From a8187bd7f25bc9ca25fd948c944a12d7fb0fce9a Mon Sep 17 00:00:00 2001 From: Sam Erde <samuel.erde@gmail.com> Date: Wed, 11 Dec 2024 15:42:47 -0500 Subject: [PATCH] PSSA --- .../Domain Services/DNSZonesRemote.ps1 | 38 ++++++++++--------- .../Get-MissingADSubnets v2.ps1 | 14 +++---- 2 files changed, 27 insertions(+), 25 deletions(-) diff --git a/Active Directory/Domain Services/DNSZonesRemote.ps1 b/Active Directory/Domain Services/DNSZonesRemote.ps1 index 1acf5a4..6273a70 100644 --- a/Active Directory/Domain Services/DNSZonesRemote.ps1 +++ b/Active Directory/Domain Services/DNSZonesRemote.ps1 @@ -1,20 +1,23 @@ <# .SYNOPSIS -Loop through a list of specified domain controllers, and then loop through all DNS Server zones on each domain controller to make desired changes. +Loop through a list of specified domain controllers, and then loop through all DNS Server zones on each domain +controller to make desired changes. .DESCRIPTION -This script was written to change the Secondary Servers setting and the SecureSecondaries setting on all DNS zones on all DNS Servers (all domain controllers, -in our environment.) It provides an ideal way to adjust settings for one (or all) zones across every zone server, because some settings are stored individually -in each server's registry, and not completed replicated, even when the zone is AD-integrated. +This script was written to change the Secondary Servers setting and the SecureSecondaries setting on all DNS zones on +all DNS Servers (all domain controllers, in our environment.) It provides an ideal way to adjust settings for one (or +all) zones across every zone server, because some settings are stored individually in each server's registry, and not +completed replicated, even when the zone is AD-integrated. -Our servers actually havce Remote Registry access disabled, so the remote part of this script will not work, but the inner loop beginning with the collection -of zones ("$zones = Get-ChildItem ...") from the registry can be run manually on each DNS Server, still saving time and providing more accuracy than multiple -manual changes could. +Our servers actually have Remote Registry access disabled, so the remote part of this script will not work, but the +inner loop beginning with the collection of zones ("$zones = Get-ChildItem ...") from the registry can be run manually +on each DNS Server, still saving time and providing more accuracy than multiple manual changes could. .NOTES -Be sure to test your changes first by using -WhatIf on the Set-ItemProperty cmdlets, and also by testing your changes manually with at least one zone. Check the -registry and the GUI after running your script, and note that changing some zone settings via the registry will require the DNS Server service to be restarted -in order for those changes to be read and take effect. +Be sure to test your changes first by using -WhatIf on the Set-ItemProperty cmdlets, and also by testing your changes +manually with at least one zone. Check the registry and the GUI after running your script, and note that changing some +zone settings via the registry will require the DNS Server service to be restarted in order for those changes to be read +and take effect. #> if ($session) { Remove-PSSession $session } @@ -22,11 +25,11 @@ if ($session) { Remove-PSSession $session } #Specify a list of DNS servers manually, or just get a list of all domain controllers in the domain. #$servers = @("","","","","") $servers = Get-ADDomainController -Filter * | Select-Object Hostname -$creds = Get-Credential +$Creds = Get-Credential #Loop through each server in the list, opening a PowerShell remoting session, then show the name and status of the session. Skips (continue) to the next server if a connection fails. foreach ($srv in $servers) { $server = $srv.Hostname - $session = New-PSSession -ComputerName $server -Name $server -Credential $creds + $session = New-PSSession -ComputerName $server -Name $server -Credential $Creds Try { Write-Host -ForegroundColor Green "Connecting to $server... " -NoNewline Enter-PSSession $session @@ -39,17 +42,16 @@ foreach ($srv in $servers) { $zones = Get-ChildItem -Path 'HKLM:\Software\Microsoft\Windows