## Script description
## Name
: ADReport.ps1
## Version : 0.2
## Date
: 2014-12-15
## Language : PowerShell cmd-lets
## License : Proprietary
## Owner
: Krzysztof Pytko (iSiek)
## Authors : Krzysztof Pytko (iSiek) <kpytko at go2 dot pl>
# Load PowerShell module for Active Directory
Import-Module ActiveDirectory
# Custom function to scan specified AD domain and collect data
function Get-DomainInfo($DomainName)
Write-Host ""
Write-Host -ForegroundColor white -BackgroundColor black "Collecting Act
ive Directory data..."
# Start of data collection for specified domain by function
$DomainInfo = Get-ADDomain $DomainName
# Variables definition
$domainSID = $DomainInfo.DomainSID
$domainDN = $DomainInfo.DistinguishedName
$domain = $DomainInfo.DNSRoot
$NetBIOS = $DomainInfo.NetBIOSName
$dfl = $DomainInfo.DomainMode
# Domain FSMO roles
$FSMOPDC = $DomainInfo.PDCEmulator
$FSMORID = $DomainInfo.RIDMaster
$FSMOInfrastructure = $DomainInfo.InfrastructureMaster
$DClist = $DomainInfo.ReplicaDirectoryServers
$RODCList = $DomainInfo.ReadOnlyReplicaDirectoryServers
$cmp_location = $DomainInfo.ComputersContainer
$usr_location = $DomainInfo.UsersContainer
$FGPPNo = "feature not supported"

# Get Domain Controller with at least Windows Server 2008 R2 OS

$DCListFiltered = Get-ADDomainController -Server $domain -Filter { opera
tingSystem -like "Windows Server 2008 R2*" -or operatingSystem -like "Windows Se
rver 2012*" -or operatingSystem -like "Windows Server Technical Preview" } | Se
lect * -ExpandProperty Name

$DCListFiltered | %{ $DCListFilteredIndex = $DCListFilteredIndex+1 }

# End of 2008R2 DC list
# if only one Windows Server 2008R2 Domain Controller exists
if ( $DCListFilteredIndex -eq 1 )
# Get information about Default Domain Password Policy
$pwdGPO = Get-ADDefaultDomainPasswordPolicy -Server $DCListFilte
# check DFL and get Fine-Grained Password Policies
if ( $dfl -like "Windows2008Domain" -or $dfl -like "Windows2008R
2Domain" -or $dfl -like "Windows2012Domain" -or $dfl -like "Windows2012R2Domain"
$FGPPNo = (Get-ADFineGrainedPasswordPolicy -Server $DCLi
stFiltered -Filter * | Measure-Object).Count
# End of Fine-Grained Password Policies section
# Get information about built-in domain Administrator account
$builtinAdmin = Get-ADuser -Identity $domainSID-500 -Server $DCL
istFiltered -Properties Name, LastLogonDate, PasswordLastSet, PasswordNeverExpir
es, whenCreated, Enabled

# Get total number of Domain Administrator group members

$domainAdminsNo = (Get-ADGroup -Identity $domainSID-512 -Server
$DCListFiltered | Get-ADGroupMember -Recursive | Measure-Object).Count
# End main IF section

# if there are more than one Windows Server 2008R2 Domain Controllers
# Get information about Default Domain Password Policy from the
first DC on the list
$pwdGPO = Get-ADDefaultDomainPasswordPolicy -Server $DCListFilte


# check DFL and get Fine-Grained Password Policies

if ( $dfl -like "Windows2008Domain" -or $dfl -like "Windows2008R
2Domain" -or $dfl -like "Windows2012Domain" -or $dfl -like "Windows2012R2Domain"
$FGPPNo = (Get-ADFineGrainedPasswordPolicy -Server $DCLi
stFiltered[0] -Filter * | Measure-Object).Count
# End of Fine-Grained Password Policies section

# Get information about built-in domain Administrator account

$builtinAdmin = Get-ADuser -Identity $domainSID-500 -Server $DCL
istFiltered[0] -Properties Name, LastLogonDate, PasswordLastSet, PasswordNeverEx
pires, whenCreated, Enabled

# Get total number of Domain Administrators group members

$domainAdminsNo = (Get-ADGroup -Identity $domainSID-512 -Server
$DCListFiltered[0] | Get-ADGroupMember -Recursive | Measure-Object).Count
# End main ELSE section
$usr_objectsNo = 0
$usr_active_objectsNo = 0
$usr_inactive_objectsNo = 0
$usr_locked_objectsNo = 0
$usr_pwdnotreq_objectsNo = 0
$usr_pwdnotexp_objectsNo = 0
$grp_objectsNo = 0
$grp_objects_localNo = 0
$grp_objects_universalNo = 0
$grp_objects_globalNo = 0
$cmp_objectsNo = 0
$cmp_os_2000 = 0
$cmp_os_xp = 0
$cmp_os_7 = 0
$cmp_os_8 = 0
$cmp_os_81 = 0
$cmp_srvos_2000 =
$cmp_srvos_2003 =
$cmp_srvos_2008 =
$cmp_srvos_2012 =

