Maintenance Scripts
ADACLScan1.3.3.ps1
something exciting
Some information about the exciting thing
Table of contents generated with markdown-toc
Script
#Generated Form Function
function GenerateForm {
################################################################################################
# ADACLScan.ps1
#
# AUTHOR: Robin Granberg ([email protected])
#
# THIS CODE-SAMPLE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
# OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR
# FITNESS FOR A PARTICULAR PURPOSE.
#
# This sample is not supported under any Microsoft standard support program or service.
# The script is provided AS IS without warranty of any kind. Microsoft further disclaims all
# implied warranties including, without limitation, any implied warranties of merchantability
# or of fitness for a particular purpose. The entire risk arising out of the use or performance
# of the sample and documentation remains with you. In no event shall Microsoft, its authors,
# or anyone else involved in the creation, production, or delivery of the script be liable for
# any damages whatsoever (including, without limitation, damages for loss of business profits,
# business interruption, loss of business information, or other pecuniary loss) arising out of
# the use of or inability to use the sample or documentation, even if Microsoft has been advised
# of the possibility of such damages.
################################################################################################
#region Import the Assemblies
[reflection.assembly]::loadwithpartialname("System.Windows.Forms") | Out-Null
[reflection.assembly]::loadwithpartialname("System.Drawing") | Out-Null
#endregion
#region Generated Form Objects'
$chkBoxTemplateNodes = New-Object System.Windows.Forms.CheckBox
$gBoxReportOpt = New-Object System.Windows.Forms.GroupBox
$gBoxScanDepth = New-Object System.Windows.Forms.GroupBox
$gBoxEffectiveSelUser = New-Object System.Windows.Forms.GroupBox
$lblSelectPrincipalDom = New-Object System.Windows.Forms.Label
$lblEffectiveRightsColor = New-Object System.Windows.Forms.Label
$lblEffectiveSelUser = New-Object System.Windows.Forms.Label
$lblEffectiveDescText = New-Object System.Windows.Forms.Label
$lblEffectiveText = New-Object System.Windows.Forms.Label
$chkBoxEffectiveRights = New-Object System.Windows.Forms.CheckBox
$chkBoxEffectiveRightsColor = New-Object System.Windows.Forms.CheckBox
$chkBoxGetOUProtected = New-Object System.Windows.Forms.CheckBox
$chkBoxGetOwner = New-Object System.Windows.Forms.CheckBox
$chkBoxReplMeta = New-Object System.Windows.Forms.CheckBox
$chkBoxACLSize = New-Object System.Windows.Forms.CheckBox
$chkBoxType = New-Object System.Windows.Forms.CheckBox
$chkBoxObject = New-Object System.Windows.Forms.CheckBox
$chkBoxTrustee = New-Object System.Windows.Forms.CheckBox
$lblStyleWin8_1 = New-Object System.Windows.Forms.Panel
$lblStyleWin8_1 = New-Object System.Windows.Forms.Label
$lblStyleWin8_2 = New-Object System.Windows.Forms.Label
$lblStyleWin8_3 = New-Object System.Windows.Forms.Label
$lblStyleWin8_4 = New-Object System.Windows.Forms.Label
$lblStyleWin8_5 = New-Object System.Windows.Forms.Label
$lblHeaderInfo = New-Object System.Windows.Forms.Label
$lblRunScan = New-Object System.Windows.Forms.Label
$lblConnect = New-Object System.Windows.Forms.Label
$btnGETSPNReport = New-Object System.Windows.Forms.Button
$btnGetSPAccount = New-Object System.Windows.Forms.Button
$btnGetObjFullFilter = New-Object System.Windows.Forms.Button
$btnViewLegend = New-Object System.Windows.Forms.Button
$tabFilterTop = New-Object System.Windows.Forms.TabControl
$tabFilter = New-Object System.Windows.Forms.TabPage
$tabEffectiveR = New-Object System.Windows.Forms.TabPage
$combObjectFilter = New-Object System.Windows.Forms.ComboBox
$lblGetObj = New-Object System.Windows.Forms.Label
$lblGetObjExtend = New-Object System.Windows.Forms.Label
$lblAccessCtrl = New-Object System.Windows.Forms.Label
$combAccessCtrl = New-Object System.Windows.Forms.ComboBox
$lblFilterTrusteeExpl = New-Object System.Windows.Forms.Label
$txtFilterTrustee = New-Object System.Windows.Forms.TextBox
$chkBoxFilter = New-Object System.Windows.Forms.CheckBox
$lblFilterExpl = New-Object System.Windows.Forms.Label
$txtBoxSelectPrincipal = New-Object System.Windows.Forms.TextBox
$textBoxResultView = New-Object System.Windows.Forms.TextBox
$InitialFormWindowStatePop = New-Object System.Windows.Forms.FormWindowState
$form1 = New-Object System.Windows.Forms.Form
$txtTempFolder = New-Object System.Windows.Forms.TextBox
$lblTempFolder = New-Object System.Windows.Forms.Label
$txtCompareTemplate = New-Object System.Windows.Forms.TextBox
$lblCompareTemplate = New-Object System.Windows.Forms.Label
$lblSelectedNode = New-Object System.Windows.Forms.Label
$lblStatusBar = New-Object System.Windows.Forms.Label
$TextBoxStatusMessage = New-Object System.Windows.Forms.ListBox
$lblDomain = New-Object System.Windows.Forms.Label
$rdbCustomNC = New-Object System.Windows.Forms.RadioButton
$rdbOneLevel = New-Object System.Windows.Forms.RadioButton
$rdbSubtree = New-Object System.Windows.Forms.RadioButton
$rdbDSdef = New-Object System.Windows.Forms.RadioButton
$rdbDSConf = New-Object System.Windows.Forms.RadioButton
$rdbDSSchm = New-Object System.Windows.Forms.RadioButton
$btnDSConnect = New-Object System.Windows.Forms.Button
$btnListDdomain = New-Object System.Windows.Forms.Button
$btnListLocations = New-Object System.Windows.Forms.Button
$gBoxRdbScan = New-Object System.Windows.Forms.GroupBox
$gBoxRdbFile = New-Object System.Windows.Forms.GroupBox
$tabScanTop = New-Object System.Windows.Forms.TabControl
$tabScan = New-Object System.Windows.Forms.TabPage
$tabOfflineScan = New-Object System.Windows.Forms.TabPage
$txtCSVImport = New-Object System.Windows.Forms.TextBox
$lblCSVImport = New-Object System.Windows.Forms.Label
$rdbBase = New-Object System.Windows.Forms.RadioButton
$chkInheritedPerm = New-Object System.Windows.Forms.CheckBox
$chkBoxDefaultPerm = New-Object System.Windows.Forms.CheckBox
$rdbScanOU = New-Object System.Windows.Forms.RadioButton
$rdbScanContainer = New-Object System.Windows.Forms.RadioButton
$rdbScanAll = New-Object System.Windows.Forms.RadioButton
$rdbHTAandCSV = New-Object System.Windows.Forms.RadioButton
$rdbOnlyHTA = New-Object System.Windows.Forms.RadioButton
$rdbOnlyCSV = New-Object System.Windows.Forms.RadioButton
$chkBoxExplicit = New-Object System.Windows.Forms.CheckBox
$btnConfig = New-Object System.Windows.Forms.Button
$txtBoxSelected = New-Object System.Windows.Forms.TextBox
$txtBoxDomainConnect = New-Object System.Windows.Forms.TextBox
$gBoxNCSelect = New-Object System.Windows.Forms.GroupBox
$gBoxBrowse = New-Object System.Windows.Forms.GroupBox
$rdbBrowseAll = New-Object System.Windows.Forms.RadioButton
$rdbBrowseOU = New-Object System.Windows.Forms.RadioButton
$btnScan = New-Object System.Windows.Forms.Button
$btnCompare = New-Object System.Windows.Forms.Button
$lblHeader = New-Object System.Windows.Forms.Label
$treeView1 = New-Object System.Windows.Forms.TreeView
$btnGetTemplateFolder = New-Object System.Windows.Forms.Button
$btnGetCompareInput = New-Object System.Windows.Forms.Button
$btnExit = New-Object System.Windows.Forms.Button
$btnGetCSVFile = New-Object System.Windows.Forms.Button
$btnConvertCSV = New-Object System.Windows.Forms.Button
$InitialFormWindowState = New-Object System.Windows.Forms.FormWindowState
$gBoxCompare = New-Object System.Windows.Forms.GroupBox
$gBoxImportCSV = New-Object System.Windows.Forms.GroupBox
$txtTempFolder.Text = $CurrentFSPath
$global:bolConnected = $false
$global:strPinDomDC = ""
$global:strPrinDomAttr = ""
$global:strPrinDomDir = ""
$global:strPrinDomFlat = ""
$global:strPrincipalDN = ""
$global:strDomainPrinDNName = ""
$global:strEffectiveRightSP = ""
$global:strEffectiveRightAccount = ""
$global:strSPNobjectClass = ""
$global:tokens = New-Object System.Collections.ArrayList
$global:tokens.Clear()
$global:strDommainSelect = "rootDSE"
$global:bolTempValue_InhertiedChkBox = $false
$global:redcolor = "red"
$FontSans775 = "Microsoft Sans Serif, 7.75pt"
$FontSans825 = "Microsoft Sans Serif, 8.25pt"
$FontSans825B = "Microsoft Sans Serif, 8.25pt, style=Bold"
$FontSans75B = "Microsoft Sans Serif, 7.5pt, style=Bold"
$FontSans9B = "Microsoft Sans Serif, 9pt, style=Bold"
$FontSans9 = "Microsoft Sans Serif, 9pt"
#----------------------------------------------
#Generated Event Script Blocks
#----------------------------------------------
$FormEvent_Load =
{
#TODO: Place custom script here
#Add-Type -TypeDefinition @"
New-Type @"
using System;
using System.Windows.Forms;
public class Win32Window : IWin32Window
{
private IntPtr _hWnd;
public Win32Window(IntPtr handle)
{
_hWnd = handle;
}
public IntPtr Handle
{
get { return _hWnd; }
}
}
"@ -ReferencedAssemblies "System.Windows.Forms.dll"
Add-Type @"
using System;
using System.Runtime.InteropServices;
public class SFW {
[DllImport("user32.dll")]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool SetForegroundWindow(IntPtr hWnd);
}
"@
[System.Reflection.Assembly]::LoadWithPartialName("System.Windows.Forms") | Out-Null
$owner = New-Object Win32Window -ArgumentList ([System.Diagnostics.Process]::GetCurrentProcess().MainWindowHandle)
}
$btnGETSPNReport_OnClick =
{
If (($global:strEffectiveRightSP -ne "") -and ($global:tokens.count -gt 0)) {
$strFileSPNHTA = $env:temp + "\SPNHTML.hta"
$strFileSPNHTM = $env:temp + "\" + "$global:strEffectiveRightAccount" + ".htm"
CreateServicePrincipalReportHTA $global:strEffectiveRightSP $strFileSPNHTA $strFileSPNHTM $CurrentFSPath
CreateSPNHTM $global:strEffectiveRightSP $strFileSPNHTM
InitiateSPNHTM $strFileSPNHTA
$strColorTemp = "1"
WriteSPNHTM $global:strEffectiveRightSP $global:tokens $global:strSPNobjectClass $($global:tokens.count - 1) $strColorTemp $strFileSPNHTA $strFileSPNHTM
Invoke-Item $strFileSPNHTA
}
else {
$TextBoxStatusMessage.Items.Insert(0, "No service principal selected!")
}
}
$btnViewLegened_OnClick =
{
$strFileLegendHTA = $env:temp + "\LegendHTML.hta"
CreateColorLegenedReportHTA $strFileLegendHTA
Invoke-Item $strFileLegendHTA
}
$btnGetSPAccount_OnClick =
{
if ($global:bolConnected -eq $true) {
If (!($txtBoxSelectPrincipal.Text -eq "")) {
GetEffectiveRightSP $txtBoxSelectPrincipal.Text $global:strDomainPrinDNName
}
else {
$TextBoxStatusMessage.ForeColor = $global:redcolor
$TextBoxStatusMessage.Items.Insert(0, "Enter a principal name!")
}
}
else {
$TextBoxStatusMessage.ForeColor = $global:redcolor
$TextBoxStatusMessage
$TextBoxStatusMessage.Items.Insert(0, "Connect to your naming context first!")
}
}
$btnListDdomain_OnClick =
{
GenerateDomainPicker
$txtBoxDomainConnect.Text = $global:strDommainSelect
}
$btnListLocations_OnClick =
{
if ($global:bolConnected -eq $true) {
GenerateTrustedDomainPicker
}
else {
$TextBoxStatusMessage.ForeColor = $global:redcolor
$TextBoxStatusMessage
$TextBoxStatusMessage.Items.Insert(0, "Connect to your naming context first!")
}
}
$chkBoxEffectiveRights_CheckChanged =
{
If ($chkBoxEffectiveRights.Checked -eq $true) {
$global:bolTempValue_InhertiedChkBox = $chkInheritedPerm.Checked
$global:bolTempValue_chkBoxGetOwner = $chkBoxGetOwner.Checked
$chkBoxFilter.Checked = $false
$txtBoxSelectPrincipal.Enabled = $true
$btnGetSPAccount.Enabled = $true
$btnListLocations.Enabled = $true
$btnGetSPNReport.Enabled = $true
$chkInheritedPerm.Enabled = $false
$chkInheritedPerm.Checked = $true
$chkBoxGetOwner.Enabled = $false
$btnViewLegend.Enabled = $true
$chkBoxGetOwner.Checked = $true
$chkBoxEffectiveRightsColor.Enabled = $true
}
else {
$txtBoxSelectPrincipal.Enabled = $false
$chkBoxEffectiveRightsColor.Enabled = $false
$chkBoxEffectiveRightsColor.Checked = $false
$btnGetSPAccount.Enabled = $false
$btnListLocations.Enabled = $false
$btnGetSPNReport.Enabled = $false
$btnViewLegend.Enabled = $false
$chkInheritedPerm.Enabled = $true
$chkInheritedPerm.Checked = $global:bolTempValue_InhertiedChkBox
$chkBoxGetOwner.Enabled = $true
$chkBoxGetOwner.Checked = $global:bolTempValue_chkBoxGetOwner
}
}
$chkBoxFilter_CheckChanged =
{
If ($chkBoxFilter.Checked -eq $true) {
$chkBoxEffectiveRights.Checked = $false
$chkBoxType.Enabled = $true
$chkBoxObject.Enabled = $true
$chkBoxTrustee.Enabled = $true
$combObjectFilter.Enabled = $true
$txtFilterTrustee.Enabled = $true
$combAccessCtrl.Enabled = $true
$btnGetObjFullFilter.Enabled = $true
}
else {
$chkBoxType.Enabled = $false
$chkBoxObject.Enabled = $false
$chkBoxTrustee.Enabled = $false
$chkBoxType.Checked = $false
$chkBoxObject.Checked = $false
$chkBoxTrustee.Checked = $false
$combObjectFilter.Enabled = $false
$txtFilterTrustee.Enabled = $false
$combAccessCtrl.Enabled = $false
$btnGetObjFullFilter.Enabled = $false
}
}
$rdbNC_CheckChanged =
{
If ($rdbCustomNC.Checked -eq $true) {
$txtBoxDomainConnect.Enabled = $true
$btnListDdomain.Enabled = $false
if (($txtBoxDomainConnect.Text -eq "rootDSE") -or ($txtBoxDomainConnect.Text -eq "config") -or ($txtBoxDomainConnect.Text -eq "schema")) {
$txtBoxDomainConnect.Text = ""
}
}
else {
$btnListDdomain.Enabled = $false
If ($rdbDSdef.Checked -eq $true) {
$txtBoxDomainConnect.Text = $global:strDommainSelect
$btnListDdomain.Enabled = $true
}
If ($rdbDSConf.Checked -eq $true) {
$txtBoxDomainConnect.Text = "config"
}
If ($rdbDSSchm.Checked -eq $true) {
$txtBoxDomainConnect.Text = "schema"
}
$txtBoxDomainConnect.Enabled = $false
}
}
$btnGetTemplateFolder_OnClick =
{
$strFolderPath = Select-Folder
$txtTempFolder.Text = $strFolderPath
}
$btnGetCompareInput_OnClick =
{
$strFilePath = Select-File
$txtCompareTemplate.Text = $strFilePath
}
$btnGetCSVFile_OnClick =
{
$strFilePath = Select-File
$txtCSVImport.Text = $strFilePath
}
$btnDSConnect_OnClick =
{
$global:bolRoot = $true
$treeView1.Nodes.Clear()
$NCSelect = $false
If ($rdbDSConf.Checked) {
[directoryservices.directoryEntry]$root = (New-Object system.directoryservices.directoryEntry)
# Try to connect to the Domain root
& { #Try
[void]$Root.psbase.get_Name() }
Trap [SystemException] {
[boolean] $global:bolRoot = $false
$TextBoxStatusMessage.ForeColor = $global:redcolor
$TextBoxStatusMessage.Items.Insert(0, "Failed! Domain does not exist or can not be connected")
$global:bolConnected = $false; Continue
}
if ($global:bolRoot -eq $true) {
$arrADPartitions = GetADPartitions($root.distinguishedName)
[string] $global:strDomainDNName = $arrADPartitions.Item("domain")
$global:strDomainPrinDNName = $global:strDomainDNName
$global:strDomainLongName = $global:strDomainDNName.Replace("DC=", "")
$global:strDomainLongName = $global:strDomainLongName.Replace(",", ".")
$Context = New-Object DirectoryServices.ActiveDirectory.DirectoryContext("Domain", $global:strDomainLongName )
$ojbDomain = [DirectoryServices.ActiveDirectory.Domain]::GetDomain($Context)
$global:strDC = $($ojbDomain.FindDomainController()).name
$global:Forest = Get-Forest $global:strDC
$global:ForestRootDomainDN = Get-DomainDNfromFQDN $global:Forest.RootDomain
$global:strDomainShortName = GetDomainShortName $global:strDomainDNName $global:ForestRootDomainDN
$lblSelectPrincipalDom.text = $global:strDomainShortName + ":"
$NCSelect = $true
$TextBoxStatusMessage.ForeColor = "black"
$TextBoxStatusMessage.Items.Insert(0, "Connected")
$root = New-Object system.directoryservices.directoryEntry("LDAP://$global:strDC/cn=configuration," + $global:ForestRootDomainDN)
}
}
If ($rdbDSSchm.Checked) {
[directoryservices.directoryEntry]$root = (New-Object system.directoryservices.directoryEntry)
# Try to connect to the Domain root
& { #Try
[void]$Root.psbase.get_Name() }
Trap [SystemException] {
[boolean] $global:bolRoot = $false
$TextBoxStatusMessage.ForeColor = $global:redcolor
$TextBoxStatusMessage.Items.Insert(0, "Failed! Domain does not exist or can not be connected")
$global:bolConnected = $false; Continue
}
if ($global:bolRoot -eq $true) {
$arrADPartitions = GetADPartitions($root.distinguishedName)
[string] $global:strDomainDNName = $arrADPartitions.Item("domain")
$global:strDomainPrinDNName = $global:strDomainDNName
$global:strDomainLongName = $global:strDomainDNName.Replace("DC=", "")
$global:strDomainLongName = $global:strDomainLongName.Replace(",", ".")
$Context = New-Object DirectoryServices.ActiveDirectory.DirectoryContext("Domain", $global:strDomainLongName )
$ojbDomain = [DirectoryServices.ActiveDirectory.Domain]::GetDomain($Context)
$global:strDC = $($ojbDomain.FindDomainController()).name
$global:Forest = Get-Forest $global:strDC
$global:ForestRootDomainDN = Get-DomainDNfromFQDN $global:Forest.RootDomain
$global:strDomainShortName = GetDomainShortName $global:strDomainDNName $global:ForestRootDomainDN
$lblSelectPrincipalDom.text = $global:strDomainShortName + ":"
$NCSelect = $true
$TextBoxStatusMessage.ForeColor = "black"
$TextBoxStatusMessage.Items.Insert(0, "Connected")
$root = New-Object system.directoryservices.directoryEntry("LDAP://$global:strDC/cn=schema,cn=configuration," + $global:ForestRootDomainDN)
}
}
If ($rdbDSdef.Checked) {
if (!($txtBoxDomainConnect.Text -eq "rootDSE")) {
$strNamingContextDN = $txtBoxDomainConnect.Text
If (CheckDNExist $strNamingContextDN) {
$root = New-Object system.directoryservices.directoryEntry("LDAP://" + $strNamingContextDN)
$global:strDomainDNName = $root.distinguishedName.tostring()
$global:strDomainPrintDNName = $global:strDomainDNName
$global:strDomainLongName = $global:strDomainDNName.Replace("DC=", "")
$global:strDomainLongName = $global:strDomainLongName.Replace(",", ".")
$Context = New-Object DirectoryServices.ActiveDirectory.DirectoryContext("Domain", $global:strDomainLongName )
$ojbDomain = [DirectoryServices.ActiveDirectory.Domain]::GetDomain($Context)
$global:strDC = $($ojbDomain.FindDomainController()).name
$global:Forest = Get-Forest $global:strDC
$global:ForestRootDomainDN = Get-DomainDNfromFQDN $global:Forest.RootDomain
$global:strDomainShortName = GetDomainShortName $global:strDomainDNName $global:ForestRootDomainDN
$lblSelectPrincipalDom.text = $global:strDomainShortName + ":"
$NCSelect = $true
}
else {
$TextBoxStatusMessage.ForeColor = $global:redcolor
$TextBoxStatusMessage.Items.Insert(0, "Failed! Domain does not exist or can not be connected")
$global:bolConnected = $false
}
}
else {
[directoryservices.directoryEntry]$root = (New-Object system.directoryservices.directoryEntry)
# Try to connect to the Domain root
& { #Try
[void]$Root.psbase.get_Name() }
Trap [SystemException] {
[boolean] $global:bolRoot = $false
$TextBoxStatusMessage.ForeColor = $global:redcolor
$TextBoxStatusMessage.Items.Insert(0, "Failed! Domain does not exist or can not be connected")
$global:bolConnected = $false; Continue
}
if ($global:bolRoot -eq $true) {
$arrADPartitions = GetADPartitions($root.distinguishedName)
[string] $global:strDomainDNName = $arrADPartitions.Item("domain")
$global:strDomainPrinDNName = $global:strDomainDNName
$global:strDomainLongName = $global:strDomainDNName.Replace("DC=", "")
$global:strDomainLongName = $global:strDomainLongName.Replace(",", ".")
$Context = New-Object DirectoryServices.ActiveDirectory.DirectoryContext("Domain", $global:strDomainLongName )
$ojbDomain = [DirectoryServices.ActiveDirectory.Domain]::GetDomain($Context)
$global:strDC = $($ojbDomain.FindDomainController()).name
$global:Forest = Get-Forest $global:strDC
$global:ForestRootDomainDN = Get-DomainDNfromFQDN $global:Forest.RootDomain
$global:strDomainShortName = GetDomainShortName $global:strDomainDNName $global:ForestRootDomainDN
$lblSelectPrincipalDom.text = $global:strDomainShortName + ":"
$TextBoxStatusMessage.ForeColor = "black"
$TextBoxStatusMessage.Items.Insert(0, "Connected")
$strNamingContextDN = $root.distinguishedName
$NCSelect = $true
}
}
}
If ($rdbCustomNC.Checked) {
if ($txtBoxDomainConnect.Text.Length -gt 0) {
$strNamingContextDN = $txtBoxDomainConnect.Text
If (CheckDNExist $strNamingContextDN) {
$root = New-Object system.directoryservices.directoryEntry("LDAP://" + $strNamingContextDN)
if (($root.distinguishedName.tostring() -match "cn=") -or ($root.distinguishedName.tostring() -match "ou=")) {
$global:strDomainDNName = Get-DomainDN $root.distinguishedName.tostring()
}
else {
$global:strDomainDNName = $root.distinguishedName.tostring()
}
$global:strDomainPrinDNName = $global:strDomainDNName
$global:strDomainLongName = $global:strDomainDNName.Replace("DC=", "")
$global:strDomainLongName = $global:strDomainLongName.Replace(",", ".")
