A few weeks ago I've released my first version of PSWinDocumentation. It was simple, one command module where you start it and get some basic AD stuff into Microsoft Word document. Today… I'm releasing a new version that has a bit bigger feature set. Are you ready for it? Let's go!
Please notice this article contains parts of information (still useful) and may not reflect all functionalities of this module. For download, source code and so on you should refer to the dedicated PSWinDocumentation module page. After reading this one… of course! It contains useful information, examples and know-how. Without it… you may be lost!
💡 What's new in this version?
This version has 3 things that differentiate it from the old version
- 📝 Allows Exporting to Microsoft Excel (that's right – export same or more data that goes to Word to Excel)
- 📝 Build your Word/Excel document as you want (choose data, visual parts, what you need yourself)
- 📝 Work with big ActiveDirectory Forest/Domain object in PowerShell
💡 If you're into Video Materials…
If you're into movies… and not so much text you can see how it looks like on below 2 videos. Sorry for the quality but this is the first time I actually recorded something for YouTube.
This one shows generating Word / Excel straight from PowerShell. Keep in mind you don't actually need Word/Excel to generate that documents. I just happen to have them on my machine.
💡 Exporting to Excel
While exporting to Microsoft Word is nice and all some data just can't be put into Word. It won't fit. New version covers so much information from Active Directory that it's impossible to fit that into A4 page. I also wanted PSWinDocumentation to become something more.. a tool that can be used to export your AD data for you to verify. Think about it? Export users, check their expiry dates, check last logon times, check last password change, check Domain Admins, check… well how about ACL's for Group Policies? Or maybe Organizational Units ACL? It's all there. It wouldn't fit Word, it fits excel perfectly thou. And since the tool is there to use… run it once, export data, analyze it, fix things, export again and verify results.
And there's more… much more…
💡 Build your OWN documentation in Microsoft Word / Microsoft Excel document
Old version was easy. One command to rule whole AD. But it meant there were no customization options. New one… well you get to customize almost everything.
Import-Module PSWinDocumentation
Import-Module PSWinDocumentation.AD
# Import-Module DbaTools # (if you require SQL export)
# Those should automatically load
#Import-Module PSWriteWord
#Import-Module PSWriteExcel
#Import-Module ActiveDirectory
$Document = [ordered]@{
Configuration = [ordered] @{
Prettify = @{
CompanyName = 'Evotec'
UseBuiltinTemplate = $true
CustomTemplatePath = ''
Language = 'en-US'
}
Options = @{
OpenDocument = $true
OpenExcel = $true
}
DisplayConsole = @{
ShowTime = $false
LogFile = "$ENV:TEMP\PSWinDocumentationADTesting.log"
TimeFormat = 'yyyy-MM-dd HH:mm:ss'
}
Debug = @{
Verbose = $false
}
}
DocumentAD = [ordered] @{
Enable = $true
ExportWord = $true
ExportExcel = $false
ExportSql = $false
FilePathWord = "$Env:USERPROFILE\Desktop\PSWinDocumentation-ADReportWithPasswords.docx"
FilePathExcel = "$Env:USERPROFILE\Desktop\PSWinDocumentation-ADReportWithPasswords.xlsx"
Configuration = [ordered] @{
PasswordTests = @{
Use = $true
# Using '' will still process some usefull output
PasswordFilePathClearText = '' #"$PSScriptRoot\Passwords\Passwords.txt"
# Fair warning it will take ages if you use HaveIBeenPwned DB 🙂
UseHashDB = $false
PasswordFilePathHash = 'C:\Users\pklys\Downloads\pwned-passwords-ntlm-ordered-by-count\pwned-passwords-ntlm-ordered-by-count.txt'
}
}
Sections = [ordered] @{
SectionForest = [ordered] @{
SectionTOC = [ordered] @{
Use = $true
TocGlobalDefinition = $true
TocGlobalTitle = 'Table of content'
TocGlobalRightTabPos = 15
#TocGlobalSwitches = 'A', 'C' #[TableContentSwitches]::C, [TableContentSwitches]::A
PageBreaksAfter = 1
}
SectionForestIntroduction = [ordered] @{
### Enables section
Use = $true
### Decides how TOC should be visible
TocEnable = $True
TocText = 'Scope'
TocListLevel = 0
TocListItemType = [ListItemType]::Numbered
TocHeadingType = [HeadingType]::Heading1
### Text is added before table/list
Text = "This document provides a low-level design of roles and permissions for" `
+ " the IT infrastructure team at <companyname> organization. This document utilizes knowledge from" `
+ " AD General Concept document that should be delivered with this document. Having all the information" `
+ " described in attached document one can start designing Active Directory with those principles in mind." `
+ " It's important to know while best practices that were described are important in decision making they" `
+ " should not be treated as final and only solution. Most important aspect is to make sure company has full" `
+ " usability of Active Directory and is happy with how it works. Making things harder just for the sake of" `
+ " implementation of best practices isn't always the best way to go."
TextAlignment = [Alignment]::Both
PageBreaksAfter = 1
}
SectionForestSummary = [ordered] @{
Use = $true
TocEnable = $True
TocText = 'General Information - Forest Summary'
TocListLevel = 0
TocListItemType = [ListItemType]::Numbered
TocHeadingType = [HeadingType]::Heading1
TableData = [PSWinDocumentation.ActiveDirectory]::ForestInformation
TableDesign = [TableDesign]::ColorfulGridAccent5
TableTitleMerge = $true
TableTitleText = "Forest Summary"
Text = "Active Directory at <companyname> has a forest name <forestname>." `
+ " Following table contains forest summary with important information:"
ExcelExport = $true
ExcelWorkSheet = 'Forest Summary'
ExcelData = [PSWinDocumentation.ActiveDirectory]::ForestInformation
}
SectionForestFSMO = [ordered] @{
Use = $true
TableData = [PSWinDocumentation.ActiveDirectory]::ForestFSMO
TableDesign = 'ColorfulGridAccent5'
TableTitleMerge = $true
TableTitleText = 'FSMO Roles'
Text = 'Following table contains FSMO servers'
EmptyParagraphsBefore = 1
ExcelExport = $true
ExcelWorkSheet = 'Forest FSMO'
ExcelData = [PSWinDocumentation.ActiveDirectory]::ForestFSMO
}
SectionForestOptionalFeatures = [ordered] @{
Use = $true
TableData = [PSWinDocumentation.ActiveDirectory]::ForestOptionalFeatures
TableDesign = [TableDesign]::ColorfulGridAccent5
TableTitleMerge = $true
TableTitleText = 'Optional Features'
Text = 'Following table contains optional forest features'
TextNoData = "Following section should have table containing forest features. However no data was provided."