= 0

$cmp_srvos_2012r2 = 0
# Get information about Active Directory objects
$ou_objectsNo = (Get-ADOrganizationalUnit -Server $domain -Filter * | Me
$cmp_objects = Get-ADComputer -Server $domain -Filter * -Properties oper
$cmp_objectsNo = $cmp_objects.Count
$cmp_objects | %{ if ($_.operatingSystem
l*") { $cmp_os_2000 = $cmp_os_2000 + 1 } }
$cmp_objects | %{ if ($_.operatingSystem
xp = $cmp_os_xp + 1 } }
$cmp_objects | %{ if ($_.operatingSystem
= $cmp_os_7 + 1 } }
$cmp_objects | %{ if ($_.operatingSystem
8 = $cmp_os_8 + 1 } }
$cmp_objects | %{ if ($_.operatingSystem
_81 = $cmp_os_81 + 1 } }

-like "Windows 2000 Professiona

-like "Windows XP*") { $cmp_os_
-like "Windows 7*") { $cmp_os_7
-like "Windows 8 *") { $cmp_os_
-like "Windows 8.1*") { $cmp_os

$cmp_objects | %{ if ($_.operatingSystem -like "Windows 2000 Server*") {

$cmp_srvos_2000 = $cmp_srvos_2000 + 1 } }
$cmp_objects | %{ if ($_.operatingSystem -like "Windows Server 2003*") {
$cmp_srvos_2003 = $cmp_srvos_2003 + 1 } }
$cmp_objects | %{ if ( ($_.operatingSystem -like "Windows Server 2008*")
-and ($_.operatingSystem -notlike "Windows Server 2008 R2*") ) { $cmp_srvos_200
8 = $cmp_srvos_2008 + 1 } }
$cmp_objects | %{ if ($_.operatingSystem -like "Windows Server 2008 R2*"
) { $cmp_srvos_2008r2 = $cmp_srvos_2008r2 + 1 } }
$cmp_objects | %{ if ( ($_.operatingSystem -like "Windows Server 2012 *"
) -and ($_.operatingSystem -notlike "Windows Server 2012 R2*") ) { $cmp_srvos_20
12 = $cmp_srvos_2012 + 1 } }
$cmp_objects | %{ if ($_.operatingSystem -like "Windows Server 2012 R2*"
) { $cmp_srvos_2012r2 = $cmp_srvos_2012r2 + 1 } }
$grp_objects = Get-ADGroup -Server $domain -Filter * -Properties GroupSc
$grp_objectsNo = $grp_objects.Count
$grp_objects | %{ if ($_.GroupScope -eq "DomainLocal") { $grp_objects_lo
calNo = $grp_objects_localNo + 1 } }
$grp_objects | %{ if ($_.GroupScope -eq "Universal") { $grp_objects_univ
ersalNo = $grp_objects_universalNo + 1 } }
$grp_objects | %{ if ($_.GroupScope -eq "Global") { $grp_objects_globalN
o = $grp_objects_globalNo + 1 } }
$usr_objects = Get-ADUser -Server $domain -Filter * -Properties Enabled,
LockedOut, PasswordNeverExpires, PasswordNotRequired
$usr_objectsNo = $usr_objects.Count
$usr_objects | %{ if ($_.Enabled -eq $True) { $usr_active_objectsNo = $u
sr_active_objectsNo + 1 } }
$usr_objects | %{ if ($_.Enabled -eq $False) { $usr_inactive_objectsNo =
$usr_inactive_objectsNo + 1 } }
$usr_objects | %{ if ($_.LockedOut -eq $True) { $usr_locked_objectsNo =
$usr_locked_objectsNo + 1 } }
$usr_objects | %{ if ($_.PasswordNotRequired -eq $True) { $usr_pwdnotreq
_objectsNo = $usr_pwdnotreq_objectsNo + 1 } }
$usr_objects | %{ if ($_.PasswordNeverExpires -eq $True) { $usr_pwdnotex
p_objectsNo = $usr_pwdnotexp_objectsNo + 1 } }

# Display gathered domain details on the screen

Write-Host ""
Write-Host ""
Write-Host -ForegroundColor yellow -BackgroundColor black "Current domai
n details:"
Write-Host ""
Write-Host "DNS domain name"
Write-Host -ForegroundColor green $domain
Write-Host ""
Write-Host "NetBIOS domain name"
Write-Host -ForegroundColor green $NetBIOS
Write-Host ""

# Check and display DFL

Write-Host "Domain Functional Level"
switch ($dfl)
Windows2000Domain { Write-Host -ForegroundColor green "Windows 2
000 native" }
Windows2003Domain { Write-Host -ForegroundColor green "Windows S
erver 2003" }
Windows2008Domain { Write-Host -ForegroundColor green "Windows S
erver 2008" }
Windows2008R2Domain { Write-Host -ForegroundColor green "Windows
Server 2008 R2" }
Windows2012Domain { Write-Host -ForegroundColor green "Windows S
erver 2012" }
Windows2012R2Domain { Write-Host -ForegroundColor green "Windows
Server 2012 R2" }
default { Write-Host -ForegroundColor red "Unknown Domain Functi
onal Level:"$dfl }
Write-Host ""
# End DFL section

