Public/Test-LDAPQueryLoggingPrerequisites.ps1

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
function Test-LDAPQueryLoggingPrerequisites {
<#
    .SYNOPSIS
        Check if prerequisites for diagnostic LDAP query logging are in place on a domain controller
 
    .DESCRIPTION
        Check if prerequisites for diagnostic LDAP query logging are in place on a domain controller
 
        Prerequisites:
            - On operating systems prior to 2012 R2, KB2800945 must be installed
                https://support.microsoft.com/en-us/kb/2800945/en-us
            - Access to the domain controller over remote registry
 
    .FUNCTIONALITY
        Active Directory
 
    .PARAMETER ComputerName
        One or more domain controllers
 
    .EXAMPLE
        Test-LDAPQueryLoggingPrerequisites -ComputerName DS1
 
        # Check if we can enable LDAP query logging on DS1
     
    .LINK
        https://github.com/RamblingCookieMonster/PSLDAPQueryLogging
 
    .LINK
        Get-LDAPQueryLogging
 
    .LINK
        Enable-LDAPQueryLogging
 
    .LINK
        Disable-LDAPQueryLogging
 
    .LINK
        http://blogs.technet.com/b/askpfeplat/archive/2015/05/11/how-to-find-expensive-inefficient-and-long-running-ldap-queries-in-active-directory.aspx
    #>
    
    [cmdletbinding()]
    param (
        [parameter(ValueFromPipeline=$true,
                   ValueFromPipelineByPropertyName=$true)]
        [string[]]$Computername = $env:COMPUTERNAME
    )
    begin
    {
        #Black list easier than white list...
        $PatchNeeded = '6.2',
                       '6.1',
                       '6.0'
    }
    process
    {
        foreach($Computer in $ComputerName)
        {
            $Props = echo ComputerName, Prerequisite, Status, Detail
            # Remote registry?
            Try
            {
                $Version = $null
                $Version = Get-RegValue -ComputerName $Computer -Hive LocalMachine -Key 'SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Value 'CurrentVersion' -ErrorAction Stop |
                    Select -ExpandProperty Data

                if($PatchNeeded -contains $Version)
                {
                    # Patch?
                    Try
                    {
                        $null = Get-HotFix -ComputerName $Computer -Id KB2800945 -ErrorAction Stop
                        $Status = $True
                        $Detail = $null
                    }
                    Catch
                    {
                        $Status = $False
                        $Detail = $_.Exception.Message
                    }
                }
                else
                {
                    $Status = $True
                    $Detail = 'NA'
                }

                New-Object -TypeName PSObject -Property @{
                    ComputerName = $Computer
                    Prerequisite = 'KB2800945'
                    Status = $Status
                    Detail = $Detail
                } | Select $Props

                #Back to registry stuff....
                $Status = $True
                $Detail = $null
            }
            Catch
            {
                $Status = $False
                $Detail = $_.Exception.Message
            }

            New-Object -TypeName PSObject -Property @{
                ComputerName = $Computer
                Prerequisite = 'RemoteRegistry'
                Status = $Status
                Detail = $Detail
            } | Select $Props
        }
    }
}