EmptyParagraphsBefore = 1
ExcelExport = $true
ExcelWorkSheet = 'Forest Optional Features'
ExcelData = [PSWinDocumentation.ActiveDirectory]::ForestOptionalFeatures
}
SectionForestUPNSuffixes = [ordered] @{
Use = $true
Text = "Following UPN suffixes were created in this forest:"
TextNoData = "No UPN suffixes were created in this forest."
#ListType = 'Bulleted'
#ListData = [PSWinDocumentation.ActiveDirectory]::ForestUPNSuffixes
TableData = [PSWinDocumentation.ActiveDirectory]::ForestUPNSuffixes
TableDesign = [TableDesign]::ColorfulGridAccent5
TableTitleMerge = $true
TableTitleText = 'UPN Suffixes'
EmptyParagraphsBefore = 1
ExcelExport = $true
ExcelWorkSheet = 'Forest UPN Suffixes'
ExcelData = [PSWinDocumentation.ActiveDirectory]::ForestUPNSuffixes
}
SectionForesSPNSuffixes = [ordered] @{
Use = $true
Text = "Following SPN suffixes were created in this forest:"
TextNoData = "No SPN suffixes were created in this forest."
#ListType = 'Bulleted'
#ListData = [PSWinDocumentation.ActiveDirectory]::ForestSPNSuffixes
TableData = [PSWinDocumentation.ActiveDirectory]::ForestSPNSuffixes
TableDesign = [TableDesign]::ColorfulGridAccent5
TableTitleMerge = $true
TableTitleText = 'SPN Suffixes'
EmptyParagraphsBefore = 1
ExcelExport = $true
ExcelWorkSheet = 'Forest SPN Suffixes'
ExcelData = [PSWinDocumentation.ActiveDirectory]::ForestSPNSuffixes
}
SectionForestSites1 = [ordered] @{
Use = $true
TocEnable = $True
TocText = 'General Information - Sites'
TocListLevel = 1
TocListItemType = 'Numbered'
TocHeadingType = 'Heading1'
TableData = [PSWinDocumentation.ActiveDirectory]::ForestSites1
TableDesign = 'ColorfulGridAccent5'
Text = "Forest Sites list can be found below"
ExcelExport = $false ## Exported as one below
ExcelWorkSheet = 'Forest Sites 1'
ExcelData = [PSWinDocumentation.ActiveDirectory]::ForestSites1
}
SectionForestSites2 = [ordered] @{
Use = $true
TableData = [PSWinDocumentation.ActiveDirectory]::ForestSites2
TableDesign = 'ColorfulGridAccent5'
Text = "Forest Sites list can be found below"
EmptyParagraphsBefore = 1
ExcelExport = $false ## Exported as one below
ExcelWorkSheet = 'Forest Sites 2'
ExcelData = [PSWinDocumentation.ActiveDirectory]::ForestSites2
}
SectionForestSites = [ordered] @{
Use = $true
ExcelExport = $true
ExcelWorkSheet = 'Forest Sites'
ExcelData = [PSWinDocumentation.ActiveDirectory]::ForestSites
}
SectionForestSubnets1 = [ordered] @{
Use = $true
TocEnable = $True
TocText = 'General Information - Subnets'
TocListLevel = 1
TocListItemType = 'Numbered'
TocHeadingType = 'Heading1'
TableData = [PSWinDocumentation.ActiveDirectory]::ForestSubnets1
TableDesign = 'ColorfulGridAccent5'
Text = "Table below contains information regarding relation between Subnets and sites"
EmptyParagraphsBefore = 1
ExcelExport = $true
ExcelWorkSheet = 'Forest Subnets 1'
ExcelData = [PSWinDocumentation.ActiveDirectory]::ForestSubnets1
}
SectionForestSubnets2 = [ordered] @{
Use = $true
TableData = [PSWinDocumentation.ActiveDirectory]::ForestSubnets2
TableDesign = 'ColorfulGridAccent5'
Text = "Table below contains information regarding relation between Subnets and sites"
EmptyParagraphsBefore = 1
ExcelExport = $true
ExcelWorkSheet = 'Forest Subnets 2'
ExcelData = [PSWinDocumentation.ActiveDirectory]::ForestSubnets2
}
SectionForestSiteLinks = [ordered] @{
Use = $true
TocEnable = $True
TocText = 'General Information - Site Links'
TocListLevel = 1
TocListItemType = 'Numbered'
TocHeadingType = 'Heading1'
TableData = [PSWinDocumentation.ActiveDirectory]::ForestSiteLinks
TableDesign = 'ColorfulGridAccent5'
Text = "Forest Site Links information is available in table below"
ExcelExport = $true
ExcelWorkSheet = 'Forest Site Links'
ExcelData = [PSWinDocumentation.ActiveDirectory]::ForestSiteLinks
}
}
SectionDomain = [ordered] @{
SectionPageBreak = [ordered] @{
Use = $True
PageBreaksBefore = 1
}
SectionDomainStarter = [ordered] @{
Use = $true
TocEnable = $True
TocText = 'General Information - Domain <domain>'
TocListLevel = 0
TocListItemType = [ListItemType]::Numbered
TocHeadingType = [HeadingType]::Heading1
}
SectionDomainIntroduction = [ordered] @{
Use = $true
TocEnable = $True
TocText = 'General Information - Domain Summary'
TocListLevel = 1
TocListItemType = [ListItemType]::Numbered
TocHeadingType = [HeadingType]::Heading1
Text = "Following domain exists within forest <forestname>:"
ListBuilderContent = "Domain <domainnetbios>", 'Name for fully qualified domain name (FQDN): <domain>', 'Name for NetBIOS: '
ListBuilderLevel = 0, 1, 1
ListBuilderType = [ListItemType]::Bulleted, [ListItemType]::Bulleted, [ListItemType]::Bulleted
EmptyParagraphsBefore = 0
}
SectionDomainControllers = [ordered] @{
Use = $true
TocEnable = $True
TocText = 'General Information - Domain Controllers'
TocListLevel = 1
TocListItemType = 'Numbered'
TocHeadingType = 'Heading2'
TableData = [PSWinDocumentation.ActiveDirectory]::DomainControllers
TableDesign = 'ColorfulGridAccent5'
TableMaximumColumns = 8
Text = 'Following table contains domain controllers'
