From b652dfbf1ec6fa06a093ec3cd51385eac99d2eaa Mon Sep 17 00:00:00 2001 From: Bastien Perez <104252785+bastienperez@users.noreply.github.com> Date: Wed, 18 Oct 2023 14:28:55 +0200 Subject: [PATCH 1/2] Don't run Get-WinADDomainPassword if no -PasswordQuality switch https://github.com/EvotecIT/PSWinDocumentation.AD/issues/15 --- Public/Get-WinADDomainInformation.ps1 | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/Public/Get-WinADDomainInformation.ps1 b/Public/Get-WinADDomainInformation.ps1 index e012d07..51925a3 100644 --- a/Public/Get-WinADDomainInformation.ps1 +++ b/Public/Get-WinADDomainInformation.ps1 @@ -679,7 +679,9 @@ function Get-WinADDomainInformation { # PASSWORD QUALITY SECTION $Data.DomainPasswordDataUsers = Get-DataInformation -Text "Getting domain information - $Domain DomainPasswordDataUsers" { - Get-WinADDomainPassword -DnsRoot $Data.DomainInformation.DNSRoot -DistinguishedName $Data.DomainInformation.DistinguishedName + if($PasswordQuality.IsPresent) { + Get-WinADDomainPassword -DnsRoot $Data.DomainInformation.DNSRoot -DistinguishedName $Data.DomainInformation.DistinguishedName + } } -TypesRequired $TypesRequired -TypesNeeded @( [PSWinDocumentation.ActiveDirectory].GetEnumValues() | Where-Object { $_ -like 'DomainPassword*' } ) From e171d1a8287ef0ebda304e70255dd7711ecc104c Mon Sep 17 00:00:00 2001 From: Bastien Perez <104252785+bastienperez@users.noreply.github.com> Date: Fri, 1 Dec 2023 10:11:29 +0100 Subject: [PATCH 2/2] Update Get-WinADDomainInformation.ps1 --- Public/Get-WinADDomainInformation.ps1 | 304 +++++++++++++------------- 1 file changed, 153 insertions(+), 151 deletions(-) diff --git a/Public/Get-WinADDomainInformation.ps1 b/Public/Get-WinADDomainInformation.ps1 index 51925a3..b555654 100644 --- a/Public/Get-WinADDomainInformation.ps1 +++ b/Public/Get-WinADDomainInformation.ps1 @@ -677,178 +677,180 @@ function Get-WinADDomainInformation { [PSWinDocumentation.ActiveDirectory]::DomainWellKnownFolders ) # PASSWORD QUALITY SECTION - - $Data.DomainPasswordDataUsers = Get-DataInformation -Text "Getting domain information - $Domain DomainPasswordDataUsers" { - if($PasswordQuality.IsPresent) { + if ($PasswordQuality.IsPresent) { + $Data.DomainPasswordDataUsers = Get-DataInformation -Text "Getting domain information - $Domain DomainPasswordDataUsers" { Get-WinADDomainPassword -DnsRoot $Data.DomainInformation.DNSRoot -DistinguishedName $Data.DomainInformation.DistinguishedName - } - } -TypesRequired $TypesRequired -TypesNeeded @( - [PSWinDocumentation.ActiveDirectory].GetEnumValues() | Where-Object { $_ -like 'DomainPassword*' } - ) - - $Data.DomainPasswordDataPasswords = Get-DataInformation -Text "Getting domain information - $Domain DomainPasswordDataPasswords" { - Get-WinADDomainPasswordQuality ` - -FilePath $PathToPasswords ` - -DomainDistinguishedName $Data.DomainInformation.DistinguishedName ` - -DnsRoot $Data.DomainInformation.DnsRoot ` - -Verbose:$false ` - -PasswordQualityUsers $Data.DomainPasswordDataUsers ` - -PasswordQuality:$PasswordQuality.IsPresent ` - -DomainObjectsNetbios $Data.DomainObjectsNetBios - } -TypesRequired $TypesRequired -TypesNeeded @( - [PSWinDocumentation.ActiveDirectory].GetEnumValues() | Where-Object { $_ -like 'DomainPassword*' } - ) + + } -TypesRequired $TypesRequired -TypesNeeded @( + [PSWinDocumentation.ActiveDirectory].GetEnumValues() | Where-Object { $_ -like 'DomainPassword*' } + ) - $Data.DomainPasswordDataPasswordsHashes = Get-DataInformation -Text "Getting domain information - $Domain DomainPasswordDataPasswordsHashes" { - Get-WinADDomainPasswordQuality ` - -FilePath $PathToPasswordsHashes ` - -DomainDistinguishedName $Data.DomainInformation.DistinguishedName ` - -DnsRoot $DomainInformation.DnsRoot ` - -UseHashes ` - -Verbose:$false ` - -PasswordQualityUsers $Data.DomainPasswordDataUsers ` - -PasswordQuality:$PasswordQuality.IsPresent ` - -DomainObjectsNetbios $Data.DomainObjectsNetBios - } -TypesRequired $TypesRequired -TypesNeeded @( - [PSWinDocumentation.ActiveDirectory]::DomainPasswordHashesWeakPassword, - [PSWinDocumentation.ActiveDirectory]::DomainPasswordHashesWeakPasswordEnabled, - [PSWinDocumentation.ActiveDirectory]::DomainPasswordHashesWeakPasswordDisabled - ) - - if ($Data.DomainPasswordDataPasswords) { - $PasswordsQuality = $Data.DomainPasswordDataPasswords - } elseif ($Data.DomainPasswordDataPasswordsHashes) { - $PasswordsQuality = $Data.DomainPasswordDataPasswordsHashes - } else { - $PasswordsQuality = $null - } + $Data.DomainPasswordDataPasswords = Get-DataInformation -Text "Getting domain information - $Domain DomainPasswordDataPasswords" { + Get-WinADDomainPasswordQuality ` + -FilePath $PathToPasswords ` + -DomainDistinguishedName $Data.DomainInformation.DistinguishedName ` + -DnsRoot $Data.DomainInformation.DnsRoot ` + -Verbose:$false ` + -PasswordQualityUsers $Data.DomainPasswordDataUsers ` + -PasswordQuality:$PasswordQuality.IsPresent ` + -DomainObjectsNetbios $Data.DomainObjectsNetBios + } -TypesRequired $TypesRequired -TypesNeeded @( + [PSWinDocumentation.ActiveDirectory].GetEnumValues() | Where-Object { $_ -like 'DomainPassword*' } + ) + + + $Data.DomainPasswordDataPasswordsHashes = Get-DataInformation -Text "Getting domain information - $Domain DomainPasswordDataPasswordsHashes" { + Get-WinADDomainPasswordQuality ` + -FilePath $PathToPasswordsHashes ` + -DomainDistinguishedName $Data.DomainInformation.DistinguishedName ` + -DnsRoot $DomainInformation.DnsRoot ` + -UseHashes ` + -Verbose:$false ` + -PasswordQualityUsers $Data.DomainPasswordDataUsers ` + -PasswordQuality:$PasswordQuality.IsPresent ` + -DomainObjectsNetbios $Data.DomainObjectsNetBios + } -TypesRequired $TypesRequired -TypesNeeded @( + [PSWinDocumentation.ActiveDirectory]::DomainPasswordHashesWeakPassword, + [PSWinDocumentation.ActiveDirectory]::DomainPasswordHashesWeakPasswordEnabled, + [PSWinDocumentation.ActiveDirectory]::DomainPasswordHashesWeakPasswordDisabled + ) + if ($Data.DomainPasswordDataPasswords) { + $PasswordsQuality = $Data.DomainPasswordDataPasswords + } + elseif ($Data.DomainPasswordDataPasswordsHashes) { + $PasswordsQuality = $Data.DomainPasswordDataPasswordsHashes + } + else { + $PasswordsQuality = $null + } - $Data.DomainPasswordClearTextPassword = Get-DataInformation -Text "Getting domain information - $Domain DomainPasswordClearTextPassword" { - $PasswordsQuality.DomainPasswordClearTextPassword - } -TypesRequired $TypesRequired -TypesNeeded @( - [PSWinDocumentation.ActiveDirectory]::DomainPasswordClearTextPassword - ) - $Data.DomainPasswordLMHash = Get-DataInformation -Text "Getting domain information - $Domain DomainPasswordLMHash" { - $PasswordsQuality.DomainPasswordLMHash - } -TypesRequired $TypesRequired -TypesNeeded @( - [PSWinDocumentation.ActiveDirectory]::DomainPasswordLMHash - ) - $Data.DomainPasswordEmptyPassword = Get-DataInformation -Text "Getting domain information - $Domain DomainPasswordEmptyPassword" { - $PasswordsQuality.DomainPasswordEmptyPassword - } -TypesRequired $TypesRequired -TypesNeeded @( - [PSWinDocumentation.ActiveDirectory]::DomainPasswordEmptyPassword - ) - $Data.DomainPasswordEmptyPassword = Get-DataInformation -Text "Getting domain information - $Domain DomainPasswordEmptyPassword" { - $PasswordsQuality.DomainPasswordEmptyPassword - } -TypesRequired $TypesRequired -TypesNeeded @( - [PSWinDocumentation.ActiveDirectory]::DomainPasswordEmptyPassword - ) - $Data.DomainPasswordWeakPassword = Get-DataInformation -Text "Getting domain information - $Domain DomainPasswordWeakPassword" { - $PasswordsQuality.DomainPasswordWeakPassword - } -TypesRequired $TypesRequired -TypesNeeded @( - [PSWinDocumentation.ActiveDirectory]::DomainPasswordWeakPassword - ) + $Data.DomainPasswordClearTextPassword = Get-DataInformation -Text "Getting domain information - $Domain DomainPasswordClearTextPassword" { + $PasswordsQuality.DomainPasswordClearTextPassword + } -TypesRequired $TypesRequired -TypesNeeded @( + [PSWinDocumentation.ActiveDirectory]::DomainPasswordClearTextPassword + ) + $Data.DomainPasswordLMHash = Get-DataInformation -Text "Getting domain information - $Domain DomainPasswordLMHash" { + $PasswordsQuality.DomainPasswordLMHash + } -TypesRequired $TypesRequired -TypesNeeded @( + [PSWinDocumentation.ActiveDirectory]::DomainPasswordLMHash + ) + $Data.DomainPasswordEmptyPassword = Get-DataInformation -Text "Getting domain information - $Domain DomainPasswordEmptyPassword" { + $PasswordsQuality.DomainPasswordEmptyPassword + } -TypesRequired $TypesRequired -TypesNeeded @( + [PSWinDocumentation.ActiveDirectory]::DomainPasswordEmptyPassword + ) + $Data.DomainPasswordEmptyPassword = Get-DataInformation -Text "Getting domain information - $Domain DomainPasswordEmptyPassword" { + $PasswordsQuality.DomainPasswordEmptyPassword + } -TypesRequired $TypesRequired -TypesNeeded @( + [PSWinDocumentation.ActiveDirectory]::DomainPasswordEmptyPassword + ) - $Data.DomainPasswordWeakPasswordEnabled = Get-DataInformation -Text "Getting domain information - $Domain DomainPasswordWeakPasswordEnabled" { - $PasswordsQuality.DomainPasswordWeakPasswordEnabled - } -TypesRequired $TypesRequired -TypesNeeded @( - [PSWinDocumentation.ActiveDirectory]::DomainPasswordWeakPasswordEnabled - ) + $Data.DomainPasswordWeakPassword = Get-DataInformation -Text "Getting domain information - $Domain DomainPasswordWeakPassword" { + $PasswordsQuality.DomainPasswordWeakPassword + } -TypesRequired $TypesRequired -TypesNeeded @( + [PSWinDocumentation.ActiveDirectory]::DomainPasswordWeakPassword + ) - $Data.DomainPasswordWeakPasswordDisabled = Get-DataInformation -Text "Getting domain information - $Domain DomainPasswordWeakPasswordDisabled" { - $PasswordsQuality.DomainPasswordWeakPasswordDisabled - } -TypesRequired $TypesRequired -TypesNeeded @( - [PSWinDocumentation.ActiveDirectory]::DomainPasswordWeakPasswordDisabled - ) + $Data.DomainPasswordWeakPasswordEnabled = Get-DataInformation -Text "Getting domain information - $Domain DomainPasswordWeakPasswordEnabled" { + $PasswordsQuality.DomainPasswordWeakPasswordEnabled + } -TypesRequired $TypesRequired -TypesNeeded @( + [PSWinDocumentation.ActiveDirectory]::DomainPasswordWeakPasswordEnabled + ) - $Data.DomainPasswordWeakPasswordList = Get-DataInformation -Text "Getting domain