Modern Active Directory part 2/2

DEMAN-BARCELO (MVP) ThierrySENIOR SYSTEM ARCHITECT
CERTIFIED EXPERT
More than 40 years in Computer IT, Now 22 years/awards as MS MVP.
Published:
Browse All Articles > Modern Active Directory part 2/2
This document presents the Modern Active Directory project, which aims to bring a more modern view on your Active Directory, whether to view key indicators or to perform advanced searches in a simple way.
With this PowerShell module that accesses your Active Directory in read-only mode, ...

6) Summary

The Resume tab displays a summary of the number of all elements in the park.

 

III. REPORT FEATURES

 

It is possible to search on all tabs.

Members of privileged groups are not displayed, similarly in the user tab, administrators are not listed by default.

 

1) Category:

Below are the categories of the different reports generated: 

Groups, Users, Computers, Print Servers, GPOs and OUs.

 

 

 

 

2) Security: 

It is possible to add authentication by hosting the report on an IIS Web server (JIT principle)

Important note: the report is read only, no risk of modification on the directory.

The information presented complies with the JEA (Just Enough Administration) principle. 

You can control which information is displayed for all objects.

 

Reminder: sensitive information such as privileged members and DCs are not displayed by default.

3) Search

The filters allow you to make quick and interactive searches, the result is immediate.

It is possible to export the result in several formats (PDF, Excel, CSV ...).

 

It is very easy to create custom filters by clicking on the 'Search Builder' button.

Example: 

You can list the members of a specific OU by indicating its name with the "Contains" condition, or by selecting only its name in the displayed list with the "Equals" condition

Important: It is recommended to use the "Equals" condition only for boolean values, e.g. a parameter with the expected result "True" or "False".

To delete a condition, simply press the corresponding "X" button. 


You can easily build complex queries with logical "And" "OR" functions, with the possibility to use X times the same parameter under different conditions, thanks to the power of PSWriteHTML Module.

 

IV. Download and Installation

1) Prerequisites


To function Modern AD needs the following PowerShell modules:

  • The PSWriteHTML module: it will be downloaded automatically, if you have access to the internet.
  • The AD and GPO Powershell Module: will have to be installed from RSAT if you are not on an AD. An error message will be displayed if the AD module is not present, showing the command needed to install it.

 

The admin right is not required.

2) Installation and first execution

The module is available via the Powershell Gallery and on Github: Link.

 

The following command allows to download and install the module for all users. To be executed in a console in admin mode. 

Install-Module modernActiveDirectory  

 

The following command installs only on the connected profile without requiring administrative rights.

Install-module ModernActiveDirectory -Scope CurrentUser

Once installed, run the following command to generate your report.

Get-ADModernReport

In case of error you will be notified.

 

Note: displaying the contents of the AD Trash and PSO password policies requires rights to these containers (e.g. running the script with a domain admin or assigning the necessary rights to the user).

When finished, an HTML file will be created, and the web page will be launched automatically in your default browser.

 

 Note: By default the report is generated in the Temp folder of the user "Appdata\Local\Temp", you can change the path at any time.

3) Offline installation 

If your machine does not have internet access, download the Zip from Github and unzip it in your "Modules" folder which is located in the "Programs Files" or "Documents" path.

 

V) Settings: 

 By default, the number of searches is limited to 200 objects per category for testing purposes.

To perform an unlimited search for objects, use the following command:

Get-ADModernReport -illimitedsearch

The command below allows you to generate a single report in HTML format in the folder of your choice.

 

Get-ADModernReport -illimitedsearch -SavePath "C: \Myfolder" -htmloneline

1) Parameters

Below is a list of parameters you can use with the Get-ADModernReport function

 

- CompanyLogo: Logo that will be in the upper left corner of the report
- RightLogo: Logo that will be in the upper right corner of the report
- ReportTitle : the title of the report
- SavePath : where the report will be saved (Example : C:\report )
- Days: Set the days for "Search for users who have not logged in for X days".
- UserCreatedDays : Set the days for "Get users who were created in X days or less".
- DayUntilPWExpireINT: Sets the days for "Get users whose passwords expire in less than X days"
- Maxsearcher: Maximum number of Computer/User objects to search.
- OUlevelSearch : OU search level (Base/Onelevel/Subtree)
- IllimitedSearch : Search in all objects without limit of number
- Showadmin : Display the administrators in the result
- HtmlOnePage: generates a report in a single page, (recommended for small companies)


For more details, please consult the Help.

Get-Help Get-ADModernReport -Detailed


2) Use in a scheduled task or a script 

One of the advantages of this module is that it can be executed several times a day in a scheduled task, automatically overwriting old values if necessary. Then, it will be interesting to host the web page on an IIS server to connect to several, remotely.

Create a PS1 file and put the following code, point the output to the IIS folder if different from the default.

Import-Module ModernActiveDirectory -Force

Get-ADModerReport -IllimitedSearch -SavePath C:\inetpub\wwwroot

3) Credits

We would like to thank all the people who have contributed directly or indirectly to the realization of this project.

The Essential Blogs : 

www.thelazyadministrator.com

PowerShell Modules - Evotec

IT-Connect | Tutorials - Computer Courses - Tests - Videos

And all members : 

DEMAN-BARCELO (MVP) Thierry | Experts Exchange (experts-exchange.com)

Przemysław Kłys (microsoft.com)

Florian, Mehdi, - Guylain, mathieu, hatira, ... 
2
743 Views
DEMAN-BARCELO (MVP) ThierrySENIOR SYSTEM ARCHITECT
CERTIFIED EXPERT
More than 40 years in Computer IT, Now 22 years/awards as MS MVP.
Ask a related question

Comments (2)

David Johnson, CDThe More I know, the more I don't know
CERTIFIED EXPERT
Most Valuable Expert 2023
Distinguished Expert 2023

Commented:
Great article
Albert WidjajaIT Professional
CERTIFIED EXPERT

Commented:
Thank you for sharing here :-)

Have a question about something in this article? You can receive help directly from the article author. Sign up for a free trial to get started.