TextNoData = ''
ExcelExport = $true
ExcelWorkSheet = '<domain> - DCs'
ExcelData = [PSWinDocumentation.ActiveDirectory]::DomainControllers
}
SectionDomainFSMO = [ordered] @{
Use = $true
TableData = [PSWinDocumentation.ActiveDirectory]::DomainFSMO
TableDesign = 'ColorfulGridAccent5'
TableTitleMerge = $true
TableTitleText = "FSMO Roles for <domain>"
Text = "Following table contains FSMO servers with roles for domain <domain>"
EmptyParagraphsBefore = 1
ExcelExport = $true
ExcelWorkSheet = '<domain> - FSMO'
ExcelData = [PSWinDocumentation.ActiveDirectory]::DomainFSMO
}
SectionDomainDefaultPasswordPolicy = [ordered] @{
Use = $true
TocEnable = $True
TocText = 'General Information - Password Policies'
TocListLevel = 1
TocListItemType = 'Numbered'
TocHeadingType = 'Heading2'
TableData = [PSWinDocumentation.ActiveDirectory]::DomainDefaultPasswordPolicy
TableDesign = 'ColorfulGridAccent5'
TableTitleMerge = $True
TableTitleText = "Default Password Policy for <domain>"
Text = 'Following table contains password policies for all users within <domain>'
ExcelExport = $true
ExcelWorkSheet = '<domain> - DefaultPasswordPolicy'
ExcelData = [PSWinDocumentation.ActiveDirectory]::DomainDefaultPasswordPolicy
}
SectionDomainFineGrainedPolicies = [ordered] @{
Use = $true
TocEnable = $True
TocText = 'General Information - Fine Grained Password Policies'
TocListLevel = 1
TocListItemType = 'Numbered'
TocHeadingType = 'Heading2'
TableData = [PSWinDocumentation.ActiveDirectory]::DomainFineGrainedPolicies
TableDesign = [TableDesign]::ColorfulGridAccent5
TableMaximumColumns = 8
TableTitleMerge = $false
TableTitleText = "Fine Grained Password Policy for <domain>"
Text = 'Following table contains fine grained password policies'
TextNoData = "Following section should cover fine grained password policies. " `
+ "There were no fine grained password polices defined in <domain>. There was no formal requirement to have " `
+ "them set up."
ExcelExport = $true
ExcelWorkSheet = '<domain> - Password Policy (Grained)'
ExcelData = [PSWinDocumentation.ActiveDirectory]::DomainFineGrainedPolicies
}
SectionDomainGroupPolicies = [ordered] @{
Use = $true
TocEnable = $True
TocText = 'General Information - Group Policies'
TocListLevel = 1
TocListItemType = 'Numbered'
TocHeadingType = 'Heading2'
TableData = [PSWinDocumentation.ActiveDirectory]::DomainGroupPolicies
TableDesign = 'ColorfulGridAccent5'
Text = "Following table contains group policies for <domain>"
ExcelExport = $true
ExcelWorkSheet = '<domain> - GroupPolicies'
ExcelData = [PSWinDocumentation.ActiveDirectory]::DomainGroupPolicies
}
SectionDomainGroupPoliciesDetails = [ordered] @{
Use = $true
TocEnable = $True
TocText = 'General Information - Group Policies Details'
TocListLevel = 1
TocListItemType = 'Numbered'
TocHeadingType = 'Heading2'
TableData = [PSWinDocumentation.ActiveDirectory]::DomainGroupPoliciesDetails
TableMaximumColumns = 6
TableDesign = 'ColorfulGridAccent5'
Text = "Following table contains group policies for <domain>"
ExcelExport = $true
ExcelWorkSheet = '<domain> - GroupPolicies Details'
ExcelData = [PSWinDocumentation.ActiveDirectory]::DomainGroupPoliciesDetails
}
SectionDomainGroupPoliciesACL = [ordered] @{
Use = $true
#TocEnable = $True
#TocText = 'General Information - Group Policies ACL'
#TocListLevel = 1
#TocListItemType = 'Numbered'
#TocHeadingType = 'Heading2'
#TableData = [PSWinDocumentation.ActiveDirectory]::DomainGroupPoliciesACL
#TableMaximumColumns = 6
#TableDesign = 'ColorfulGridAccent5'
#Text = "Following table contains group policies ACL for <domain>"
ExcelExport = $true
ExcelWorkSheet = '<domain> - GroupPoliciesACL'
ExcelData = [PSWinDocumentation.ActiveDirectory]::DomainGroupPoliciesACL
}
SectionDomainDNSSrv = [ordered] @{
Use = $true
TocEnable = $True
TocText = 'General Information - DNS A/SRV Records'
TocListLevel = 1
TocListItemType = 'Numbered'
TocHeadingType = 'Heading2'
TableData = [PSWinDocumentation.ActiveDirectory]::DomainDNSSRV
TableMaximumColumns = 10
TableDesign = 'ColorfulGridAccent5'
Text = "Following table contains SRV records for Kerberos and LDAP"
EmptyParagraphsAfter = 1
ExcelExport = $true
ExcelWorkSheet = '<domain> - DNSSRV'
ExcelData = [PSWinDocumentation.ActiveDirectory]::DomainDNSSRV
}
SectionDomainDNSA = [ordered] @{
Use = $true
TableData = [PSWinDocumentation.ActiveDirectory]::DomainDNSA
TableMaximumColumns = 10
TableDesign = 'ColorfulGridAccent5'
Text = "Following table contains A records for Kerberos and LDAP"
ExcelExport = $true
ExcelWorkSheet = '<domain> - DNSA'
ExcelData = [PSWinDocumentation.ActiveDirectory]::DomainDNSA
}
SectionDomainTrusts = [ordered] @{
Use = $true
TocEnable = $True
TocText = 'General Information - Trusts'
TocListLevel = 1
TocListItemType = 'Numbered'
TocHeadingType = 'Heading2'
TableData = [PSWinDocumentation.ActiveDirectory]::DomainTrusts
TableMaximumColumns = 6
TableDesign = 'ColorfulGridAccent5'
Text = "Following table contains trusts established with domains..."