information - $Domain DomainPasswordWeakPasswordList" { - $PasswordsQuality.DomainPasswordWeakPasswordList - } -TypesRequired $TypesRequired -TypesNeeded @( - [PSWinDocumentation.ActiveDirectory]::DomainPasswordWeakPasswordList - ) + $Data.DomainPasswordWeakPasswordDisabled = Get-DataInformation -Text "Getting domain information - $Domain DomainPasswordWeakPasswordDisabled" { + $PasswordsQuality.DomainPasswordWeakPasswordDisabled + } -TypesRequired $TypesRequired -TypesNeeded @( + [PSWinDocumentation.ActiveDirectory]::DomainPasswordWeakPasswordDisabled + ) - $Data.DomainPasswordDefaultComputerPassword = Get-DataInformation -Text "Getting domain information - $Domain DomainPasswordDefaultComputerPassword" { - $PasswordsQuality.DomainPasswordDefaultComputerPassword - } -TypesRequired $TypesRequired -TypesNeeded @( - [PSWinDocumentation.ActiveDirectory]::DomainPasswordDefaultComputerPassword - ) + $Data.DomainPasswordWeakPasswordList = Get-DataInformation -Text "Getting domain information - $Domain DomainPasswordWeakPasswordList" { + $PasswordsQuality.DomainPasswordWeakPasswordList + } -TypesRequired $TypesRequired -TypesNeeded @( + [PSWinDocumentation.ActiveDirectory]::DomainPasswordWeakPasswordList + ) - $Data.DomainPasswordPasswordNotRequired = Get-DataInformation -Text "Getting domain information - $Domain DomainPasswordPasswordNotRequired" { - $PasswordsQuality.DomainPasswordPasswordNotRequired - } -TypesRequired $TypesRequired -TypesNeeded @( - [PSWinDocumentation.ActiveDirectory]::DomainPasswordPasswordNotRequired - ) + $Data.DomainPasswordDefaultComputerPassword = Get-DataInformation -Text "Getting domain information - $Domain DomainPasswordDefaultComputerPassword" { + $PasswordsQuality.DomainPasswordDefaultComputerPassword + } -TypesRequired $TypesRequired -TypesNeeded @( + [PSWinDocumentation.ActiveDirectory]::DomainPasswordDefaultComputerPassword + ) - $Data.DomainPasswordPasswordNeverExpires = Get-DataInformation -Text "Getting domain information - $Domain DomainPasswordPasswordNeverExpires" { - $PasswordsQuality.DomainPasswordPasswordNeverExpires - } -TypesRequired $TypesRequired -TypesNeeded @( - [PSWinDocumentation.ActiveDirectory]::DomainPasswordPasswordNeverExpires - ) + $Data.DomainPasswordPasswordNotRequired = Get-DataInformation -Text "Getting domain information - $Domain DomainPasswordPasswordNotRequired" { + $PasswordsQuality.DomainPasswordPasswordNotRequired + } -TypesRequired $TypesRequired -TypesNeeded @( + [PSWinDocumentation.ActiveDirectory]::DomainPasswordPasswordNotRequired + ) - $Data.DomainPasswordAESKeysMissing = Get-DataInformation -Text "Getting domain information - $Domain DomainPasswordAESKeysMissing" { - $PasswordsQuality.DomainPasswordAESKeysMissing - } -TypesRequired $TypesRequired -TypesNeeded @( - [PSWinDocumentation.ActiveDirectory]::DomainPasswordAESKeysMissing - ) + $Data.DomainPasswordPasswordNeverExpires = Get-DataInformation -Text "Getting domain information - $Domain DomainPasswordPasswordNeverExpires" { + $PasswordsQuality.DomainPasswordPasswordNeverExpires + } -TypesRequired $TypesRequired -TypesNeeded @( + [PSWinDocumentation.ActiveDirectory]::DomainPasswordPasswordNeverExpires + ) - $Data.DomainPasswordPreAuthNotRequired = Get-DataInformation -Text "Getting domain information - $Domain DomainPasswordPreAuthNotRequired" { - $PasswordsQuality.DomainPasswordPreAuthNotRequired - } -TypesRequired $TypesRequired -TypesNeeded @( - [PSWinDocumentation.ActiveDirectory]::DomainPasswordPreAuthNotRequired - ) + $Data.DomainPasswordAESKeysMissing = Get-DataInformation -Text "Getting domain information - $Domain DomainPasswordAESKeysMissing" { + $PasswordsQuality.DomainPasswordAESKeysMissing + } -TypesRequired $TypesRequired -TypesNeeded @( + [PSWinDocumentation.ActiveDirectory]::DomainPasswordAESKeysMissing + ) - $Data.DomainPasswordDESEncryptionOnly = Get-DataInformation -Text "Getting domain information - $Domain DomainPasswordDESEncryptionOnly" { - $PasswordsQuality.DomainPasswordDESEncryptionOnly - } -TypesRequired $TypesRequired -TypesNeeded @( - [PSWinDocumentation.ActiveDirectory]::DomainPasswordDESEncryptionOnly - ) + $Data.DomainPasswordPreAuthNotRequired = Get-DataInformation -Text "Getting domain information - $Domain DomainPasswordPreAuthNotRequired" { + $PasswordsQuality.DomainPasswordPreAuthNotRequired + } -TypesRequired $TypesRequired -TypesNeeded @( + [PSWinDocumentation.ActiveDirectory]::DomainPasswordPreAuthNotRequired + ) - $Data.DomainPasswordDelegatableAdmins = Get-DataInformation -Text "Getting domain information - $Domain DomainPasswordDelegatableAdmins" { - $PasswordsQuality.DomainPasswordDelegatableAdmins - } -TypesRequired $TypesRequired -TypesNeeded @( - [PSWinDocumentation.ActiveDirectory]::DomainPasswordDelegatableAdmins - ) + $Data.DomainPasswordDESEncryptionOnly = Get-DataInformation -Text "Getting domain information - $Domain DomainPasswordDESEncryptionOnly" { + $PasswordsQuality.DomainPasswordDESEncryptionOnly + } -TypesRequired $TypesRequired -TypesNeeded @( + [PSWinDocumentation.ActiveDirectory]::DomainPasswordDESEncryptionOnly + ) - $Data.DomainPasswordDuplicatePasswordGroups = Get-DataInformation -Text "Getting domain information - $Domain DomainPasswordDuplicatePasswordGroups" { - $PasswordsQuality.DomainPasswordDuplicatePasswordGroups - } -TypesRequired $TypesRequired -TypesNeeded @( - [PSWinDocumentation.ActiveDirectory]::DomainPasswordDuplicatePasswordGroups - ) + $Data.DomainPasswordDelegatableAdmins = Get-DataInformation -Text "Getting domain information - $Domain DomainPasswordDelegatableAdmins" { + $PasswordsQuality.DomainPasswordDelegatableAdmins + } -TypesRequired $TypesRequired -TypesNeeded @( + [PSWinDocumentation.ActiveDirectory]::DomainPasswordDelegatableAdmins + ) - $Data.DomainPasswordHashesWeakPassword = Get-DataInformation -Text "Getting domain information - $Domain DomainPasswordHashesWeakPassword" { - $PasswordsQuality.DomainPasswordHashesWeakPassword - } -TypesRequired $TypesRequired -TypesNeeded @( - [PSWinDocumentation.ActiveDirectory]::DomainPasswordHashesWeakPassword - ) + $Data.DomainPasswordDuplicatePasswordGroups = Get-DataInformation -Text "Getting domain information - $Domain DomainPasswordDuplicatePasswordGroups" { + $PasswordsQuality.DomainPasswordDuplicatePasswordGroups + } -TypesRequired $TypesRequired -TypesNeeded @( + [PSWinDocumentation.ActiveDirectory]::DomainPasswordDuplicatePasswordGroups + ) - $Data.DomainPasswordHashesWeakPasswordEnabled = Get-DataInformation -Text "Getting domain information - $Domain DomainPasswordHashesWeakPasswordEnabled" { - $PasswordsQuality.DomainPasswordHashesWeakPasswordEnabled - } -TypesRequired $TypesRequired -TypesNeeded @( - [PSWinDocumentation.ActiveDirectory]::DomainPasswordHashesWeakPasswordEnabled - ) + $Data.DomainPasswordHashesWeakPassword = Get-DataInformation -Text "Getting domain information - $Domain DomainPasswordHashesWeakPassword" { + $PasswordsQuality.DomainPasswordHashesWeakPassword + } -TypesRequired $TypesRequired -TypesNeeded @( + [PSWinDocumentation.ActiveDirectory]::DomainPasswordHashesWeakPassword + ) - $Data.DomainPasswordHashesWeakPasswordDisabled = Get-DataInformation -Text "Getting domain information - $Domain DomainPasswordHashesWeakPasswordDisabled" { - $Data.DomainPasswordDataPasswordsHashes.DomainPasswordWeakPasswordDisabled - } -TypesRequired $TypesRequired -TypesNeeded @( - [PSWinDocumentation.ActiveDirectory]::DomainPasswordHashesWeakPasswordDisabled - ) - $Data.DomainPasswordSmartCardUsersWithPassword = Get-DataInformation -Text "Getting domain information - $Domain DomainPasswordSmartCardUsersWithPassword" { - $Data.DomainPasswordDataPasswordsHashes.DomainPasswordSmartCardUsersWithPassword - } -TypesRequired $TypesRequired -TypesNeeded @( - [PSWinDocumentation.ActiveDirectory]::DomainPasswordSmartCardUsersWithPassword - ) - $Data.DomainPasswordStats = Get-DataInformation -Text "Getting domain information - $Domain DomainPasswordStats" { - Get-WinADDomainPasswordStats -PasswordsQuality $PasswordsQuality -TypesRequired $TypesRequired ` - -DomainPasswordHashesWeakPassword $Data.DomainPasswordHashesWeakPassword ` - -DomainPasswordHashesWeakPasswordEnabled $Data.DomainPasswordHashesWeakPasswordEnabled ` - -DomainPasswordHashesWeakPasswordDisabled $Data.DomainPasswordHashesWeakPasswordDisabled + $Data.DomainPasswordHashesWeakPasswordEnabled = Get-DataInformation -Text "Getting domain information - $Domain DomainPasswordHashesWeakPasswordEnabled" { + $PasswordsQuality.DomainPasswordHashesWeakPasswordEnabled + } -TypesRequired $TypesRequired -TypesNeeded @( + [PSWinDocumentation.ActiveDirectory]::DomainPasswordHashesWeakPasswordEnabled + ) - } -TypesRequired $TypesRequired -TypesNeeded @( - [PSWinDocumentation.ActiveDirectory]::DomainPasswordStats - ) + $Data.DomainPasswordHashesWeakPasswordDisabled = Get-DataInformation -Text "Getting domain information - $Domain DomainPasswordHashesWeakPasswordDisabled" { + $Data.DomainPasswordDataPasswordsHashes.DomainPasswordWeakPasswordDisabled + } -TypesRequired $TypesRequired -TypesNeeded @( + [PSWinDocumentation.ActiveDirectory]::DomainPasswordHashesWeakPasswordDisabled + ) + $Data.DomainPasswordSmartCardUsersWithPassword = Get-DataInformation -Text "Getting domain information - $Domain DomainPasswordSmartCardUsersWithPassword" { + $Data.DomainPasswordDataPasswordsHashes.DomainPasswordSmartCardUsersWithPassword + } -TypesRequired $TypesRequired -TypesNeeded @( + [PSWinDocumentation.ActiveDirectory]::DomainPasswordSmartCardUsersWithPassword + ) + $Data.DomainPasswordStats = Get-DataInformation -Text "Getting domain information - $Domain DomainPasswordStats" { + Get-WinADDomainPasswordStats -PasswordsQuality $PasswordsQuality -TypesRequired $TypesRequired ` + -DomainPasswordHashesWeakPassword $Data.DomainPasswordHashesWeakPassword ` + -DomainPasswordHashesWeakPasswordEnabled $Data.DomainPasswordHashesWeakPasswordEnabled ` + -DomainPasswordHashesWeakPasswordDisabled $Data.DomainPasswordHashesWeakPasswordDisabled + } -TypesRequired $TypesRequired -TypesNeeded @( + [PSWinDocumentation.ActiveDirectory]::DomainPasswordStats + ) + } $EndTime = Stop-TimeLog -Time $TimeToGenerate Write-Verbose "Getting domain information - $Domain - Time to generate: $EndTime"