADUser -Filter * -Property whenCreated | Where { $_.whenCreated -gt $time } | ConvertTo-Html -Property Name, WhenCreated -PreContent "<h2>Recently Created Users</h2>"


## SON ZAMANLARDA DEĞİŞİKLİK YAPILAN KULLANICILAR

$recentlychangeduser = Get-ADUser -Filter * -Property whenCreated | Where { $_.whenChanged -gt $time } | ConvertTo-Html -Property Name, whenChanged -PreContent "<h2>Recently Changed Users</h2>"


##KİLİTLİ KULLANICILAR

$lockedusers = Search-ADAccount -LockedOut | ConvertTo-Html -Property Name -PreContent "<h2>Locked Users</h2>"


$expireaccount = Search-ADAccount -AccountExpired | ConvertTo-Html -Property Name -PreContent "<h2>Account Expired </h2>"


##BOŞ OULAR

$emptyou = Get-ADOrganizationalUnit -Filter * | Where-Object { -not (Get-ADObject -Filter * -SearchBase $_.Distinguishedname -SearchScope OneLevel -ResultSetSize 1) } | ConvertTo-Html -Property Name, objectclass -PreContent "<h2>Empty Ou</h2>"


##TÜM GPOLAR

$allgpo = Get-GPO -All | ConvertTo-Html -Property DisplayName, Id, CreationTime, -PreContent, ModificationTime, GPOStatus "<h2>All Gpo </h2>"


##KULLANILMAYAN GPO

$unusedgpo= Get-GPO -All | Where-Object { $_ | Get-GPOReport -ReportType XML | Select-String -NotMatch "<LinksTo>" } | Select-Object DisplayName, CreationTime, ModificationTime | ConvertTo-Html -PreContent "<h2>Not Linked Gpo</h2>"



function Get-GPOLink
{
    
    [CmdletBinding()]
    param (
        [Parameter(Mandatory,
                 ValueFromPipeline,
                 ValueFromPipelineByPropertyName)]
        [Alias('DisplayName')]
        [string[]]$Name
    )
    PROCESS
    {
        foreach ($n in $Name)
        {
            $problem = $false
            try
            {
                Write-Verbose -Message "Attempting to produce XML report for GPO: $n"
                [xml]$report = Get-GPOReport -Name $n -ReportType Xml -ErrorAction Stop
            }
            catch
            {
                $problem = $true
                Write-Warning -Message "An error occured while attempting to query GPO: $n"
            }
            if (-not ($problem))
            {
                Write-Verbose -Message "Returning results for GPO: $n"
                [PSCustomObject]@{
                    'GPOName' = $report.GPO.Name
                    'LinksTo' = $report.GPO.LinksTo.SOMName
                    'Enabled' = $report.GPO.LinksTo.Enabled
                    'NoOverride' = $report.GPO.LinksTo.NoOverride
                    'CreatedDate' = ([datetime]$report.GPO.CreatedTime).ToShortDateString()
                    'ModifiedDate' = ([datetime]$report.GPO.ModifiedTime).ToShortDateString()
                }
            }
        }
    }
}
##LİNKLENEN GPO LAR

$gpolink = Get-GPO -All | Get-GPOLink | Select-Object GPONAME, @{ Name = "Links"; Expression = { ($_.LINKSTO) -join ',' } } | ConvertTo-Html -PreContent "<h2>Linked Gpo</h2>"


##SİTE A LİNKENMİŞ GPOLAR

$gpositelink = Get-GPO -All | Get-GPOLink | Where-Object { $_.LINKSTO -eq "koray" }| Select-Object GPONAME, @{ Name = "Links"; Expression = { ($_.LINKSTO) -join ',' } } | ConvertTo-Html -PreContent "<h2> Site Linked Gpo</h2>"




$groupwithnomembers= Get-ADGroup -Filter * -Properties Members | where { -not $_.members } | select Name, DistinguishedName | ConvertTo-Html -PreContent "<h2>Groups With No Members</h2>"


$totaluser = Get-ADUser -Filter * | Measure-Object | ConvertTo-Html -Property Count -PreContent "<h2>Total Users</h2>"


$totalgroups = Get-ADGroup -Filter * | Measure-Object | ConvertTo-Html -Property Count -PreContent "<h2>Total Groups</h2>"


$totalcomputers = Get-ADComputer -Filter * | Measure-Object | ConvertTo-Html -Property Count -PreContent "<h2>Total Computers</h2>"



$header = @"
<style>


h1 {


font-family: Arial, Helvetica, sans-serif;
color: #e68a00;
font-size: 28px;


}




h2 {


font-family: Arial, Helvetica, sans-serif;
color: #000099;
font-size: 16px;


}






table {
        font-size: 12px;
        border: 0px;
        font-family: Arial, Helvetica, sans-serif;
    }
    
td {
        padding: 4px;
        margin: 0px;
        border: 0;
    }
    
th {
background: #395870;
background: linear-gradient(#49708f, #293f50);
color: #fff;
font-size: 11px;
text-transform: uppercase;
padding: 10px 15px;
vertical-align: middle;
    }


tbody tr:nth-child(even) {
background: #f0f0f2;
}


#CreationDate {


font-family: Arial, Helvetica, sans-serif;
color: #ff3300;
font-size: 12px;


}






</style>
"@



$Report = ConvertTo-HTML -Head $header -Body "$adreports,$domainadmins,$enterpriseadmin,$disableuser,$passwordnotreq,$passwordneverexpire,$admincount,$inactivecomputers,$mailempty,$deletedobject,$recentlycreateduser,$recentlychangeduser,$lockedusers,$expireaccount,$emptyou,$allgpo,$unusedgpo,$gpolink,$gpositelink,$groupwithnomembers,$totaluser,$totalgroups,$totalcomputers" -Title "AD Reports" -PostContent "<p>Creation Date: $(Get-Date)<p>" | Out-File -FilePath "C:\calısmalar\reports.html"

Script

Active Directory

Active Directory Güvenlik

Password Never Expire

Son olarak Bu çalışmada kısmında çoğu kısmı raporladığımız ve html olarak kullandığımız script yukarıda hazırdır.