ExcelExport = $true
ExcelWorkSheet = '<domain> - DomainTrusts'
ExcelData = [PSWinDocumentation.ActiveDirectory]::DomainTrusts
}
SectionDomainOrganizationalUnits = [ordered] @{
Use = $true
TocEnable = $True
TocText = 'General Information - Organizational Units'
TocListLevel = 1
TocListItemType = 'Numbered'
TocHeadingType = 'Heading2'
TableData = [PSWinDocumentation.ActiveDirectory]::DomainOrganizationalUnits
TableDesign = 'ColorfulGridAccent5'
TableMaximumColumns = 4
Text = "Following table contains all OU's created in <domain>"
ExcelExport = $true
ExcelWorkSheet = '<domain> - OrganizationalUnits'
ExcelData = [PSWinDocumentation.ActiveDirectory]::DomainOrganizationalUnits
}
SectionDomainPriviligedGroup = [ordered] @{
Use = $False
TocEnable = $True
TocText = 'General Information - Priviliged Groups'
TocListLevel = 1
TocListItemType = 'Numbered'
TocHeadingType = 'Heading2'
TableData = [PSWinDocumentation.ActiveDirectory]::DomainGroupsPriviliged
TableDesign = 'ColorfulGridAccent5'
Text = 'Following table contains list of priviliged groups and count of the members in it.'
ChartEnable = $True
ChartTitle = 'Priviliged Group Members'
ChartData = [PSWinDocumentation.ActiveDirectory]::DomainGroupsPriviliged
ChartKeys = 'Group Name', 'Members Count'
ChartValues = 'Members Count'
ExcelExport = $true
ExcelWorkSheet = '<domain> - PriviligedGroupMembers'
ExcelData = [PSWinDocumentation.ActiveDirectory]::DomainGroupsPriviliged
}
SectionDomainUsers = [ordered] @{
Use = $true
TocEnable = $True
TocText = 'General Information - Domain Users in <domain>'
TocListLevel = 1
TocListItemType = [ListItemType]::Numbered
TocHeadingType = [HeadingType]::Heading1
PageBreaksBefore = 1
Text = 'Following section covers users information for domain <domain>. '
}
SectionDomainUsersCount = [ordered] @{
Use = $true
TocEnable = $True
TocText = 'General Information - Users Count'
TocListLevel = 2
TocListItemType = 'Numbered'
TocHeadingType = 'Heading2'
TableData = [PSWinDocumentation.ActiveDirectory]::DomainUsersCount
TableDesign = 'ColorfulGridAccent5'
TableTitleMerge = $true
TableTitleText = 'Users Count'
Text = "Following table and chart shows number of users in its categories"
ChartEnable = $True
ChartTitle = 'Users Count'
ChartData = [PSWinDocumentation.ActiveDirectory]::DomainUsersCount
ChartKeys = 'Keys'
ChartValues = 'Values'
ExcelExport = $true
ExcelWorkSheet = '<domain> - UsersCount'
ExcelData = [PSWinDocumentation.ActiveDirectory]::DomainUsersCount
}
SectionDomainAdministrators = [ordered] @{
Use = $true
TocEnable = $True
TocText = 'General Information - Domain Administrators'
TocListLevel = 2
TocListItemType = 'Numbered'
TocHeadingType = 'Heading2'
TableData = [PSWinDocumentation.ActiveDirectory]::DomainAdministratorsRecursive
TableDesign = 'ColorfulGridAccent5'
Text = 'Following users have highest priviliges and are able to control a lot of Windows resources.'
ExcelExport = $true
ExcelWorkSheet = '<domain> - DomainAdministrators'
ExcelData = [PSWinDocumentation.ActiveDirectory]::DomainAdministratorsRecursive
}
SectionEnterpriseAdministrators = [ordered] @{
Use = $true
TocEnable = $True
TocText = 'General Information - Enterprise Administrators'
TocListLevel = 2
TocListItemType = 'Numbered'
TocHeadingType = 'Heading2'
TableData = [PSWinDocumentation.ActiveDirectory]::DomainEnterpriseAdministratorsRecursive
TableDesign = 'ColorfulGridAccent5'
Text = 'Following users have highest priviliges across Forest and are able to control a lot of Windows resources.'
TextNoData = 'No Enterprise Administrators users were defined for this domain.'
ExcelExport = $true
ExcelWorkSheet = '<domain> - EnterpriseAdministrators'
ExcelData = [PSWinDocumentation.ActiveDirectory]::DomainEnterpriseAdministratorsRecursive
}
SectionDomainComputers = [ordered] @{
Use = $true
TocEnable = $True
TocText = 'General Information - Computer Objects in <domain>'
TocListLevel = 1
TocListItemType = [ListItemType]::Numbered
TocHeadingType = [HeadingType]::Heading1
PageBreaksBefore = 1
Text = 'Following section covers computers information for domain <domain>. '
}
DomainComputers = [ordered] @{
Use = $true
TocEnable = $True
TocText = 'General Information - Computers'
TocListLevel = 2
TocListItemType = 'Numbered'
TocHeadingType = 'Heading2'
TableData = [PSWinDocumentation.ActiveDirectory]::DomainComputers
TableDesign = 'ColorfulGridAccent5'
Text = 'Following client computers are created in <domain>.'
ExcelExport = $true
ExcelWorkSheet = '<domain> - DomainComputers'
ExcelData = [PSWinDocumentation.ActiveDirectory]::DomainComputers
}
DomainComputersCount = [ordered] @{
Use = $true
TableData = [PSWinDocumentation.ActiveDirectory]::DomainComputersCount
TableDesign = 'ColorfulGridAccent5'
TableTitleMerge = $true
TableTitleText = 'Computers Count'
Text = "Following table and chart shows number of computers and their versions"
ChartEnable = $True
ChartTitle = 'Computers Count'
ChartData = [PSWinDocumentation.ActiveDirectory]::DomainComputersCount
ChartKeys = 'System Name', 'System Count'
ChartValues = 'System Count'
ExcelExport = $true
ExcelWorkSheet = '<domain> - DomainComputersCount'
ExcelData = [PSWinDocumentation.ActiveDirectory]::DomainComputersCount
EmptyParagraphsBefore = 1
}
DomainServers = [ordered] @{
Use = $true
TocEnable = $True
TocText = 'General Information - Servers'
TocListLevel = 2
TocListItemType = 'Numbered'
TocHeadingType = 'Heading2'
TableData = [PSWinDocumentation.ActiveDirectory]::DomainServers
TableDesign = 'ColorfulGridAccent5'
Text = 'Following client computers are created in <domain>.'
