Tuesday, April 16, 2024

Powershell Active Directory Permissions Report

 Problem: You need to find out what kinds of access a user or group has in your *GIANT* Active Directory environment. Maybe not so giant, but still.

Cause: Active Directory permissions reports are a pain to build and often get farmed out to third party vendors and you don't want to or can't get said reports to make them pretty.

Resolution: Use my script. What it does: When run in powershell (only tested in 5.1 but should hopefully work in 7.2/7.4), the script finds the AD Forest that the current computer is a part of, gets the domains, scans for objects (of the types you want), and then gets ALL permissions, optionally then filtering them for a user or group. You can even find out what a person *could* do by also including their group membership - this is often a hidden weakness because you can't see anything with the user listed directly. I hope you find this helpful, it took me a while to get right.


Sample input: .\ActiveDirPermsReport.ps1 -UserOrGroup hornerit -ObjectsToScan OUs

Sample output:

Tuesday, March 19, 2024

Azure Automation Hybrid Runbook PSPrivateMetadata missing

Problem: You have a Hybrid Runbook Worker configured with PowerShell 7.2 connected to Azure Automation and a runbook fails to find the Job ID or cannot find the PSPrivateMetadata variable.

Cause: In PowerShell 7.2, it treats the PSPrivateMetadata as an environment variable, so it is in the ENV path.

Resolution: if your 7.2 runbook needs the PSPrivateMetadata, just replace it with $ENV:PSPrivateMetadata. Note that with PS 5.1, you would often get the GUID as $PSPrivateMetadata.JobId.Guid...when you switch to 7.2, it supplies the guid as a string so you only need $ENV:PSPrivateMetadata to get the job id.

Thursday, February 24, 2022

Bulk DNS Management in PowerShell

So your environment got bigger fast and you have a TON of forward and reverse lookup zones and something is out of whack. Well, I have a tool I've made in PowerShell and used successfully to 1) Find DNS A and PTR records related to specific hostnames or IPs and 2) Update their records like adjusting TTL and bulk renaming to point to a new host and 3) Make a backup of the existing records just in case as a CSV file ^_^).

This is probably one of the scariest tools I've had to build and comes with ZERO warranty - because, seriously, this is manipulating DNS records in bulk - but if you want to even just check to see what A or PTR records exist for a single IP then this might help you. You just run the tool as an admin on a Domain Controller, it IS interactive, and it will tell you that it may take several minutes to retrieve all A and PTR records and mesh them together. After that, it presents a menu to work with. I'm always open to tweaking ideas like I want to, at some point, have an option to just delete all orphaned objects or force re-create PTR records for all A records that are missing them...but that gets weird when you have load balancers and web apps where a ton of stuff should or should not point to one IP. Have fun!

Requires the DNSServer module from RSAT and to be run locally as an admin on the DC. Here's the link to the script:

hornerit/powershell (github.com)