# SYSVOL replication method

Write-Host "SYSVOL replication method"
$FRSsysvol = "CN=Domain System Volume (SYSVOL share),CN=File Replication
Service,CN=System,"+(Get-ADDomain $domain).DistinguishedName
$DFSRsysvol = "CN=Domain System Volume,CN=DFSR-GlobalSettings,CN=System,
"+(Get-ADDomain $domain).DistinguishedName

$frs = Get-ADObject -Filter { distinguishedName -eq $FRSsysvol }

$dfsr = Get-ADObject -Filter { distinguishedName -eq $DFSRsysvol }
if ( $frs -ne $nul ) { Write-Host -ForegroundColor red "FRS" }
elseif ( $dfsr -ne $nul ) { Write-Host -ForegroundColor green "DFS-R
" }
else { Write-Host -ForegroundColor Red "unknown" }
Write-Host ""
# End of SYSVOL replication section

# List of Domain Controllers

Write-Host "List of Domain Controllers"
$DCList | Sort | %{ Write-Host -ForegroundColor green $_.TrimEnd($domain
).toUpper() }
Write-Host ""
Write-Host "List of Read-Only Domain Controllers"
if ( $RODCList.Count -ne 0 )
$RODCList | %{ Write-Host -ForegroundColor green $_.TrimEnd($dom
ain).toUpper() }
Write-Host -ForegroundColor green "(none)"
Write-Host ""
# End of Domain Controllers list section

# Global Catalogs in a domain

Write-Host "Global Catalog servers in the domain"
$ForestGC | Sort | %{ if ( $_ -match $DomainName -and ((( $_ -replace $D
omainName ) -split "\.").Count -eq 2 ))
Write-Host -ForegroundColor green ($_.TrimEnd($domain).toUpper()
) }

Write-Host ""
# End of Global Catalogs section

# Display information about domain objects

# Domain computer objects location
Write-Host "Default domain computer objects location"
if ($cmp_location.Contains("CN=Computers"))
Write-Host -ForegroundColor green $cmp_location -NoNewLine
Write-Host -ForegroundColor yellow " (not redirected)"
Write-Host -ForegroundColor green $cmp_location -NoNewLine
Write-Host -ForegroundColor red " (redirected)"
Write-Host ""
# End of domain computer objects location
# Domain user objects location
Write-Host "Default domain user objects location"
if ($usr_location.Contains("CN=Users"))
Write-Host -ForegroundColor green $usr_location -NoNewLine
Write-Host -ForegroundColor yellow " (not redirected)"
Write-Host -ForegroundColor green $usr_location -NoNewLine
Write-Host -ForegroundColor red " (redirected)"
Write-Host ""
# End of domain user objects location

# Check if orphaned objects exist

Write-Host ""
Write-Host -ForegroundColor Yellow -BackgroundColor Black "Domain object
s statistic:"
Write-Host ""
$orphaned = Get-ADObject -Filter * -SearchBase "cn=LostAndFound,$($domai
nDN)" -SearchScope OneLevel | Measure-Object
if ($orphaned.Count -ne 0)
Write-Host -ForegroundColor Red "$($orphaned.Count) orphaned obj
ects have been found!"
Write-Host -ForegroundColor Green "No orphaned objects have been
# End of orphaned objects check

# Check if lingering objects or conflict replication objects exist

$lingConfRepl = Get-ADObject -LDAPFilter "(cn=*\0ACNF:*)" -SearchBase $d
omainDN -SearchScope SubTree | Measure-Object
if ($lingConfRepl.Count -ne 0)
Write-Host -ForegroundColor Red "$($lingConfRepl.Count) lingerin
g or replication conflict objects have been found!"
Write-Host -ForegroundColor Green "No lingering or replication c
onflict objects have been found"
Write-Host ""
Write-Host ""

# End of lingering objects check

# Total number of Organizational Units
Write-Host "Total number of Organizational Unit objects : " -NoNewLine
Write-Host -ForegroundColor green $ou_objectsNo
Write-Host ""
Write-Host "Total number of computer objects : " -NoNewLine
Write-Host -ForegroundColor green $cmp_objectsNo
Write-Host ""

" Client systems"

-ForegroundColor yellow " Windows 2000

: "

-ForegroundColor green $cmp_os_2000

-ForegroundColor yellow " Windows XP

: "

-ForegroundColor green $cmp_os_xp

-ForegroundColor yellow " Windows 7

: "

-ForegroundColor green $cmp_os_7

-ForegroundColor yellow " Windows 8

: "

-ForegroundColor green $cmp_os_8

-ForegroundColor yellow " Windows 8.1

: "

-ForegroundColor green $cmp_os_81

Write-Host ""

" Server systems"

-ForegroundColor yellow " Windows 2000 Server

: "

-ForegroundColor green $cmp_srvos_2000

-ForegroundColor yellow " Windows Server 2003

: "

-ForegroundColor green $cmp_srvos_2003

-ForegroundColor yellow " Windows Server 2008

: "

-ForegroundColor green $cmp_srvos_2008

-ForegroundColor yellow " Windows Server 2008R2

: "

-ForegroundColor green $cmp_srvos_2008r2

-ForegroundColor yellow " Windows Server 2012

: "