ExcelExport = $true
ExcelWorkSheet = '<domain> - DomainComputers'
ExcelData = [PSWinDocumentation.ActiveDirectory]::DomainServers
}
DomainServersCount = [ordered] @{
Use = $true
TableData = [PSWinDocumentation.ActiveDirectory]::DomainServersCount
TableDesign = 'ColorfulGridAccent5'
TableTitleMerge = $true
TableTitleText = 'Servers Count'
Text = "Following table and chart shows number of servers and their versions"
ChartEnable = $True
ChartTitle = 'Servers Count'
ChartData = [PSWinDocumentation.ActiveDirectory]::DomainServersCount
ChartKeys = 'System Name', 'System Count'
ChartValues = 'System Count'
ExcelExport = $true
ExcelWorkSheet = '<domain> - DomainServersCount'
ExcelData = [PSWinDocumentation.ActiveDirectory]::DomainServersCount
EmptyParagraphsBefore = 1
}
DomainComputersUnknown = [ordered] @{
Use = $true
TocEnable = $True
TocText = 'General Information - Unknown Computer Objects'
TocListLevel = 2
TocListItemType = 'Numbered'
TocHeadingType = 'Heading2'
TableData = [PSWinDocumentation.ActiveDirectory]::DomainComputersUnknown
TableDesign = 'ColorfulGridAccent5'
Text = 'Following client computers are not asisgned to clients or computers in <domain>.'
ExcelExport = $true
ExcelWorkSheet = '<domain> - ComputersUnknown'
ExcelData = [PSWinDocumentation.ActiveDirectory]::DomainComputersUnknown
}
DomainComputersUnknownCount = [ordered] @{
Use = $true
TableData = [PSWinDocumentation.ActiveDirectory]::DomainComputersUnknownCount
TableDesign = 'ColorfulGridAccent5'
TableTitleMerge = $true
TableTitleText = 'Unknown Computers Count'
Text = "Following table and chart shows number of unknown object computers in domain."
ExcelExport = $false
ExcelWorkSheet = '<domain> - ComputersUnknownCount'
ExcelData = [PSWinDocumentation.ActiveDirectory]::DomainComputersUnknownCount
EmptyParagraphsBefore = 1
}
SectionPasswordQuality = [ordered] @{
### Enables section
Use = $true
### Decides how TOC should be visible
TocEnable = $True
TocText = 'Domain Password Quality'
TocListLevel = 1
TocListItemType = [ListItemType]::Numbered
TocHeadingType = [HeadingType]::Heading1
### Text is added before table/list
Text = "This section provides overview about password quality used in <domain>. One should review if all those potentially" `
+ " dangerous approaches to password quality should be left as is or addressed in one way or another."
TextAlignment = [Alignment]::Both
PageBreaksAfter = 0
PageBreaksBefore = 1
}
DomainPasswordClearTextPassword = [ordered] @{
Use = $true
TocEnable = $True
TocText = 'Password Quality - Passwords with Reversible Encryption'
TocListLevel = 2
TocListItemType = 'Numbered'
TocHeadingType = 'Heading2'
TableData = [PSWinDocumentation.ActiveDirectory]::DomainPasswordClearTextPassword
TableDesign = 'ColorfulGridAccent5'
TableMaximumColumns = 4
Text = 'Passwords of these accounts are stored using reversible encryption.'
TextNoData = 'There are no accounts that have passwords stored using reversible encryption.'
ExcelExport = $true
ExcelWorkSheet = '<domain> - PasswordClearText'
ExcelData = [PSWinDocumentation.ActiveDirectory]::DomainPasswordClearTextPassword
}
DomainPasswordLMHash = [ordered] @{
Use = $true
TocEnable = $True
TocText = 'Password Quality - Passwords with LM Hash'
TocListLevel = 2
TocListItemType = 'Numbered'
TocHeadingType = 'Heading2'
TableData = [PSWinDocumentation.ActiveDirectory]::DomainPasswordLMHash
TableDesign = 'ColorfulGridAccent5'
TableMaximumColumns = 4
Text = 'LM-hashes is the oldest password storage used by Windows, dating back to OS/2 system.' `
+ ' Due to the limited charset allowed, they are fairly easy to crack. Following accounts are affected:'
TextNoData = 'LM-hashes is the oldest password storage used by Windows, dating back to OS/2 system.' `
+ ' There were no accounts found that use LM Hashes.'
ExcelExport = $true
ExcelWorkSheet = '<domain> - PasswordLMHash'
ExcelData = [PSWinDocumentation.ActiveDirectory]::DomainPasswordLMHash
}
DomainPasswordEmptyPassword = [ordered] @{
Use = $true
TocEnable = $True
TocText = 'Password Quality - Empty Passwords'
TocListLevel = 2
TocListItemType = 'Numbered'
TocHeadingType = 'Heading2'
TableData = [PSWinDocumentation.ActiveDirectory]::DomainPasswordEmptyPassword
TableMaximumColumns = 4
TableDesign = 'ColorfulGridAccent5'
Text = 'Following accounts have no password set:'
TextNoData = 'There are no accounts in <domain> that have no password set.'
ExcelExport = $true
ExcelWorkSheet = '<domain> - PasswordEmpty'
ExcelData = [PSWinDocumentation.ActiveDirectory]::DomainPasswordEmptyPassword
}
DomainPasswordWeakPassword = [ordered] @{
Use = $true
TocEnable = $True
TocText = 'Password Quality - Known passwords'
TocListLevel = 2
TocListItemType = 'Numbered'
TocHeadingType = 'Heading2'
TableData = [PSWinDocumentation.ActiveDirectory]::DomainPasswordWeakPassword
TableMaximumColumns = 4
TableDesign = 'ColorfulGridAccent5'
Text = "Passwords of these accounts have been found in given dictionary. It's highely recommended to " `
+ "notify those users and ask them to change their passwords asap!"
TextNoData = 'There were no passwords found that match given dictionary.'
ExcelExport = $true
ExcelWorkSheet = '<domain> - PasswordKnown'
ExcelData = [PSWinDocumentation.ActiveDirectory]::DomainPasswordWeakPassword
}
DomainPasswordDefaultComputerPassword = [ordered] @{
Use = $true
TocEnable = $True
TocText = 'Password Quality - Default Computer Password'
TocListLevel = 2
TocListItemType = 'Numbered'
TocHeadingType = 'Heading2'
TableData = [PSWinDocumentation.ActiveDirectory]::DomainPasswordDefaultComputerPassword
TableDesign = 'ColorfulGridAccent5'
TableMaximumColumns = 4
Text = 'These computer objects have their password set to default:'
TextNoData = 'There were no accounts found that match default computer password criteria.'
