As many of my readers now, last week I’ve finally released v1 of my AD Health Check PowerShell script.
In the future newer versions will come out, with fixes and more checks.
So, where can you find the latest version?
I’ve created a page on my blog named ‘Health Check’.
This is where you’ll be able to find the latest version of the Health Check.
For you convenience I’ve also created an easy way to get there.
On the top of my blog you’ll find a picture and when you click on it, you’ll get redirected to the Health Check page.
For each release I shall also write a blog post stating what’s changed since the last release.
This is a PowerShell script which offers an Active Directory Health Check.
These checks are based on my personal best practices. Some of the checks may not be applicable to your environment.
The following fundamental guidelines apply to the script:
1) Must work for all domains in a forest tree.
2) Must work on PowerShell v3 and above.
3) Must work without module dependencies, except for the PowerShell core modules.
4) Must work without Administrator privileges.
5) Must work with Microsoft Word 2007 and above.
The following languages are supported for both Word and the operating system the script runs on:
The following checks are currently included in the script:
|Users||Direct member of Domain Local group|
|Users||Password never expires|
|Users||Password not required|
|Users||Change password at next logon|
|Users||Password not changed in last 12 months|
|Users||Account without expiration date|
|Users||Do not require Kerberos pre-authentication|
|Groups||Privileged with more than 5 members|
|Groups||Privileged with no members|
|Groups||With no members|
|Sites||Without a description|
|Sites||Without a connection|
|Sites||Without one or more subnet(s)|
|Sitelinks||With one site|
|Sitelinks||With more than two sites|
|Sitelinks||Without a description|
|Subnets in Sites||Available but not used|
|Domain Controllers||No contact in last 3 months|
|Member servers||Password never expires|
|Member servers||Password older than 6 months|
|Member servers||Account never expires|
|Member servers||Account disabled|
|Organisational Unit||GPO inheritance blocked|
Get your copy of the script here!