-ForegroundColor green $cmp_srvos_2012

-ForegroundColor yellow " Windows Server 2012R2

: "

-ForegroundColor green $cmp_srvos_2012r2

Write-Host ""
# End of total OUs number
# Total number of domain users
Write-Host ""

Write-Host "Total number of user objects : " -NoNewLine

Write-Host -ForegroundColor green $usr_objectsNo
Write-host -ForegroundColor yellow " Active

: " -N

Write-Host -ForegroundColor green $usr_active_objectsNo
Write-host -ForegroundColor yellow " Inactive

: " -N

Write-Host -ForegroundColor green $usr_inactive_objectsNo
Write-host -ForegroundColor yellow " Locked out

: " -N

Write-Host -ForegroundColor green $usr_locked_objectsNo
Write-host -ForegroundColor yellow " Password not required

: " -N

Write-Host -ForegroundColor green $usr_pwdnotreq_objectsNo
Write-host -ForegroundColor yellow " Password never expires

: " -N

Write-Host -ForegroundColor green $usr_pwdnotexp_objectsNo
Write-Host ""
# End of total domain users number
# Total number of domain groups
Write-Host "Total number of group objects : " -NoNewLine
Write-Host -ForegroundColor green $grp_objectsNo
Write-Host -ForegroundColor yellow " Global

: " -N

Write-Host -ForegroundColor green $grp_objects_globalNo
Write-Host -ForegroundColor yellow " Universal

: " -N

Write-Host -ForegroundColor green $grp_objects_universalNo
Write-Host -ForegroundColor yellow " Domain Local
Write-Host -ForegroundColor green $grp_objects_localNo
Write-Host ""
# End of total domain groups number

# Total number of domain administrators

Write-Host ""
Write-Host "Total number of Domain Administrators: " -NoNewline
if ( $domainAdminsNo -ge 1 -and $domainAdminsNo -le 5 )
Write-Host -ForegroundColor green $domainAdminsNo
Write-Host -ForegroundColor red $domainAdminsNo

: " -N

Write-Host ""
Write-Host ""
# End of total domain administrators number

# Details about built-in domain Administrator account

Write-Host -ForegroundColor yellow -BackgroundColor black "Built-in Doma
in Administrator account details:"
Write-Host ""
Write-Host "Account name: " -NoNewline
Write-Host -ForegroundColor green $builtinAdmin.Name
Write-Host "Account status: " -NoNewline
if ( $builtinAdmin.Enabled )
Write-Host -ForegroundColor red "enabled"
Write-Host -ForegroundColor green "disabled"
Write-Host "Password never expires: " -NoNewline
if ( $builtinAdmin.PasswordNeverExpires )
Write-Host -ForegroundColor red "yes"
Write-Host -ForegroundColor green "no"
Write-Host ""
Write-Host "Promoted to domain account"
Write-Host -ForegroundColor green $builtinAdmin.whenCreated
Write-Host ""

Write-Host "Last password change"

Write-Host -ForegroundColor green $builtinAdmin.PasswordLastSet
Write-Host ""
Write-Host "Last logon date"
Write-Host -ForegroundColor green $builtinAdmin.LastLogonDate
Write-Host ""
Write-Host ""
# End of domain objects information section

# FSMO roles for domain

Write-Host -ForegroundColor yellow -BackgroundColor black "FSMO roles de
Write-Host ""
Write-Host "PDC Emulator master"
Write-Host -ForegroundColor green $FSMOPDC.toUpper()
Write-Host ""
Write-Host "RID master"
Write-Host -ForegroundColor green $FSMORID.toUpper()
Write-Host ""
Write-Host "Infrastructure master"
Write-Host -ForegroundColor green $FSMOInfrastructure.toUpper()
Write-Host ""
# End of domain FSMO section

# Check default domain policy existance

$gpoDefaultDomain = Get-ADObject -Server $domain -LDAPFilter "(&(objectC
$gpoDefaultDomainController = Get-ADObject -Server $domain -LDAPFilter "
Write-Host -ForegroundColor yellow -BackgroundColor black "Default Domai
n policies check:"
Write-Host ""
if ($gpoDefaultDomain -ne $nul)
Write-Host "Default Domain policy
Write-Host -ForegroundColor Green "exists"

: " -NoNewLine

Write-Host -ForegroundColor Red "does not exist"
if ($gpoDefaultDomainController -ne $nul)
Write-Host "Default Domain Controllers policy : " -NoNewLine
Write-Host -ForegroundColor Green "exists"
Write-Host -ForegroundColor Red "does not exist"
Write-Host ""
# End of default domain policies check

# Default Domain Password Policy details

Write-Host -ForegroundColor yellow -BackgroundColor black "Default Domai
n Password Policy details:"
Write-Host ""

"Minimum password age: " -NoNewLine

-ForegroundColor green $pwdGPO.MinPasswordAge.days "day(s)"
"Maximum password age: " -NoNewLine
-ForegroundColor green $pwdGPO.MaxPasswordAge.days "day(s)"
"Minimum password length: " -NoNewline
-ForegroundColor green $pwdGpo.MinPasswordLength "character(s