NT\CurrentVersion\DNS Server\Zones\' foreach ($zone in $zones) { - Write-Host -NoNewline -ForegroundColor Yellow `n`n 'Name: ' (Get-ItemProperty -PSPath $zone.PSPath).PSChildName - Write-Host -NoNewline `n 'SecondaryServers: ' (Get-ItemProperty -PSPath $zone.PSPath).SecondaryServers - Write-Host -NoNewline `n 'SecureSecondaries: ' (Get-ItemProperty -PSPath $zone.PSPath).SecureSecondaries `n + Write-Host "`n`n 'Name: ' (Get-ItemProperty -PSPath $zone.PSPath).PSChildName" -NoNewline -ForegroundColor Yellow + Write-Host "`n 'SecondaryServers: ' (Get-ItemProperty -PSPath $zone.PSPath).SecondaryServers" -NoNewline + Write-Host "`n 'SecureSecondaries: ' (Get-ItemProperty -PSPath $zone.PSPath).SecureSecondaries `n" -NoNewline - #Set-ItemProperty -PSPath $zone.PSPath -Name "SecondaryServers" -Value "" -Whatif - #Set-ItemProperty -PSPath $zone.PSPath -Name "SecureSecondaries" -Value "3" -Whatif + #Set-ItemProperty -PSPath $zone.PSPath -Name "SecondaryServers" -Value "" -WhatIf + #Set-ItemProperty -PSPath $zone.PSPath -Name "SecureSecondaries" -Value "3" -WhatIf } #Cleanup and then show the current PSSession state. if ($session) { Exit-PSSession } if ($session) { Remove-PSSession $session } Write-Host -ForegroundColor DarkYellow $session.ComputerName $session.State `n`n -NoNewline - } diff --git a/Active Directory/Domain Services/Get-MissingADSubnets v2.ps1 b/Active Directory/Domain Services/Get-MissingADSubnets v2.ps1 index f60565e..4e3f738 100644 --- a/Active Directory/Domain Services/Get-MissingADSubnets v2.ps1 +++ b/Active Directory/Domain Services/Get-MissingADSubnets v2.ps1 @@ -157,17 +157,17 @@ $NumberOfIPs = ([System.Math]::Pow(2, $IntIPLength)) - 1 - $IpStart = New-IPv4NetworkAddress $ObjInputAddress $BlockBytes $IPv4Mask + $IpStart = New-IPv4NetworkAddress -Address $ObjInputAddress -nbBytes $BlockBytes -IPv4Mask $IPv4Mask $Obj | Add-Member -type NoteProperty -Name Subnet -Value "$($IpStart)/$($IPv4Mask)" $Obj | Add-Member -type NoteProperty -Name IpStart -Value $IpStart $ArrBytesIpStart = $IpStart.GetAddressBytes() [array]::Reverse($ArrBytesIpStart) - $RangeStart = [system.bitconverter]::ToUInt32($ArrBytesIpStart, 0) + $RangeStart = [System.BitConverter]::ToUInt32($ArrBytesIpStart, 0) $IpEnd = $RangeStart + $NumberOfIPs - if (($IpEnd.Gettype()).Name -ine 'double') { + if (($IpEnd.GetType()).Name -ine 'double') { $IpEnd = [Convert]::ToDouble($IpEnd) } @@ -178,7 +178,7 @@ $ArrBytesIpEnd = $IpEnd.GetAddressBytes() [array]::Reverse($ArrBytesIpEnd) - $Obj | Add-Member -type NoteProperty -Name RangeEnd -Value ([system.bitconverter]::ToUInt32($ArrBytesIpEnd, 0)) + $Obj | Add-Member -type NoteProperty -Name RangeEnd -Value ([System.BitConverter]::ToUInt32($ArrBytesIpEnd, 0)) # return $Obj $Obj @@ -438,7 +438,7 @@ $SubnetObj = New-Object -TypeName PsObject if ( $ObjIP.AddressFamily -match 'InterNetwork' ) { - $SubnetObj = New-IPv4 $SubnetObj $ObjIP $IPv4Mask + $SubnetObj = New-IPv4 -Obj $SubnetObj -ObjInputAddress $ObjIP -IPv4Mask $IPv4Mask $SubnetObj | Add-Member -MemberType NoteProperty -Name Computer -Value $Entry.Computer $ArrIPs += $SubnetObj } # end if $ObjIP.AddressFamily -match 'InterNetwork' @@ -482,7 +482,7 @@ $SubnetObj = New-Object -TypeName PsObject $SubnetObj | Add-Member -type NoteProperty -Name Name -Value ([string] $Subnet.Properties['cn']) $SubnetObj | Add-Member -type NoteProperty -Name Location -Value ([string] $Subnet.Properties['location']) - $SubnetObj | Add-Member -type NoteProperty -Name Site -Value ([string] $RegexCN.Match( $Subnet.Properties['siteobject']).Groups[1].Value) + $SubnetObj | Add-Member -type NoteProperty -Name Site -Value ([string] $RegexCN.Match( $Subnet.Properties['SiteObject']).Groups[1].Value) $InputAddress = (($SubnetObj.Name).Split('/'))[0] $ADSubnetPrefix = (($SubnetObj.Name).Split('/'))[1] @@ -492,7 +492,7 @@ # Check if IP is a IPv4 (IPv6 not collected) if ( $ObjInputAddress.AddressFamily -eq 'InterNetwork' ) { - $SubnetObj = New-IPv4 $SubnetObj $ObjInputAddress $ADSubnetPrefix + $SubnetObj = New-IPv4 -Obj $SubnetObj -ObjInputAddress $ObjInputAddress -IPv4Mask $ADSubnetPrefix $SubnetsArray += $SubnetObj } # end if $ObjInputAddress.AddressFamily -eq 'InterNetwork' } # end foreach $Subnet