This folder contains scripts for assessing on-premise Windows Server infrastructure, focusing on file share analysis, Active Directory, and server configurations.
Purpose: Complete Active Directory assessment for AD to AD migration and user matching
Features:
- Comprehensive user export with all matching attributes (EmployeeID, email, UPN, samAccountName)
- Group analysis with membership mappings
- OU structure and distribution analysis
- Privileged account identification
- Computer inventory (optional)
- Cross-domain and cross-forest query support with -Domain and -Credential parameters
- RSAT auto-install capability
- Migration recommendations and data quality analysis
- Executive summary with statistics
Quick Start:
# Basic assessment (enabled users only)
.\Get-ComprehensiveADReport.ps1
# Complete assessment for migration planning
.\Get-ComprehensiveADReport.ps1 -OutputDirectory "C:\Migration\SourceAD" -IncludeDisabledUsers -IncludeComputers
# Query specific domain
.\Get-ComprehensiveADReport.ps1 -Domain "sachicis.org" -OrganizationName "SACHICIS"
# Cross-forest with credentials
.\Get-ComprehensiveADReport.ps1 -Domain "partner.com" -Credential (Get-Credential)Documentation: Full Documentation
Typical Use Cases:
- AD to AD migration planning
- Multi-domain and cross-forest assessments
- User matching across source and target environments
- Group membership documentation
- Privileged account inventory
- OU structure mapping
Purpose: Validate environment readiness for Active Directory Migration Tool (ADMT) migrations
Features:
- DNS resolution validation for source and target domains
- Domain functional level checks
- Trust relationship analysis (type, direction, configuration)
- Permission verification (Domain Admin, read access)
- Network connectivity testing (LDAP, Kerberos, SMB, RPC, etc.)
- Optional SID History prerequisite checks
- Optional Password Export Server (PES) validation
- SQL Server detection for ADMT database
- Color-coded console output with remediation guidance
- Automated CSV export with pass/fail/warning status
Quick Start:
# Basic ADMT prerequisites check
.\Check-ADMTPrerequisites.ps1 -SourceDomain "old.contoso.com" -TargetDomain "new.contoso.com"
# Include SID History checks
.\Check-ADMTPrerequisites.ps1 -SourceDomain "old.contoso.com" -TargetDomain "new.contoso.com" -CheckSIDHistory -SourcePDC "dc01.old.contoso.com"
# Full check with password migration
.\Check-ADMTPrerequisites.ps1 -SourceDomain "legacy.fabrikam.com" -CheckPES -CheckSIDHistory -SourcePDC "pdc.legacy.fabrikam.com"Documentation: Full Documentation
Typical Use Cases:
- Pre-migration validation for ADMT projects
- Troubleshooting ADMT connectivity issues
- Documenting migration prerequisites for compliance
- Validating trust relationships and permissions
- Network connectivity verification between domains
- SID History migration preparation
Purpose: Comprehensive file share assessment with Excel reporting
Features:
- Automatic SMB share discovery
- Storage analysis (sizes, file counts)
- NTFS permission mapping
- SharePoint/OneDrive compatibility checking
- Excel report generation
Quick Start:
.\Start-FileShareAssessment.ps1 -Domain "YourDomain"Documentation: Full Documentation
Typical Use Cases:
- File server migration planning
- Storage capacity management
- Security audit of file permissions
- SharePoint migration preparation
- PowerShell 5.1 or later
- Execution Policy: RemoteSigned or Unrestricted
- ActiveDirectory PowerShell module (RSAT Tools or Domain Controller)
- Domain user permissions (read access minimum)
- For comprehensive assessments: Domain Admin or equivalent recommended
- Administrator privileges
- ImportExcel module (auto-installed)
- Local access to file server
- Long paths enabled (auto-configured by script)
The domain or organization name for the assessment. Used in report naming.
Example: "Contoso", "Organization", "Lawson"
Directory where reports are saved.