Write-Host "Password history count: " -NoNewLine
Write-Host -ForegroundColor green $pwdGPO.PasswordHistoryCount "unique p
Write-Host "Password must meet complexity: " -NoNewLine
if ( $pwdGPO.ComplexityEnabled )
Write-Host -ForegroundColor green "yes"

Write-Host -ForegroundColor red "no"
Write-Host "Password uses reversible encryption: " -NoNewLine
if ( $pwdGPO.ReversibleEncryptionEnabled )
Write-Host -ForegroundColor red "yes"
Write-Host -ForegroundColor green "no"
Write-Host ""
Write-Host "Account lockout treshold: " -NoNewLine
if ($pwdGPO.LockoutThreshold -eq 0 )
Write-Host -ForegroundColor red "Account never locks out"
Write-Host -ForegroundColor green $pwdGPO.LockoutThreshold "inva
lid logon attempts"
Write-Host "Account lockout duration time: " -NoNewline
if ( $pwdGPO.LockoutDuration.days -eq 0 -and $pwdGPO.LockoutDura
tion.hours -eq 0 -and $pwdGPO.LockoutDuration.minutes -eq 0 )
Write-Host -ForegroundColor red "Password may be unlocke
d by an administrator only"
Write-Host -ForegroundColor yellow $pwdGPO.LockoutDurati
on.days "day(s)"$pwdGPO.LockoutDuration.hours "hour(s)"$pwdGPO.LockoutDuration.m

inutes "min(s)"
Write-Host "Account lockout counter resets after: " -NoN
Write-Host -ForegroundColor yellow $pwdGPO.LockoutObserv
ationWindow.days "day(s)"$pwdGPO.LockoutObservationWindow.hours "hour(s)"$pwdGPO
.LockoutObservationWindow.minutes "min(s)"
# End of Default Domain Password Policy details

# Display total number of Fine-Grained Password Policies

Write-Host ""
Write-Host "Fine-Grained Password Policies: " -NoNewline
Write-Host -ForegroundColor green $FGPPNo
Write-Host ""
# End of custom Get-DomainInfo function

# Main script section

Write-Host -ForegroundColor white -BackgroundColor black "Collecting Active
Directory data..."
# Checking if PowerShell script was executed with a parameter
if ( $args.Length -gt 0 )
# Collecting information about specified Forest configuration
$ForestInfo=Get-ADForest $args[0]
# Collecting information about current Forest configuration
# End of parameter check

# Forest variables definition

$forestDomainSID = Get-ADDomain (Get-ADForest).Name | Select domainSID
$ADRecBinSupport="feature not supported"
if ( $ffl -like "Windows2008R2Forest" -or $ffl -like "Windows2012Forest" -or
$ffl -like "Windows2012R2Forest" )
$ADRecBin=(Get-ADOptionalFeature -Server $forest -Identity 766ddcd8acd0-445e-f3b9-a7f9b6744f2a).EnabledScopes | Measure-Object
if ( $ADRecBin.Count -ne 0 )
# End of forest variables section

# Define Schema partition variables

$SchemaPartition = $ForestInfo.PartitionsContainer.Replace("CN=Partitions","
$SchemaVersion = Get-ADObject -Server $forest -Identity $SchemaPartition -Pr
operties * | Select objectVersion
# End of Schema partition variables definition
$forestDN = $ForestInfo.PartitionsContainer.Replace("CN=Partitions,CN=Config

$configPartition = $ForestInfo.PartitionsContainer.Replace("CN=Partitions,",

# Display collected data

Write-Host -ForegroundColor white -BackgroundColor black "Active Directory r
eport v0.2 by Krzysztof Pytko (iSiek)"
Write-Host ""
Write-Host ""
# Display information about Forest
Write-Host -ForegroundColor yellow -BackgroundColor black "Forest details:"
Write-Host ""
Write-Host "Forest name"
Write-Host -ForegroundColor green $forest
Write-Host ""

# Determine and display schema version

Write-Host "Active Directory schema version"
switch ($SchemaVersion.objectVersion)
13 { Write-Host -ForegroundColor green $SchemaVersion.objectVersion
"- Windows 2000 Server" }
30 { Write-Host -ForegroundColor green $SchemaVersion.objectVersion
"- Windows Server 2003" }
31 { Write-Host -ForegroundColor green $SchemaVersion.objectVersion
"- Windows Server 2003 R2" }
44 { Write-Host -ForegroundColor green $SchemaVersion.objectVersion
"- Windows Server 2008" }
47 { Write-Host -ForegroundColor green $SchemaVersion.objectVersion
"- Windows Server 2008 R2" }
51 { Write-Host -ForegroundColor green $SchemaVersion.objectVersion
"- Windows Server 8 Developers Preview" }
52 { Write-Host -ForegroundColor green $SchemaVersion.objectVersion
"- Windows Server 8 Beta" }
56 { Write-Host -ForegroundColor green $SchemaVersion.objectVersion
"- Windows Server 2012" }
69 { Write-Host -ForegroundColor green $SchemaVersion.objectVersion
"- Windows Server 2012 R2" }
72 { Write-Host -ForegroundColor green $SchemaVersion.objectVersion
"- Windows Server Technical Preview" }
default { Write-Host -ForegroundColor red "unknown - "$SchemaVersion
.objectVersion }
Write-Host ""

