Hey everyone, Theron (aka T-) here, Senior Consultant with Microsoft Consulting Services (MCS) specializing in Active Directory.
I wrote a really basic script that will scour your domain and return some valuable information regarding its configuration. There are probably several things in the script that could be done differently and if I was to go through it again, I’d probably change them, but this was quickly thrown together over a year ago for me to fulfill a customer’s request.
The script is written in PowerShell and located here.
It performs the following:
– Writes outputs to the console.
– Also creates a transcript output in your Documents folder.
– Gets forest and domain information.
– Gets forest and domain functional levels.
– Gets domain creation date.
– Gets FSMO role holders.
– Gets AD schema version.
– Gets tombstone lifetime.
– Gets domain password policy.
– Gets AD backup information.
– Checks to see if AD Recycle Bin is enabled.
– Gets AD Sites and Subnets.
– Gets AD Site replication links.
– Gets AD trust information.
– Gets users and groups information.
– Number of users
– Number of groups
– Inactive accounts based on 30, 60, 90 days.
– Lists OUs with blocked inheritance.
– Lists unlinked GPOs.
– Lists duplicate SPNs.