{"id":357,"date":"2023-01-13T19:15:51","date_gmt":"2023-01-13T18:15:51","guid":{"rendered":"http:\/\/brgeek.com.br\/wordpress\/?p=357"},"modified":"2023-01-13T19:15:52","modified_gmt":"2023-01-13T18:15:52","slug":"start-script-to-get-you-active-directory-secure","status":"publish","type":"post","link":"http:\/\/brgeek.com.br\/wordpress\/2023\/01\/13\/start-script-to-get-you-active-directory-secure\/","title":{"rendered":"Start Script to get you Active Directory Secure"},"content":{"rendered":"\n<p>Here&#8217;s an example of a PowerShell script that you can use to analyze security issues with Active Directory:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code class=\"\" data-line=\"\"># Import the Active Directory module\nImport-Module ActiveDirectory\n\n# Get all users in the AD\n$users = Get-ADUser -Filter *\n\n# Check for users with empty passwords\n$emptyPasswords = $users | Where-Object {$_.PasswordNeverExpires -eq $true -and $_.PasswordExpired -eq $false}\nWrite-Host &quot;Users with empty passwords:&quot;\nWrite-Host $emptyPasswords\n\n# Check for users with passwords that never expire\n$noExpiration = $users | Where-Object {$_.PasswordNeverExpires -eq $true}\nWrite-Host &quot;Users with passwords that never expire:&quot;\nWrite-Host $noExpiration\n\n# Check for users with expired passwords\n$expiredPasswords = $users | Where-Object {$_.PasswordExpired -eq $true}\nWrite-Host &quot;Users with expired passwords:&quot;\nWrite-Host $expiredPasswords\n\n# Check for users with weak passwords\n$weakPasswords = $users | Where-Object {$_.PasswordAge -gt 90}\nWrite-Host &quot;Users with weak passwords:&quot;\nWrite-Host $weakPasswords\n\n# Check for disabled users\n$disabledUsers = $users | Where-Object {$_.Enabled -eq $false}\nWrite-Host &quot;Disabled users:&quot;\nWrite-Host $disabledUsers\n\n# Check for locked-out users\n$lockedOutUsers = $users | Where-Object {$_.LockedOut -eq $true}\nWrite-Host &quot;Locked-out users:&quot;\nWrite-Host $lockedOutUsers\n\n# Check for stale\/old accounts\n$staleAccounts = $users | Where-Object {$_.LastLogonDate -lt (Get-Date).AddDays(-90)}\nWrite-Host &quot;Stale\/old accounts:&quot;\nWrite-Host $staleAccounts\n\n<\/code><\/pre>\n\n\n\n<p>This script will check for several common security issues with Active Directory, such as:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Users with empty passwords<\/li><li>Users with passwords that never expire<\/li><li>Users with expired passwords<\/li><li>Users with weak passwords<\/li><li>Disabled users<\/li><li>Locked-out users<\/li><li>Stale\/old accounts<\/li><\/ul>\n\n\n\n<p>It will return the list of users that match each condition, so you can take the necessary actions.<\/p>\n\n\n\n<p class=\"has-black-color has-text-color\">Note that this script is just a basic example, you can customize and add more checks to it based on your organization&#8217;s requirements and best practices.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Here&#8217;s an example of a PowerShell script that you can use to analyze security issues with Active Directory: This script will check for several common security issues with Active Directory, such as: Users with empty passwords Users with passwords that never expire Users with expired passwords Users with weak passwords [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":358,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[87,1,97],"tags":[24,8,6,11,60],"class_list":["post-357","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-active-directory","category-blog","category-security","tag-active-directory","tag-michael-goulart","tag-powershell","tag-script","tag-security"],"jetpack_featured_media_url":"http:\/\/brgeek.com.br\/wordpress\/wp-content\/uploads\/2023\/01\/Secure-your-Active-Directory.jpg","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"http:\/\/brgeek.com.br\/wordpress\/wp-json\/wp\/v2\/posts\/357","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/brgeek.com.br\/wordpress\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/brgeek.com.br\/wordpress\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/brgeek.com.br\/wordpress\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/brgeek.com.br\/wordpress\/wp-json\/wp\/v2\/comments?post=357"}],"version-history":[{"count":1,"href":"http:\/\/brgeek.com.br\/wordpress\/wp-json\/wp\/v2\/posts\/357\/revisions"}],"predecessor-version":[{"id":359,"href":"http:\/\/brgeek.com.br\/wordpress\/wp-json\/wp\/v2\/posts\/357\/revisions\/359"}],"wp:featuredmedia":[{"embeddable":true,"href":"http:\/\/brgeek.com.br\/wordpress\/wp-json\/wp\/v2\/media\/358"}],"wp:attachment":[{"href":"http:\/\/brgeek.com.br\/wordpress\/wp-json\/wp\/v2\/media?parent=357"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/brgeek.com.br\/wordpress\/wp-json\/wp\/v2\/categories?post=357"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/brgeek.com.br\/wordpress\/wp-json\/wp\/v2\/tags?post=357"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}