# End of schema version section

# Determine and display Exchange version

Write-Host "Microsoft Exchange version"
$ExchangeSystemObjects = Get-ADObject -Server $forest -LDAPFilter "(&(object
Class=container)(name=Microsoft Exchange System Objects))" -SearchBase $forestDN
-Properties objectVersion
$ExchangeSchemaVersion = Get-ADObject -Server $forest -LDAPFilter "(&(object
Class=attributeSchema)(name=ms-Exch-Schema-Version-Pt))" -SearchBase $SchemaPart
ition -Properties rangeUpper
$ExchangeSchema = $ExchangeSystemObjects.objectVersion + $ExchangeSchemaVers
if ($ExchangeSchemaVersion -ne $nul)
switch ($ExchangeSchema)
13806 { Write-Host -ForegroundColor green "Exchange Server
2003" }
21265 { Write-Host -ForegroundColor green "Exchange Server 2
007" }
22337 { Write-Host -ForegroundColor green "Exchange
007 Service Pack 1" }
25843 { Write-Host -ForegroundColor green "Exchange
007 Service Pack 2" }
25846 { Write-Host -ForegroundColor green "Exchange
007 Service Pack 3" }
27261 { Write-Host -ForegroundColor green "Exchange
010" }
27766 { Write-Host -ForegroundColor green "Exchange
010 Service Pack 1" }
27772 { Write-Host -ForegroundColor green "Exchange
010 Service Pack 2" }
27774 { Write-Host -ForegroundColor green "Exchange
010 Service Pack 3" }
28373 { Write-Host -ForegroundColor green "Exchange
013" }
28490 { Write-Host -ForegroundColor green "Exchange
013 Cumulative Update 1" }
28517 { Write-Host -ForegroundColor green "Exchange
013 Cumulative Update 2" }
28519 { Write-Host -ForegroundColor green "Exchange
013 Cumulative Update 3" }
28528 { Write-Host -ForegroundColor green "Exchange
013 Cumulative Update 4 - Service Pack 1" }
28536 { Write-Host -ForegroundColor green "Exchange
013 Cumulative Update 5" }
28539 { Write-Host -ForegroundColor green "Exchange
013 Cumulative Update 6" }
default { Write-Host -ForegroundColor red "unknown
angeSchemaVersion.rangeUpper }

Server 2
Server 2
Server 2
Server 2
Server 2
Server 2
Server 2
Server 2
Server 2
Server 2
Server 2
Server 2
Server 2
Server 2
- "$Exch

$ExchOrganization = (Get-ADObject -Server $forest -Identity "cn=Micr
osoft Exchange,cn=Services,$configPartition" -Properties templateRoots).template
$ExchOrgName = (Get-ADObject -Server $forest -Identity $($ExchOrgani
zation -Replace "cn=Addressing," , "") -Properties name).name
Write-Host ""
Write-Host "Microsoft Exchange Organization name"
Write-Host -ForegroundColor Green $ExchOrgName
} #end if
Write-Host -ForegroundColor green "(not present)"
Write-Host ""
# End of Exchange version

# Determine and display Lync version

Write-Host "Microsoft Lync server version"
$LyncSchemaVersion = Get-ADObject -Server $forest -LDAPFilter "(&(objectClas
s=attributeSchema)(name=ms-RTC-SIP-SchemaVersion))" -SearchBase $SchemaPartition
-Properties rangeUpper
if ($LyncSchemaVersion -ne $nul)
switch ($LyncSchemaVersion.rangeUpper)
1006 { Write-Host -ForegroundColor green "Live Communication
s Server 2005" }
1007 { Write-Host -ForegroundColor green "Office Communicati
ons Server 2007 Release 1" }
1008 { Write-Host -ForegroundColor green "Office Communicati
ons Server 2007 Release 2" }
1100 { Write-Host -ForegroundColor green "Lync Server 2010"
1150 { Write-Host -ForegroundColor green "Lync Server 2013"
default { Write-Host -ForegroundColor red "unknown - "$Lync
SchemaVersion.rangeUpper }
}# end if

Write-Host -ForegroundColor green "(not present)"
Write-Host ""
# End of Lync version

# Determine and display FFL

Write-Host "Forest Functional Level"
switch ($ffl)
Windows2000Forest { Write-Host -ForegroundColor green "Windows 2000"
Windows2003Forest { Write-Host -ForegroundColor green "Windows Serve
r 2003" }
Windows2008Forest { Write-Host -ForegroundColor green "Windows Serve
r 2008" }
Windows2008R2Forest { Write-Host -ForegroundColor green "Windows Ser
ver 2008 R2" }
Windows2012Forest { Write-Host -ForegroundColor green "Windows Serve
r 2012" }
Windows2012R2Forest { Write-Host -ForegroundColor green "Windows Ser
ver 2012 R2" }
default { Write-Host -ForegroundColor red "Unknown Forest Functional
Level:"$ffl }
Write-Host ""
# End of FFL section