ExcelExport = $true
ExcelWorkSheet = '<domain> - PasswordDefaultComputer'
ExcelData = [PSWinDocumentation.ActiveDirectory]::DomainPasswordDefaultComputerPassword
}
DomainPasswordPasswordNotRequired = [ordered] @{
Use = $true
TocEnable = $True
TocText = 'Password Quality - Password Not Required'
TocListLevel = 2
TocListItemType = 'Numbered'
TocHeadingType = 'Heading2'
TableData = [PSWinDocumentation.ActiveDirectory]::DomainPasswordPasswordNotRequired
TableDesign = 'ColorfulGridAccent5'
TableMaximumColumns = 4
Text = 'These accounts are not required to have a password. For some accounts it may be perfectly acceptable ' `
+ ' but for some it may not. Those accounts should be reviewed and accepted or changed to proper security.'
TextNoData = 'There were no accounts found that does not require password.'
ExcelExport = $true
ExcelWorkSheet = '<domain> - PasswordNotRequired'
ExcelData = [PSWinDocumentation.ActiveDirectory]::DomainPasswordPasswordNotRequired
}
DomainPasswordPasswordNeverExpires = [ordered] @{
Use = $true
TocEnable = $True
TocText = 'Password Quality - Non expiring passwords'
TocListLevel = 2
TocListItemType = 'Numbered'
TocHeadingType = 'Heading2'
TableData = [PSWinDocumentation.ActiveDirectory]::DomainPasswordPasswordNeverExpires
TableDesign = 'ColorfulGridAccent5'
TableMaximumColumns = 4
Text = 'Following account have do not expire password policy set on them. Those accounts should be reviewed whether ' `
+ 'allowing them to never expire is good idea and accepted risk.'
TextNoData = 'There are no accounts in <domain> that never expire.'
ExcelExport = $true
ExcelWorkSheet = '<domain> - PasswordNeverExpire'
ExcelData = [PSWinDocumentation.ActiveDirectory]::DomainPasswordPasswordNeverExpires
}
DomainPasswordAESKeysMissing = [ordered] @{
Use = $true
TocEnable = $True
TocText = 'Password Quality - AES Keys Missing'
TocListLevel = 2
TocListItemType = 'Numbered'
TocHeadingType = 'Heading2'
TableData = [PSWinDocumentation.ActiveDirectory]::DomainPasswordAESKeysMissing
TableDesign = 'ColorfulGridAccent5'
TableMaximumColumns = 4
Text = 'Following accounts have their Kerberos AES keys missing'
TextNoData = 'There are no accounts that hvae their Kerberos AES keys missing.'
ExcelExport = $true
ExcelWorkSheet = '<domain> - PasswordAESMissing'
ExcelData = [PSWinDocumentation.ActiveDirectory]::DomainPasswordAESKeysMissing
}
DomainPasswordPreAuthNotRequired = [ordered] @{
Use = $true
TocEnable = $True
TocText = 'Password Quality - Kerberos Pre-Auth Not Required'
TocListLevel = 2
TocListItemType = 'Numbered'
TocHeadingType = 'Heading2'
TableData = [PSWinDocumentation.ActiveDirectory]::DomainPasswordPreAuthNotRequired
TableDesign = 'ColorfulGridAccent5'
TableMaximumColumns = 4
Text = 'Kerberos pre-authentication is not required for these accounts'
TextNoData = 'There were no accounts found that do not require pre-authentication.'
ExcelExport = $true
ExcelWorkSheet = '<domain> - PasswordPreAuthNot'
ExcelData = [PSWinDocumentation.ActiveDirectory]::DomainPasswordPreAuthNotRequired
}
DomainPasswordDESEncryptionOnly = [ordered] @{
Use = $true
TocEnable = $True
TocText = 'Password Quality - Only DES Encryption Allowed'
TocListLevel = 2
TocListItemType = 'Numbered'
TocHeadingType = 'Heading2'
TableData = [PSWinDocumentation.ActiveDirectory]::DomainPasswordDESEncryptionOnly
TableDesign = 'ColorfulGridAccent5'
TableMaximumColumns = 4
Text = 'Only DES encryption is allowed to be used with these accounts'
TextNoData = 'There are no account that require only DES encryption.'
ExcelExport = $true
ExcelWorkSheet = '<domain> - PasswordDESEncr'
ExcelData = [PSWinDocumentation.ActiveDirectory]::DomainPasswordDESEncryptionOnly
}
DomainPasswordDelegatableAdmins = [ordered] @{
Use = $true
TocEnable = $True
TocText = 'Password Quality - Delegatable to Service'
TocListLevel = 2
TocListItemType = 'Numbered'
TocHeadingType = 'Heading2'
TableData = [PSWinDocumentation.ActiveDirectory]::DomainPasswordDelegatableAdmins
TableDesign = 'ColorfulGridAccent5'
TableMaximumColumns = 4
Text = 'These accounts are allowed to be delegated to a service:'
TextNoData = 'No accounts were found that are allowed to be delegated to a service.'
ExcelExport = $true
ExcelWorkSheet = '<domain> - PasswordDelegatable'
ExcelData = [PSWinDocumentation.ActiveDirectory]::DomainPasswordDelegatableAdmins
}
DomainPasswordDuplicatePasswordGroups = [ordered] @{
Use = $true
TocEnable = $True
TocText = 'Password Quality - Groups of Users With Same Password'
TocListLevel = 2
TocListItemType = 'Numbered'
TocHeadingType = 'Heading2'
TableData = [PSWinDocumentation.ActiveDirectory]::DomainPasswordDuplicatePasswordGroups
TableDesign = 'ColorfulGridAccent5'
TableMaximumColumns = 4
Text = 'Following groups of users have same passwords:'
TextNoData = 'There are no 2 passwords that are the same in <domain>.'
