• Microsoft Active Directory Documentation Script V3.04

    March 24, 2021

    Active Directory, PowerShell

    Recently, a friend asked me to help look at some issues in his customer’s Active Directory (AD). The customer’s AD consisted of a root domain and three Tree domains. I ran my AD documentation script and found there were many issues when running that script in a multiple domain forest.

    To fix these issues, I created a similar forest in my lab. I have never seen Tree domains before.

    Here are a few screenshots from my new forest with three Tree domains.

    Figure 1
    Figure 1
    Figure 2
    Figure 2

    Running the 3.04 AD doc script in the root domain using -ADForest.

    Figure 3
    Figure 3

    Running the 3.04 AD doc script in a tree domain using -ADForest.

    Figure 4
    Figure 4

    Running the 3.04 AD doc script in a tree domain using -ADDomain.

    Figure 5
    Figure 5

    Version 3.04 24-Mar-2021

    • Change the wording for schema extensions from “Just because a schema extension is Present does not mean it is in use.” to “Just because a schema extension is Present does not mean that the product is in use.”
    • Only process and output Foreign Security Principal data for the Root Domain
    • Only process the Appendix Domain Controller DNS Info if -DCDNSInfo is true. No need for an empty table and Appendix otherwise
    • Removed a few warnings from the console output that were not warnings
    • The following fixes are for running the script in a Forest with multiple domains
    • When creating the array that contains all domain controllers, don’t sort after each domain as sorting changed the Type of the arraylist after the first domain was processed
      • This caused the three Appendixes to only contain the data for the DCs in the first domain
    • When outputting domain controllers, sort the DCs by domain name and DC name
      • Put the DCs in domain name order, don’t put every DC in the Root domain
      • Change the header to reflect the actual domain name
    • When retrieving Inherited GPOs, add the Domain name to the cmdlet
    • When running in a child or tree domain, only the domain entered was used when calculating the number of domains in the forest
      • That is now fixed
    • When running in a child or tree domain and using -ADForest, compare the root domain’s name to the name entered for -ADForest
      • If they are not the same, abort the script and state to rerun the script with -ADDomain and not -ADForest
    • Updated the help text
    • Updated the ReadMe file

    I want to thank Michael B. Smith for the code review and for David McSpadden for testing in his single domain forest to make sure I didn’t break anything. I had a couple of people offer to test the script in their multiple domain forests, but I never heard from them after sending them the script for testing.

    If you run the script in a multiple domain forest and have questions or issues, please email me. webster at carlwebster dot com.

    You can always find the most current script by going to https://carlwebster.com/where-to-get-copies-of-the-documentation-scripts/

    Thanks

    Webster







    About Carl Webster

    Carl Webster is an independent consultant specializing in Citrix, Active Directory, and technical documentation. Carl (aka “Webster”) serves the broader Citrix community by writing articles (see CarlWebster.com) and by being the most active person in the Citrix Zone on Experts Exchange. Webster has a long history in the IT industry beginning with mainframes in 1977, PCs and application development in 1986, and network engineering in 2001. He has worked with Citrix products since 1990 with the premiere of their first product – the MULTIUSER OS/2.

    View all posts by Carl Webster

    No comments yet.

    Leave a Reply