$Context = New-Object DirectoryServices.ActiveDirectory.DirectoryContext("Domain", $global:strDomainLongName )
$ojbDomain = [DirectoryServices.ActiveDirectory.Domain]::GetDomain($Context)
$global:strDC = $($ojbDomain.FindDomainController()).name
$global:Forest = Get-Forest $global:strDC
$global:ForestRootDomainDN = Get-DomainDNfromFQDN $global:Forest.RootDomain
$global:strDomainShortName = GetDomainShortName $global:strDomainDNName $global:ForestRootDomainDN
$lblSelectPrincipalDom.text = $global:strDomainShortName + ":"
$NCSelect = $true
}
else {
$TextBoxStatusMessage.ForeColor = $global:redcolor
$TextBoxStatusMessage.Items.Insert(0, "Failed! Domain does not exist or can not be connected")
$global:bolConnected = $false
}
}
else {
$TextBoxStatusMessage.ForeColor = $global:redcolor
$TextBoxStatusMessage.Items.Insert(0, "Failed! No naming context specified!")
$global:bolConnected = $false
}
}
If ($NCSelect -eq $true) {
If (!($strLastCacheGuidsDom -eq $global:strDomainDNName)) {
$global:dicRightsGuids = @{"Seed" = "xxx" }
CacheRightsGuids $global:strDomainDNName
$strLastCacheGuidsDom = $global:strDomainDNName
}
If ($TNRoot.Nodes.Count -gt 0) {
$TNRoot.Nodes.Clear()
}
$treeView1.Nodes.Clear()
$TNRoot = new-object System.Windows.Forms.TreeNode("Root")
$TNRoot.Name = $root.distinguishedName
$TNRoot.Text = $root.name
$TNRoot.tag = "NotEnumerated"
$TNRoot.ForeColor = "Black"
# Add all Children found as Sub Nodes to the selected TreeNode
$treeView1.add_AfterSelect( {
$txtBoxSelected.Text = $this.SelectedNode.Name
If ($global:prevNodeText.Length -gt 0) {
$global:prevNode.ForeColor = "Black"
}
$this.SelectedNode.ForeColor = "Blue"
if ($this.SelectedNode.tag -eq "NotEnumerated") {
$TextBoxStatusMessage.ForeColor = "black"
$TextBoxStatusMessage.Items.Insert(0, "Browsing..")
BuildTree $this.SelectedNode
# Set tag to show this node is already enumerated
$this.SelectedNode.tag = "Enumerated"
}
[string] $global:prevNodeText = $this.SelectedNode.name
$global:prevNode = $this.SelectedNode
})
[void]$treeView1.Nodes.Add($TNRoot)
BuildTree $TNRoot
$global:bolConnected = $true
$TextBoxStatusMessage.ForeColor = "black"
}
}
$btnScan_OnClick =
{
$bolPreChecks = $true
If ($treeView1.SelectedNode.name) {
If (($chkBoxFilter.Checked -eq $true) -and (($chkBoxType.Checked -eq $false) -and ($chkBoxObject.Checked -eq $false) -and ($chkBoxTrustee.Checked -eq $false))) {
$TextBoxStatusMessage.Items.Insert(0, "Filter Enabled , but no filter is specified!")
$bolPreChecks = $false
}
else {
If (($chkBoxFilter.Checked -eq $true) -and (($combAccessCtrl.SelectedIndex -eq -1) -and ($combObjectFilter.SelectedIndex -eq -1) -and ($txtFilterTrustee.Text -eq ""))) {
$TextBoxStatusMessage.Items.Insert(0, "Filter Enabled , but no filter is specified!")
$bolPreChecks = $false
}
}
If (($chkBoxEffectiveRights.Checked -eq $true) -and ($global:tokens.count -eq 0)) {
$TextBoxStatusMessage.Items.Insert(0, "Effective rights enabled , but no service principal selected! ")
$bolPreChecks = $false
}
if ($bolPreChecks -eq $true) {
$allSubOU = New-Object System.Collections.ArrayList
$allSubOU.Clear()
$TextBoxStatusMessage.ForeColor = "black"
$TextBoxStatusMessage.Items.Insert(0, "Scanning..")
$BolSkipDefPerm = $chkBoxDefaultPerm.Checked
$bolCSV = $rdbHTAandCSV.Checked
$sADobjectName = "LDAP://$global:strDC/" + $treeView1.SelectedNode.name.ToString().Replace("/", "\/")
$ADobject = [ADSI] $sADobjectName
$strNode = $ADobject.name
$date = get-date -uformat %Y%m%d_%H%M%S
$strNode = fixfilename $strNode
$strFileCSV = $txtTempFolder.Text + "\" + $strNode + "_" + $global:strDomainShortName + "_adAclOutput" + $date + ".csv"
$strFileHTA = $env:temp + "\ACLHTML.hta"
$strFileHTM = $env:temp + "\" + "$global:strDomainShortName-$strNode" + ".htm"
if (!($rdbOnlyCSV.Checked)) {
if ($chkBoxFilter.checked) {
CreateHTA "$global:strDomainShortName-$strNode Filtered" $strFileHTA $strFileHTM $CurrentFSPath
CreateHTM "$global:strDomainShortName-$strNode Filtered" $strFileHTM
}
else {
CreateHTA "$global:strDomainShortName-$strNode" $strFileHTA $strFileHTM $CurrentFSPath
CreateHTM "$global:strDomainShortName-$strNode" $strFileHTM
}
InitiateHTM $strFileHTA $chkBoxReplMeta.Checked $chkBoxACLsize.Checked $chkBoxGetOUProtected.Checked $chkBoxEffectiveRightsColor.Checked
InitiateHTM $strFileHTM $chkBoxReplMeta.Checked $chkBoxACLsize.Checked $chkBoxGetOUProtected.Checked $chkBoxEffectiveRightsColor.Checked
}
If ($treeView1.SelectedNode.name.ToString().Length -gt 0) {
If ($rdbBase.checked -eq $False) {
If ($rdbSubtree.checked -eq $true) {
$allSubOU = GetAllChildNodes $treeView1.SelectedNode.name $true
Get-Perm $allSubOU $global:strDomainShortName $BolSkipDefPerm $chkBoxFilter.checked $chkBoxGetOwner.checked $rdbOnlyCSV.Checked $chkBoxReplMeta.Checked $chkBoxACLsize.Checked $chkBoxEffectiveRights.Checked $chkBoxGetOUProtected.Checked
}
else {
$allSubOU = GetAllChildNodes $treeView1.SelectedNode.name $false
Get-Perm $allSubOU $global:strDomainShortName $BolSkipDefPerm $chkBoxFilter.checked $chkBoxGetOwner.checked $rdbOnlyCSV.Checked $chkBoxReplMeta.Checked $chkBoxACLsize.Checked $chkBoxEffectiveRights.Checked $chkBoxGetOUProtected.Checked
}
}
else {
$allSubOU = @($treeView1.SelectedNode.name)
Get-Perm $allSubOU $global:strDomainShortName $BolSkipDefPerm $chkBoxFilter.checked $chkBoxGetOwner.checked $rdbOnlyCSV.Checked $chkBoxReplMeta.Checked $chkBoxACLsize.Checked $chkBoxEffectiveRights.Checked $chkBoxGetOUProtected.Checked
}
$TextBoxStatusMessage.ForeColor = "black"
$TextBoxStatusMessage.Items.Insert(0, "Done")
}
}
}
else {
$TextBoxStatusMessage.ForeColor = $global:redcolor
$TextBoxStatusMessage.Items.Insert(0, "No object selected!")
}
$allSubOU = ""
$strFileCSV = ""
$strFileHTA = ""
$strFileHTM = ""
$sADobjectName = ""
$date = ""
}
$btnCreateHTML =
{
if ($txtCSVImport.Text -eq "") {
$TextBoxStatusMessage.ForeColor = $global:redcolor
$TextBoxStatusMessage.Items.Insert(0, "No Template CSV file selected!")
}
else {
ConvertCSVtoHTM $txtCSVImport.Text
}
}
$btnCompare_OnClick =
{
If ($treeView1.SelectedNode.name) {
$allSubOU = New-Object System.Collections.ArrayList
$allSubOU.Clear()
if ($txtCompareTemplate.Text -eq "") {
$TextBoxStatusMessage.ForeColor = $global:redcolor
$TextBoxStatusMessage.Items.Insert(0, "No Template CSV file selected!")
}
else {
$strCompareFile = $txtCompareTemplate.Text
ImportADSettings $strCompareFile
$TextBoxStatusMessage.Items.Insert(0, "Scanning..")
$BolSkipDefPerm = $chkBoxDefaultPerm.Checked
$sADobjectName = "LDAP://$global:strDC/" + $treeView1.SelectedNode.name.ToString()
$ADobject = [ADSI] $sADobjectName
$strNode = fixfilename $ADobject.Name
$strFileHTA = $env:temp + "\ACLHTML.hta"
$strFileHTM = $env:temp + "\" + "$global:strDomainShortName-$strNode" + ".htm"
CreateHTM "$global:strDomainShortName-$strNode" $strFileHTM
CreateHTA "$global:strDomainShortName-$strNode" $strFileHTA $strFileHTM $CurrentFSPath
InitiateCompareHTM $strFileHTA $chkBoxReplMeta.Checked
InitiateCompareHTM $strFileHTM $chkBoxReplMeta.Checked
If ($treeView1.SelectedNode.name.ToString().Length -gt 0) {
If ($rdbBase.checked -eq $False) {
If ($rdbSubtree.checked -eq $true) {
if ($chkBoxTemplateNodes.Checked -eq $false) {
$allSubOU = GetAllChildNodes $treeView1.SelectedNode.name $true
}
Get-PermCompare $allSubOU $BolSkipDefPerm $chkBoxReplMeta.Checked $chkBoxGetOwner.checked
}
else {
if ($chkBoxTemplateNodes.Checked -eq $false) {
$allSubOU = GetAllChildNodes $treeView1.SelectedNode.name $false
}
Get-PermCompare $allSubOU $BolSkipDefPerm $chkBoxReplMeta.Checked $chkBoxGetOwner.checked
}
}
else {
if ($chkBoxTemplateNodes.Checked -eq $false) {
$allSubOU = @($treeView1.SelectedNode.name)
}
Get-PermCompare $allSubOU $BolSkipDefPerm $chkBoxReplMeta.Checked $chkBoxGetOwner.checked
}# End If
$TextBoxStatusMessage.ForeColor = "black"
$TextBoxStatusMessage.Items.Insert(0, "Done")
}# End If
}# End If
}
else {
$TextBoxStatusMessage.ForeColor = $global:redcolor
$TextBoxStatusMessage.Items.Insert(0, "No object selected!")
}
$allSubOU = ""
$strFileCSV = ""
$strFileHTA = ""
$strFileHTM = ""
$sADobjectName = ""
$date = ""
}
$btnExit_OnClick =
{
#TODO: Place custom script here
$form1.close()
}
$btnGetObjFullFilter_OnClick =
{
if ($global:bolConnected -eq $true) {
GetSchemaObjectGUID -Domain $global:strDomainDNName
$TextBoxStatusMessage.ForeColor = "black"
$TextBoxStatusMessage.Items.Insert(0, "All schema objects and attributes listed!")
}
else {
$TextBoxStatusMessage.ForeColor = $global:redcolor
$TextBoxStatusMessage.Items.Insert(0, "Connect to your naming context first!")
}
}
foreach ($ldapDisplayName in $global:dicSchemaIDGUIDs.values) {
[void]$combObjectFilter.Items.Add($ldapDisplayName)
}
$OnLoadForm_StateCorrection =
{ #Correct the initial state of the form to prevent the .Net maximized form issue
$form1.WindowState = $InitialFormWindowState
}
#----------------------------------------------
#region Generated Form Code
$form1.BackColor = [System.Drawing.Color]::FromArgb(255, 235, 235, 235)
$form1.Text = "AD ACL Scanner"
$form1.Name = "form1"
$form1.DataBindings.DefaultDataSourceUpdateMode = 0
$System_Drawing_Size = New-Object System.Drawing.Size
$System_Drawing_Size.Width = 910
$System_Drawing_Size.Height = 730
$form1.ClientSize = $System_Drawing_Size
$form1.add_Load($FormEvent_Load)
$lblStyleWin8_1.BackColor = [System.Drawing.Color]::FromArgb(255, 255, 83, 0)
$lblStyleWin8_1.Name = "lblStyleWin8_1"
$System_Drawing_Point = New-Object System.Drawing.Point
$System_Drawing_Point.X = 595
$System_Drawing_Point.Y = 575
$lblStyleWin8_1.Font = "Webdings, 35pt"
$lblStyleWin8_1.Location = $System_Drawing_Point
$System_Drawing_Size = New-Object System.Drawing.Size
$System_Drawing_Size.Width = 60
$System_Drawing_Size.Height = 60
$lblStyleWin8_1.Size = $System_Drawing_Size
$lblStyleWin8_1.Text = "d"
$lblStyleWin8_1.TextAlign = 'MiddleCenter'
$form1.Controls.Add($lblStyleWin8_1)
$lblStyleWin8_2.BackColor = [System.Drawing.Color]::FromArgb(255, 0, 64, 128)
$lblStyleWin8_2.ForeColor = 'White'
$lblStyleWin8_2.Name = "lblStyleWin8_2"
$System_Drawing_Point = New-Object System.Drawing.Point
$System_Drawing_Point.X = 660
$System_Drawing_Point.Y = 630
$lblStyleWin8_2.Location = $System_Drawing_Point
$System_Drawing_Size = New-Object System.Drawing.Size
$System_Drawing_Size.Width = 230
$System_Drawing_Size.Height = 70
$lblStyleWin8_2.Size = $System_Drawing_Size
$lblStyleWin8_2.Font = "Microsoft Sans Serif, 9pt, style=Bold"
$lblStyleWin8_2.Text = "written by [email protected]"
$form1.Controls.Add($lblStyleWin8_2)
$lblStyleWin8_3.BackColor = [System.Drawing.Color]::FromArgb(255, 0, 174, 239)
$lblStyleWin8_3.Name = "lblStyleWin8_3"
$System_Drawing_Point = New-Object System.Drawing.Point
$System_Drawing_Point.X = 595
$System_Drawing_Point.Y = 640
$lblStyleWin8_3.Font = "Webdings, 35pt"
$lblStyleWin8_3.Location = $System_Drawing_Point
$System_Drawing_Size = New-Object System.Drawing.Size
$System_Drawing_Size.Width = 60
$System_Drawing_Size.Height = 60
$lblStyleWin8_3.Size = $System_Drawing_Size
$lblStyleWin8_3.Text = "L"
$lblStyleWin8_3.TextAlign = 'MiddleCenter'
$form1.Controls.Add($lblStyleWin8_3)
$lblStyleWin8_5.BackColor = [System.Drawing.Color]::FromArgb(255, 0, 64, 128)
$lblStyleWin8_5.ForeColor = 'White'
$lblStyleWin8_5.Name = "lblStyleWin8_5"
$System_Drawing_Point = New-Object System.Drawing.Point
$System_Drawing_Point.X = 660
$System_Drawing_Point.Y = 575
$lblStyleWin8_5.Location = $System_Drawing_Point
$System_Drawing_Size = New-Object System.Drawing.Size
$System_Drawing_Size.Width = 230
$System_Drawing_Size.Height = 60
$lblStyleWin8_5.Size = $System_Drawing_Size
$lblStyleWin8_5.Font = "Microsoft Sans Serif, 13pt, style=Bold"
$lblStyleWin8_5.Text = "AD ACL Scanner 1.3.3"
$form1.Controls.Add($lblStyleWin8_5)
$System_Drawing_Size = New-Object System.Drawing.Size
$System_Drawing_Size.Width = 290
$System_Drawing_Size.Height = 488
$tabFilterTop.Size = $System_Drawing_Size
$tabFilterTop.Text = "Filter Options"
$System_Drawing_Point = New-Object System.Drawing.Point
$System_Drawing_Point.X = 620
$System_Drawing_Point.Y = 38
$tabFilterTop.Location = $System_Drawing_Point
$tabFilterTop.Name = "tabFilterTop"
$tabFilterTop.DataBindings.DefaultDataSourceUpdateMode = 0
$form1.Controls.Add($tabFilterTop)
$tabFilter.Name = "tabFilter"
$tabFilter.Text = "Filter Options"
$System_Drawing_Size = New-Object System.Drawing.Size
$System_Drawing_Size.Width = 290
$System_Drawing_Size.Height = 450
$tabFilter.Size = $System_Drawing_Size
$System_Drawing_Point = New-Object System.Drawing.Point
$System_Drawing_Point.X = 620
$System_Drawing_Point.Y = 38
$tabFilter.Location = $System_Drawing_Point
$tabFilter.DataBindings.DefaultDataSourceUpdateMode = 0
$tabFilterTop.Controls.Add($tabFilter)
$tabEffectiveR.Name = "tabEffectiveR"
$tabEffectiveR.Text = "Effective Rights"
$System_Drawing_Size = New-Object System.Drawing.Size
$System_Drawing_Size.Width = 290
$System_Drawing_Size.Height = 450
$tabEffectiveR.Size = $System_Drawing_Size
$System_Drawing_Point = New-Object System.Drawing.Point
$System_Drawing_Point.X = 620
$System_Drawing_Point.Y = 15
$tabEffectiveR.Location = $System_Drawing_Point
$tabEffectiveR.DataBindings.DefaultDataSourceUpdateMode = 0
$tabFilterTop.Controls.Add($tabEffectiveR)
$System_Drawing_Size = New-Object System.Drawing.Size
$System_Drawing_Size.Width = 275
$System_Drawing_Size.Height = 485
$tabScanTop.Size = $System_Drawing_Size
$tabScanTop.Text = "Scan Options"
$System_Drawing_Point = New-Object System.Drawing.Point
$System_Drawing_Point.X = 340
$System_Drawing_Point.Y = 38
$tabScanTop.Location = $System_Drawing_Point
$tabScanTop.Name = "tbPScanTop"
$tabScanTop.DataBindings.DefaultDataSourceUpdateMode = 0
$form1.Controls.Add($tabScanTop)
$System_Drawing_Size = New-Object System.Drawing.Size
$System_Drawing_Size.Width = 266
$System_Drawing_Size.Height = 450
$tabScan.Size = $System_Drawing_Size
$tabScan.Text = "Scan Options"
$System_Drawing_Point = New-Object System.Drawing.Point
$System_Drawing_Point.X = 340
$System_Drawing_Point.Y = 38
$tabScan.Location = $System_Drawing_Point
$tabScan.Name = "tbPScan"
$tabScan.DataBindings.DefaultDataSourceUpdateMode = 0
$tabScanTop.Controls.Add($tabScan)
$System_Drawing_Size = New-Object System.Drawing.Size
$System_Drawing_Size.Width = 266
$System_Drawing_Size.Height = 450
$tabOfflineScan.Size = $System_Drawing_Size
$tabOfflineScan.Text = "Additional Options"
$System_Drawing_Point = New-Object System.Drawing.Point
$System_Drawing_Point.X = 340
$System_Drawing_Point.Y = 38
$tabOfflineScan.Location = $System_Drawing_Point
$tabOfflineScan.Name = "tbPOfflineScan"
$tabOfflineScan.DataBindings.DefaultDataSourceUpdateMode = 0
$tabScanTop.Controls.Add($tabOfflineScan)
$gBoxNCSelect.TabIndex = 0
$gBoxNCSelect.Name = "gBoxNCSelect"
$gBoxNCSelect.Text = "Select Naming Context"
$System_Drawing_Size = New-Object System.Drawing.Size
$System_Drawing_Size.Width = 310
$System_Drawing_Size.Height = 120
$gBoxNCSelect.Size = $System_Drawing_Size
$System_Drawing_Point = New-Object System.Drawing.Point
$System_Drawing_Point.X = 25
$System_Drawing_Point.Y = 38
$gBoxNCSelect.Location = $System_Drawing_Point
$gBoxNCSelect.DataBindings.DefaultDataSourceUpdateMode = 0
$form1.Controls.Add($gBoxNCSelect)
################################ Filter Tab ################################
$chkBoxFilter.UseVisualStyleBackColor = $False
$System_Drawing_Size = New-Object System.Drawing.Size
$System_Drawing_Size.Width = 150
$System_Drawing_Size.Height = 24
$chkBoxFilter.Size = $System_Drawing_Size
$chkBoxFilter.Text = "Enable Filter"
$chkBoxFilter.Checked = $False
$System_Drawing_Point = New-Object System.Drawing.Point
$System_Drawing_Point.X = 9
$System_Drawing_Point.Y = 9
$chkBoxFilter.Location = $System_Drawing_Point
$chkBoxFilter.CheckState = 0
$chkBoxFilter.DataBindings.DefaultDataSourceUpdateMode = 0
$chkBoxFilter.Name = "chkBoxFilter"
$chkBoxFilter.Add_checkedChanged($chkBoxFilter_CheckChanged)
$tabFilter.Controls.Add($chkBoxFilter)
$System_Drawing_Size = New-Object System.Drawing.Size
$System_Drawing_Size.Width = 18
$System_Drawing_Size.Height = 24
$chkBoxType.Size = $System_Drawing_Size
$chkBoxType.Text = ""
$chkBoxType.Checked = $False
$System_Drawing_Point = New-Object System.Drawing.Point
$System_Drawing_Point.X = 9
$System_Drawing_Point.Y = 60
$chkBoxType.Location = $System_Drawing_Point
$chkBoxType.CheckState = 0
$chkBoxType.Enabled = $False
$chkBoxType.DataBindings.DefaultDataSourceUpdateMode = 0
$chkBoxType.Name = "chkBoxType"
$tabFilter.Controls.Add($chkBoxType)
$System_Drawing_Size = New-Object System.Drawing.Size
$System_Drawing_Size.Width = 250
$System_Drawing_Size.Height = 16
$lblAccessCtrl.Size = $System_Drawing_Size
$lblAccessCtrl.Font = $FontSans775
$lblAccessCtrl.Text = "Filter by Access Type:(example: Allow)"
$System_Drawing_Point = New-Object System.Drawing.Point
$System_Drawing_Point.X = 9
$System_Drawing_Point.Y = 40
$lblAccessCtrl.Location = $System_Drawing_Point
$lblAccessCtrl.DataBindings.DefaultDataSourceUpdateMode = 0
$lblAccessCtrl.Name = "lblAccessCtrl"
$tabFilter.Controls.Add($lblAccessCtrl)
$combAccessCtrl.FormattingEnabled = $True
$combAccessCtrl.Sorted = $True
$System_Drawing_Point = New-Object System.Drawing.Point
$System_Drawing_Point.X = 29
$System_Drawing_Point.Y = 60
$combAccessCtrl.Location = $System_Drawing_Point
$combAccessCtrl.Name = "combAccessCtrl"
$System_Drawing_Size = New-Object System.Drawing.Size
$System_Drawing_Size.Width = 100
$System_Drawing_Size.Height = 21
$combAccessCtrl.Size = $System_Drawing_Size
[void]$combAccessCtrl.Items.Add("Allow")
[void]$combAccessCtrl.Items.Add("Deny")
$combAccessCtrl.Enabled = $false
$tabFilter.Controls.Add($combAccessCtrl)
$System_Drawing_Size = New-Object System.Drawing.Size
$System_Drawing_Size.Width = 250
$System_Drawing_Size.Height = 16
$lblFilterExpl.Size = $System_Drawing_Size
$lblFilterExpl.Font = $FontSans775
$lblFilterExpl.Text = "Filter by Object:(example: user)"
$System_Drawing_Point = New-Object System.Drawing.Point
$System_Drawing_Point.X = 9
$System_Drawing_Point.Y = 90
$lblFilterExpl.Location = $System_Drawing_Point
$lblFilterExpl.DataBindings.DefaultDataSourceUpdateMode = 0
$lblFilterExpl.Name = "lblFilterExpl"
$tabFilter.Controls.Add($lblFilterExpl)
$System_Drawing_Size = New-Object System.Drawing.Size
$System_Drawing_Size.Width = 18
$System_Drawing_Size.Height = 24
$chkBoxObject.Size = $System_Drawing_Size
$chkBoxObject.Text = ""
$chkBoxObject.Checked = $False
$System_Drawing_Point = New-Object System.Drawing.Point
$System_Drawing_Point.X = 9
$System_Drawing_Point.Y = 110
$chkBoxObject.Location = $System_Drawing_Point
$chkBoxObject.CheckState = 0
$chkBoxObject.DataBindings.DefaultDataSourceUpdateMode = 0
$chkBoxObject.Enabled = $False
$chkBoxObject.Name = "chkBoxObject"
$tabFilter.Controls.Add($chkBoxObject)
$combObjectFilter.FormattingEnabled = $True
$combObjectFilter.Sorted = $True
$System_Drawing_Point = New-Object System.Drawing.Point
$System_Drawing_Point.X = 29
$System_Drawing_Point.Y = 110
$combObjectFilter.Location = $System_Drawing_Point
$combObjectFilter.Name = "combObjectFilter"
$System_Drawing_Size = New-Object System.Drawing.Size
$System_Drawing_Size.Width = 190
$System_Drawing_Size.Height = 21
$combObjectFilter.Size = $System_Drawing_Size
$combObjectFilter.Enabled = $False
$tabFilter.Controls.Add($combObjectFilter)
$System_Drawing_Size = New-Object System.Drawing.Size
$System_Drawing_Size.Width = 265
$System_Drawing_Size.Height = 44
$lblGetObj.Size = $System_Drawing_Size
$lblGetObj.Font = $FontSans775
$lblGetObj.Text = "The list box contains a few number of standard objects. To load all objects from schema press Load."