ExcelExport = $true
ExcelWorkSheet = '<domain> - PasswordGroups'
ExcelData = [PSWinDocumentation.ActiveDirectory]::DomainPasswordDuplicatePasswordGroups
}
DomainPasswordHashesWeakPassword = [ordered] @{
Use = $false
TocEnable = $True
TocText = 'Password Quality - Leaked Passwords'
TocListLevel = 2
TocListItemType = 'Numbered'
TocHeadingType = 'Heading2'
TableData = [PSWinDocumentation.ActiveDirectory]::DomainPasswordHashesWeakPassword
TableDesign = 'ColorfulGridAccent5'
TableMaximumColumns = 4
Text = "Passwords of these accounts have been found in given HASH dictionary (https://haveibeenpwned.com/). It's highely recommended to " `
+ "notify those users and ask them to change their passwords asap!"
TextNoData = 'There were no passwords found that match in given dictionary.'
ExcelExport = $true
ExcelWorkSheet = '<domain> - LeakedPasswords'
ExcelData = [PSWinDocumentation.ActiveDirectory]::DomainPasswordHashesWeakPassword
}
DomainPasswordStats = [ordered] @{
Use = $true
TocEnable = $True
TocText = 'Password Quality - Statistics'
TocListLevel = 2
TocListItemType = 'Numbered'
TocHeadingType = 'Heading2'
TableData = [PSWinDocumentation.ActiveDirectory]::DomainPasswordStats
TableDesign = 'ColorfulGridAccent5'
TableTitleMerge = $true
TableTitleText = 'Password Quality Statistics'
Text = "Following table and chart shows password statistics"
ChartEnable = $True
ChartTitle = 'Password Statistics'
ChartData = [PSWinDocumentation.ActiveDirectory]::DomainPasswordStats
ChartKeys = 'Keys'
ChartValues = 'Values'
ExcelExport = $true
ExcelWorkSheet = '<domain> - PasswordStats'
ExcelData = [PSWinDocumentation.ActiveDirectory]::DomainPasswordStats
}
SectionExcelDomainOrganizationalUnitsBasicACL = [ordered] @{
Use = $true
ExcelExport = $true
ExcelWorkSheet = '<domain> - OU ACL Basic'
ExcelData = [PSWinDocumentation.ActiveDirectory]::DomainOrganizationalUnitsBasicACL
}
SectionExcelDomainOrganizationalUnitsExtended = [ordered] @{
Use = $true
ExcelExport = $true
ExcelWorkSheet = '<domain> - OU ACL Extended'
ExcelData = [PSWinDocumentation.ActiveDirectory]::DomainOrganizationalUnitsExtended
}
SectionExcelDomainUsers = [ordered] @{
Use = $true
ExcelExport = $true
ExcelWorkSheet = '<domain> - Users'
ExcelData = [PSWinDocumentation.ActiveDirectory]::DomainUsers
}
SectionExcelDomainUsersAll = [ordered] @{
Use = $true
ExcelExport = $true
ExcelWorkSheet = '<domain> - Users All'
ExcelData = [PSWinDocumentation.ActiveDirectory]::DomainUsersAll
}
SectionExcelDomainUsersSystemAccounts = [ordered] @{
Use = $true
ExcelExport = $true
ExcelWorkSheet = '<domain> - Users System'
ExcelData = [PSWinDocumentation.ActiveDirectory]::DomainUsersSystemAccounts
}
SectionExcelDomainUsersNeverExpiring = [ordered] @{
Use = $true
ExcelExport = $true
ExcelWorkSheet = '<domain> - Never Expiring'
ExcelData = [PSWinDocumentation.ActiveDirectory]::DomainUsersNeverExpiring
}
SectionExcelDomainUsersNeverExpiringInclDisabled = [ordered] @{
Use = $true
ExcelExport = $true
ExcelWorkSheet = '<domain> - Never Expiring incl Disabled'
ExcelData = [PSWinDocumentation.ActiveDirectory]::DomainUsersNeverExpiringInclDisabled
}
SectionExcelDomainUsersExpiredInclDisabled = [ordered] @{
Use = $true
ExcelExport = $true
ExcelWorkSheet = '<domain> - Expired incl Disabled'
ExcelData = [PSWinDocumentation.ActiveDirectory]::DomainUsersExpiredInclDisabled
}
SectionExcelDomainUsersExpiredExclDisabled = [ordered] @{
Use = $true
ExcelExport = $true
ExcelWorkSheet = '<domain> - Expired excl Disabled'
ExcelData = [PSWinDocumentation.ActiveDirectory]::DomainUsersExpiredExclDisabled
}
SectionExcelDomainUsersFullList = [ordered] @{
Use = $true
ExcelExport = $true
ExcelWorkSheet = '<domain> - Users List Full'
ExcelData = [PSWinDocumentation.ActiveDirectory]::DomainUsersFullList
}
SectionExcelDomainComputersFullList = [ordered] @{
Use = $true
ExcelExport = $true
ExcelWorkSheet = '<domain> - Computers List'
ExcelData = [PSWinDocumentation.ActiveDirectory]::DomainComputersFullList
}
SectionExcelDomainGroupsFullList = [ordered] @{
Use = $true
ExcelExport = $true
ExcelWorkSheet = '<domain> - Groups List'
ExcelData = [PSWinDocumentation.ActiveDirectory]::DomainGroupsFullList
}
SectionExcelDomainGroupsRest = [ordered] @{
Use = $true
ExcelExport = $true
ExcelWorkSheet = '<domain> - Groups'
ExcelData = [PSWinDocumentation.ActiveDirectory]::DomainGroups
}
SectionExcelDomainGroupsSpecial = [ordered] @{
Use = $true
ExcelExport = $true
ExcelWorkSheet = '<domain> - Groups Special'
ExcelData = [PSWinDocumentation.ActiveDirectory]::DomainGroupsSpecial
}
SectionExcelDomainGroupsPriviliged = [ordered] @{
Use = $true
ExcelExport = $true
ExcelWorkSheet = '<domain> - Groups Priv'
ExcelData = [PSWinDocumentation.ActiveDirectory]::DomainGroupsPriviliged
}
SectionExcelDomainGroupMembers = [ordered] @{
Use = $true
ExcelExport = $true
ExcelWorkSheet = '<domain> - Members'
ExcelData = [PSWinDocumentation.ActiveDirectory]::DomainGroupsMembers
}
SectionExcelDomainGroupMembersSpecial = [ordered] @{
Use = $true
ExcelExport = $true
ExcelWorkSheet = '<domain> - Members Special'
ExcelData = [PSWinDocumentation.ActiveDirectory]::DomainGroupsSpecialMembers
}
SectionExcelDomainGroupMembersPriviliged = [ordered] @{
Use = $true
ExcelExport = $true
ExcelWorkSheet = '<domain> - Members Priv'
ExcelData = [PSWinDocumentation.ActiveDirectory]::DomainGroupsPriviligedMembers
}
SectionExcelDomainGroupMembersRecursive = [ordered] @{
Use = $true
ExcelExport = $true
ExcelWorkSheet = '<domain> - Members Rec'
ExcelData = [PSWinDocumentation.ActiveDirectory]::DomainGroupsMembersRecursive
}
SectionExcelDomainGroupMembersSpecialRecursive = [ordered] @{
Use = $true
ExcelExport = $true
ExcelWorkSheet = '<domain> - Members RecSpecial'
ExcelData = [PSWinDocumentation.ActiveDirectory]::DomainGroupsSpecialMembersRecursive
}
SectionExcelDomainGroupMembersPriviligedRecursive = [ordered] @{
Use = $true
ExcelExport = $true
ExcelWorkSheet = '<domain> - Members RecPriv'
ExcelData = [PSWinDocumentation.ActiveDirectory]::DomainGroupsPriviligedMembersRecursive
}
}
}
}
}
Start-Documentation -Document $Document -Verbose
As you can see above you can customize what data you want from Forest, what data you want from your Domains, what data goes to Excel, what goes to Word and you can define your own texts. This allows you to generate document once, change things, write your own descriptions, fix things, rerun and have up to date documentation. Few weeks / months later you simply rerun the tool and you have up to date documentation. In weeks/months time a lot can happen. Having always up to date documentation is a neat feature (at least to me). Of course editing this config file takes some practice and I haven't tested if turning something off will not break things … but oh well 🙂 You can always report bugs!