Active Directory Scripts Default: C:\Reports\AD_Assessment
File Share Scripts Default: Current directory
Example: "C:\Reports", "C:\Migration\SourceAD"
# Basic assessment (enabled users only)
.\Get-ComprehensiveADReport.ps1
# Complete assessment for AD migration planning
.\Get-ComprehensiveADReport.ps1 -OutputDirectory "C:\Migration\SourceAD" -IncludeDisabledUsers -IncludeComputers
# Specific OU assessment
# Query different domain
.\Get-ComprehensiveADReport.ps1 -Domain "sachicis.org" -OrganizationName "SACHICIS"
# Cross-forest assessment
$Cred = Get-Credential
.\Get-ComprehensiveADReport.ps1 -Domain "partner.com" -Credential $Cred -OutputDirectory "C:\Migration\PartnerAD"
.\Get-ComprehensiveADReport.ps1 -SearchBase "OU=Corporate,DC=contoso,DC=com" -OrganizationName "Contoso"# Basic assessment
.\Start-FileShareAssessment.ps1 -Domain "Contoso"
# Fast assessment (skip permissions)
.\Start-FileShareAssessment.ps1 -Domain "Contoso" -SkipPermissions
# High-performance assessment
.\Start-FileShareAssessment.ps1 -Domain "Contoso" -Workers 200 -OutputDirectory "D:\Reports"All scripts generate structured output for easy analysis:
C:\Reports\AD_Assessment\
├── AD_Users_Full_20260107_143052.csv # Complete user export
├── AD_Groups_Summary_20260107_143052.csv # All groups
├── AD_GroupMemberships_20260107_143052.csv # User-to-group mappings
├── AD_OUs_Structure_20260107_143052.csv # OU hierarchy
├── AD_Computers_20260107_143052.csv # Computer inventory (optional)
├── AD_PrivilegedAccounts_20260107_143052.csv # Admin accounts
└── AD_Assessment_Report_20260107_143052.txt # Executive summary
OutputDirectory/
├── {Domain}_File_Share_Assessment.xlsx # Main Excel report
├── fileaudit_*.csv # Size analysis files
├── unsupported_filenames_*.csv # Compatibility reports
└── RawData/ # Detailed permission data
└── permissions_*.csv
Solution: Install RSAT tools
# Windows 10/11
Add-WindowsCapability -Online -Name Rsat.ActiveDirectory.DS-LDS.Tools~~~~0.0.1.0
# Windows Server
Install-WindowsFeature RSAT-AD-PowerShell
#### Querying wrong domain
**Solution**: Use `-Domain` parameter with full FQDN. For cross-forest: `-Domain "targetdomain.com" -Credential (Get-Credential)`
#### RSAT module auto-install fails
**Solution**: Script will detect and offer to install. If it fails, install manually:
```powershell
# Windows 10/11
Add-WindowsCapability -Online -Name Rsat.ActiveDirectory.DS-LDS.Tools~~~~0.0.1.0
# Windows Server
Install-WindowsFeature RSAT-AD-PowerShell
#### "Access Denied" when querying AD
**Solution**: Ensure you're logged in with domain credentials. For full assessment, use Domain Admin or equivalent.
#### Slow performance with large AD
**Solution**: Use `-SearchBase` to limit scope to specific OUs, or target specific DC with `-DomainController`
### File Share Issues
### "Access to path is denied"
**Solution**: Run as Domain Admin or with appropriate delegated permissions
### "Long paths are not enabled"
**Solution**: Script will prompt to enable. Alternatively:
```powershell
Set-ItemProperty 'HKLM:\System\CurrentControlSet\Control\FileSystem' -Name 'LongPathsEnabled' -Value 1
Solution: Manual installation:
Install-Module ImportExcel -Scope CurrentUser -Force -AllowClobberSolution:
- Increase workers:
-Workers 200 - Skip permissions:
-SkipPermissions - Run during off-hours
- ✅ Verify domain connectivity and credentials
- ✅ Check available disk space for CSV exports
- ✅ For large environments (10,000+ users), consider using
-SearchBaseto limit scope - ✅ Test on single OU first before full domain assessment
- ✅ Schedule during off-hours if querying production DCs
- ✅ Verify administrator privileges
- ✅ Check available disk space for reports
- ✅ Close Excel files in output directory
- ✅ Test on single share first (use
-ExcludeShares) - ✅ Schedule during off-hours for production servers
- ✅ Monitor console output for errors
- ✅ Check progress indicators
- ✅ Note any access denied warnings
- ✅ For AD: Watch for null result warnings on cmdlets
- ✅ Review text report for statistics and recommendations
- ✅ Verify CSV file completeness (check row counts)
- ✅ Analyze "Matching Attribute Coverage" percentages
- ✅ Review privileged accounts CSV for migration planning
- ✅ Compare source and target AD exports for user matching
- ✅ Review Excel report for completeness
- ✅ Check error and warning counts
- ✅ Secure reports (contain sensitive data)
- ✅ Delete temporary CSV files if needed
- User and group permissions
- Folder structures and file names
- Security group memberships
Recommendations:
- Store reports in secure locations
- Restrict access to assessment files
- Delete temporary files after review
- Encrypt reports if transmitting
- Duration: 5-15 minutes
- Settings: Default parameters
- Duration: 15-60 minutes
- Settings:
-Workers 100
- Duration: 1-4 hours
- Settings:
-Workers 200 -SkipPermissions(initially)
7**: Updated Get-ComprehensiveADReport.ps1
- Added -Domain parameter for explicit domain targeting
- Added -Credential parameter for cross-forest authentication
- Fixed domain targeting for all sub-queries
- Added RSAT auto-install capability
- **2026-01-0
- Start-FileShareAssessment.ps1 Full Documentation
- File Share Migration Planning Guide
- Assessment Best Practices
For issues, questions, or contributions:
- GitHub Issues: PowerShellEveryting Issues
- Wiki: Project Wiki
- 2026-01-05: Added Start-FileShareAssessment.ps1 - All-in-one file share assessment with Excel reporting