# Forest tombstoneLifetime
$tombstoneLifetime = (Get-ADobject -Server $forest -Identity "cn=Directory S
ervice,cn=Windows NT,cn=Services,$configPartition" -Properties tombstoneLifetime
Write-Host "Tombstone lifetime"
if ($tombstoneLifetime -ne $nul)
Write-Host -ForegroundColor Green $tombstoneLifetime" day(s)"

Write-Host -ForegroundColor Green "60 days (default setting)"

Write-Host ""
# End of forest tombstoneLifetime

# AD Recycle Bin support

Write-Host "Active Directory Recycle Bin"
Write-Host -ForegroundColor green $ADRecBinSupport
Write-Host ""
# End of AD Recycle Bin section

# List of all Domains in a Forest

Write-Host "Domains in this forest"
$allDomains | Sort | %{ Write-Host -ForegroundColor green $_ }
Write-Host ""
# End of list section

# Trusts enumeration
Write-Host "List of trusts"
$ADTrusts = Get-ADObject -Server $forest -Filter { objectClass -eq "trustedD
omain" } -Properties CanonicalName,trustDirection
if ($ADTrusts.Count -gt 0)
foreach ($Trust in $ADTrusts)
switch ($Trust.trustDirection)
3 { $trustInfo=($Trust.CanonicalName).Replace("/Syst
em/"," <===> ") }
2 { $trustInfo=($Trust.CanonicalName).Replace("/Syst
em/"," <---- ") }
1 { $trustInfo=($Trust.CanonicalName).Replace("/Syst
em/"," ----> ") }

Write-Host -ForegroundColor green $trustInfo

Write-Host -ForegroundColor green "(none)"
Write-Host ""
# End of trusts list

# List of all partitions in a forest

$partitions = Get-ADObject -Server $forest -Filter * -SearchBase $ForestInfo
.PartitionsContainer -SearchScope OneLevel -Properties name,nCName,msDS-NC-Repli
ca-Locations | Select name,nCName,msDS-NC-Replica-Locations | Sort-Object name
Write-Host "List of all partitions"
Write-Host ""
foreach ($part in $partitions)
Write-Host -BackgroundColor Yellow -ForegroundColor Black $
Write-Host -ForegroundColor Green $part.nCName
Write-Host ""
$DNSServers = $part."msDS-NC-Replica-Locations" | Sort-Object
# If any DNS server holds partition
if ($DNSServers -ne $nul)
Write-Host -ForegroundColor Yellow "DNS servers"
# Get DNS Servers for selected partition
foreach ($DNSServer in $DNSServers)
Write-Host ( ($DNSServer -Split ",")[1] -Replace "CN

# End of DNS servers list for selected partition

# End IF section for DNS servers
Write-Host ""
Write-Host ""
Write-Host ""
# End of list of all partitions in a forest
Write-Host "Sites and Subnets information"
Write-Host ""

# Sites enumeration
$ConfigurationPart = ($ForestInfo.PartitionsContainer -Replace "CN=Partition
$AllSites = Get-ADObject -Server $forest -Filter { objectClass -eq "site" }
-SearchBase $ConfigurationPart -Properties *
# Loop for Sites and Subnets
foreach ( $Site in $AllSites )
Write-Host -ForegroundColor black -BackgroundColor yellow "Site:"$Si
Write-Host -ForegroundColor yellow "Server(s) in site:"
$ServersInSite = Get-ADObject -Server $forest -Filter { objectClass
-eq "server" } -SearchBase $Site.distinguishedName -SearchScope Subtree -Propert
ies Name | Select Name | Sort-Object Name
# Loop for Domain Controller details
foreach ($Server in $ServersInSite)
# If any DC is in Site
if ( $Server -ne $nul )
$dcDetails = Get-ADDomainController $Server.Name
$dcDN = $dcDetails.ComputerObjectDN -Replace $dcDeta
$dcDN = $dcDN -Replace "CN=,",""
$dcFRS = "CN=Domain System Volume (SYSVOL share),CN=

NTFRS Subscriptions,$($dcdetails.computerobjectdn)"
$dcDFSR = "CN=SYSVOL Subscription,CN=Domain System V
$dcFRSinfo = Get-ADObject -Filter { distinguishedNam
e -eq $dcFRS } -Properties fRSRootPath
$dcDFSRinfo = Get-ADObject -Filter { distinguishedNa
me -eq $dcDFSR } -Properties msDFSR-RootPath, msDFSR-RootSizeInMb

# Display Domain Controller details

Write-Host -ForegroundColor green "$($Server.Name) (
Write-Host "IP address (v4)

: "$dcDetails.ipv4add

# IPv6 address
if ($dcDetails.ipv6address -ne $nul)
Write-Host "IP address (v6)

: "$dcDetails

Write-Host "IP address (v6)

: (none)"


# End of IPv6 address section

# Operating system type and its service pack level

Write-Host "OS type
: "$dcDetails.operati
if ($dcDetails.operatingSystemServicePack -ne $nul)
Write-Host "Service Pack

: "$dcDetails

# End of operating system and service pack level sec

# SYSVOL replication method on DC

# SYSVOL FRS section
if ($dcFRSinfo -ne $nul)

Write-Host "SYSVOL replication : FRS"
Write-Host "SYSVOL location
: "$dcFRSinfo
# End of SYSVOL FRS section

