AD-Auditor

Active Directory auditing framework for Windows environments (PowerShell).

Important

Use only in environments you are authorized to assess.

✨ What it does

AD-Auditor helps gather security-relevant Active Directory information to support:

• internal security reviews
• hardening / baseline checks
• compliance-oriented audits

It currently includes modules such as:

• Microsoft Best Practices Analyzer (BPA) scans (based on installed Windows features)
• Domain Users policy checks (password/lockout policy, privileged users, etc.)
• Domain Computers checks (OS/version posture and patching-related reporting)

✅ Prerequisites

• Windows host with access to AD (domain joined or with connectivity to a DC)
• PowerShell 5.1+ (or PowerShell 7+)
• Admin rights recommended for some checks
• Modules / features used by the script:
  • BestPractices (BPA)
  • RSAT / AD cmdlets (e.g., Get-ADDomain, Get-ADRootDSE)

📦 Installation

Clone the repo:

git clone https://github.com/vgg-dev/AD-Auditor.git
cd AD-Auditor

🚀 Quickstart

Dot-source the script to load Invoke-ADAudit, then run it:

. .\ADAuditor.ps1
Invoke-ADAudit -OutFile .\reports\ad-audit

Optional:

# Attempt to install RSAT if needed (requires admin)
Invoke-ADAudit -OutFile .\reports\ad-audit -InstallRSAT

📄 Output

The tool writes report files using the -OutFile prefix (for example ad-audit_...).

Tip: use a dedicated output folder and ignore it in git (e.g., reports/).

🔐 MSRC CVRF helper (optional)

get-cvrf.ps1 can query Microsoft Security Update (MSRC) data. It expects an API key in an environment variable:

$env:MSRC_API_KEY = "..."
. .\get-cvrf.ps1

🛠️ Development

• CI runs PSScriptAnalyzer and a small Pester smoke test.

📄 License

See LICENSE.