$System_Drawing_Point = New-Object System.Drawing.Point
$System_Drawing_Point.X = 9
$System_Drawing_Point.Y = 140
$lblGetObj.Location = $System_Drawing_Point
$lblGetObj.DataBindings.DefaultDataSourceUpdateMode = 0
$lblGetObj.Name = "lblGetObj"
$tabFilter.Controls.Add($lblGetObj)
$System_Drawing_Size = New-Object System.Drawing.Size
$System_Drawing_Size.Width = 150
$System_Drawing_Size.Height = 15
$lblGetObjExtend.Size = $System_Drawing_Size
$lblGetObjExtend.Font = "Microsoft Sans Serif, 7.75pt, style=Bold"
$lblGetObjExtend.Text = "This may take a while!"
$lblGetObjExtend.ForeColor = "Black"
$System_Drawing_Point = New-Object System.Drawing.Point
$System_Drawing_Point.X = 9
$System_Drawing_Point.Y = 182
$lblGetObjExtend.Location = $System_Drawing_Point
$lblGetObjExtend.DataBindings.DefaultDataSourceUpdateMode = 0
$lblGetObjExtend.Name = "lblGetObjExtend"
$tabFilter.Controls.Add($lblGetObjExtend)
$btnGetObjFullFilter.Name = "btnGetObjFullFilter"
$System_Drawing_Size = New-Object System.Drawing.Size
$System_Drawing_Size.Width = 100
$System_Drawing_Size.Height = 23
$btnGetObjFullFilter.Size = $System_Drawing_Size
$btnGetObjFullFilter.UseVisualStyleBackColor = $True
$btnGetObjFullFilter.Font = $FontSans825B
$btnGetObjFullFilter.Text = "Load"
$System_Drawing_Point = New-Object System.Drawing.Point
$System_Drawing_Point.X = 160
$System_Drawing_Point.Y = 185
$btnGetObjFullFilter.Location = $System_Drawing_Point
$btnGetObjFullFilter.DataBindings.DefaultDataSourceUpdateMode = 0
$btnGetObjFullFilter.add_Click($btnGetObjFullFilter_OnClick)
$btnGetObjFullFilter.Enabled = $false
$tabFilter.Controls.Add($btnGetObjFullFilter)
$System_Drawing_Size = New-Object System.Drawing.Size
$System_Drawing_Size.Width = 270
$System_Drawing_Size.Height = 70
$lblFilterTrusteeExpl.Size = $System_Drawing_Size
$lblFilterTrusteeExpl.Font = $FontSans775
$lblFilterTrusteeExpl.Text = "Filter by Trustee:`nExamples:`nCONTOSO\User`nCONTOSO\JohnDoe*`n*Smith`n*Doe*"
$System_Drawing_Point = New-Object System.Drawing.Point
$System_Drawing_Point.X = 9
$System_Drawing_Point.Y = 220
$lblFilterTrusteeExpl.Location = $System_Drawing_Point
$lblFilterTrusteeExpl.DataBindings.DefaultDataSourceUpdateMode = 0
$lblFilterTrusteeExpl.Name = "lblFilterTrusteeExpl"
$tabFilter.Controls.Add($lblFilterTrusteeExpl)
$System_Drawing_Size = New-Object System.Drawing.Size
$System_Drawing_Size.Width = 18
$System_Drawing_Size.Height = 24
$chkBoxTrustee.Size = $System_Drawing_Size
$chkBoxTrustee.Text = ""
$chkBoxTrustee.Checked = $False
$System_Drawing_Point = New-Object System.Drawing.Point
$System_Drawing_Point.X = 9
$System_Drawing_Point.Y = 292
$chkBoxTrustee.Location = $System_Drawing_Point
$chkBoxTrustee.CheckState = 0
$chkBoxTrustee.DataBindings.DefaultDataSourceUpdateMode = 0
$chkBoxTrustee.Enabled = $False
$chkBoxTrustee.Name = "chkBoxObject"
$tabFilter.Controls.Add($chkBoxTrustee)
$System_Drawing_Size = New-Object System.Drawing.Size
$System_Drawing_Size.Width = 245
$System_Drawing_Size.Height = 20
$txtFilterTrustee.Size = $System_Drawing_Size
$txtFilterTrustee.DataBindings.DefaultDataSourceUpdateMode = 0
$txtFilterTrustee.Name = "txtFilterTrustee"
$System_Drawing_Point = New-Object System.Drawing.Point
$System_Drawing_Point.X = 29
$System_Drawing_Point.Y = 295
$txtFilterTrustee.Location = $System_Drawing_Point
$txtFilterTrustee.Enabled = $false
$tabFilter.Controls.Add($txtFilterTrustee)
################################ Filter Tab ################################
$gBoxCompare.Name = "gBoxCompare"
$gBoxCompare.Text = "Compare Options"
$System_Drawing_Size = New-Object System.Drawing.Size
$System_Drawing_Size.Width = 260
$System_Drawing_Size.Height = 120
$gBoxCompare.Size = $System_Drawing_Size
$System_Drawing_Point = New-Object System.Drawing.Point
$System_Drawing_Point.X = 3
$System_Drawing_Point.Y = 335
$gBoxCompare.Location = $System_Drawing_Point
$gBoxCompare.DataBindings.DefaultDataSourceUpdateMode = 0
$tabScan.Controls.Add($gBoxCompare)
$gBoxScanDepth.Name = "gBoxScanDepth"
$gBoxScanDepth.Text = "Scan depth"
$System_Drawing_Size = New-Object System.Drawing.Size
$System_Drawing_Size.Width = 260
$System_Drawing_Size.Height = 40
$gBoxScanDepth.Size = $System_Drawing_Size
$System_Drawing_Point = New-Object System.Drawing.Point
$System_Drawing_Point.X = 3
$System_Drawing_Point.Y = 3
$gBoxScanDepth.Location = $System_Drawing_Point
$gBoxScanDepth.DataBindings.DefaultDataSourceUpdateMode = 0
$tabScan.Controls.Add($gBoxScanDepth)
$gBoxImportCSV.Name = "gBoxImportCSV"
$gBoxImportCSV.Text = "CSV to HTML"
$System_Drawing_Size = New-Object System.Drawing.Size
$System_Drawing_Size.Width = 260
$System_Drawing_Size.Height = 160
$gBoxImportCSV.Size = $System_Drawing_Size
$System_Drawing_Point = New-Object System.Drawing.Point
$System_Drawing_Point.X = 3
$System_Drawing_Point.Y = 10
$gBoxImportCSV.Location = $System_Drawing_Point
$gBoxImportCSV.DataBindings.DefaultDataSourceUpdateMode = 0
$tabOfflineScan.Controls.Add($gBoxImportCSV)
$rdbDSdef.TabIndex = 99
$rdbDSdef.TabStop = $false
$rdbDSdef.UseVisualStyleBackColor = $True
$System_Drawing_Size = New-Object System.Drawing.Size
$System_Drawing_Size.Width = 75
$System_Drawing_Size.Height = 24
$rdbDSdef.Size = $System_Drawing_Size
$rdbDSdef.Text = "Domain"
$System_Drawing_Point = New-Object System.Drawing.Point
$System_Drawing_Point.X = 3
$System_Drawing_Point.Y = 20
$rdbDSdef.Location = $System_Drawing_Point
$rdbDSdef.DataBindings.DefaultDataSourceUpdateMode = 0
$rdbDSdef.Name = "rdbDSdef"
$rdbDSdef.Checked = $true
$rdbDSdef.Add_checkedChanged($rdbNC_CheckChanged)
$gBoxNCSelect.Controls.Add($rdbDSdef)
$rdbCustomNC.UseVisualStyleBackColor = $True
$System_Drawing_Size = New-Object System.Drawing.Size
$System_Drawing_Size.Width = 75
$System_Drawing_Size.Height = 24
$rdbCustomNC.Size = $System_Drawing_Size
$rdbCustomNC.Text = "Custom"
$System_Drawing_Point = New-Object System.Drawing.Point
$System_Drawing_Point.X = 230
$System_Drawing_Point.Y = 20
$rdbCustomNC.Location = $System_Drawing_Point
$rdbCustomNC.DataBindings.DefaultDataSourceUpdateMode = 0
$rdbCustomNC.Name = "rdbCustomNC"
$rdbCustomNC.Checked = $false
$rdbCustomNC.Add_checkedChanged($rdbNC_CheckChanged)
$gBoxNCSelect.Controls.Add($rdbCustomNC)
$rdbDSConf.UseVisualStyleBackColor = $True
$System_Drawing_Size = New-Object System.Drawing.Size
$System_Drawing_Size.Width = 70
$System_Drawing_Size.Height = 24
$rdbDSConf.Size = $System_Drawing_Size
$rdbDSConf.Text = "Config"
$System_Drawing_Point = New-Object System.Drawing.Point
$System_Drawing_Point.X = 78
$System_Drawing_Point.Y = 20
$rdbDSConf.Location = $System_Drawing_Point
$rdbDSConf.DataBindings.DefaultDataSourceUpdateMode = 0
$rdbDSConf.Name = "rdbDSConf"
$rdbDSConf.Checked = $False
$rdbDSConf.Add_checkedChanged($rdbNC_CheckChanged)
$gBoxNCSelect.Controls.Add($rdbDSConf)
$rdbDSSchm.UseVisualStyleBackColor = $True
$System_Drawing_Size = New-Object System.Drawing.Size
$System_Drawing_Size.Width = 75
$System_Drawing_Size.Height = 24
$rdbDSSchm.Size = $System_Drawing_Size
$rdbDSSchm.Text = "Schema"
$System_Drawing_Point = New-Object System.Drawing.Point
$System_Drawing_Point.X = 150
$System_Drawing_Point.Y = 20
$rdbDSSchm.Location = $System_Drawing_Point
$rdbDSSchm.DataBindings.DefaultDataSourceUpdateMode = 0
$rdbDSSchm.Name = "rdbDSSchm"
$rdbDSSchm.Checked = $False
$rdbDSSchm.Add_checkedChanged($rdbNC_CheckChanged)
$gBoxNCSelect.Controls.Add($rdbDSSchm)
################################ Scan Options Tab ################################
$gBoxReportOpt.Name = "gBoxReportOpt"
$gBoxReportOpt.Text = "View in report"
$System_Drawing_Size = New-Object System.Drawing.Size
$System_Drawing_Size.Width = 260
$System_Drawing_Size.Height = 100
$gBoxReportOpt.Size = $System_Drawing_Size
$System_Drawing_Point = New-Object System.Drawing.Point
$System_Drawing_Point.X = 3
$System_Drawing_Point.Y = 93
$gBoxReportOpt.Location = $System_Drawing_Point
$gBoxReportOpt.DataBindings.DefaultDataSourceUpdateMode = 0
$tabScan.Controls.Add($gBoxReportOpt)
$gBoxRdbScan.Name = "gBoxRdbScan"
$gBoxRdbScan.Text = "Objects to scan"
$System_Drawing_Size = New-Object System.Drawing.Size
$System_Drawing_Size.Width = 260
$System_Drawing_Size.Height = 50
$gBoxRdbScan.Size = $System_Drawing_Size
$System_Drawing_Point = New-Object System.Drawing.Point
$System_Drawing_Point.X = 3
$System_Drawing_Point.Y = 42
$gBoxRdbScan.Location = $System_Drawing_Point
$gBoxRdbScan.DataBindings.DefaultDataSourceUpdateMode = 0
$tabScan.Controls.Add($gBoxRdbScan)
$gBoxRdbFile.Name = "gBoxRdbFile"
$gBoxRdbFile.Text = "Output Options"
$System_Drawing_Size = New-Object System.Drawing.Size
$System_Drawing_Size.Width = 260
$System_Drawing_Size.Height = 140
$gBoxRdbFile.Size = $System_Drawing_Size
$System_Drawing_Point = New-Object System.Drawing.Point
$System_Drawing_Point.X = 3
$System_Drawing_Point.Y = 195
$gBoxRdbFile.Location = $System_Drawing_Point
$gBoxRdbFile.DataBindings.DefaultDataSourceUpdateMode = 0
$tabScan.Controls.Add($gBoxRdbFile)
$rdbBase.UseVisualStyleBackColor = $False
$System_Drawing_Size = New-Object System.Drawing.Size
$System_Drawing_Size.Width = 75
$System_Drawing_Size.Height = 24
$rdbBase.Size = $System_Drawing_Size
$rdbBase.Text = "Base"
$rdbBase.Checked = $true
$System_Drawing_Point = New-Object System.Drawing.Point
$System_Drawing_Point.X = 9
$System_Drawing_Point.Y = 13
$rdbBase.Location = $System_Drawing_Point
$rdbBase.DataBindings.DefaultDataSourceUpdateMode = 0
$rdbBase.Name = "rdbBase"
$gBoxScanDepth.Controls.Add($rdbBase)
$rdbOneLevel.UseVisualStyleBackColor = $False
$System_Drawing_Size = New-Object System.Drawing.Size
$System_Drawing_Size.Width = 75
$System_Drawing_Size.Height = 24
$rdbOneLevel.Size = $System_Drawing_Size
$rdbOneLevel.Text = "One Level"
$System_Drawing_Point = New-Object System.Drawing.Point
$System_Drawing_Point.X = 85
$System_Drawing_Point.Y = 13
$rdbOneLevel.Location = $System_Drawing_Point
$rdbOneLevel.DataBindings.DefaultDataSourceUpdateMode = 0
$rdbOneLevel.Name = "rdbOneLevel"
$gBoxScanDepth.Controls.Add($rdbOneLevel)
$rdbSubtree.UseVisualStyleBackColor = $False
$System_Drawing_Size = New-Object System.Drawing.Size
$System_Drawing_Size.Width = 75
$System_Drawing_Size.Height = 24
$rdbSubtree.Size = $System_Drawing_Size
$rdbSubtree.Text = "Subtree"
$System_Drawing_Point = New-Object System.Drawing.Point
$System_Drawing_Point.X = 165
$System_Drawing_Point.Y = 13
$rdbSubtree.Location = $System_Drawing_Point
$rdbSubtree.DataBindings.DefaultDataSourceUpdateMode = 0
$rdbSubtree.Name = "rdbSubtree"
$gBoxScanDepth.Controls.Add($rdbSubtree)
$chkInheritedPerm.UseVisualStyleBackColor = $False
$System_Drawing_Size = New-Object System.Drawing.Size
$System_Drawing_Size.Width = 145
$System_Drawing_Size.Height = 24
$chkInheritedPerm.Size = $System_Drawing_Size
$chkInheritedPerm.Text = "Inherited Permissions"
$System_Drawing_Point = New-Object System.Drawing.Point
$System_Drawing_Point.X = 9
$System_Drawing_Point.Y = 33
$chkInheritedPerm.Location = $System_Drawing_Point
$chkInheritedPerm.CheckState = 0
$chkInheritedPerm.DataBindings.DefaultDataSourceUpdateMode = 0
$chkInheritedPerm.Name = "chkInheritedPerm"
$gBoxReportOpt.Controls.Add($chkInheritedPerm)
$chkBoxGetOwner.UseVisualStyleBackColor = $False
$System_Drawing_Size = New-Object System.Drawing.Size
$System_Drawing_Size.Width = 104
$System_Drawing_Size.Height = 24
$chkBoxGetOwner.Size = $System_Drawing_Size
$chkBoxGetOwner.Text = "View Owner"
$chkBoxGetOwner.Checked = $false
$System_Drawing_Point = New-Object System.Drawing.Point
$System_Drawing_Point.X = 9
$System_Drawing_Point.Y = 13
$chkBoxGetOwner.Location = $System_Drawing_Point
$chkBoxGetOwner.CheckState = 0
$chkBoxGetOwner.DataBindings.DefaultDataSourceUpdateMode = 0
$chkBoxGetOwner.Name = "chkBoxGetOwner"
$gBoxReportOpt.Controls.Add($chkBoxGetOwner)
$chkBoxDefaultPerm.UseVisualStyleBackColor = $False
$System_Drawing_Size = New-Object System.Drawing.Size
$System_Drawing_Size.Width = 149
$System_Drawing_Size.Height = 24
$chkBoxDefaultPerm.Size = $System_Drawing_Size
$chkBoxDefaultPerm.Text = "Skip Default Permissions"
$System_Drawing_Point = New-Object System.Drawing.Point
$System_Drawing_Point.X = 9
$System_Drawing_Point.Y = 54
$chkBoxDefaultPerm.Location = $System_Drawing_Point
$chkBoxDefaultPerm.DataBindings.DefaultDataSourceUpdateMode = 0
$chkBoxDefaultPerm.Name = "chkBoxDefaultPerm"
$gBoxReportOpt.Controls.Add($chkBoxDefaultPerm)
$chkBoxReplMeta.UseVisualStyleBackColor = $False
$System_Drawing_Size = New-Object System.Drawing.Size
$System_Drawing_Size.Width = 110
$System_Drawing_Size.Height = 20
$chkBoxReplMeta.Size = $System_Drawing_Size
$chkBoxReplMeta.Text = "SD modified date"
$System_Drawing_Point = New-Object System.Drawing.Point
$System_Drawing_Point.X = 9
$System_Drawing_Point.Y = 78
$chkBoxReplMeta.Location = $System_Drawing_Point
$chkBoxReplMeta.CheckState = 0
$chkBoxReplMeta.DataBindings.DefaultDataSourceUpdateMode = 0
$chkBoxReplMeta.Name = "chkBoxReplMeta"
$gBoxReportOpt.Controls.Add($chkBoxReplMeta)
$chkBoxGetOUProtected.UseVisualStyleBackColor = $False
$System_Drawing_Size = New-Object System.Drawing.Size
$System_Drawing_Size.Width = 90
$System_Drawing_Size.Height = 29
$chkBoxGetOUProtected.Size = $System_Drawing_Size
$chkBoxGetOUProtected.Text = "Inheritance`nDisabled"
$chkBoxGetOUProtected.TextAlign = "TopLeft"
$System_Drawing_Point = New-Object System.Drawing.Point
$System_Drawing_Point.X = 155
$System_Drawing_Point.Y = 33
$chkBoxGetOUProtected.Location = $System_Drawing_Point
$chkBoxGetOUProtected.CheckState = 0
$chkBoxGetOUProtected.CheckAlign = "TopLeft"
$chkBoxGetOUProtected.DataBindings.DefaultDataSourceUpdateMode = 0
$chkBoxGetOUProtected.Name = "chkBoxGetOUProtected"
$gBoxReportOpt.Controls.Add($chkBoxGetOUProtected)
$chkBoxACLSize.UseVisualStyleBackColor = $False
$System_Drawing_Size = New-Object System.Drawing.Size
$System_Drawing_Size.Width = 90
$System_Drawing_Size.Height = 20
$chkBoxACLSize.Size = $System_Drawing_Size
$chkBoxACLSize.Text = "DACL Size"
$System_Drawing_Point = New-Object System.Drawing.Point
$System_Drawing_Point.X = 155
$System_Drawing_Point.Y = 13
$chkBoxACLSize.Location = $System_Drawing_Point
$chkBoxACLSize.CheckState = 0
$chkBoxACLSize.DataBindings.DefaultDataSourceUpdateMode = 0
$chkBoxACLSize.Name = "chkBoxACLSize"
$gBoxReportOpt.Controls.Add($chkBoxACLSize)
$rdbScanOU.UseVisualStyleBackColor = $True
$System_Drawing_Size = New-Object System.Drawing.Size
$System_Drawing_Size.Width = 55
$System_Drawing_Size.Height = 24
$rdbScanOU.Size = $System_Drawing_Size
$rdbScanOU.Text = "OUs"
$System_Drawing_Point = New-Object System.Drawing.Point
$System_Drawing_Point.X = 3
$System_Drawing_Point.Y = 20
$rdbScanOU.Location = $System_Drawing_Point
$rdbScanOU.DataBindings.DefaultDataSourceUpdateMode = 0
$rdbScanOU.Name = "rdbScanOU"
$rdbScanOU.Checked = $true
$gBoxRdbScan.Controls.Add($rdbScanOU)
$rdbScanContainer.UseVisualStyleBackColor = $True
$System_Drawing_Size = New-Object System.Drawing.Size
$System_Drawing_Size.Width = 95
$System_Drawing_Size.Height = 24
$rdbScanContainer.Size = $System_Drawing_Size
$rdbScanContainer.Text = "Containers"
$System_Drawing_Point = New-Object System.Drawing.Point
$System_Drawing_Point.X = 60
$System_Drawing_Point.Y = 20
$rdbScanContainer.Location = $System_Drawing_Point
$rdbScanContainer.DataBindings.DefaultDataSourceUpdateMode = 0
$rdbScanContainer.Name = "rdbScanContainer"
$rdbScanContainer.Checked = $false
$gBoxRdbScan.Controls.Add($rdbScanContainer)
$rdbScanAll.UseVisualStyleBackColor = $True
$System_Drawing_Size = New-Object System.Drawing.Size
$System_Drawing_Size.Width = 100
$System_Drawing_Size.Height = 24
$rdbScanAll.Size = $System_Drawing_Size
$rdbScanAll.Text = "All Objects"
$System_Drawing_Point = New-Object System.Drawing.Point
$System_Drawing_Point.X = 155
$System_Drawing_Point.Y = 20
$rdbScanAll.Location = $System_Drawing_Point
$rdbScanAll.DataBindings.DefaultDataSourceUpdateMode = 0
$rdbScanAll.Name = "rdbScanAll"
$gBoxRdbScan.Controls.Add($rdbScanAll)
$btnGetTemplateFolder.Name = "btnGetTemplateFolder"
$System_Drawing_Size = New-Object System.Drawing.Size
$System_Drawing_Size.Width = 110
$System_Drawing_Size.Height = 23
$btnGetTemplateFolder.Size = $System_Drawing_Size
$btnGetTemplateFolder.UseVisualStyleBackColor = $True
$btnGetTemplateFolder.Font = $FontSans825B
$btnGetTemplateFolder.Text = "Change Folder"
$System_Drawing_Point = New-Object System.Drawing.Point
$System_Drawing_Point.X = 140
$System_Drawing_Point.Y = 110
$btnGetTemplateFolder.Location = $System_Drawing_Point
$btnGetTemplateFolder.DataBindings.DefaultDataSourceUpdateMode = 0
$btnGetTemplateFolder.add_Click($btnGetTemplateFolder_OnClick)
$gBoxRdbFile.Controls.Add($btnGetTemplateFolder)
$btnGetCompareInput.Name = "btnGetCompareInput"
$System_Drawing_Size = New-Object System.Drawing.Size
$System_Drawing_Size.Width = 120
$System_Drawing_Size.Height = 23
$btnGetCompareInput.Size = $System_Drawing_Size
$btnGetCompareInput.UseVisualStyleBackColor = $True
$btnGetCompareInput.Font = $FontSans825B
$btnGetCompareInput.Text = "Select Template"
$System_Drawing_Point = New-Object System.Drawing.Point
$System_Drawing_Point.X = 130
$System_Drawing_Point.Y = 60
$btnGetCompareInput.Location = $System_Drawing_Point
$btnGetCompareInput.DataBindings.DefaultDataSourceUpdateMode = 0
$btnGetCompareInput.add_Click($btnGetCompareInput_OnClick)
$gBoxCompare.Controls.Add($btnGetCompareInput)
$chkBoxTemplateNodes.UseVisualStyleBackColor = $False
$System_Drawing_Size = New-Object System.Drawing.Size
$System_Drawing_Size.Width = 100
$System_Drawing_Size.Height = 29
$chkBoxTemplateNodes.Size = $System_Drawing_Size
$chkBoxTemplateNodes.Text = "Use nodes from template"
$chkBoxTemplateNodes.TextAlign = "TopLeft"
$System_Drawing_Point = New-Object System.Drawing.Point
$System_Drawing_Point.X = 9
$System_Drawing_Point.Y = 60
$chkBoxTemplateNodes.Location = $System_Drawing_Point
$chkBoxTemplateNodes.CheckState = 0
$chkBoxTemplateNodes.CheckAlign = "TopLeft"
$chkBoxTemplateNodes.DataBindings.DefaultDataSourceUpdateMode = 0
$chkBoxTemplateNodes.Name = "chkBoxTemplateNodes"
$gBoxCompare.Controls.Add($chkBoxTemplateNodes)
$btnGetCSVFile.Name = "btnGetCSVFile"
$System_Drawing_Size = New-Object System.Drawing.Size
$System_Drawing_Size.Width = 120
$System_Drawing_Size.Height = 23
$btnGetCSVFile.Size = $System_Drawing_Size
$btnGetCSVFile.UseVisualStyleBackColor = $True
$btnGetCSVFile.Font = $FontSans75B
$btnGetCSVFile.Text = "Select CSV"
$System_Drawing_Point = New-Object System.Drawing.Point
$System_Drawing_Point.X = 120
$System_Drawing_Point.Y = 60
$btnGetCSVFile.Location = $System_Drawing_Point
$btnGetCSVFile.DataBindings.DefaultDataSourceUpdateMode = 0
$btnGetCSVFile.add_Click($btnGetCSVFile_OnClick)
$gBoxImportCsv.Controls.Add($btnGetCSVFile)
$System_Drawing_Size = New-Object System.Drawing.Size
$System_Drawing_Size.Width = 245
$System_Drawing_Size.Height = 20
$txtTempFolder.Size = $System_Drawing_Size