# SYSVOL DFS-R section

if ($dcDFSRinfo -ne $nul)
Write-Host "SYSVOL replication : DFS-R"
Write-Host "SYSVOL location
: "$dcDFSRinf
# SYSVOL size
if ($dcDFSRinfo."msDFSR-RootSizeInMb" -ne $n
Write-Host "SYSVOL quota

: "$d

Write-Host "SYSVOL quota

: 4G

B (default setting)"
# End of SYSVOL size
# End of SYSVOL DFS-R section
# End of section where DC is in Site
# If no DC in Site
Write-Host -ForegroundColor green "(none)"
# End of section where no DC in Site

Write-Host ""
} # End of sub foreach for Domain Controllers details

# List Subnets for selected Site

$subnets = $Site.siteObjectBL
Write-Host -ForegroundColor yellow "Subnets:"
# If any Subnet assigned
if ( $subnets -ne $nul )
# List all Subnets for selected Site
foreach ($subnet in $subnets)
$SubnetSplit = $Subnet.Split(",")
Write-Host $SubnetSplit[0].Replace("CN=","")
# End of listing Subnets
# End of existing Subnets section
# If no Subnets in Site
Write-Host -ForegroundColor green "(none)"
# End of no Subnets section

# End of listing Subnets

Write-Host ""
Write-Host ""
} # End of main foreach for Sites and Subnets
# End of Sites section

# Site Links enumeration

Write-Host -ForegroundColor yellow -BackgroundColor black "Site link(s) info

Write-Host ""
$siteLinks = Get-ADObject -Server $forest -Filter { objectClass -eq "siteLin
k" } -SearchBase $ConfigurationPart -Properties name, cost, replInterval, siteLi
st | Sort-Object replInterval
foreach ($link in $siteLinks)

"Site link name

: " -NoNewLine
-ForegroundColor green $
"Replication cost
: " -NoNewLine
-ForegroundColor green $link.cost
"Replication interval : " -NoNewLine
-ForegroundColor green $link.replInterval" minutes"
"Sites included
: " -NoNewLine

foreach ($linkList in $link.siteList)

$siteName = Get-ADObject -Identity $linkList -Properties Nam
Write-Host -ForegroundColor green $"; " -NoNewL
Write-Host ""
Write-Host ""
Write-Host ""
Write-Host ""
# End of Site Links section

# Get Global Catalogs in the forest

Write-Host "Global Catalog servers in the forest"
$ForestGC | Sort | %{ Write-Host -ForegroundColor green $_.toUpper() }
Write-Host ""
# End of Global Catalogs section

# Display additional suffixes

Write-Host "Additional UPN suffixes"
if ( $UPNSuffix.Count -ne 0 )
$UPNsuffix | Sort | %{ Write-Host -ForegroundColor green $_ }
Write-Host -ForegroundColor green "(none)"
Write-Host ""
Write-Host ""
# End of suffixes section

# Forest FSMO roles display

Write-Host -ForegroundColor yellow -BackgroundColor black "FSMO roles detail
Write-Host ""
Write-Host "Schema master"
Write-Host -ForegroundColor green $FSMOSchema.toUpper()
Write-Host ""
Write-Host "Domain Naming master"
Write-Host -ForegroundColor green $FSMODomainNaming.toUpper()
Write-Host ""
Write-Host ""
# End of Forest FSMO section

# Forest wide groups members

Write-Host -ForegroundColor yellow -BackgroundColor black "Forest wide group
s details:"
Write-Host ""
# Schema Administrators
$schemaGroupID = ((Get-ADDomain(Get-ADForest).name).domainSID).value+"-518"
$schemaAdminsNo = Get-ADGroup -Server $forest -Identity $schemaGroupID | Get
-ADGroupMember -Recursive
if ($schemaAdminsNo.Count -eq 2)

Write-Host "Total number of Schema Administrators

: " -NoNewLine
Write-Host -ForegroundColor Green $schemaAdminsNo.Count
Write-Host "Total number of Schema Administrators
: " -NoNewLine
Write-Host -ForegroundColor Red $schemaAdminsNo.Count
# Enterprise Admins
$entGroupID = ((Get-ADDomain(Get-ADForest).name).domainSID).value+"-519"
$enterpriseAdminsNo = Get-ADGroup -Server $forest -Identity $entGroupID | Ge
t-ADGroupMember -Recursive
if ($enterpriseAdminsNo.Count -eq 1)
Write-Host "Total number of Enterprise Administrators : " -NoNewLine
Write-Host -ForegroundColor Green $enterpriseAdminsNo.Count
Write-Host "Total number of Enterprise Administrators : " -NoNewLine
Write-Host -ForegroundColor Red $enterpriseAdminsNo.Count
Write-Host ""
# End of forest wide groups members

# Custom Get-DomainInfo function executed for every domain in the forest

$allDomains | Sort | %{ Get-DomainInfo ($_) }
# End of loop
Write-Host ""
Write-Host ""
Write-Host -ForegroundColor white -BackgroundColor black "The end of Active
Directory report"
Write-Host ""
Write-Host ""
# End of data display

