Just over two years ago, I released V1.0 of the Active Directory (AD) documentation script. That script was written to help me document the multiple AD environments for a customer. That customer allowed me to reach out to the community to test the script and add ideas of what should be documented. After the script was complete, that customer allowed me to release the script to the community. Now two years later, I have finally added HTML and Text output along with a lot of bug fixes and enhancement requests.
Back in July, for my employer Choice Solutions, I worked on a Greenfield AD project. I did not have access to a domain joined computer with Microsoft Word installed. I took that as the impetus to finally get around to adding HTML output. Two years ago I had a list of enhancements people asked for in the original script. I pulled out that list of enhancements, added almost all of them and added requests from several of the hard-working and dedicated testers. There were some script enhancement requests that became their own scripts, like the DHCP and DNS scripts, and Microsoft already has a PowerShell cmdlet to get reports for one or more Group Policies.
I believe I added all the enhancement requests submitted by the testers.
I want to thank the 55 testers who helped test this script and make it better for the community. We started on this script on 20-Jul-2016 and the last update went out on 21-Sep-2016. In those 64 days, 32 updates were released. Several testers, who reported specific bugs, were sent numerous private updates until they were satisfied the bugs they reported were fixed. In all, there were probably well over 75 updates to the script in 64 days. It felt like a lot more than 64 days passed in working on this script.
I would like to thank Choice Solutions for allowing me to spend some company time on updating this script. They will be able to use this script, as will the community, to better document AD environments.
Almost every item in the following list was a bug reported by the community or an enhancement requested by the community. This is truly a community driven script.
#Version 2.0 released 26-Sep-2016
- Added a parameter, GPOInheritance, to set whether to use the new GPOs by OU with linked and inherited GPOs
- By default, the script will use the original GPOs by OU with only directly linked GPOs
- Added a function, ElevatedSession, to test if the PowerShell session running the script is elevated
- Added a Section parameter to allow specific sections only to be in the report
- Valid options are:
- Domains (includes Domain Controllers and optional Hardware, Services and DCDNSInfo)
- OUs (Organizational Units)
- Misc (Miscellaneous data)
- All (Default value)
- Valid options are:
- Added AD Database, logfile and SYSVOL locations along with AD Database size
- Added AD Optional Features
- Added an alias to the ComputerName parameter to ServerName
- Added checking the NIC’s “Allow the computer to turn off this device to save power” setting
- Added requires line for the GroupPolicy module
- Added Text and HTML output
- Added Time Server information
- Change checking for both DA rights and an elevated session for the Time Server and AD file locations
- If the check fails, added a warning message as write-host with white foreground
- Change object created for DCDNSINFO to storing blank data for DNS properties
- HTML output would not display a row if any of the DNS values were blank or Null
- Fix test for domain admin rights for the user account
- Fix text and HTML output for the -Hardware parameter
- Fix the DC DNS Info table to handle two IP Addresses
- Fix the ProcessScriptSetup function
- Add checking for an elevated PowerShell session
- Add checking for DA rights and elevated session if using DCDNSINFO parameter
- Add checking for elevated session if using the Hardware and Services parameters
- Change the elevated session warning to write-host with a white foreground to make it stand out
- Fix where variables were not being set properly
- Fix the user name not being displayed in the warning message about not having domain admin rights
- If no ComputerName value is entered and $ComputerName –eq $Env:USERDNSDOMAIN then the script queries for a domain controller that is also a global catalog server and will use that as the value for ComputerName
- Modified GPOs by OU to show if the GPO is Linked or Inherited
- This necessitated a change in the Word/PDF/HTML table format
- Modified GPOs by OU to use the Get-GPInheritance cmdlet to list all directly linked and inherited GPOs
- Organize script into functions and regions
- Replace Jeremy Saunder’s Get-ComputerCountByOS function with his latest version
- The ADForest parameter is no longer mandatory. It will now default to the value in $Env:USERDNSDOMAIN
- The ComputerName parameter will also now default to the value in $Env:USERDNSDOMAIN
- Update forest and domain schema information for the latest updates for Exchange 2013/2016 and Server 2016 TP4/5
- Update help text
- Update Verbose messages for testing to see if -ComputerName is a domain controller
- Worked around Get-ADDomainController issue when run from a child domain
Example of GPO Inheritance and Linked:
Example of testing for Elevated Session:
Example of AD Optional Features:
Example of Time Server Information:
Example of AD Database, Logfile and SYSVOL Locations:
Again, many, many thanks to Choice Solutions, the 55 testers and the community for their support in getting this script updated, released and used.
You can always find the most current script by going tohttp://carlwebster.com/where-to-get-copies-of-the-documentation-scripts/