$txtTempFolder.DataBindings.DefaultDataSourceUpdateMode = 0
$txtTempFolder.Name = "txtTempFolder"
$System_Drawing_Point = New-Object System.Drawing.Point
$System_Drawing_Point.X = 3
$System_Drawing_Point.Y = 85
$txtTempFolder.Location = $System_Drawing_Point
$gBoxRdbFile.Controls.Add($txtTempFolder)
$System_Drawing_Size = New-Object System.Drawing.Size
$System_Drawing_Size.Width = 158
$System_Drawing_Size.Height = 16
$lblTempFolder.Size = $System_Drawing_Size
$lblTempFolder.Text = "CSV file destination:"
$System_Drawing_Point = New-Object System.Drawing.Point
$System_Drawing_Point.X = 3
$System_Drawing_Point.Y = 70
$lblTempFolder.Location = $System_Drawing_Point
$lblTempFolder.DataBindings.DefaultDataSourceUpdateMode = 0
$lblTempFolder.Name = "lblTempFolder"
$gBoxRdbFile.Controls.Add($lblTempFolder)
$System_Drawing_Size = New-Object System.Drawing.Size
$System_Drawing_Size.Width = 158
$System_Drawing_Size.Height = 16
$lblCompareTemplate.Size = $System_Drawing_Size
$lblCompareTemplate.Text = "CSV Template File:"
$System_Drawing_Point = New-Object System.Drawing.Point
$System_Drawing_Point.X = 3
$System_Drawing_Point.Y = 19
$lblCompareTemplate.Location = $System_Drawing_Point
$lblCompareTemplate.DataBindings.DefaultDataSourceUpdateMode = 0
$lblCompareTemplate.Name = "lblCompareTemplate"
$gBoxCompare.Controls.Add($lblCompareTemplate)
$System_Drawing_Size = New-Object System.Drawing.Size
$System_Drawing_Size.Width = 220
$System_Drawing_Size.Height = 20
$txtCompareTemplate.Size = $System_Drawing_Size
$txtCompareTemplate.DataBindings.DefaultDataSourceUpdateMode = 0
$txtCompareTemplate.Name = "txtCompareTemplate"
$System_Drawing_Point = New-Object System.Drawing.Point
$System_Drawing_Point.X = 3
$System_Drawing_Point.Y = 35
$txtCompareTemplate.Location = $System_Drawing_Point
$gBoxCompare.Controls.Add($txtCompareTemplate)
$System_Drawing_Size = New-Object System.Drawing.Size
$System_Drawing_Size.Width = 220
$System_Drawing_Size.Height = 20
$txtCSVImport.Size = $System_Drawing_Size
$txtCSVImport.DataBindings.DefaultDataSourceUpdateMode = 0
$txtCSVImport.Name = "txtCSVImport"
$System_Drawing_Point = New-Object System.Drawing.Point
$System_Drawing_Point.X = 3
$System_Drawing_Point.Y = 35
$txtCSVImport.Location = $System_Drawing_Point
$gBoxImportCSV.Controls.Add($txtCSVImport)
$System_Drawing_Size = New-Object System.Drawing.Size
$System_Drawing_Size.Width = 200
$System_Drawing_Size.Height = 16
$lblCSVImport.Size = $System_Drawing_Size
$lblCSVImport.Text = "This file will be converted HTML:"
$System_Drawing_Point = New-Object System.Drawing.Point
$System_Drawing_Point.X = 3
$System_Drawing_Point.Y = 20
$lblCSVImport.Location = $System_Drawing_Point
$lblCSVImport.DataBindings.DefaultDataSourceUpdateMode = 0
$lblCSVImport.Name = "lblCSVImport"
$gBoxImportCSV.Controls.Add($lblCSVImport)
$rdbOnlyHTA.UseVisualStyleBackColor = $True
$System_Drawing_Size = New-Object System.Drawing.Size
$System_Drawing_Size.Width = 101
$System_Drawing_Size.Height = 24
$rdbOnlyHTA.Size = $System_Drawing_Size
$rdbOnlyHTA.Text = "HTML report"
$System_Drawing_Point = New-Object System.Drawing.Point
$System_Drawing_Point.X = 3
$System_Drawing_Point.Y = 20
$rdbOnlyHTA.Location = $System_Drawing_Point
$rdbOnlyHTA.DataBindings.DefaultDataSourceUpdateMode = 1
$rdbOnlyHTA.Name = "rdbOnlyHTA"
$rdbOnlyHTA.Checked = $true
$gBoxRdbFile.Controls.Add($rdbOnlyHTA)
$rdbHTAandCSV.UseVisualStyleBackColor = $True
$System_Drawing_Size = New-Object System.Drawing.Size
$System_Drawing_Size.Width = 150
$System_Drawing_Size.Height = 40
$rdbHTAandCSV.Size = $System_Drawing_Size
$rdbHTAandCSV.Text = "HTML report and CSV file"
$System_Drawing_Point = New-Object System.Drawing.Point
$System_Drawing_Point.X = 104
$System_Drawing_Point.Y = 12
$rdbHTAandCSV.Location = $System_Drawing_Point
$rdbHTAandCSV.DataBindings.DefaultDataSourceUpdateMode = 1
$rdbHTAandCSV.Name = "rdbHTAandCSV"
$gBoxRdbFile.Controls.Add($rdbHTAandCSV)
$rdbOnlyCSV.UseVisualStyleBackColor = $True
$System_Drawing_Size = New-Object System.Drawing.Size
$System_Drawing_Size.Width = 97
$System_Drawing_Size.Height = 24
$rdbOnlyCSV.Size = $System_Drawing_Size
$rdbOnlyCSV.Text = "CSV file"
$System_Drawing_Point = New-Object System.Drawing.Point
$System_Drawing_Point.X = 3
$System_Drawing_Point.Y = 40
$rdbOnlyCSV.Location = $System_Drawing_Point
$rdbOnlyCSV.DataBindings.DefaultDataSourceUpdateMode = 1
$rdbOnlyCSV.Name = "rdbOnlyCSV"
$rdbOnlyCSV.Checked = $false
$gBoxRdbFile.Controls.Add($rdbOnlyCSV)
$System_Drawing_Size = New-Object System.Drawing.Size
$System_Drawing_Size.Width = 200
$System_Drawing_Size.Height = 17
$lblDomain.Size = $System_Drawing_Size
$lblDomain.Text = "Naming Context:"
$lblDomain.ForeColor = [System.Drawing.Color]::FromArgb(0, 0, 0, 0)
$System_Drawing_Point = New-Object System.Drawing.Point
$System_Drawing_Point.X = 3
$System_Drawing_Point.Y = 48
$lblDomain.Location = $System_Drawing_Point
$lblDomain.DataBindings.DefaultDataSourceUpdateMode = 0
$lblDomain.Name = "lblDomain"
$gBoxNCSelect.Controls.Add($lblDomain)
$txtBoxDomainConnect.Enabled = $false
$txtBoxDomainConnect.Text = $global:strDommainSelect
$txtBoxDomainConnect.TabStop = $false
$System_Drawing_Size = New-Object System.Drawing.Size
$System_Drawing_Size.Width = 280
$System_Drawing_Size.Height = 20
$txtBoxDomainConnect.Size = $System_Drawing_Size
$txtBoxDomainConnect.DataBindings.DefaultDataSourceUpdateMode = 0
$txtBoxDomainConnect.Name = "txtBoxDomainConnect"
$System_Drawing_Point = New-Object System.Drawing.Point
$System_Drawing_Point.X = 3
$System_Drawing_Point.Y = 65
$txtBoxDomainConnect.Location = $System_Drawing_Point
$gBoxNCSelect.Controls.Add($txtBoxDomainConnect)
$System_Drawing_Size = New-Object System.Drawing.Size
$System_Drawing_Size.Width = 225
$System_Drawing_Size.Height = 28
$lblConnect.Size = $System_Drawing_Size
$lblConnect.Font = $FontSans775
$lblConnect.Text = "First click Connect to connect to a domain."
$System_Drawing_Point = New-Object System.Drawing.Point
$System_Drawing_Point.X = 80
$System_Drawing_Point.Y = 90
$lblConnect.Location = $System_Drawing_Point
$lblConnect.DataBindings.DefaultDataSourceUpdateMode = 0
$lblConnect.Name = "lblConnect"
$btnDSConnect.TabIndex = 1
$btnDSConnect.Name = "btnDSConnect"
$System_Drawing_Size = New-Object System.Drawing.Size
$System_Drawing_Size.Width = 85
$System_Drawing_Size.Height = 23
$btnDSConnect.Size = $System_Drawing_Size
$btnDSConnect.UseVisualStyleBackColor = $True
$btnDSConnect.Font = $FontSans825B
$btnDSConnect.Text = "Connect"
$System_Drawing_Point = New-Object System.Drawing.Point
$System_Drawing_Point.X = 3
$System_Drawing_Point.Y = 90
$btnDSConnect.Location = $System_Drawing_Point
$btnDSConnect.DataBindings.DefaultDataSourceUpdateMode = 0
$btnDSConnect.add_Click($btnDSConnect_OnClick)
$gBoxNCSelect.Controls.Add($btnDSConnect)
$btnListDdomain.TabIndex = 1
$btnListDdomain.Name = "btnListDdomain"
$System_Drawing_Size = New-Object System.Drawing.Size
$System_Drawing_Size.Width = 100
$System_Drawing_Size.Height = 23
$btnListDdomain.Size = $System_Drawing_Size
$btnListDdomain.UseVisualStyleBackColor = $True
$btnListDdomain.Font = $FontSans825B
$btnListDdomain.Text = "List Domains"
$System_Drawing_Point = New-Object System.Drawing.Point
$System_Drawing_Point.X = 95
$System_Drawing_Point.Y = 90
$btnListDdomain.Location = $System_Drawing_Point
$btnListDdomain.DataBindings.DefaultDataSourceUpdateMode = 0
$btnListDdomain.add_Click($btnListDdomain_OnClick)
$gBoxNCSelect.Controls.Add($btnListDdomain)
$System_Drawing_Size = New-Object System.Drawing.Size
$System_Drawing_Size.Width = 550
$System_Drawing_Size.Height = 20
$txtBoxSelected.Size = $System_Drawing_Size
$txtBoxSelected.DataBindings.DefaultDataSourceUpdateMode = 0
$txtBoxSelected.Name = "txtBoxSelected"
$System_Drawing_Point = New-Object System.Drawing.Point
$System_Drawing_Point.X = 25
$System_Drawing_Point.Y = 590
$txtBoxSelected.Location = $System_Drawing_Point
$form1.Controls.Add($txtBoxSelected)
$gBoxBrowse.Name = "gBoxBrowse"
$gBoxBrowse.Text = "Browse Options"
$System_Drawing_Size = New-Object System.Drawing.Size
$System_Drawing_Size.Width = 310
$System_Drawing_Size.Height = 51
$gBoxBrowse.Size = $System_Drawing_Size
$System_Drawing_Point = New-Object System.Drawing.Point
$System_Drawing_Point.X = 25
$System_Drawing_Point.Y = 160
$gBoxBrowse.Location = $System_Drawing_Point
$gBoxBrowse.DataBindings.DefaultDataSourceUpdateMode = 0
$form1.Controls.Add($gBoxBrowse)
$rdbBrowseAll.Name = "rdbBrowseAll"
$System_Drawing_Size = New-Object System.Drawing.Size
$System_Drawing_Size.Width = 98
$System_Drawing_Size.Height = 24
$rdbBrowseAll.Size = $System_Drawing_Size
$rdbBrowseAll.UseVisualStyleBackColor = $True
$rdbBrowseAll.Text = "All Objects"
$System_Drawing_Point = New-Object System.Drawing.Point
$System_Drawing_Point.X = 68
$System_Drawing_Point.Y = 19
$rdbBrowseAll.Location = $System_Drawing_Point
$rdbBrowseAll.DataBindings.DefaultDataSourceUpdateMode = 0
$gBoxBrowse.Controls.Add($rdbBrowseAll)
$rdbBrowseOU.Name = "rdbBrowseOU"
$System_Drawing_Size = New-Object System.Drawing.Size
$System_Drawing_Size.Width = 104
$System_Drawing_Size.Height = 24
$rdbBrowseOU.Size = $System_Drawing_Size
$rdbBrowseOU.UseVisualStyleBackColor = $True
$rdbBrowseOU.Text = "OU''s"
$rdbBrowseOU.Checked = $true
$System_Drawing_Point = New-Object System.Drawing.Point
$System_Drawing_Point.X = 6
$System_Drawing_Point.Y = 19
$rdbBrowseOU.Location = $System_Drawing_Point
$rdbBrowseOU.DataBindings.DefaultDataSourceUpdateMode = 0
$gBoxBrowse.Controls.Add($rdbBrowseOU)
$System_Drawing_Size = New-Object System.Drawing.Size
$System_Drawing_Size.Width = 200
$System_Drawing_Size.Height = 90
$lblRunScan.Size = $System_Drawing_Size
$lblRunScan.Font = $FontSans9B
$lblRunScan.Text = "1.Select a naming context.`n2.Connect to a naming context.`n3.Select a node.`n4.Press Run Scan."
$System_Drawing_Point = New-Object System.Drawing.Point
$System_Drawing_Point.X = 340
$System_Drawing_Point.Y = 525
$lblRunScan.Location = $System_Drawing_Point
$lblRunScan.DataBindings.DefaultDataSourceUpdateMode = 0
$lblRunScan.Name = "lblRunScan"
$Form1.Controls.Add($lblRunScan)
$btnScan.TabIndex = 2
$btnScan.Name = "btnScan"
$System_Drawing_Size = New-Object System.Drawing.Size
$System_Drawing_Size.Width = 85
$System_Drawing_Size.Height = 23
$btnScan.Size = $System_Drawing_Size
$btnScan.UseVisualStyleBackColor = $True
$btnScan.Font = $FontSans825B
$btnScan.Text = "Run Scan"
$System_Drawing_Point = New-Object System.Drawing.Point
$System_Drawing_Point.X = 590
$System_Drawing_Point.Y = 540
$btnScan.Location = $System_Drawing_Point
$btnScan.DataBindings.DefaultDataSourceUpdateMode = 0
$btnScan.add_Click($btnScan_OnClick)
$Form1.Controls.Add($btnScan)
$btnCompare.Name = "btnCompare"
$System_Drawing_Size = New-Object System.Drawing.Size
$System_Drawing_Size.Width = 120
$System_Drawing_Size.Height = 23
$btnCompare.Size = $System_Drawing_Size
$btnCompare.UseVisualStyleBackColor = $True
$btnCompare.Font = $FontSans825B
$btnCompare.Text = "Run Compare"
$System_Drawing_Point = New-Object System.Drawing.Point
$System_Drawing_Point.X = 130
$System_Drawing_Point.Y = 90
$btnCompare.Location = $System_Drawing_Point
$btnCompare.DataBindings.DefaultDataSourceUpdateMode = 0
$btnCompare.add_Click($btnCompare_OnClick)
$gBoxCompare.Controls.Add($btnCompare)
$btnConvertCSV.Name = "btnConvertCSV"
$System_Drawing_Size = New-Object System.Drawing.Size
$System_Drawing_Size.Width = 125
$System_Drawing_Size.Height = 23
$btnConvertCSV.Size = $System_Drawing_Size
$btnConvertCSV.UseVisualStyleBackColor = $True
$btnConvertCSV.Font = $FontSans75B
$btnConvertCSV.Text = "Create HTML View"
$System_Drawing_Point = New-Object System.Drawing.Point
$System_Drawing_Point.X = 120
$System_Drawing_Point.Y = 90
$btnConvertCSV.Location = $System_Drawing_Point
$btnConvertCSV.DataBindings.DefaultDataSourceUpdateMode = 0
$btnConvertCSV.add_Click($btnCreateHTML)
$gBoxImportCSV.Controls.Add($btnConvertCSV)
$lblHeaderInfo.BackColor = [System.Drawing.Color]::FromArgb(255, 0, 0, 0)
$lblHeaderInfo.ForeColor = 'White'
$System_Drawing_Size = New-Object System.Drawing.Size
$System_Drawing_Size.Width = 500
$System_Drawing_Size.Height = 20
$lblHeaderInfo.Size = $System_Drawing_Size
$lblHeaderInfo.Font = $FontSans9
$lblHeaderInfo.Text = "A Tool To Create Reports of Access Control Lists In Active Directory"
$System_Drawing_Point = New-Object System.Drawing.Point
$System_Drawing_Point.X = 380
$System_Drawing_Point.Y = 18
$lblHeaderInfo.Location = $System_Drawing_Point
$lblHeaderInfo.DataBindings.DefaultDataSourceUpdateMode = 0
$lblHeaderInfo.Name = "lblRunScan"
$Form1.Controls.Add($lblHeaderInfo)
$lblHeader.BackColor = [System.Drawing.Color]::FromArgb(255, 0, 0, 0)
$lblHeader.ForeColor = 'White'
$System_Drawing_Size = New-Object System.Drawing.Size
$System_Drawing_Size.Width = 910
$System_Drawing_Size.Height = 38
$lblHeader.Size = $System_Drawing_Size
$lblHeader.Text = "AD ACL Scanner"
$lblHeader.Font = New-Object System.Drawing.Font("Microsoft Sans Serif", 18, 1, 3, 1)
$System_Drawing_Point = New-Object System.Drawing.Point
$System_Drawing_Point.X = 0
$System_Drawing_Point.Y = 0
$lblHeader.Location = $System_Drawing_Point
$lblHeader.DataBindings.DefaultDataSourceUpdateMode = 0
$lblHeader.Name = "lblHeader"
$form1.Controls.Add($lblHeader)
$System_Drawing_Size = New-Object System.Drawing.Size
$System_Drawing_Size.Width = 309
$System_Drawing_Size.Height = 355
$treeView1.Size = $System_Drawing_Size
$treeView1.Name = "treeView1"
$treeView1.BackColor = [System.Drawing.Color]::FromArgb(255, 255, 255, 255)
$System_Drawing_Point = New-Object System.Drawing.Point
$System_Drawing_Point.X = 25
$System_Drawing_Point.Y = 220
$treeView1.Location = $System_Drawing_Point
$treeView1.DataBindings.DefaultDataSourceUpdateMode = 0
$form1.Controls.Add($treeView1)
$TextBoxStatusMessage.BackColor = [System.Drawing.Color]::FromArgb(255, 255, 255, 255)
$System_Drawing_Size = New-Object System.Drawing.Size
$System_Drawing_Size.Width = 550
$System_Drawing_Size.Height = 78
$TextBoxStatusMessage.Size = $System_Drawing_Size
$TextBoxStatusMessage.Items.Insert(0, "Not Connected")
$TextBoxStatusMessage.Font = $FontSans9B
$TextBoxStatusMessage.ForeColor = [System.Drawing.Color]::FromArgb(0, 0, 0, 0)
$System_Drawing_Point = New-Object System.Drawing.Point
$System_Drawing_Point.X = 25
$System_Drawing_Point.Y = 630
$TextBoxStatusMessage.Location = $System_Drawing_Point
$TextBoxStatusMessage.DataBindings.DefaultDataSourceUpdateMode = 0
$TextBoxStatusMessage.Name = "TextBoxStatusMessage"
$form1.Controls.Add($TextBoxStatusMessage)
$System_Drawing_Size = New-Object System.Drawing.Size
$System_Drawing_Size.Width = 158
$System_Drawing_Size.Height = 16
$lblSelectedNode.Size = $System_Drawing_Size
$lblSelectedNode.Text = "Selected Object:"
$System_Drawing_Point = New-Object System.Drawing.Point
$System_Drawing_Point.X = 25
$System_Drawing_Point.Y = 575
$lblSelectedNode.Location = $System_Drawing_Point
$lblSelectedNode.DataBindings.DefaultDataSourceUpdateMode = 0
$lblSelectedNode.Name = "lblSelectedNode"
$form1.Controls.Add($lblSelectedNode)
$System_Drawing_Size = New-Object System.Drawing.Size
$System_Drawing_Size.Width = 158
$System_Drawing_Size.Height = 16
$lblStatusBar.Size = $System_Drawing_Size
$lblStatusBar.Text = "Status Message:"
$System_Drawing_Point = New-Object System.Drawing.Point
$System_Drawing_Point.X = 25
$System_Drawing_Point.Y = 615
$lblStatusBar.Location = $System_Drawing_Point
$lblStatusBar.DataBindings.DefaultDataSourceUpdateMode = 0
$lblStatusBar.Name = "lblStatusBar"
$form1.Controls.Add($lblStatusBar)
$btnExit.TabIndex = 3
$btnExit.Name = "btnExit"
$System_Drawing_Size = New-Object System.Drawing.Size
$System_Drawing_Size.Width = 75
$System_Drawing_Size.Height = 23
$btnExit.Size = $System_Drawing_Size
$btnExit.UseVisualStyleBackColor = $True
$btnExit.Font = $FontSans825B
$btnExit.Text = "Exit"
$System_Drawing_Point = New-Object System.Drawing.Point
$System_Drawing_Point.X = 730
$System_Drawing_Point.Y = 540
$btnExit.Location = $System_Drawing_Point
$btnExit.DataBindings.DefaultDataSourceUpdateMode = 0
$btnExit.add_Click($btnExit_OnClick)
$form1.Controls.Add($btnExit)
################################ Effective Rights Tab ################################
$chkBoxEffectiveRights.UseVisualStyleBackColor = $False
$System_Drawing_Size = New-Object System.Drawing.Size
$System_Drawing_Size.Width = 200
$System_Drawing_Size.Height = 30
$chkBoxEffectiveRights.Size = $System_Drawing_Size
$chkBoxEffectiveRights.Text = "Enable Effective Rights"
$chkBoxEffectiveRights.Checked = $false
$System_Drawing_Point = New-Object System.Drawing.Point
$System_Drawing_Point.X = 9
$System_Drawing_Point.Y = 9
$chkBoxEffectiveRights.Location = $System_Drawing_Point
$chkBoxEffectiveRights.CheckState = 0
$chkBoxEffectiveRights.DataBindings.DefaultDataSourceUpdateMode = 0
$chkBoxEffectiveRights.Name = "chkBoxEffectiveRights"
$chkBoxEffectiveRights.Add_checkedChanged($chkBoxEffectiveRights_CheckChanged)
$tabEffectiveR.Controls.Add($chkBoxEffectiveRights)
$chkBoxEffectiveRightsColor.UseVisualStyleBackColor = $False
$System_Drawing_Size = New-Object System.Drawing.Size
$System_Drawing_Size.Width = 200
$System_Drawing_Size.Height = 30
$chkBoxEffectiveRightsColor.Size = $System_Drawing_Size
$chkBoxEffectiveRightsColor.Text = "Show color coded criticallity"
$chkBoxEffectiveRightsColor.Checked = $false
$System_Drawing_Point = New-Object System.Drawing.Point
$System_Drawing_Point.X = 9
$System_Drawing_Point.Y = 285
$chkBoxEffectiveRightsColor.Location = $System_Drawing_Point
$chkBoxEffectiveRightsColor.CheckState = 0
$chkBoxEffectiveRightsColor.DataBindings.DefaultDataSourceUpdateMode = 0
$chkBoxEffectiveRightsColor.Name = "chkBoxEffectiveRightsColor"
$chkBoxEffectiveRightsColor.Enabled = $false
$tabEffectiveR.Controls.Add($chkBoxEffectiveRightsColor)
$System_Drawing_Size = New-Object System.Drawing.Size
$System_Drawing_Size.Width = 250
$System_Drawing_Size.Height = 45
$lblEffectiveRightsColor.Size = $System_Drawing_Size
$lblEffectiveDescText.Font = $FontSans825
$lblEffectiveRightsColor.Text = "Use colors in report to identify criticality level of permissions.This might help you in implementing Least-Privilege Administrative Models"
$System_Drawing_Point = New-Object System.Drawing.Point
$System_Drawing_Point.X = 9
$System_Drawing_Point.Y = 315
$lblEffectiveRightsColor.Location = $System_Drawing_Point
$lblEffectiveRightsColor.DataBindings.DefaultDataSourceUpdateMode = 0
$lblEffectiveRightsColor.Name = "lblEffectiveRightsColor"
$tabEffectiveR.Controls.Add($lblEffectiveRightsColor)
$System_Drawing_Size = New-Object System.Drawing.Size
$System_Drawing_Size.Width = 250
$System_Drawing_Size.Height = 55
$lblEffectiveDescText.Size = $System_Drawing_Size
$lblEffectiveDescText.Font = $FontSans825
$lblEffectiveDescText.Text = "Effective Access allows you to view the effective permissions for a user, group, or device account."
