PowerShell, How to Automate an Active Directory Audit

Share this…

A group of information security professionals that does active directory audits recently noticed that they are repeating themselves over and over again.

So, the experts decided to write as much of this up as possible in a PowerShell script to make their lives easier. The experts chose PowerShell because they don’t want to drop an exe on a remote box.

active dir 1active dir 2

This script doesn’t do everything, there’s still stuff to add.

It currently does the following:

  • Password Policy Findings
  • Looking for accounts that dont expire
  • Looking for inactive/disabled accounts
  • Looking for server 2003/XP machines connected to domain
  • AD Findings
  • Domain Trust Findings
  • GPO Findings
  • Trying to find SysVOL xml files containg cpassword
  • Trying to save NTDS.dit

The information security experts share the link to the code: github.com/phillips321/adaudit