Release date for my Active Directory Health Check script is set!

As some of you may know, over the last year I’ve been working on a PowerShell script that performs an Active Directory Health Check.
Taking my queue from Carl Webster’s Citrix Documentation scripts and Iain Brighton’s collaboration with Carl on improving the Word generation code, it has finally become time to release my little monster to the world.
I know that I’ve said it before, and every time something came in between… feedback from tester(s), improving the Word file generation part of the script, my customers, a holiday and a couple of events…
No more excuses!
–> On the 17th of Thursday 7/17/2014 I’ll do an online presentation for the Florida PowerShell User Group presenting version 1.0 of the script. ūüôā
During that session, I’ll release the script on my blog… ūüôā

The checks in this script are based on my personal best practices. Some of the checks may not be applicable to your environment.

The following fundamental guidelines apply to the script:

1) Must work for all domains in a forest tree.
2) Must work on PowerShell v3 and above.
3) Must work without module dependencies, except for the PowerShell core modules.
4) Must work without Administrator privileges.
5) Must work with Microsoft Word 2007 and above.

The following languages are supported for both Word and the operating system the script runs on:

Catalan Danish Dutch
English Finnish French
German Norwegian Portuguese
Spanish Swedish


The following checks are currently included in the script:

 Users  Direct member of Domain Local group
 Users  Password never expires
 Users  Password not required
 Users  Password change at next logon
 Users  Account without expiration date
 Users  Do not require Kerberos pre-authentication
 Users  Disabled
 Groups  Privileged with many members
 Groups  Privileged with no members
 Sites  Empty description
 Sites  No subnet
 Sites  No server
 Sites  No connection
 Sitelinks  With one site
 Sitelinks  More than two sites
 Sitelinks  Empty description
 Subnets  Available but not used
 Domain Controllers  No contact in last 3 months
 Member servers  Password never expires
 Member servers  Password older than 6 months
 Member servers  Account never expires
 Member servers  Account disabled
 Organisational Unit  GPO inheritance blocked

 

Note that these are just the first checks… there will be more, many more ūüôā
At this time I will not accept any feature requests since I’ll need to work through the current list of feature requests before taking any new ones.
The checks that have been requested so far:

 Trusts  Stale trusts
¬†SYSVOL ¬†Orphaned GPT’s
¬†NETLOGON ¬†Subnets with ‘No client side’ errors
 NETLOGON  Subnets with any other error
 Group Policy  Unlinked
 Group Policy  Empty
 Group Policy  No userdata but status not set to UserSettingsDisabled
 Group Policy  No computerdata but status not set to ComputerSettingsDisabled
 Group Policy  Status set to AllSettingsDisabled
 Group Policy  All settings disabled
 Group  Domain Local Group member of Domain Local Group
 Sites  Incorrect Domain Controller in site
 Sitelinks  Change notification disabled
 Replication  Any replication issues
 Member Servers  Local administrator account not renamed
 Member Servers  Local administrator account password not required
 Member Servers Local administrator account password never expires

Leave a Reply

Your email address will not be published. Required fields are marked *