$System_Drawing_Point = New-Object System.Drawing.Point
$System_Drawing_Point.X = 9
$System_Drawing_Point.Y = 40
$lblEffectiveDescText.Location = $System_Drawing_Point
$lblEffectiveDescText.DataBindings.DefaultDataSourceUpdateMode = 0
$lblEffectiveDescText.Name = "lblEffectiveDescText"
$tabEffectiveR.Controls.Add($lblEffectiveDescText)
$System_Drawing_Size = New-Object System.Drawing.Size
$System_Drawing_Size.Width = 250
$System_Drawing_Size.Height = 30
$lblEffectiveText.Size = $System_Drawing_Size
$lblEffectiveText.Font = $FontSans825
$lblEffectiveText.Text = "Type the account name (samAccountName) for a user, group or computer:"
$System_Drawing_Point = New-Object System.Drawing.Point
$System_Drawing_Point.X = 9
$System_Drawing_Point.Y = 100
$lblEffectiveText.Location = $System_Drawing_Point
$lblEffectiveText.DataBindings.DefaultDataSourceUpdateMode = 0
$lblEffectiveText.Name = "lblEffectiveText"
$tabEffectiveR.Controls.Add($lblEffectiveText)
$btnGetSPAccount.TabIndex = 9
$btnGetSPAccount.Name = "btnGetSPAccount"
$System_Drawing_Size = New-Object System.Drawing.Size
$System_Drawing_Size.Width = 95
$System_Drawing_Size.Height = 23
$btnGetSPAccount.Size = $System_Drawing_Size
$btnGetSPAccount.UseVisualStyleBackColor = $True
$btnGetSPAccount.Font = $FontSans825B
$btnGetSPAccount.Text = "Get Account"
$System_Drawing_Point = New-Object System.Drawing.Point
$System_Drawing_Point.X = 9
$System_Drawing_Point.Y = 175
$btnGetSPAccount.Location = $System_Drawing_Point
$btnGetSPAccount.DataBindings.DefaultDataSourceUpdateMode = 0
$btnGetSPAccount.Enabled = $false
$btnGetSPAccount.add_Click($btnGetSPAccount_OnClick)
$tabEffectiveR.Controls.Add($btnGetSPAccount)
$btnGetSPNReport.TabIndex = 10
$btnGetSPNReport.Name = "btnGetSPNReport"
$System_Drawing_Size = New-Object System.Drawing.Size
$System_Drawing_Size.Width = 130
$System_Drawing_Size.Height = 23
$btnGetSPNReport.Size = $System_Drawing_Size
$btnGetSPNReport.UseVisualStyleBackColor = $True
$btnGetSPNReport.Font = $FontSans825B
$btnGetSPNReport.Text = "View Account"
$System_Drawing_Point = New-Object System.Drawing.Point
$System_Drawing_Point.X = 9
$System_Drawing_Point.Y = 260
$btnGetSPNReport.Location = $System_Drawing_Point
$btnGetSPNReport.DataBindings.DefaultDataSourceUpdateMode = 0
$btnGetSPNReport.Enabled = $false
$btnGetSPNReport.add_Click($btnGetSPNReport_OnClick)
$tabEffectiveR.Controls.Add($btnGetSPNReport)
$btnViewLegend.TabIndex = 10
$btnViewLegend.Name = "btnViewLegend"
$System_Drawing_Size = New-Object System.Drawing.Size
$System_Drawing_Size.Width = 130
$System_Drawing_Size.Height = 23
$btnViewLegend.Size = $System_Drawing_Size
$btnViewLegend.UseVisualStyleBackColor = $True
$btnViewLegend.Font = $FontSans825B
$btnViewLegend.Text = "View Color Legend"
$System_Drawing_Point = New-Object System.Drawing.Point
$System_Drawing_Point.X = 9
$System_Drawing_Point.Y = 360
$btnViewLegend.Location = $System_Drawing_Point
$btnViewLegend.DataBindings.DefaultDataSourceUpdateMode = 0
$btnViewLegend.Enabled = $false
$btnViewLegend.add_Click($btnViewLegened_OnClick)
$tabEffectiveR.Controls.Add($btnViewLegend)
$System_Drawing_Size = New-Object System.Drawing.Size
$System_Drawing_Size.Width = 110
$System_Drawing_Size.Height = 20
$lblSelectPrincipalDom.Size = $System_Drawing_Size
$lblSelectPrincipalDom.DataBindings.DefaultDataSourceUpdateMode = 0
$lblSelectPrincipalDom.Name = "lblSelectPrincipalDom"
$System_Drawing_Point = New-Object System.Drawing.Point
$System_Drawing_Point.X = 9
$System_Drawing_Point.Y = 130
$lblSelectPrincipalDom.Location = $System_Drawing_Point
$lblSelectPrincipalDom.Enabled = $true
$lblSelectPrincipalDom.TextAlign = "MiddleLeft"
$lblSelectPrincipalDom.Font = $FontSans75B
$lblSelectPrincipalDom.text = ":"
$tabEffectiveR.Controls.Add($lblSelectPrincipalDom)
$System_Drawing_Size = New-Object System.Drawing.Size
$System_Drawing_Size.Width = 210
$System_Drawing_Size.Height = 20
$txtBoxSelectPrincipal.Size = $System_Drawing_Size
$txtBoxSelectPrincipal.DataBindings.DefaultDataSourceUpdateMode = 0
$txtBoxSelectPrincipal.Name = "txtBoxSelectPrincipal"
$System_Drawing_Point = New-Object System.Drawing.Point
$System_Drawing_Point.X = 9
$System_Drawing_Point.Y = 150
$txtBoxSelectPrincipal.Location = $System_Drawing_Point
$txtBoxSelectPrincipal.Enabled = $false
$tabEffectiveR.Controls.Add($txtBoxSelectPrincipal)
$gBoxEffectiveSelUser.TabIndex = 0
$gBoxEffectiveSelUser.Name = "gBoxEffectiveSelUser"
$gBoxEffectiveSelUser.Text = "Selected Security Principal:"
$System_Drawing_Size = New-Object System.Drawing.Size
$System_Drawing_Size.Width = 270
$System_Drawing_Size.Height = 45
$gBoxEffectiveSelUser.Size = $System_Drawing_Size
$System_Drawing_Point = New-Object System.Drawing.Point
$System_Drawing_Point.X = 3
$System_Drawing_Point.Y = 210
$gBoxEffectiveSelUser.Location = $System_Drawing_Point
$gBoxEffectiveSelUser.DataBindings.DefaultDataSourceUpdateMode = 0
$tabEffectiveR.Controls.Add($gBoxEffectiveSelUser)
$System_Drawing_Size = New-Object System.Drawing.Size
$System_Drawing_Size.Width = 250
$System_Drawing_Size.Height = 25
$lblEffectiveSelUser.Size = $System_Drawing_Size
$lblEffectiveSelUser.Font = $FontSans825B
$lblEffectiveSelUser.Text = ""
$System_Drawing_Point = New-Object System.Drawing.Point
$System_Drawing_Point.X = 3
$System_Drawing_Point.Y = 15
$lblEffectiveSelUser.Location = $System_Drawing_Point
$lblEffectiveSelUser.DataBindings.DefaultDataSourceUpdateMode = 0
$lblEffectiveSelUser.Name = "lblEffectiveSelUser"
$gBoxEffectiveSelUser.Controls.Add($lblEffectiveSelUser)
$btnListLocations.TabIndex = 1
$btnListLocations.Name = "btnListLocations"
$System_Drawing_Size = New-Object System.Drawing.Size
$System_Drawing_Size.Width = 100
$System_Drawing_Size.Height = 23
$btnListLocations.Size = $System_Drawing_Size
$btnListLocations.UseVisualStyleBackColor = $True
$btnListLocations.Font = $FontSans825B
$btnListLocations.Text = "Locations..."
$System_Drawing_Point = New-Object System.Drawing.Point
$System_Drawing_Point.X = 120
$System_Drawing_Point.Y = 175
$btnListLocations.Location = $System_Drawing_Point
$btnListLocations.Enabled = $false
$btnListLocations.DataBindings.DefaultDataSourceUpdateMode = 0
$btnListLocations.add_Click($btnListLocations_OnClick)
$tabEffectiveR.Controls.Add($btnListLocations)
################################ Effective Rights Tab ################################
#endregion Generated Form Code
#Save the initial state of the form
$InitialFormWindowState = $form1.WindowState
#Init the OnLoad event to correct the initial state of the form
$form1.add_Load($OnLoadForm_StateCorrection)
#Show the Form
$form1.ShowDialog() | Out-Null
} #End Function
#==========================================================================
# Function : ConvertTo-ObjectArrayListFromPsCustomObject
# Arguments : Defined Object
# Returns : Custom Object List
# Description : Convert a defined object to a custom, this will help you if you got a read-only object
#
#==========================================================================
function ConvertTo-ObjectArrayListFromPsCustomObject {
param (
[Parameter(
Position = 0,
Mandatory = $true,
ValueFromPipeline = $true,
ValueFromPipelineByPropertyName = $true
)] $psCustomObject
);
process {
$myCustomArray = New-Object System.Collections.ArrayList
foreach ($myPsObject in $psCustomObject) {
$hashTable = @{};
$myPsObject | Get-Member -MemberType *Property | ForEach-Object {
$hashTable.($_.name) = $myPsObject.($_.name);
}
$Newobject = new-object psobject -Property $hashTable
[void]$myCustomArray.add($Newobject)
}
return $myCustomArray
}
}
#==========================================================================
# Function : GetDomainController
# Arguments : Domain FQDN,bol using creds, PSCredential
# Returns : Domain Controller
# Description : Locate a domain controller in a specified domain
#==========================================================================
Function GetDomainController {
Param([string] $strDomainFQDN,
[bool] $bolCreds,
[parameter(Mandatory = $false)]
[System.Management.Automation.PSCredential] $Creds)
$strDomainController = ""
if ($bolCreds -eq $true) {
$Context = New-Object DirectoryServices.ActiveDirectory.DirectoryContext("Domain", $strDomainFQDN, $Creds.UserName, $Creds.GetNetworkCredential().Password)
$ojbDomain = [DirectoryServices.ActiveDirectory.Domain]::GetDomain($Context)
$strDomainController = $($ojbDomain.FindDomainController()).name
}
else {
$Context = New-Object DirectoryServices.ActiveDirectory.DirectoryContext("Domain", $strDomainFQDN )
$ojbDomain = [DirectoryServices.ActiveDirectory.Domain]::GetDomain($Context)
$strDomainController = $($ojbDomain.FindDomainController()).name
}
return $strDomainController
}
#==========================================================================
# Function : GenerateDomainPicker
# Arguments : -
# Returns : Domain DistinguishedName
# Description : Windows Form List AD Domains in Forest
#==========================================================================
Function GenerateDomainPicker {
[void] [System.Reflection.Assembly]::LoadWithPartialName("System.Windows.Forms")
[void] [System.Reflection.Assembly]::LoadWithPartialName("System.Drawing")
$objForm = New-Object System.Windows.Forms.Form
$objForm.Text = "Select a Domain"
$objForm.Size = New-Object System.Drawing.Size(400, 200)
$objForm.StartPosition = "CenterScreen"
$objForm.KeyPreview = $True
$objForm.Add_KeyDown( { if ($_.KeyCode -eq "Enter")
{ $x = $objListBoxDomainList.SelectedItem; $objForm.Close() } })
$objForm.Add_KeyDown( { if ($_.KeyCode -eq "Escape")
{ $objForm.Close() } })
$OKButton = New-Object System.Windows.Forms.Button
$OKButton.Location = New-Object System.Drawing.Size(75, 120)
$OKButton.Size = New-Object System.Drawing.Size(75, 23)
$OKButton.Text = "OK"
$OKButton.Add_Click( { $global:strDommainSelect = $objListBoxDomainList.SelectedItem; $objForm.Close() })
$objForm.Controls.Add($OKButton)
$CancelButton = New-Object System.Windows.Forms.Button
$CancelButton.Location = New-Object System.Drawing.Size(150, 120)
$CancelButton.Size = New-Object System.Drawing.Size(75, 23)
$CancelButton.Text = "Cancel"
$CancelButton.Add_Click( { $objForm.Close() })
$objForm.Controls.Add($CancelButton)
$objLabel = New-Object System.Windows.Forms.Label
$objLabel.Location = New-Object System.Drawing.Size(10, 20)
$objLabel.Size = New-Object System.Drawing.Size(300, 20)
$objLabel.Text = "Please select a domain:"
$objForm.Controls.Add($objLabel)
$objListBoxDomainList = New-Object System.Windows.Forms.ListBox
$objListBoxDomainList.Location = New-Object System.Drawing.Size(10, 40)
$objListBoxDomainList.Size = New-Object System.Drawing.Size(300, 20)
$objListBoxDomainList.Height = 80
$Config = ([adsi]"LDAP://rootdse").ConfigurationNamingContext
$dse = [adsi]"LDAP://CN=Partitions,$config"
$searcher = new-object System.DirectoryServices.DirectorySearcher($dse)
[void]$searcher.PropertiesToLoad.("cn", "name", "trustParent", "nETBIOSName", "nCName")
$searcher.filter = "(&(cn=*))"
$colResults = $searcher.FindAll()
$intCounter = 0
foreach ($objResult in $colResults) {
$objExtendedRightsObject = $objResult.Properties
if ( $objExtendedRightsObject.item("systemflags") -eq 3) {
$strNetbios = $($objExtendedRightsObject.item("nETBIOSName"))
$strDN = $($objExtendedRightsObject.item("nCName"))
[void] $objListBoxDomainList.Items.Add($strDN)
}
}
$objForm.Controls.Add($objListBoxDomainList)
$objForm.Topmost = $True
$objForm.Add_Shown( { $objForm.Activate() })
[void] $objForm.ShowDialog()
}
#==========================================================================
# Function : GenerateTrustedDomainPicker
# Arguments : -
# Returns : Trusted Domain DistinguishedName
# Description : Windows Form List AD Domains trusted by this Domain
#==========================================================================
Function GenerateTrustedDomainPicker {
[void] [System.Reflection.Assembly]::LoadWithPartialName("System.Windows.Forms")
[void] [System.Reflection.Assembly]::LoadWithPartialName("System.Drawing")
$global:strPrinDomDir = ""
$objForm = New-Object System.Windows.Forms.Form
$objForm.Text = "Locations"
$objForm.Size = New-Object System.Drawing.Size(400, 200)
$objForm.StartPosition = "CenterScreen"
$objForm.KeyPreview = $True
$objForm.Add_KeyDown( { if ($_.KeyCode -eq "Enter")
{ $x = $objListBoxDomainList.SelectedItem; $objForm.Close() } })
$objForm.Add_KeyDown( { if ($_.KeyCode -eq "Escape")
{ $objForm.Close() } })
$OKButton = New-Object System.Windows.Forms.Button
$OKButton.Location = New-Object System.Drawing.Size(75, 120)
$OKButton.Size = New-Object System.Drawing.Size(75, 23)
$OKButton.Text = "OK"
$OKButton.Add_Click( {
$global:strDomainPrinDNName = $objListBoxDomainList.SelectedItem
if ( $global:strDomainPrinDNName -eq $global:strDomainLongName ) {
$lblSelectPrincipalDom.text = $global:strDomainShortName + ":"
}
else {
$dse = ([adsi]"LDAP://$global:strDC/CN=System,$global:strDomainDNName")
$searcher = new-object System.DirectoryServices.DirectorySearcher($dse)
[void]$searcher.PropertiesToLoad.("cn", "name", "trustParent", "nETBIOSName", "nCName")
$searcher.filter = "(&(trustPartner=$global:strDomainPrinDNName))"
$colResults = $searcher.FindOne()
$intCounter = 0
if ($colResults) {
$objExtendedRightsObject = $colResults.Properties
$global:strPrinDomDir = $objExtendedRightsObject.item("trustDirection")
$global:strPrinDomAttr = "{0:X2}" -f [int] $objExtendedRightsObject.item("trustAttributes")[0]
$global:strPrinDomFlat = $objExtendedRightsObject.item("flatname")
$lblSelectPrincipalDom.text = $global:strPrinDomFlat + ":"
}
}
$objForm.Close() })
$objForm.Controls.Add($OKButton)
$CancelButton = New-Object System.Windows.Forms.Button
$CancelButton.Location = New-Object System.Drawing.Size(150, 120)
$CancelButton.Size = New-Object System.Drawing.Size(75, 23)
$CancelButton.Text = "Cancel"
$CancelButton.Add_Click( { $objForm.Close() })
$objForm.Controls.Add($CancelButton)
$objLabel = New-Object System.Windows.Forms.Label
$objLabel.Location = New-Object System.Drawing.Size(10, 20)
$objLabel.Size = New-Object System.Drawing.Size(300, 20)
$objLabel.Text = "Select the location you want to search."
