Merhabalar, Powershell ile Active Directory Audit raporlarını kolayca alabileceğiniz bir komut bütününden bahsetmek istiyorum sizlere.

Bu powershell komutunu çalıştırdığınızda forest ve domain bazlı raporlar alabiliyorsunuz. Örnek vermek gerekirse sisteminizde kaç kullanıcınız var, kaç grubunuz var, kimler admin hakkına sahip, kaç dc niz var, site yapınız nasıl gibi bir çok bilgiye erişme şansınız var.



Bu Powershell dosyasını buradan indirebilirsiniz.



Powershell i açtığınızda



Set-ExecutionPolicy RemoteSigned



Set-ExecutionPolicy Unrestricted




Bu komutları çalıştırdıktan sonra cscripts dizinine kopyaladığınız powershell komutunu, powershell üzerinde o dizine gelerek .\New-ADAssetReport.ps1 komutu ile çalıştırabilirsiniz.



Domain seviyesinde ve Forest seviyesinde aşağıdaki raporları alabiliyorsunuz;

Forest Level Audit Report

  • Forest Information
    • Forest Summary
      • Name/Functional Level
      • Domain/Site/DC/GC/Exchange/Lync/Pool counts
    • Forest Features
      • Tombstone Lifetime
      • Recycle Bin Enabled
      • Lync AD Container
    • Exchange Servers
      • Organization/Administrative Group/Name/Roles/Site
      • Serial/Product ID
    • Lync
      • Element (Server/Pool)
      • Type (Internal/Edge/Backend/Pool)
      • Name/FQDN
  • Site Information
    • Summary
      • Site Name/Location/Domains/DCs/Subnets
    • Details
      • Site Name/Options/ISTG/Links/Bridgeheads/Adjacencies
    • Subnets
      • Subnet/Site Name/Location
    • Site Connections
      • Enabled/Options/From/To
    • Site Links*new*
      • Name/Replication Interval/Sites
  • Domain Information
    • Domains
      • Name/NetBIOS/Functional Level/Forest Root/RIDs Issued/RIDs Remaining *new*
    • Domain Password Policies
      • Name/NetBIOS/Lockout Threshold/Pass History Length/Max Pass Age/Min Pass Age/Min Pass Length
    • Domain Controllers
      • Domain/Site/Name/OS/Time/IP/GC/FSMO Roles
    • Domain Trusts
      • Domain/Trusted Domain/Direction/Attributes/Trust Type/Created/Modified
    • Domain DFS Shares
      • Domain/Name/DN/Remote Server
    • Domain DFSR Shares *new*
      • Domain/Name/Content/Remote Servers
    • AD Integrated DNS Zones
    • Group Policy Object Information

Domain Level Audit Report

  • Account Statistics (count) 1
    • Total User Accounts
    • Enabled
    • Disabled
    • Locked
    • Password Does Not Expire
    • Password Must Change
  • Account Statistics (count) 2
    • Password Not Required
    • Dial-in Enabled
    • Control Access WithNPS
    • Unconstrained Delegation
    • Not Trusted For Delegation
    • NoPre-AuthRequired
  • Group Statistics
    • Total Groups
    • Built-in
    • Universal Security
    • Universal Distribution
    • Global Security
    • Global Distribution
    • Domain Local Security
    • Domain Local Distribution
  • Privileged Group Statistics
    • DefaultPrivGroup Name
    • Current Group Name (if itwere changed)
    • Member Count
  • Privileged Group Membership for the following groups
    • Enterprise Admins
    • Schema Admins
    • Domain Admins
    • Administrators
    • Cert Publishers
    • Account Operators
    • Server Operators
    • Backup Operators
    • Print Operators
  • Account information for thepriorsections:
    • Logon ID
    • Name
    • Password Age (Days)
    • Last Logon Date
    • Password Does Not Expire
    • PasswordReversable
    • Password Not Required








Kaynak Kod: http://gallery.technet.microsoft.com/Active-Directory-Audit-7754a877