官术网_书友最值得收藏!

首頁(yè) >

Windows Server 2019 Automation with PowerShell Cookbook

Reporting on AD users

Managing the Active Directory is an important albeit time-consuming task. Discovering a user account that has not been used for a reasonable period or a user that has membership in a privileged account (for example, enterprise administrators) could represent security risks to the organization. Regular reporting can help to place a focus on accounts that could be usefully de-activated. That could mean the account being removed from a security group or removed altogether.

This recipe creates a report of users, computers, and privileged group membership and displays this report on the console.

Getting ready

This recipe, which you run on DC1, reports on users with possible issues: a user hasn't logged on for a while, has made a lot of bad password attempts, or a user is in a privileged group inappropriately.

How to do it...

  1. Define the Get-ReskitUser function: 
    Function Get-ReskitUser {
# Get PDC Emulator DC
$PrimaryDC = Get-ADDomainController -Discover -Service PrimaryDC
# Get Users
$ADUsers = Get-ADUser -Filter * -Properties * -Server $PrimaryDC
# Iterate through them and create $Userinfo hash table:
Foreach ($ADUser in $ADUsers) {
  # Create a userinfo HT
  $UserInfo = [Ordered] @{}
  $UserInfo.SamAccountname = $ADUser.SamAccountName
  $Userinfo.DisplayName    = $ADUser.DisplayName
  $UserInfo.Office         = $ADUser.Office
  $Userinfo.Enabled        = $ADUser.Enabled
  $userinfo.LastLogonDate  = $ADUser.LastLogonDate
  $UserInfo.ProfilePath    = $ADUser.ProfilePath
  $Userinfo.ScriptPath     = $ADUser.ScriptPath
  $UserInfo.BadPWDCount    = $ADUser.badPwdCount
  New-Object -TypeName PSObject -Property $UserInfo
  }
} # end of function
  2. Get the users in the Reskit.Org domain: 
    $RKUsers = Get-ReskitUser
# Build the report header:
$RKReport = ''
$RkReport += "*** Reskit.Org AD Report`n"
$RKReport += "*** Generated [$(Get-Date)]`n"
$RKReport += "*******************************`n`n"
  3. Report on the disabled users: 
    $RkReport += "*** Disabled Users`n"
$RKReport += $RKUsers |
  Where-Object {$_.Enabled -NE $true} |
    Format-Table -Property SamAccountName, Displayname |
     Out-String
  4. Report on the users who have not recently logged on: 
    $OneWeekAgo = (Get-Date).AddDays(-7)
$RKReport += "`n*** Users Not logged in since $OneWeekAgo`n"
$RkReport += $RKUsers |
  Where-Object {$_.Enabled -and $_.LastLogonDate -le $OneWeekAgo} |
  Sort-Object -Property LastlogonDate |
    Format-Table -Property SamAccountName,lastlogondate |
     Out-String
  5. Users with high invalid password attempts: 
    $RKReport += "`n*** High Number of Bad Password Attempts`n"
$RKReport += $RKUsers | Where-Object BadPwdCount -ge 5 |
  Format-Table -Property SamAccountName, BadPwdCount |
    Out-String
  6. Add another report header line for this part of the report and create an empty array of privileged users: 
    $RKReport += "`n*** Privileged  User Report`n"
$PUsers = @()
  7. Query the enterprise admins/domain admins/schema admins groups for members and add to the $Pusers array: 
    # Get Enterprise Admins group members
$Members = 
  Get-ADGroupMember -Identity 'Enterprise Admins' -Recursive |
    Sort-Object -Property Name
$PUsers += foreach ($Member in $Members) {
  Get-ADUser -Identity $Member.SID -Properties * |
    Select-Object -Property Name,
      @{Name='Group';expression={'Enterprise Admins'}},
        whenCreated,LastlogonDate
}
# Get Domain Admins group members
$Members = 
  Get-ADGroupMember -Identity 'Domain Admins' -Recursive |
    Sort-Object -Property Name
$PUsers += Foreach ($Member in $Members)
  {Get-ADUser -Identity $member.SID -Properties * |
    Select-Object -Property Name,
      @{Name='Group';expression={'Domain Admins'}},
       WhenCreated, Lastlogondate,SamAccountName
}
# Get Schema Admins members
$Members = 
  Get-ADGroupMember -Identity 'Schema Admins' -Recursive |
    Sort-Object Name
$PUsers += Foreach ($Member in $Members) {
  Get-ADUser -Identity $member.SID -Properties * |
    Select-Object -Property Name,
      @{Name='Group';expression={'Schema Admins'}},  
       WhenCreated, Lastlogondate,SamAccountName
}
  8. Add the special users to the report: 
    $RKReport += $PUsers | Out-String
  9. Display the report to the console: 
    $RKReport

How it works...

This report writing recipe begins with step 1 defining a function that returns some of the key properties of users in the Reskit.Org domain. In step 2, you invoke the function to return an array of all the users defined in the domain. These two steps produce no output.

In step 2 through step 9, you build parts of the overall report and add it to the $RKReport variable. These steps also produce no output.

In step 10, you display the report to the console, which looks like this:

There's more...

In this recipe, you create the report and display it to the console. There are some things you could do that might increase the value of this recipe:

  • Save the recipe as a script, then set up a scheduled task to invoke it every day
  • Create an SMB share on the DC and save each report to that folder or email it to a mail-enabled group
  • Automatically disable any account that has not been in use for, say, 30 days, sending mail to the user's manager letting them know
  • Create a list of users authorized to be in the high-privilege groups and ensure the group contains only those members
  • Adjust the recipe to output HTML to improve the readability and usability of the report

This recipe calls Get-ADUser several times in step 7, returning all properties. You might consider some optimization including restricting the properties to only those needed to generate the report.

主站蜘蛛池模板: 都安| 乐业县| 万年县| 余姚市| 凭祥市| 通江县| 永川市| 临高县| 瑞昌市| 陕西省| 黄石市| 大洼县| 大邑县| 镶黄旗| 武胜县| 涞水县| 云浮市| 栾城县| 长顺县| 龙里县| 石嘴山市| 京山县| 吐鲁番市| 山东省| 天全县| 汕尾市| 罗甸县| 中江县| 青川县| 普宁市| 柳河县| 新闻| 宜昌市| 尉犁县| 新巴尔虎右旗| 苗栗市| 台中县| 板桥市| 封开县| 开阳县| 肥东县|