$objForm.Controls.Add($objLabel)
$objListBoxDomainList = New-Object System.Windows.Forms.ListBox
$objListBoxDomainList.Location = New-Object System.Drawing.Size(10, 40)
$objListBoxDomainList.Size = New-Object System.Drawing.Size(300, 20)
$objListBoxDomainList.Height = 80
$dse = ([adsi]"LDAP://$global:strDC/CN=System,$global:strDomainDNName")
$searcher = new-object System.DirectoryServices.DirectorySearcher($dse)
[void]$searcher.PropertiesToLoad.("cn", "name", "trustParent", "nETBIOSName", "nCName")
$searcher.filter = "(&(cn=*))"
$colResults = $searcher.FindAll()
$intCounter = 0
foreach ($objResult in $colResults) {
$objExtendedRightsObject = $objResult.Properties
if ( $objExtendedRightsObject.item("trustDirection") -gt 1) {
$strNetbios = $($objExtendedRightsObject.item("flatName"))
$strDN = $($objExtendedRightsObject.item("trustPartner"))
[void] $objListBoxDomainList.Items.Add($strDN)
}
}
[void] $objListBoxDomainList.Items.Add($global:strDomainLongName)
$objForm.Controls.Add($objListBoxDomainList)
$objForm.Topmost = $True
$objForm.Add_Shown( { $objForm.Activate() })
[void] $objForm.ShowDialog()
}
Function BuildSchemaDic {
$global:dicSchemaIDGUIDs = @{"BF967ABA-0DE6-11D0-A285-00AA003049E2" = "user"; `
"BF967A86-0DE6-11D0-A285-00AA003049E2" = "computer"; `
"BF967A9C-0DE6-11D0-A285-00AA003049E2" = "group"; `
"BF967ABB-0DE6-11D0-A285-00AA003049E2" = "volume"; `
"F30E3BBE-9FF0-11D1-B603-0000F80367C1" = "gPLink"; `
"F30E3BBF-9FF0-11D1-B603-0000F80367C1" = "gPOptions"; `
"BF967AA8-0DE6-11D0-A285-00AA003049E2" = "printQueue"; `
"4828CC14-1437-45BC-9B07-AD6F015E5F28" = "inetOrgPerson"; `
"5CB41ED0-0E4C-11D0-A286-00AA003049E2" = "contact"; `
"BF967AA5-0DE6-11D0-A285-00AA003049E2" = "organizationalUnit"; `
"BF967A0A-0DE6-11D0-A285-00AA003049E2" = "pwdLastSet"
}
$global:dicSpecialIdentities = @{"S-1-0" = "Null Authority"; `
"S-1-0-0" = "Nobody"; `
"S-1-1" = "World Authority"; `
"S-1-1-0" = "Everyone"; `
"S-1-2" = "Local Authority"; `
"S-1-2-0" = "Local "; `
"S-1-2-1" = "Console Logon "; `
"S-1-3" = "Creator Authority"; `
"S-1-3-0" = "Creator Owner"; `
"S-1-3-1" = "Creator Group"; `
"S-1-3-2" = "Creator Owner Server"; `
"S-1-3-3" = "Creator Group Server"; `
"S-1-3-4" = "Owner Rights"; `
"S-1-4" = "Non-unique Authority"; `
"S-1-5" = "NT Authority"; `
"S-1-5-1" = "Dialup"; `
"S-1-5-2" = "Network"; `
"S-1-5-3" = "Batch"; `
"S-1-5-4" = "Interactive"; `
"S-1-5-6" = "Service"; `
"S-1-5-7" = "Anonymous"; `
"S-1-5-8" = "Proxy"; `
"S-1-5-9" = "Enterprise Domain Controllers"; `
"S-1-5-10" = "Principal Self"; `
"S-1-5-11" = "Authenticated Users"; `
"S-1-5-12" = "Restricted Code"; `
"S-1-5-13" = "Terminal Server Users"; `
"S-1-5-14" = "Remote Interactive Logon"; `
"S-1-5-15" = "This Organization"; `
"S-1-5-17" = "IUSR"; `
"S-1-5-18" = "Local System"
}
$global:dicNameToSchemaIDGUIDs = @{"user" = "BF967ABA-0DE6-11D0-A285-00AA003049E2"; `
"computer" = "BF967A86-0DE6-11D0-A285-00AA003049E2"; `
"group" = "BF967A9C-0DE6-11D0-A285-00AA003049E2"; `
"volume" = "BF967ABB-0DE6-11D0-A285-00AA003049E2"; `
"gPLink" = "F30E3BBE-9FF0-11D1-B603-0000F80367C1"; `
"gPOptions" = "F30E3BBF-9FF0-11D1-B603-0000F80367C1"; `
"printQueue" = "BF967AA8-0DE6-11D0-A285-00AA003049E2"; `
"inetOrgPerson" = "4828CC14-1437-45BC-9B07-AD6F015E5F28"; `
"contact" = "5CB41ED0-0E4C-11D0-A286-00AA003049E2"; `
"organizationalUnit" = "BF967AA5-0DE6-11D0-A285-00AA003049E2"; `
"pwdLastSet" = "BF967A0A-0DE6-11D0-A285-00AA003049E2"
}
}
BuildSchemaDic
$global:dicRightsGuids = @{"Seed" = "xxx" }
$global:dicSidToName = @{"Seed" = "xxx" }
$global:dicDCSpecialSids = @{"BUILTIN\Incoming Forest Trust Builders" = "S-1-5-32-557"; `
"BUILTIN\Account Operators" = "S-1-5-32-548"; `
"BUILTIN\Server Operators" = "S-1-5-32-549"; `
"BUILTIN\Pre-Windows 2000 Compatible Access" = "S-1-5-32-554"; `
"BUILTIN\Terminal Server License Servers" = "S-1-5-32-561"; `
"BUILTIN\Windows Authorization Access Group" = "S-1-5-32-560"
}
$global:dicWellKnownSids = @{"S-1-0" = "Null Authority"; `
"S-1-0-0" = "Nobody"; `
"S-1-1" = "World Authority"; `
"S-1-1-0" = "Everyone"; `
"S-1-2" = "Local Authority"; `
"S-1-2-0" = "Local "; `
"S-1-2-1" = "Console Logon "; `
"S-1-3" = "Creator Authority"; `
"S-1-3-0" = "Creator Owner"; `
"S-1-3-1" = "Creator Group"; `
"S-1-3-2" = "Creator Owner Server"; `
"S-1-3-3" = "Creator Group Server"; `
"S-1-3-4" = "Owner Rights"; `
"S-1-4" = "Non-unique Authority"; `
"S-1-5" = "NT Authority"; `
"S-1-5-1" = "Dialup"; `
"S-1-5-2" = "Network"; `
"S-1-5-3" = "Batch"; `
"S-1-5-4" = "Interactive"; `
"S-1-5-6" = "Service"; `
"S-1-5-7" = "Anonymous"; `
"S-1-5-8" = "Proxy"; `
"S-1-5-9" = "Enterprise Domain Controllers"; `
"S-1-5-10" = "Principal Self"; `
"S-1-5-11" = "Authenticated Users"; `
"S-1-5-12" = "Restricted Code"; `
"S-1-5-13" = "Terminal Server Users"; `
"S-1-5-14" = "Remote Interactive Logon"; `
"S-1-5-15" = "This Organization"; `
"S-1-5-17" = "IUSR"; `
"S-1-5-18" = "Local System"; `
"S-1-5-19" = "NT Authority"; `
"S-1-5-20" = "NT Authority"; `
"S-1-5-22" = "ENTERPRISE READ-ONLY DOMAIN CONTROLLERS BETA"; `
"S-1-5-32-544" = "Administrators"; `
"S-1-5-32-545" = "Users"; `
"S-1-5-32-546" = "Guests"; `
"S-1-5-32-547" = "Power Users"; `
"S-1-5-32-548" = "BUILTIN\Account Operators"; `
"S-1-5-32-549" = "Server Operators"; `
"S-1-5-32-550" = "Print Operators"; `
"S-1-5-32-551" = "Backup Operators"; `
"S-1-5-32-552" = "Replicator"; `
"S-1-5-32-554" = "BUILTIN\Pre-Windows 2000 Compatible Access"; `
"S-1-5-32-555" = "BUILTIN\Remote Desktop Users"; `
"S-1-5-32-556" = "BUILTIN\Network Configuration Operators"; `
"S-1-5-32-557" = "BUILTIN\Incoming Forest Trust Builders"; `
"S-1-5-32-558" = "BUILTIN\Performance Monitor Users"; `
"S-1-5-32-559" = "BUILTIN\Performance Log Users"; `
"S-1-5-32-560" = "BUILTIN\Windows Authorization Access Group"; `
"S-1-5-32-561" = "BUILTIN\Terminal Server License Servers"; `
"S-1-5-32-562" = "BUILTIN\Distributed COM Users"; `
"S-1-5-32-568" = "BUILTIN\IIS_IUSRS"; `
"S-1-5-32-569" = "BUILTIN\Cryptographic Operators"; `
"S-1-5-32-573" = "BUILTIN\Event Log Readers "; `
"S-1-5-32-574" = "BUILTIN\Certificate Service DCOM Access"; `
"S-1-5-32-575" = "BUILTIN\RDS Remote Access Servers"; `
"S-1-5-32-576" = "BUILTIN\RDS Endpoint Servers"; `
"S-1-5-32-577" = "BUILTIN\RDS Management Servers"; `
"S-1-5-32-578" = "BUILTIN\Hyper-V Administrators"; `
"S-1-5-32-579" = "BUILTIN\Access Control Assistance Operators"; `
"S-1-5-32-580" = "BUILTIN\Remote Management Users"; `
"S-1-5-64-10" = "NTLM Authentication"; `
"S-1-5-64-14" = "SChannel Authentication"; `
"S-1-5-64-21" = "Digest Authentication"; `
"S-1-5-80" = "NT Service"; `
"S-1-16-0" = "Untrusted Mandatory Level"; `
"S-1-16-4096" = "Low Mandatory Level"; `
"S-1-16-8192" = "Medium Mandatory Level"; `
"S-1-16-8448" = "Medium Plus Mandatory Level"; `
"S-1-16-12288" = "High Mandatory Level"; `
"S-1-16-16384" = "System Mandatory Level"; `
"S-1-16-20480" = "Protected Process Mandatory Level"; `
"S-1-16-28672" = "Secure Process Mandatory Level"
}
#==========================================================================
# Function : Get-Forest
# Arguments : string domain controller,credentials
# Returns : Forest
# Description : Get AD Forest
#==========================================================================
function Get-Forest {
Param($DomainController, [Management.Automation.PSCredential]$Credential)
if (!$DomainController) {
[DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest()
return
}
if ($Creds) {
$Context = new-object DirectoryServices.ActiveDirectory.DirectoryContext("DirectoryServer", $DomainController, $Creds.UserName, $Creds.GetNetworkCredential().Password)
}
else {
$Context = New-Object DirectoryServices.ActiveDirectory.DirectoryContext("DirectoryServer", $DomainController)
}
$ojbForest = [DirectoryServices.ActiveDirectory.Forest]::GetForest($Context)
return $ojbForest
}
#==========================================================================
# Function : TestCreds
# Arguments : System.Management.Automation.PSCredential
# Returns : Boolean
# Description : Check If username and password is valid
#==========================================================================
Function TestCreds {
Param([System.Management.Automation.PSCredential] $psCred)
[void][reflection.assembly]::LoadWithPartialName("System.DirectoryServices.AccountManagement")
if ($psCred.UserName -match "\\") {
If ($psCred.UserName.split("\")[0] -eq "") {
[directoryservices.directoryEntry]$root = (New-Object system.directoryservices.directoryEntry)
$ctx = New-Object System.DirectoryServices.AccountManagement.PrincipalContext([System.DirectoryServices.AccountManagement.ContextType]::Domain, $root.name)
}
else {
$ctx = New-Object System.DirectoryServices.AccountManagement.PrincipalContext([System.DirectoryServices.AccountManagement.ContextType]::Domain, $psCred.UserName.split("\")[0])
}
$bolValid = $ctx.ValidateCredentials($psCred.UserName.split("\")[1], $psCred.GetNetworkCredential().Password)
}
else {
[directoryservices.directoryEntry]$root = (New-Object system.directoryservices.directoryEntry)
$ctx = New-Object System.DirectoryServices.AccountManagement.PrincipalContext([System.DirectoryServices.AccountManagement.ContextType]::Domain, $root.name)
$bolValid = $ctx.ValidateCredentials($psCred.UserName, $psCred.GetNetworkCredential().Password)
}
return $bolValid
}
#==========================================================================
# Function : GetTokenGroups
# Arguments : Principal DistinguishedName string
# Returns : ArrayList of groups names
# Description : Group names of all sids in tokenGroups
#==========================================================================
Function GetTokenGroups {
Param($PrincipalDN,
[bool] $bolCreds,
[parameter(Mandatory = $false)]
[System.Management.Automation.PSCredential] $Creds)
$script:bolErr = $false
$tokenGroups = New-Object System.Collections.ArrayList
$tokenGroups.Clear()
if ($bolCreds -eq $true) {
$objADObject = new-object DirectoryServices.DirectoryEntry("LDAP://$global:strPinDomDC/$PrincipalDN", $Creds.UserName, $Creds.GetNetworkCredential().Password)
}
else {
$objADObject = new-object DirectoryServices.DirectoryEntry("LDAP://$global:strPinDomDC/$PrincipalDN")
}
if ( $global:strDomainPrinDNName -eq $global:strDomainDNName ) {
$objADObject.psbase.RefreshCache("tokenGroups")
$SIDs = $objADObject.psbase.Properties.Item("tokenGroups")
}
else {
$objADObject.psbase.RefreshCache("tokenGroupsGlobalandUniversal")
$SIDs = $objADObject.psbase.Properties.Item("tokenGroupsGlobalandUniversal")
}
$ownerSIDs = $objADObject.psbase.Properties.Item("objectSID").tostring()
# Populate hash table with security group memberships.
$arrForeignSecGroups = FindForeignSecPrinMemberships $global:strDomainDNName $global:strDC $(GenerateSearchAbleSID $ownerSIDs)
foreach ($ForeignMemb in $arrForeignSecGroups) {
if ($null -ne $ForeignMemb ) {
if ($ForeignMemb.tostring().length -gt 0 ) {
[void]$tokenGroups.add($ForeignMemb)
}
}
}
ForEach ($Value In $SIDs) {
$SID = New-Object System.Security.Principal.SecurityIdentifier $Value, 0
# Translate into "pre-Windows 2000" name.
& { #Try
$Script:Group = $SID.Translate([System.Security.Principal.NTAccount])
}
Trap [SystemException] {
$script:bolErr = $true
$script:sidstring = GetSidStringFromSidByte $Value
continue
}
if ($script:bolErr -eq $false) {
[void]$tokenGroups.Add($Script:Group.Value)
}
else {
[void]$tokenGroups.Add($script:sidstring)
$script:bolErr = $false
}
$arrForeignSecGroups = FindForeignSecPrinMemberships $global:strDomainDNName $global:strDC $(GenerateSearchAbleSID $Value)
foreach ($ForeignMemb in $arrForeignSecGroups) {
if ($null -ne $ForeignMemb ) {
if ($ForeignMemb.tostring().length -gt 0 ) {
[void]$tokenGroups.add($ForeignMemb)
}
}
}
}
[void]$tokenGroups.Add("Everyone")
[void]$tokenGroups.Add("NT AUTHORITY\Authenticated Users")
if (($global:strPrinDomAttr -eq 14) -or ($global:strPrinDomAttr -eq 18) -or ($global:strPrinDomAttr -eq "5C") -or ($global:strPrinDomAttr -eq "1C") -or ($global:strPrinDomAttr -eq "44") -or ($global:strPrinDomAttr -eq "54") -or ($global:strPrinDomAttr -eq "50")) {
[void]$tokenGroups.Add("NT AUTHORITY\Other Organization")
}
else {
[void]$tokenGroups.Add("NT AUTHORITY\This Organization")
}
Return $tokenGroups
}
#==========================================================================
# Function : GenerateSearchAbleSID
# Arguments : SID Decimal form Value as string
# Returns : SID in String format for LDAP searcheds
# Description : Convert SID from decimal to hex with "\" for searching with LDAP
#==========================================================================
Function GenerateSearchAbleSID {
Param([String] $SidValue)
$SidDec = $SidValue.tostring().split("")
Foreach ($intSID in $SIDDec) {
[string] $SIDHex = "{0:X2}" -f [int] $intSID
$strSIDHextString = $strSIDHextString + "\" + $SIDHex
}
return $strSIDHextString
}
#==========================================================================
# Function : FindForeignSecPrinMemberships
# Arguments : SID Decimal form Value as string
# Returns : SID in String format for LDAP searcheds
# Description : Convert SID from decimal to hex with "\" for searching with LDAP
#==========================================================================
Function FindForeignSecPrinMemberships {
Param([string] $strLocalDomDN, [string] $strDC, [string] $strSearchAbleSID)
$arrForeignMembership = New-Object System.Collections.ArrayList
[void]$arrForeignMembership.clear()
$domaininfo = new-object DirectoryServices.DirectoryEntry("LDAP://$strDC/CN=ForeignSecurityPrincipals,$strLocalDomDN")
$srch = New-Object System.DirectoryServices.DirectorySearcher($domaininfo)
$srch.SizeLimit = 100
$strFilter = "(&(objectSID=$strSearchAbleSID))"
$srch.Filter = $strFilter
$srch.SearchScope = "Subtree"
$res = $srch.FindOne()
if ($res) {
$objPrincipal = $res.GetDirectoryEntry()
$objPrincipal.psbase.RefreshCache("memberof")
Foreach ($member in @($objPrincipal.psbase.Properties.Item("memberof"))) {
$objmember = new-object DirectoryServices.DirectoryEntry("LDAP://$strDC/$member")
$objmember.psbase.RefreshCache("msDS-PrincipalName")
$strPrinName = $($objmember.psbase.Properties.Item("msDS-PrincipalName"))
if (($strPrinName -eq "") -or ($null -eq $strPrinName)) {
$strNETBIOSNAME = $global:strPrinDomFlat
$strPrinName = "$strNETBIOSNAME\$($objmember.psbase.Properties.Item("samAccountName"))"
}
[void]$arrForeignMembership.add($strPrinName)
}
}
return $arrForeignMembership
}
#==========================================================================
# Function : GetSidStringFromSidByte
# Arguments : SID Value in Byte[]
# Returns : SID in String format
# Description : Convert SID from Byte[] to String
#==========================================================================
Function GetSidStringFromSidByte {
Param([byte[]] $SidByte)
$objectSid = [byte[]]$SidByte
$sid = New-Object System.Security.Principal.SecurityIdentifier($objectSid, 0)
$sidString = ($sid.value).ToString()
return $sidString
}
#==========================================================================
# Function : GetSecPrinDN
# Arguments : samAccountName
# Returns : DistinguishedName
# Description : Search Security Principal and Return DistinguishedName
#==========================================================================
Function GetSecPrinDN {
Param([string] $samAccountName,
[string] $strDomainDN,
[bool] $bolCreds,
[parameter(Mandatory = $false)]
[System.Management.Automation.PSCredential] $Creds)
if ($bolCreds -eq $true) {
$domaininfo = new-object DirectoryServices.DirectoryEntry("LDAP://$strDomainDN", $Creds.UserName, $Creds.GetNetworkCredential().Password)
}
else {
$domaininfo = new-object DirectoryServices.DirectoryEntry("LDAP://$strDomainDN")
}
$srch = New-Object System.DirectoryServices.DirectorySearcher($domaininfo)
$srch.SizeLimit = 100
$strFilter = "(&(samAccountName=$samAccountName))"
$srch.Filter = $strFilter
$srch.SearchScope = "Subtree"
$res = $srch.FindOne()
if ($res) {
$objPrincipal = $res.GetDirectoryEntry()
$global:strPrincipalDN = $objPrincipal.distinguishedName
}
else {
$global:strPrincipalDN = ""
}
return $global:strPrincipalDN
}
#==========================================================================
# Function : GetSchemaObjectGUID
# Arguments : Object Guid or Rights Guid
# Returns : LDAPDisplayName or DisplayName
# Description : Searches in the dictionaries(Hash) dicRightsGuids and $global:dicSchemaIDGUIDs and in Schema
# for the name of the object or Extended Right, if found in Schema the dicRightsGuids is updated.
# Then the functions return the name(LDAPDisplayName or DisplayName).
#==========================================================================
Function GetSchemaObjectGUID {
Param([string] $Domain)
[string] $strOut = ""
[string] $objSchemaRecordset = ""
[string] $strLDAPname = ""
[void]$combObjectFilter.Items.Clear()
BuildSchemaDic
foreach ($ldapDisplayName in $global:dicSchemaIDGUIDs.values) {
[void]$combObjectFilter.Items.Add($ldapDisplayName)
}
if ($Domain -eq "") {
# Connect to RootDSE
$rootDSE = [ADSI]"LDAP://$global:strDC/RootDSE"
#Connect to the Configuration Naming Context
$schemaSearchRoot = [ADSI]("LDAP://$global:strDC/" + $rootDSE.Get("schemaNamingContext"))
}
else {
$rootDSE = [ADSI]"LDAP://$global:strDC/$Domain"
$schemaSearchRoot = [ADSI]("LDAP://$global:strDC/" + $rootDSE.Get("objectCategory"))
$schemaSearchRoot = $schemaSearchRoot.path.replace("LDAP://$global:strDC/CN=Domain-DNS,", "")
$schemaSearchRoot = [ADSI]("LDAP://$global:strDC/" + $schemaSearchRoot)
}
$searcher = new-object System.DirectoryServices.DirectorySearcher($schemaSearchRoot)
$searcher.PropertiesToLoad.addrange(('cn', 'name', 'distinguishedNAme', 'lDAPDisplayName', 'schemaIDGUID'))
$searcher.PageSize = 1000
$searcher.filter = "(&(schemaIDGUID=*))"
$colResults = $searcher.FindAll()
$intCounter = 0
foreach ($objResult in $colResults) {
$objSchemaObject = $objResult.Properties
$strLDAPname = $objSchemaObject.item("lDAPDisplayName")[0]
$guidGUID = [System.GUID]$objSchemaObject.item("schemaIDGUID")[0]
$strGUID = $guidGUID.toString().toUpper()
If (!($global:dicSchemaIDGUIDs.ContainsKey($strGUID))) {
$global:dicSchemaIDGUIDs.Add($strGUID, $strLDAPname)
$global:dicNameToSchemaIDGUIDs.Add($strLDAPname, $strGUID)
[void]$combObjectFilter.Items.Add($strLDAPname)
}
}
return $strOut
}
#==========================================================================
# Function : Get-ADSchemaClass
# Arguments : string class,string domain controller,credentials
# Returns : Class Object
# Description : Get AD Schema Class
#==========================================================================
function Get-ADSchemaClass {
Param($Class = ".*")
$ADSchemaClass = $global:Forest.Schema.FindAllClasses() | Where-Object { $_.Name -match "^$Class`$" }
return $ADSchemaClass
}
#==========================================================================
# Function : CheckDNExist
# Arguments : string distinguishedName
# Returns : Boolean
# Description : Check If distinguishedName exist
#==========================================================================
function CheckDNExist {
Param (
$sADobjectName
)
$sADobjectName = "LDAP://" + $sADobjectName
$ADobject = [ADSI] $sADobjectName
If ($null -eq $ADobject.distinguishedName)
{ return $false }
else
{ return $true }
}
#==========================================================================
# Function : ReverseString
# Arguments : string
# Returns : string backwards
# Description : Turn a string backwards
#==========================================================================
Function ReverseString {
param ($string)
ForEach ($char in $string) {
([regex]::Matches($char, '.', 'RightToLeft') | ForEach-Object { $_.value }) -join ''
}
}
#==========================================================================
# Function : GetAllChildNodes
# Arguments : Node distinguishedName
# Returns : List of Nodes
# Description : Search for a Node and returns distinguishedName
#==========================================================================
function GetAllChildNodes {
param ($firstnode,
[boolean] $bolSubtree)
$nodelist = New-Object System.Collections.ArrayList
$nodelist2 = New-Object System.Collections.ArrayList
$nodelist.Clear()
$nodelist2.Clear()
# Add all Children found as Sub Nodes to the selected TreeNode
$strFilterAll = "(&(objectClass=*))"
$strFilterContainer = "(&(|(objectClass=organizationalUnit)(objectClass=container)(objectClass=DomainDNS)(objectClass=dMD)))"
$strFilterOU = "(&(|(objectClass=organizationalUnit)(objectClass=DomainDNS)(objectClass=dMD)))"
$srch = New-Object System.DirectoryServices.DirectorySearcher
if ($firstnode -match "/") {
$firstnode = $firstnode.Replace("/", "\/")
}
$srch.SearchRoot = "LDAP://$firstnode"
If ($rdbScanAll.checked -eq $true) {
$srch.Filter = $strFilterAll
}
If ($rdbScanOU.checked -eq $true) {
$srch.Filter = $strFilterOU
}
If ($rdbScanContainer.checked -eq $true) {
$srch.Filter = $strFilterContainer
}
if ($bolSubtree -eq $true) {
$srch.SearchScope = "Subtree"
}
else {
$srch.SearchScope = "onelevel"
}
$srch.PageSize = 1000
$srch.PropertiesToLoad.addrange(('cn', 'distinguishedNAme'))
foreach ($res in $srch.FindAll()) {
$oNode = $res.GetDirectoryEntry()
[void] $nodelist.Add($(ReverseString -String $oNode.distinguishedName))
}
if ($bolSubtree -eq $false) {
[void] $nodelist.Add($(ReverseString -String $firstnode))
}
foreach ($bkwrNode in $($nodelist | Sort-Object)) {
[void] $nodelist2.Add($(ReverseString -String $bkwrNode))
}
return $nodelist2
}
#==========================================================================
# Function : Get-DomainDNfromFQDN
# Arguments : Domain FQDN
# Returns : Domain DN
# Description : Take domain FQDN as input and returns Domain name
# in DN
#==========================================================================
function Get-DomainDNfromFQDN {
Param($strDomainFQDN)
$strADObjectDNModified = $strDomainFQDN.tostring().Replace(".", ",DC=")
$strDomDN = "DC=" + $strADObjectDNModified
return $strDomDN
}
#==========================================================================
# Function : Get-DomainDN
# Arguments : string AD object distinguishedName
# Returns : Domain DN
# Description : Take dinstinguishedName as input and returns Domain name
# in DN
#==========================================================================
function Get-DomainDN {
Param($strADObjectDN)
$strADObjectDNModified = $strADObjectDN.Replace(",DC=", "*")
[array]$arrDom = $strADObjectDNModified.split("*")
$intSplit = ($arrDom).count - 1
$strDomDN = ""
for ($i = $intSplit; $i -ge 1; $i-- ) {
if ($i -eq 1) {
$strDomDN = "DC=" + $arrDom[$i] + $strDomDN
}
else {
$strDomDN = ",DC=" + $arrDom[$i] + $strDomDN
}
}
return $strDomDN
}
#==========================================================================
# Function : Get-DomainFQDN
# Arguments : string AD object distinguishedName
# Returns : Domain FQDN
# Description : Take dinstinguishedName as input and returns Domain name
# in FQDN
#==========================================================================
function Get-DomainFQDN {
Param($strADObjectDN)
$strADObjectDNModified = $strADObjectDN.Replace(",DC=", "*")
[array]$arrDom = $strADObjectDNModified.split("*")
$intSplit = ($arrDom).count - 1
$strDomName = ""
for ($i = $intSplit; $i -ge 1; $i-- ) {
if ($i -eq $intSplit) {
$strDomName = $arrDom[$i] + $strDomName
}
else {
$strDomName = $arrDom[$i] + "." + $strDomName
}
}
return $strDomName
}
#==========================================================================
# Function : GetDomainShortName
# Arguments : domain name
# Returns : N/A
# Description : Search for short domain name
#==========================================================================
function GetDomainShortName {
Param($strDomain,
[string]$strForestDN)
$objDomain = [ADSI]"LDAP://$global:strDC/$strDomain"
$ReturnShortName = ""
$strRootPath = "LDAP://$global:strDC/CN=Partitions,CN=Configuration,$strForestDN"
$root = [ADSI]$strRootPath
$ads = New-Object System.DirectoryServices.DirectorySearcher($root)
$ads.PropertiesToLoad.addrange(('cn', 'distinguishedNAme', 'nETBIOSName'))
$ads.filter = "(&(objectClass=crossRef)(nCName=$strDomain))"
$s = $ads.FindOne()
If ($s) {
$ReturnShortName = $s.GetDirectoryEntry().nETBIOSName
}
else {
$ReturnShortName = ""
}
return $ReturnShortName
}
#==========================================================================
# Function : GetNCShortName
# Arguments : AD NamingContext distinguishedName
# Returns : N/A
# Description : Return CN of NC
#==========================================================================
function GetNCShortName {
Param($strNode)
$objNC = [ADSI]"LDAP://$global:strDC/$strNode"
Switch -regex ($objNC.objectCategory) {
"CN=Domain-DNS,CN=Schema,CN=Configuration"
{ [string]$strNCcn = $objNC.name }
"CN=Configuration,CN=Schema,CN=Configuration"
{ [string]$strNCcn = $objNC.cn }
"CN=DMD,CN=Schema,CN=Configuration"
{ [string]$strNCcn = $objNC.cn }
}
return $strNCcn
}
#==========================================================================
# Function : Check-PermDef
# Arguments : Trustee Name,Right,Allow/Deny,object guid,Inheritance,Inheritance object guid
# Returns : Boolean
# Description : Compares the Security Descriptor with the DefaultSecurity
#==========================================================================
Function Check-PermDef {
Param($objNodeDefSD,
[string]$strTrustee,
[string]$adRights,
[string]$InheritanceType,
[string]$ObjectTypeGUID,
[string]$InheritedObjectTypeGUID,
[string]$ObjectFlags,
[string]$AccessControlType,
[string]$IsInherited,
[string]$InheritedFlags,
[string]$PropFlags)
$SDResult = $false
$Identity = "$strTrustee"
$sdOUDef = $objNodeDefSD | ForEach-Object { $_.DefaultObjectSecurityDescriptor } | ForEach-Object { $objNodeDefSD.DefaultObjectSecurityDescriptor.access }
$index = 0
while ($index -le $sdOUDef.count - 1) {
if (($sdOUDef[$index].IdentityReference -eq $strTrustee) -and ($sdOUDef[$index].ActiveDirectoryRights -eq $adRights) -and ($sdOUDef[$index].AccessControlType -eq $AccessControlType) -and ($sdOUDef[$index].ObjectType -eq $ObjectTypeGUID) -and ($sdOUDef[$index].InheritanceType -eq $InheritanceType) -and ($sdOUDef[$index].InheritedObjectType -eq $InheritedObjectTypeGUID)) {
$SDResult = $true
}#} #End If
$index++
} #End While
return $SDResult
}
#==========================================================================
# Function : CacheRightsGuids
# Arguments : none
# Returns : nothing
# Description : Enumerates all Extended Rights and put them in a Hash dicRightsGuids
#==========================================================================
Function CacheRightsGuids([string] $Domain) {
if (!$Domain) {
# Connect to RootDSE
$rootDSE = [ADSI]"LDAP://RootDSE"
#Connect to the Configuration Naming Context
$configSearchRoot = [ADSI]("LDAP://CN=Extended-Rights," + $rootDSE.Get("configurationNamingContext"))
}
else {
$rootDSE = [ADSI]"LDAP://$global:strDC/$Domain"
$configSearchRoot = [ADSI]("LDAP://$global:strDC/" + $rootDSE.Get("objectCategory"))
$configSearchRoot = $configSearchRoot.psbase.path.replace("LDAP://CN=Domain-DNS,CN=Schema,", "")
$configSearchRoot = [ADSI]("LDAP://$global:strDC/CN=Extended-Rights,CN=Configuration," + $global:ForestRootDomainDN)
}
$searcher = new-object System.DirectoryServices.DirectorySearcher($configSearchRoot)
$searcher.PropertiesToLoad.("cn", "name", "distinguishedNAme", "rightsGuid")
$searcher.filter = "(&(objectClass=controlAccessRight))"
$colResults = $searcher.FindAll()
$intCounter = 0
foreach ($objResult in $colResults) {
$objExtendedRightsObject = $objResult.Properties
If (($objExtendedRightsObject.item("validAccesses") -eq 48) -or ($objExtendedRightsObject.item("validAccesses") -eq 256)) {
$strRightDisplayName = $objExtendedRightsObject.item("displayName")
$strRightGuid = $objExtendedRightsObject.item("rightsGuid")
$strRightGuid = $($strRightGuid).toString()
$global:dicRightsGuids.Add($strRightGuid, $strRightDisplayName)