💡 Work with large AD PowerShell Object…
This one is tricky… while it delivers what it promises the scan it takes to prepare data may be long. So before you start jumping into it and rerunning it like mad stop 🙂 It takes 9 to 14 seconds to generate data on my 5 users domain, it takes 10 minutes for domain with 200 users and 6 DC's and it can take 2 hours to generate the same data for domain with 3000 people. And that's just pure data. No export to excel or word which can take another hours or so. I'm running it once, hashing out function and just running on data from memory.
Import-Module PSWriteWord Import-Module PSWriteExcel Import-Module PSWinDocumentation Import-Module PSWriteColor Import-Module ActiveDirectory $Forest = Get-WinADForestInformation -Verbose $Forest
Please notice this article contains parts of information (still useful) and may not reflect all functionalities of this module. For download, source code and so on you should refer to the dedicated PSWinDocumentation module page. After reading this one… of course! It contains useful information, examples and know-how. Without it… you may be lost!
💡 Short Summary
And that's about it… be sure to report bugs / features on GitHub. Almost forgot… below is an Enum that is used in ExcelData/TableData/ListData. Feel free to experiment what works and what doesn't work for you.
// Forest Information - Section Main ForestInformation, ForestFSMO, ForestGlobalCatalogs, ForestOptionalFeatures, ForestUPNSuffixes, ForestSPNSuffixes, ForestSites, ForestSites1, ForestSites2, ForestSubnets, ForestSubnets1, ForestSubnets2, ForestSiteLinks, ForestDomainControllers, // Domain Information - Section Main DomainRootDSE, DomainRIDs, DomainAuthenticationPolicies, // Not yet tested DomainAuthenticationPolicySilos, // Not yet tested DomainCentralAccessPolicies, // Not yet tested DomainCentralAccessRules, // Not yet tested DomainClaimTransformPolicies, // Not yet tested DomainClaimTypes, // Not yet tested DomainFineGrainedPolicies, DomainFineGrainedPoliciesUsers, DomainFineGrainedPoliciesUsersExtended, DomainGUIDS, DomainDNSSRV, DomainDNSA, DomainInformation, DomainControllers, DomainFSMO, DomainDefaultPasswordPolicy, DomainGroupPolicies, DomainGroupPoliciesDetails, DomainGroupPoliciesACL, DomainOrganizationalUnits, DomainOrganizationalUnitsBasicACL, DomainOrganizationalUnitsExtended, DomainContainers, DomainTrustsClean, DomainTrusts, DomainBitlocker, DomainLAPS, // Domain Information - Group Data DomainGroupsFullList, // Contains all data DomainGroups, DomainGroupsMembers, DomainGroupsMembersRecursive, DomainGroupsSpecial, DomainGroupsSpecialMembers, DomainGroupsSpecialMembersRecursive, DomainGroupsPriviliged, DomainGroupsPriviligedMembers, DomainGroupsPriviligedMembersRecursive, // Domain Information - User Data DomainUsersFullList, // Contains all data DomainUsers, DomainUsersCount, DomainUsersAll, DomainUsersSystemAccounts, DomainUsersNeverExpiring, DomainUsersNeverExpiringInclDisabled, DomainUsersExpiredInclDisabled, DomainUsersExpiredExclDisabled, DomainAdministrators, DomainAdministratorsRecursive, DomainEnterpriseAdministrators, DomainEnterpriseAdministratorsRecursive, // Domain Information - Computer Data DomainComputersFullList, // Contains all data DomainComputersAll, DomainComputersAllCount, DomainComputers, DomainComputersCount, DomainServers, DomainServersCount, DomainComputersUnknown, DomainComputersUnknownCount, // This requires DSInstall PowerShell Module DomainPasswordDataUsers, // Gathers users data and their passwords DomainPasswordDataPasswords, // Compares Users Password with File DomainPasswordDataPasswordsHashes, // Compares Users Password with File HASH DomainPasswordClearTextPassword, // include both enabled / disabled accounts DomainPasswordClearTextPasswordEnabled, // include only enabled DomainPasswordClearTextPasswordDisabled, // include only disabled DomainPasswordLMHash, DomainPasswordEmptyPassword, DomainPasswordWeakPassword, DomainPasswordWeakPasswordEnabled, DomainPasswordWeakPasswordDisabled, DomainPasswordWeakPasswordList, // Password List from file.. DomainPasswordDefaultComputerPassword, DomainPasswordPasswordNotRequired, DomainPasswordPasswordNeverExpires, DomainPasswordAESKeysMissing, DomainPasswordPreAuthNotRequired, DomainPasswordDESEncryptionOnly, DomainPasswordDelegatableAdmins, DomainPasswordDuplicatePasswordGroups, DomainPasswordHashesWeakPassword, DomainPasswordHashesWeakPasswordEnabled, DomainPasswordHashesWeakPasswordDisabled, DomainPasswordStats