}
$intCounter++
}
}
#==========================================================================
# Function : MapGUIDToMatchingName
# Arguments : Object Guid or Rights Guid
# Returns : LDAPDisplayName or DisplayName
# Description : Searches in the dictionaries(Hash) dicRightsGuids and $global:dicSchemaIDGUIDs and in Schema
# for the name of the object or Extended Right, if found in Schema the dicRightsGuids is updated.
# Then the functions return the name(LDAPDisplayName or DisplayName).
#==========================================================================
Function MapGUIDToMatchingName {
Param([string] $strGUIDAsString, [string] $Domain)
[string] $strOut = ""
[string] $objSchemaRecordset = ""
[string] $strLDAPname = ""
If ($strGUIDAsString -eq "") {
Break
}
$strGUIDAsString = $strGUIDAsString.toUpper()
$strOut = ""
if ($global:dicRightsGuids.ContainsKey($strGUIDAsString)) {
$strOut = $global:dicRightsGuids.Item($strGUIDAsString)
}
If ($strOut -eq "") {
#Didn't find a match in extended rights
If ($global:dicSchemaIDGUIDs.ContainsKey($strGUIDAsString)) {
$strOut = $global:dicSchemaIDGUIDs.Item($strGUIDAsString)
}
else {
if ($strGUIDAsString -match ("^(\{){0,1}[0-9a-fA-F]{8}\-[0-9a-fA-F]{4}\-[0-9a-fA-F]{4}\-[0-9a-fA-F]{4}\-[0-9a-fA-F]{12}(\}){0,1}$")) {
$ConvertGUID = ConvertGUID($strGUIDAsString)
if (!($Domain -eq "")) {
# Connect to RootDSE
$rootDSE = [ADSI]"LDAP://RootDSE"
#Connect to the Configuration Naming Context
$schemaSearchRoot = [ADSI]("LDAP://" + $rootDSE.Get("schemaNamingContext"))
}
else {
$rootDSE = [ADSI]"LDAP://$global:strDC/$Domain"
$schemaSearchRoot = [ADSI]("LDAP://$global:strDC/" + $rootDSE.Get("objectCategory"))
$schemaSearchRoot = $schemaSearchRoot.path.replace("LDAP://CN=Domain-DNS,", "")
$schemaSearchRoot = [ADSI]("LDAP://$global:strDC/" + $schemaSearchRoot)
}
$searcher = new-object System.DirectoryServices.DirectorySearcher($schemaSearchRoot)
$searcher.PropertiesToLoad.addrange(('cn', 'name', 'distinguishedNAme', 'lDAPDisplayName'))
$searcher.filter = "(&(schemaIDGUID=$ConvertGUID))"
$Object = $searcher.FindOne()
if ($Object) {
$objSchemaObject = $Object.Properties
$strLDAPname = $objSchemaObject.item("lDAPDisplayName")[0]
$global:dicSchemaIDGUIDs.Add($strGUIDAsString.toUpper(), $strLDAPname)
$strOut = $strLDAPname
}
}
}
}
return $strOut
}
#==========================================================================
# Function : ConvertGUID
# Arguments : Object Guid or Rights Guid
# Returns : AD Searchable GUID String
# Description : Convert a GUID to a string
#==========================================================================
function ConvertGUID($guid) {
$test = "(.{2})(.{2})(.{2})(.{2})(.{2})(.{2})(.{2})(.{2})(.{2})(.{2})(.{2})(.{2})(.{2})(.{2})(.{2})(.{2})"
$pattern = '"\$4\$3\$2\$1\$6\$5\$8\$7\$9\$10\$11\$12\$13\$14\$15\$16"'
$ConvertGUID = [regex]::Replace($guid.replace("-", ""), $test, $pattern).Replace("`"", "")
return $ConvertGUID
}
#==========================================================================
# Function : fixfilename
# Arguments : Text for naming text file
# Returns : Text with replace special characters
# Description : Replace characters that be contained in a file name.
#==========================================================================
function fixfilename([string] $strFileName) {
$strFileName = $strFileName.Replace("*", "#")
$strFileName = $strFileName.Replace("/", "#")
$strFileName = $strFileName.Replace("\", "#")
$strFileName = $strFileName.Replace(":", "#")
$strFileName = $strFileName.Replace("<", "#")
$strFileName = $strFileName.Replace(">", "#")
$strFileName = $strFileName.Replace("|", "#")
$strFileName = $strFileName.Replace('"', "#")
$strFileName = $strFileName.Replace('?', "#")
return $strFileName
}
#==========================================================================
# Function : WritePermCSV
# Arguments : Security Descriptor, OU distinguishedName, Ou put text file
# Returns : n/a
# Description : Writes the SD to a text file.
#==========================================================================
function WritePermCSV($sd, [string]$ou, [string] $fileout, [bool] $ACLMeta, [string] $strACLDate, [string] $strInvocationID, [string] $strOrgUSN) {
$sd | ForEach-Object {
If ($global:dicDCSpecialSids.ContainsKey($_.IdentityReference.toString())) {
$strAccName = $global:dicDCSpecialSids.Item($_.IdentityReference.toString())
}
else {
$strAccName = $_.IdentityReference.toString()
}
If ($ACLMeta -eq $true) {
$ou + ";" + `
$_.IdentityReference.toString() + ";" + `
$_.ActiveDirectoryRights.toString() + ";" + `
$_.InheritanceType.toString() + ";" + `
$_.ObjectType.toString() + ";" + `
$_.InheritedObjectType.toString() + ";" + `
$_.ObjectFlags.toString() + ";" + `
$_.AccessControlType.toString() + ";" + `
$_.IsInherited.toString() + ";" + `
$_.InheritanceFlags.toString() + ";" + `
$_.PropagationFlags.toString() + ";" + `
$strACLDate.toString() + ";" + `
$strInvocationID.toString() + ";" + `
$strOrgUSN.toString() + ";" | Out-File -Append -FilePath $fileout
}
else {
$ou + ";" + `
$_.IdentityReference.toString() + ";" + `
$_.ActiveDirectoryRights.toString() + ";" + `
$_.InheritanceType.toString() + ";" + `
$_.ObjectType.toString() + ";" + `
$_.InheritedObjectType.toString() + ";" + `
$_.ObjectFlags.toString() + ";" + `
$_.AccessControlType.toString() + ";" + `
$_.IsInherited.toString() + ";" + `
$_.InheritanceFlags.toString() + ";" + `
$_.PropagationFlags.toString() + ";;;;" | Out-File -Append -FilePath $fileout
}
}
}
#==========================================================================
# Function : ConvertSidTo-Name
# Arguments : SID string
# Returns : Friendly Name of Security Object
# Description : Try to translate the SID if it fails it try to match a Well-Known.
#==========================================================================
function ConvertSidTo-Name($server, $sid) {
$ID = New-Object System.Security.Principal.SecurityIdentifier($sid)
& { #Try
$User = $ID.Translate( [System.Security.Principal.NTAccount])
$strAccName = $User.Value
}
Trap [SystemException] {
If ($global:dicWellKnownSids.ContainsKey($sid)) {
$strAccName = $global:dicWellKnownSids.Item($sid)
return $strAccName
}
; Continue
}
If ($global:dicSidToName.ContainsKey($sid)) {
$strAccName = $global:dicSidToName.Item($sid)
}
else {
$objSID = [ADSI]"LDAP://$server/<SID=$sid>"
$strAccName = $objSID.samAccountName
$global:dicSidToName.Add($sid, $strAccName)
}
If ($strAccName -eq $nul) {
$strAccName = $sid
}
return $strAccName
}
#==========================================================================
# Function : WriteHTM
# Arguments : Security Descriptor, OU dn string, Output htm file
# Returns : n/a
# Description : Wites the SD info to a HTM table, it appends info if the file exist
#==========================================================================
function WriteHTM([bool] $bolACLExist, $sd, [string]$ou, [bool] $OUHeader, [string] $strColorTemp, [string] $htmfileout, [bool] $CompareMode, [bool] $FilterMode, [bool]$boolReplMetaDate, [string]$strReplMetaDate, [bool]$boolACLSize, [string]$strACLSize, [bool]$boolOUProtected, [bool]$bolOUPRotected, [bool]$bolCriticalityLevel) {
$strTHOUColor = "E5CF00"
$strTHColor = "EFAC00"
$strLegendColor = ""
$strLegendTextVal = "Info"
$strLegendTextInfo = "Info"
$strLegendTextLow = "Low"
$strLegendTextMedium = "Medium"
$strLegendTextWarning = "Warning"
$strLegendTextCritical = "Critical"
$strLegendColorInfo = @"
bgcolor="#A4A4A4"
"@
$strLegendColorLow = @"
bgcolor="#0099FF"
"@
$strLegendColorMedium = @"
bgcolor="#FFFF00"
"@
$strLegendColorWarning = @"
bgcolor="#FFCC00"
"@
$strLegendColorCritical = @"
bgcolor="#DF0101"
"@
$strFont = @"
<FONT size="1" face="verdana, hevetica, arial">
"@
$strFontRights = @"
<FONT size="1" face="verdana, hevetica, arial">
"@
$strFontOU = @"
<FONT size="1" face="verdana, hevetica, arial">
"@
$strFontTH = @"
<FONT size="2" face="verdana, hevetica, arial">
"@
If ($OUHeader -eq $true) {
if ($boolReplMetaDate -eq $true) {
if ($boolACLSize -eq $true) {
if ($boolOUProtected -eq $true) {
if ($bolOUProtected -eq $true) {
$strHTMLText = @"
<TR bgcolor="$strTHOUColor"><TD><b>$strFontOU $strReplMetaDate</b><TD><b>$strFontOU $strACLSize bytes</b><TD bgcolor="FF0000"><b>$strFontOU $bolOUProtected</b><TD><b>$strFontOU $ou</b></TR>
"@
}
else {
$strHTMLText = @"
<TR bgcolor="$strTHOUColor"><TD><b>$strFontOU $strReplMetaDate</b><TD><b>$strFontOU $strACLSize bytes</b><TD><b>$strFontOU $bolOUProtected</b><TD><b>$strFontOU $ou</b></TR>
"@
}
}
else {
$strHTMLText = @"
<TR bgcolor="$strTHOUColor"><TD><b>$strFontOU $strReplMetaDate</b><TD><b>$strFontOU $strACLSize bytes</b><TD><b>$strFontOU $ou</b></TR>
"@
}
}
else {
if ($boolOUProtected -eq $true) {
if ($bolOUProtected -eq $true) {
$strHTMLText = @"
<TR bgcolor="$strTHOUColor"><TD><b>$strFontOU $strReplMetaDate</b><TD bgcolor="FF0000"><b>$strFontOU $bolOUProtected</b><TD><b>$strFontOU $ou</b></TR>
"@
}
else {
$strHTMLText = @"
<TR bgcolor="$strTHOUColor"><TD><b>$strFontOU $strReplMetaDate</b><TD><b>$strFontOU $bolOUProtected</b><TD><b>$strFontOU $ou</b></TR>
"@
}
}
else {
$strHTMLText = @"
<TR bgcolor="$strTHOUColor"><TD><b>$strFontOU $strReplMetaDate</b><TD><b>$strFontOU $ou</b></TR>
"@
}
}
}
else {
if ($boolACLSize -eq $true) {
if ($boolOUProtected -eq $true) {
if ($bolOUProtected -eq $true) {
$strHTMLText = @"
<TR bgcolor="$strTHOUColor"><TD><b>$strFontOU $strACLSize bytes</b><TD bgcolor="FF0000"><b>$strFontOU $bolOUProtected</b><TD><b>$strFontOU $ou</b></TR>
"@
}
else {
$strHTMLText = @"
<TR bgcolor="$strTHOUColor"><TD><b>$strFontOU $strACLSize bytes</b><TD><b>$strFontOU $bolOUProtected</b><TD><b>$strFontOU $ou</b></TR>
"@
}
}
else {
$strHTMLText = @"
<TR bgcolor="$strTHOUColor"><TD><b>$strFontOU $strACLSize bytes</b><TD><b>$strFontOU $ou</b></TR>
"@
}
}
else {
if ($boolOUProtected -eq $true) {
if ($bolOUProtected -eq $true) {
$strHTMLText = @"
<TR bgcolor="$strTHOUColor"><TD bgcolor="FF0000"><b>$strFontOU $bolOUProtected</b><TD><b>$strFontOU $ou</b></TR>
"@
}
else {
$strHTMLText = @"
<TR bgcolor="$strTHOUColor"><TD><b>$strFontOU $bolOUProtected</b><TD><b>$strFontOU $ou</b></TR>
"@
}
}
else {
$strHTMLText = @"
<TR bgcolor="$strTHOUColor"><TD><b>$strFontOU $ou</b></TR>
"@
}
}
}
} #End If
Switch ($strColorTemp) {
"1" {
$strColor = "DDDDDD"
$strColorTemp = "2"
}
"2" {
$strColor = "AAAAAA"
$strColorTemp = "1"
}
"3" {
$strColor = "FF1111"
}
"4" {
$strColor = "00FFAA"
}
"5" {
$strColor = "FFFF00"
}
}# End Switch
if ($bolACLExist) {
$sd | ForEach-Object {
$objAccess = $($_.AccessControlType.toString())
$objFlags = $($_.ObjectFlags.toString())
$objType = $($_.ObjectType.toString())
$objInheritedType = $($_.InheritedObjectType.toString())
$objRights = $($_.ActiveDirectoryRights.toString())
$objInheritanceType = $($_.InheritanceType.toString())
if ($chkBoxEffectiveRightsColor.checked -eq $false) {
Switch ($objRights) {
"DeleteChild, DeleteTree, Delete" {
$objRights = "DeleteChild, DeleteTree, Delete"
}
"GenericRead" {
$objRights = "Read Permissions,List Contents,Read All Properties,List"
}
"CreateChild" {
$objRights = "Create"
}
"DeleteChild" {
$objRights = "Delete"
}
"GenericAll" {
$objRights = "Full Control"
}
"CreateChild, DeleteChild" {
$objRights = "Create/Delete"
}
"ReadProperty" {
Switch ($objInheritanceType) {
"None" {
Switch ($objFlags) {
"ObjectAceTypePresent" {
$objRights = "Read"
}
"ObjectAceTypePresent, InheritedObjectAceTypePresent" {
$objRights = "Read"
}
default
{ $objRights = "Read All Properties" }
}#End switch
}
"Children" {
Switch ($objFlags) {
"ObjectAceTypePresent" {
$objRights = "Read"
}
"ObjectAceTypePresent, InheritedObjectAceTypePresent" {
$objRights = "Read"
}
default
{ $objRights = "Read All Properties" }
}#End switch
}
"Descendents" {
Switch ($objFlags) {
"ObjectAceTypePresent" {
$objRights = "Read"
}
"ObjectAceTypePresent, InheritedObjectAceTypePresent" {
$objRights = "Read"
}
default
{ $objRights = "Read All Properties" }
}#End switch
}
default
{ $objRights = "Read All Properties" }
}#End switch
}
"ReadProperty, WriteProperty" {
$objRights = "Read All Properties;Write All Properties"
}
"WriteProperty" {
Switch ($objInheritanceType) {
"None" {
Switch ($objFlags) {
"ObjectAceTypePresent" {
$objRights = "Write"
}
"ObjectAceTypePresent, InheritedObjectAceTypePresent" {
$objRights = "Write"
}
default
{ $objRights = "Write All Properties" }
}#End switch
}
"Children" {
Switch ($objFlags) {
"ObjectAceTypePresent" {
$objRights = "Write"
}
"ObjectAceTypePresent, InheritedObjectAceTypePresent" {
$objRights = "Write"
}
default
{ $objRights = "Write All Properties" }
}#End switch
}
"Descendents" {
Switch ($objFlags) {
"ObjectAceTypePresent" {
$objRights = "Write"
}
"ObjectAceTypePresent, InheritedObjectAceTypePresent" {
$objRights = "Write"
}
default
{ $objRights = "Write All Properties" }
}#End switch
}
default
{ $objRights = "Write All Properties" }
}#End switch
}
}# End Switch
}
else {
Switch ($objRights) {
"ListChildren" {
If ($objAccess -eq "Allow") {
$strLegendColor = $strLegendColorInfo
$strLegendTextVal = $strLegendTextInfo
}
}
"Modify permissions" {
$strLegendColor = $strLegendColorCritical
$strLegendTextVal = $strLegendTextCritical
}
"DeleteChild, DeleteTree, Delete" {
If ($objAccess -eq "Allow") {
$strLegendColor = $strLegendColorWarning
$strLegendTextVal = $strLegendTextWarning
}
$objRights = "DeleteChild, DeleteTree, Delete"
}
"Delete" {
If ($objAccess -eq "Allow") {
$strLegendColor = $strLegendColorWarning
$strLegendTextVal = $strLegendTextWarning
}
}
"GenericRead" {
If ($objAccess -eq "Allow") {
$strLegendColor = $strLegendColorLow
$strLegendTextVal = $strLegendTextLow
}
$objRights = "Read Permissions,List Contents,Read All Properties,List"
}
"CreateChild" {
If ($objAccess -eq "Allow") {
$strLegendColor = $strLegendColorWarning
$strLegendTextVal = $strLegendTextWarning
}
$objRights = "Create"
}
"DeleteChild" {
If ($objAccess -eq "Allow") {
$strLegendColor = $strLegendColorWarning
$strLegendTextVal = $strLegendTextWarning
}
$objRights = "Delete"
}
"ExtendedRight" {
If ($objAccess -eq "Allow") {
$strLegendColor = $strLegendColorWarning
$strLegendTextVal = $strLegendTextWarning
}
}
"GenericAll" {
If ($objAccess -eq "Allow") {
$strLegendColor = $strLegendColorCritical
$strLegendTextVal = $strLegendTextCritical
}
$objRights = "Full Control"
}
"CreateChild, DeleteChild" {
If ($objAccess -eq "Allow") {
$strLegendColor = $strLegendColorWarning
$strLegendTextVal = $strLegendTextWarning
}
$objRights = "Create/Delete"
}
"ReadProperty" {
If ($objAccess -eq "Allow") {
$strLegendColor = $strLegendColorLow
$strLegendTextVal = $strLegendTextLow
}
Switch ($objInheritanceType) {
"None" {
Switch ($objFlags) {
"ObjectAceTypePresent" {
$objRights = "Read"
}
"ObjectAceTypePresent, InheritedObjectAceTypePresent" {
$objRights = "Read"
}
default
{ $objRights = "Read All Properties" }
}#End switch
}
"Children" {
Switch ($objFlags) {
"ObjectAceTypePresent" {
$objRights = "Read"
}
"ObjectAceTypePresent, InheritedObjectAceTypePresent" {
$objRights = "Read"
}
default
{ $objRights = "Read All Properties" }
}#End switch
}
"Descendents" {
Switch ($objFlags) {
"ObjectAceTypePresent" {
$objRights = "Read"
}
"ObjectAceTypePresent, InheritedObjectAceTypePresent" {
$objRights = "Read"
}
default
{ $objRights = "Read All Properties" }
}#End switch
}
default
{ $objRights = "Read All Properties" }
}#End switch
}
"ReadProperty, WriteProperty" {
If ($objAccess -eq "Allow") {
$strLegendTextVal = $strLegendTextMedium
$strLegendColor = $strLegendColorMedium
}
$objRights = "Read All Properties;Write All Properties"
}
"WriteProperty" {
If ($objAccess -eq "Allow") {
$strLegendColor = $strLegendColorMedium
$strLegendTextVal = $strLegendTextMedium
}
Switch ($objInheritanceType) {
"None" {
Switch ($objFlags) {
"ObjectAceTypePresent" {
$objRights = "Write"
}
"ObjectAceTypePresent, InheritedObjectAceTypePresent" {
$objRights = "Write"
}
default {
$objRights = "Write All Properties"
}
}#End switch
}
"Children" {
Switch ($objFlags) {
"ObjectAceTypePresent" {
$objRights = "Write"
}
"ObjectAceTypePresent, InheritedObjectAceTypePresent" {
$objRights = "Write"
}
default {
$objRights = "Write All Properties"
}
}#End switch
}
"Descendents" {
Switch ($objFlags) {
"ObjectAceTypePresent" {
$objRights = "Write"
}
"ObjectAceTypePresent, InheritedObjectAceTypePresent" {
$objRights = "Write"
}
default {
$objRights = "Write All Properties"
}
}#End switch
}
default {
$objRights = "Write All Properties"
}
}#End switch
}
default {
If ($objAccess -eq "Allow") {
if ($objRights -match "Write") {
$strLegendColor = $strLegendColorMedium
$strLegendTextVal = $strLegendTextMedium
}
if ($objRights -match "Create") {
$strLegendColor = $strLegendColorWarning
$strLegendTextVal = $strLegendTextWarning
}
if ($objRights -match "Delete") {
$strLegendColor = $strLegendColorWarning
$strLegendTextVal = $strLegendTextWarning
}
if ($objRights -match "ExtendedRight") {
$strLegendColor = $strLegendColorWarning
$strLegendTextVal = $strLegendTextWarning
}
if ($objRights -match "WriteDacl") {
$strLegendColor = $strLegendColorCritical
$strLegendTextVal = $strLegendTextCritical
}
if ($objRights -match "WriteOwner") {
$strLegendColor = $strLegendColorCritical
$strLegendTextVal = $strLegendTextCritical
}
}
}
}# End Switch
}
$strNTAccount = $($_.IdentityReference.toString())
If ($strNTAccount.contains("S-1-5")) {
$strNTAccount = ConvertSidTo-Name -server $global:strDomainLongName -Sid $strNTAccount
}
Switch ($strColorTemp) {
"1" {
$strColor = "DDDDDD"
$strColorTemp = "2"
}
"2" {
$strColor = "AAAAAA"
$strColorTemp = "1"
}
"3" {
$strColor = "FF1111"
}
"4" {
$strColor = "00FFAA"
}
"5" {
$strColor = "FFFF00"
}
}# End Switch
Switch ($objInheritanceType) {
"All" {
Switch ($objFlags) {
"InheritedObjectAceTypePresent" {
$strPerm = "$strFont This object and all child objects</TD><TD $strLegendColor>$strFontRights $objRights $(MapGUIDToMatchingName -strGUIDAsString $objInheritedType -Domain $global:strDomainDNName)</TD>"
}
"ObjectAceTypePresent" {
$strPerm = "$strFont This object and all child objects</TD><TD $strLegendColor>$strFontRights $objRights $(MapGUIDToMatchingName -strGUIDAsString $objType -Domain $global:strDomainDNName)</TD>"
}
"ObjectAceTypePresent, InheritedObjectAceTypePresent" {
$strPerm = "$strFont $(MapGUIDToMatchingName -strGUIDAsString $objInheritedType -Domain $global:strDomainDNName)</TD><TD $strLegendColor>$strFontRights $objRights $(MapGUIDToMatchingName -strGUIDAsString $objType -Domain $global:strDomainDNName)</TD>"
}
"None" {
$strPerm = "$strFont This object and all child objects</TD><TD $strLegendColor>$strFontRights $objRights</TD>"
}
default {
$strPerm = "Error: Failed to display permissions 1K"
}
}# End Switch
}
"Descendents" {
Switch ($objFlags) {
"InheritedObjectAceTypePresent" {
$strPerm = "$strFont $(MapGUIDToMatchingName -strGUIDAsString $objInheritedType -Domain $global:strDomainDNName)</TD><TD $strLegendColor>$strFontRights $objRights</TD>"
}
"None" {
$strPerm = "$strFont Child Objects Only</TD><TD $strLegendColor>$strFontRights $objRights</TD>"
}
"ObjectAceTypePresent" {
$strPerm = "$strFont Child Objects Only</TD><TD $strLegendColor>$strFontRights $objRights $(MapGUIDToMatchingName -strGUIDAsString $objType -Domain $global:strDomainDNName)</TD>"
}
"ObjectAceTypePresent, InheritedObjectAceTypePresent" {
$strPerm = "$strFont $(MapGUIDToMatchingName -strGUIDAsString $objInheritedType -Domain $global:strDomainDNName)</TD><TD $strLegendColor>$strFontRights $objRights $(MapGUIDToMatchingName -strGUIDAsString $objType -Domain $global:strDomainDNName)</TD>"
}
default {
$strPerm = "Error: Failed to display permissions 2K"
}
}
}
"None" {
Switch ($objFlags) {
"ObjectAceTypePresent" {
$strPerm = "$strFont This Object Only</TD><TD $strLegendColor>$strFontRights $objRights $(MapGUIDToMatchingName -strGUIDAsString $objType -Domain $global:strDomainDNName)</TD>"
}
"None" {
$strPerm = "$strFont This Object Only</TD><TD $strLegendColor>$strFontRights $objRights</TD>"
}
default {
$strPerm = "Error: Failed to display permissions 4K"
}
}
}
"SelfAndChildren" {
Switch ($objFlags) {
"ObjectAceTypePresent" {
$strPerm = "$strFont This object and all child objects within this conatainer only</TD><TD $strLegendColor>$strFontRights $objRights $(MapGUIDToMatchingName -strGUIDAsString $objType -Domain $global:strDomainDNName)</TD>"
}
"InheritedObjectAceTypePresent" {
$strPerm = "$strFont Children within this conatainer only</TD><TD $strLegendColor>$strFontRights $objRights $(MapGUIDToMatchingName -strGUIDAsString $objInheritedType -Domain $global:strDomainDNName)</TD>"
}
"ObjectAceTypePresent, InheritedObjectAceTypePresent" {
$strPerm = "$strFont $(MapGUIDToMatchingName -strGUIDAsString $objInheritedType -Domain $global:strDomainDNName)</TD><TD $strLegendColor>$strFontRights $objRights $(MapGUIDToMatchingName -strGUIDAsString $objType -Domain $global:strDomainDNName)</TD>"
}
"None" {
$strPerm = "$strFont This object and all child objects</TD><TD $strLegendColor>$strFontRights $objRights</TD>"
}
default {
$strPerm = "Error: Failed to display permissions 5K"
}
}
}
"Children" {
Switch ($objFlags) {
"InheritedObjectAceTypePresent" {
$strPerm = "$strFont Children within this conatainer only</TD><TD $strLegendColor>$strFontRights $objRights $(MapGUIDToMatchingName -strGUIDAsString $objInheritedType -Domain $global:strDomainDNName)</TD>"
}
"None" {
$strPerm = "$strFont Children within this conatainer only</TD><TD $strLegendColor>$strFontRights $objRights</TD>"
}
"ObjectAceTypePresent, InheritedObjectAceTypePresent" {
$strPerm = "$strFont $(MapGUIDToMatchingName -strGUIDAsString $objInheritedType -Domain $global:strDomainDNName)</TD><TD>$strFont $(MapGUIDToMatchingName -strGUIDAsString $objType -Domain $global:strDomainDNName) $objRights</TD>"
}
"ObjectAceTypePresent" {
$strPerm = "$strFont Children within this conatainer only</TD><TD $strLegendColor>$strFontRights $objRights $(MapGUIDToMatchingName -strGUIDAsString $objType -Domain $global:strDomainDNName)</TD>"
}
default {
$strPerm = "Error: Failed to display permissions 6K"
}
}
}
default {
$strPerm = "Error: Failed to display permissions 7K"
}
}# End Switch
if ($CompareMode) {
if ($boolReplMetaDate -eq $true) {
if ($bolCriticalityLevel -eq $true) {
$objColor = $($_.Color.toString())
$strStatus = "<TD>$strFont $objColor</TD>"
$strACLHTMLText = @"
$strACLHTMLText
<TR bgcolor="$strColor"><TD>
$strFont $strReplMetaDate</TD><TD>
$strFont $ou</TD><TD>
$strFont $strNTAccount</TD><TD>
$strFont $($_.AccessControlType.toString()) </TD><TD>
$strFont $($_.IsInherited.toString())</TD><TD>
$strPerm
$strStatus
<TD $strLegendColor>$strFont $strLegendTextVal</TD>
</TR>
"@
}
else {
$objColor = $($_.Color.toString())
$strStatus = "<TD>$strFont $objColor</TD>"
$strACLHTMLText = @"
$strACLHTMLText
<TR bgcolor="$strColor"><TD>
$strFont $strReplMetaDate</TD><TD>
$strFont $ou</TD><TD>
$strFont $strNTAccount</TD><TD>
$strFont $($_.AccessControlType.toString()) </TD><TD>
$strFont $($_.IsInherited.toString())</TD><TD>
$strPerm
$strStatus
</TR>
"@
}
}
else {
if ($bolCriticalityLevel -eq $true) {
$objColor = $($_.Color.toString())
$strStatus = "<TD>$strFont $objColor</TD>"
$strACLHTMLText = @"
$strACLHTMLText
<TR bgcolor="$strColor"><TD>
$strFont $ou</TD><TD>
$strFont $strNTAccount</TD><TD>
$strFont $($_.AccessControlType.toString()) </TD><TD>
$strFont $($_.IsInherited.toString())</TD><TD>
$strPerm
$strStatus
<TD $strLegendColor>$strFont $strLegendTextVal</TD>
</TR>
"@
}
else {
$objColor = $($_.Color.toString())
$strStatus = "<TD>$strFont $objColor</TD>"
$strACLHTMLText = @"
$strACLHTMLText
<TR bgcolor="$strColor"><TD>
$strFont $ou</TD><TD>
$strFont $strNTAccount</TD><TD>
$strFont $($_.AccessControlType.toString()) </TD><TD>
$strFont $($_.IsInherited.toString())</TD><TD>
$strPerm
$strStatus
</TR>
"@
}
} #End If ReplMeta Data
}
else {
if ($boolReplMetaDate -eq $true) {
if ($boolACLSize -eq $true) {
if ($boolOUProtected -eq $true) {
if ($bolCriticalityLevel -eq $true) {
$strACLHTMLText = @"
$strACLHTMLText
<TR bgcolor="$strColor"><TD>
$strFont $strReplMetaDate</TD><TD>
$strFont $strACLSize bytes</TD><TD>
$strFont $bolOUPRotected </TD><TD>
$strFont $ou</TD><TD>
$strFont $strNTAccount</TD><TD>
$strFont $($_.AccessControlType.toString()) </TD><TD>
$strFont $($_.IsInherited.toString())</TD><TD>
$strPerm
<TD $strLegendColor>$strFont $strLegendTextVal</TD>
</TR>
"@
}
else {
$strACLHTMLText = @"
$strACLHTMLText
<TR bgcolor="$strColor"><TD>
$strFont $strReplMetaDate</TD><TD>
$strFont $strACLSize bytes</TD><TD>
$strFont $bolOUPRotected </TD><TD>
$strFont $ou</TD><TD>
$strFont $strNTAccount</TD><TD>
$strFont $($_.AccessControlType.toString()) </TD><TD>
$strFont $($_.IsInherited.toString())</TD><TD>
$strPerm
</TR>
"@
}
}
else {
if ($bolCriticalityLevel -eq $true) {
$strACLHTMLText = @"
$strACLHTMLText
<TR bgcolor="$strColor"><TD>
$strFont $strReplMetaDate</TD><TD>
$strFont $strACLSize bytes</TD><TD>
$strFont $ou</TD><TD>
$strFont $strNTAccount</TD><TD>
$strFont $($_.AccessControlType.toString()) </TD><TD>
$strFont $($_.IsInherited.toString())</TD><TD>
$strPerm
<TD $strLegendColor>$strFont $strLegendTextVal</TD>
</TR>
"@
}
else {
$strACLHTMLText = @"
$strACLHTMLText
<TR bgcolor="$strColor"><TD>
$strFont $strReplMetaDate</TD><TD>
$strFont $strACLSize bytes</TD><TD>
$strFont $ou</TD><TD>
$strFont $strNTAccount</TD><TD>
$strFont $($_.AccessControlType.toString()) </TD><TD>
$strFont $($_.IsInherited.toString())</TD><TD>
$strPerm
</TR>
"@
}
}
}
else {
if ($boolOUProtected -eq $true) {
if ($bolCriticalityLevel -eq $true) {
$strACLHTMLText = @"
$strACLHTMLText
<TR bgcolor="$strColor"><TD>
$strFont $strReplMetaDate</TD><TD>
$strFont $bolOUPRotected</TD><TD>
$strFont $ou</TD><TD>
$strFont $strNTAccount</TD><TD>
$strFont $($_.AccessControlType.toString()) </TD><TD>
$strFont $($_.IsInherited.toString())</TD><TD>
$strPerm
<TD $strLegendColor>$strFont $strLegendTextVal</TD>
</TR>
"@
}
else {
$strACLHTMLText = @"
$strACLHTMLText
<TR bgcolor="$strColor"><TD>
$strFont $strReplMetaDate</TD><TD>
$strFont $bolOUPRotected</TD><TD>
$strFont $ou</TD><TD>
$strFont $strNTAccount</TD><TD>
$strFont $($_.AccessControlType.toString()) </TD><TD>
$strFont $($_.IsInherited.toString())</TD><TD>
$strPerm
</TR>
"@
}
}
else {
if ($bolCriticalityLevel -eq $true) {
$strACLHTMLText = @"
$strACLHTMLText
<TR bgcolor="$strColor"><TD>
$strFont $strReplMetaDate</TD><TD>
$strFont $ou</TD><TD>
$strFont $strNTAccount</TD><TD>
$strFont $($_.AccessControlType.toString()) </TD><TD>
$strFont $($_.IsInherited.toString())</TD><TD>
$strPerm
<TD $strLegendColor>$strFont $strLegendTextVal</TD>
</TR>
"@
}
else {
$strACLHTMLText = @"
$strACLHTMLText
<TR bgcolor="$strColor"><TD>
$strFont $strReplMetaDate</TD><TD>
$strFont $ou</TD><TD>
$strFont $strNTAccount</TD><TD>
$strFont $($_.AccessControlType.toString()) </TD><TD>
$strFont $($_.IsInherited.toString())</TD><TD>
$strPerm
</TR>
"@
}
}
}
}
else {
if ($boolACLSize -eq $true) {
if ($boolOUProtected -eq $true) {
if ($bolCriticalityLevel -eq $true) {
$strACLHTMLText = @"
$strACLHTMLText
<TR bgcolor="$strColor"><TD>
$strFont $strACLSize bytes</TD><TD>
$strFont $bolOUPRotected</TD><TD>
$strFont $ou</TD><TD>
$strFont $strNTAccount</TD><TD>
$strFont $($_.AccessControlType.toString()) </TD><TD>
$strFont $($_.IsInherited.toString())</TD><TD>
$strPerm
<TD $strLegendColor>$strFont $strLegendTextVal</TD>
</TR>
"@
}
else {
$strACLHTMLText = @"
$strACLHTMLText
<TR bgcolor="$strColor"><TD>
$strFont $strACLSize bytes</TD><TD>
$strFont $bolOUPRotected</TD><TD>
$strFont $ou</TD><TD>
$strFont $strNTAccount</TD><TD>
$strFont $($_.AccessControlType.toString()) </TD><TD>
$strFont $($_.IsInherited.toString())</TD><TD>
$strPerm
</TR>
"@
}
}
else {
if ($bolCriticalityLevel -eq $true) {
$strACLHTMLText = @"
$strACLHTMLText
<TR bgcolor="$strColor"><TD>
$strFont $strACLSize bytes</TD><TD>
$strFont $ou</TD><TD>
$strFont $strNTAccount</TD><TD>
$strFont $($_.AccessControlType.toString()) </TD><TD>
$strFont $($_.IsInherited.toString())</TD><TD>
$strPerm
<TD $strLegendColor>$strFont $strLegendTextVal</TD>
</TR>
"@
}
else {
$strACLHTMLText = @"
$strACLHTMLText
<TR bgcolor="$strColor"><TD>
$strFont $strACLSize bytes</TD><TD>
$strFont $ou</TD><TD>
$strFont $strNTAccount</TD><TD>
$strFont $($_.AccessControlType.toString()) </TD><TD>
$strFont $($_.IsInherited.toString())</TD><TD>
$strPerm
</TR>
"@
}
}
}
else {
if ($boolOUProtected -eq $true) {
if ($bolCriticalityLevel -eq $true) {
$strACLHTMLText = @"
$strACLHTMLText
<TR bgcolor="$strColor"><TD>
$strFont $bolOUPRotected</TD><TD>
$strFont $ou</TD><TD>
$strFont $strNTAccount</TD><TD>
$strFont $($_.AccessControlType.toString()) </TD><TD>
$strFont $($_.IsInherited.toString())</TD><TD>
$strPerm
<TD $strLegendColor>$strFont $strLegendTextVal</TD>
</TR>
"@
}
else {
$strACLHTMLText = @"
$strACLHTMLText
<TR bgcolor="$strColor"><TD>
$strFont $bolOUPRotected</TD><TD>
$strFont $ou</TD><TD>
$strFont $strNTAccount</TD><TD>
$strFont $($_.AccessControlType.toString()) </TD><TD>
$strFont $($_.IsInherited.toString())</TD><TD>
$strPerm
</TR>
"@
}
}
else {
if ($bolCriticalityLevel -eq $true) {
$strACLHTMLText = @"
$strACLHTMLText
<TR bgcolor="$strColor"><TD>
$strFont $ou</TD><TD>
$strFont $strNTAccount</TD><TD>
$strFont $($_.AccessControlType.toString()) </TD><TD>
$strFont $($_.IsInherited.toString())</TD><TD>
$strPerm
<TD $strLegendColor>$strFont $strLegendTextVal</TD>
</TR>
"@
}
else {
$strACLHTMLText = @"
$strACLHTMLText
<TR bgcolor="$strColor"><TD>
$strFont $ou</TD><TD>
$strFont $strNTAccount</TD><TD>
$strFont $($_.AccessControlType.toString()) </TD><TD>
$strFont $($_.IsInherited.toString())</TD><TD>
$strPerm
</TR>
"@
}
}
}
} #End If ReplMeta Data
}# End if CompareMode
}# End foreach
}
else {
if (!$CompareMode) {
if ($FilterMode) {
if ($boolReplMetaDate -eq $true) {
if ($bolCriticalityLevel -eq $true) {
$strACLHTMLText = @"
<TR bgcolor="$strColor"><TD>$strFont
$strFont $strReplMetaDate</TD><TD>
$strFont $ou</TD><TD>
$strFont N/A</TD><TD>
$strFont N/A </TD><TD>
$strFont N/A</TD><TD>
$strFont N/A</TD><TD>
$strFont No Matching Permissions Set</TD><TD>
</TR>
"@
}
else {
$strACLHTMLText = @"
<TR bgcolor="$strColor"><TD>$strFont
$strFont $strReplMetaDate</TD><TD>
$strFont $ou</TD><TD>
$strFont N/A</TD><TD>
$strFont N/A </TD><TD>
$strFont N/A</TD><TD>
$strFont N/A</TD><TD>
$strFont No Matching Permissions Set</TD>
</TR>
"@
}
}
else {
if ($bolCriticalityLevel -eq $true) {
$strACLHTMLText = @"
<TR bgcolor="$strColor"><TD>$strFont
$strFont $ou</TD><TD>
$strFont N/A</TD><TD>
$strFont N/A </TD><TD>
$strFont N/A</TD><TD>
$strFont N/A</TD><TD>
$strFont No Matching Permissions Set</TD><TD>
</TR>
"@
}
else {
$strACLHTMLText = @"
<TR bgcolor="$strColor"><TD>$strFont
$strFont $ou</TD><TD>
$strFont N/A</TD><TD>
$strFont N/A </TD><TD>
$strFont N/A</TD><TD>
$strFont N/A</TD><TD>
$strFont No Matching Permissions Set</TD>
</TR>
"@
}
}#End If ReplMeta Data
}
else {
if ($boolReplMetaDate -eq $true) {
if ($boolACLSize -eq $true) {
if ($boolOUProtected -eq $true) {
if ($bolCriticalityLevel -eq $true) {
$strACLHTMLText = @"
$strACLHTMLText
<TR bgcolor="$strColor"><TD>
$strFont $strReplMetaDate</TD><TD>
$strFont $strACLSize bytes</TD><TD>
$strFont $bolOUPRotected</TD><TD>
$strFont N/A</TD><TD>
$strFont N/A</TD><TD>
$strFont N/A </TD><TD>
$strFont N/A</TD><TD>
$strFont N/A</TD><TD>
$strFont No Permissions Set</TD><TD>
</TR>
"@
}
else {
$strACLHTMLText = @"
$strACLHTMLText
<TR bgcolor="$strColor"><TD>
$strFont $strReplMetaDate</TD><TD>
$strFont $strACLSize bytes</TD><TD>
$strFont $bolOUPRotected</TD><TD>
$strFont N/A</TD><TD>
$strFont N/A</TD><TD>
$strFont N/A </TD><TD>
$strFont N/A</TD><TD>
$strFont N/A</TD><TD>
$strFont No Permissions Set</TD>
</TR>
"@
}
}
else {
if ($bolCriticalityLevel -eq $true) {
$strACLHTMLText = @"
$strACLHTMLText
<TR bgcolor="$strColor"><TD>
$strFont $strReplMetaDate</TD><TD>
$strFont $strACLSize bytes</TD><TD>
$strFont N/A</TD><TD>
$strFont N/A</TD><TD>
$strFont N/A </TD><TD>
$strFont N/A</TD><TD>
$strFont N/A</TD><TD>
$strFont No Permissions Set</TD><TD>
</TR>
"@
}
else {
$strACLHTMLText = @"
$strACLHTMLText
<TR bgcolor="$strColor"><TD>
$strFont $strReplMetaDate</TD><TD>
$strFont $strACLSize bytes</TD><TD>
$strFont N/A</TD><TD>
$strFont N/A</TD><TD>
$strFont N/A </TD><TD>
$strFont N/A</TD><TD>
$strFont N/A</TD><TD>
$strFont No Permissions Set</TD>
</TR>
"@
}
}
}
else {
if ($boolOUProtected -eq $true) {
if ($bolCriticalityLevel -eq $true) {
$strACLHTMLText = @"
<TR bgcolor="$strColor"><TD>$strFont
$strFont $strReplMetaDate</TD><TD>
$strFont $bolOUPRotected</TD><TD>
$strFont $ou</TD><TD>
$strFont N/A</TD><TD>
$strFont N/A </TD><TD>
$strFont N/A</TD><TD>
$strFont N/A</TD><TD>
$strFont No Permissions Set</TD><TD>
</TR>
"@
}
else {
$strACLHTMLText = @"
<TR bgcolor="$strColor"><TD>$strFont
$strFont $strReplMetaDate</TD><TD>
$strFont $bolOUPRotected</TD><TD>
$strFont $ou</TD><TD>
$strFont N/A</TD><TD>
$strFont N/A </TD><TD>
$strFont N/A</TD><TD>
$strFont N/A</TD><TD>
$strFont No Permissions Set</TD>
</TR>
"@
}
}
else {
if ($bolCriticalityLevel -eq $true) {
$strACLHTMLText = @"
<TR bgcolor="$strColor"><TD>$strFont
$strFont $strReplMetaDate</TD><TD>
$strFont $ou</TD><TD>
$strFont N/A</TD><TD>
$strFont N/A </TD><TD>
$strFont N/A</TD><TD>
$strFont N/A</TD><TD>
$strFont No Permissions Set</TD><TD>
</TR>
"@
}
else {
$strACLHTMLText = @"
<TR bgcolor="$strColor"><TD>$strFont
$strFont $strReplMetaDate</TD><TD>
$strFont $ou</TD><TD>
$strFont N/A</TD><TD>
$strFont N/A </TD><TD>
$strFont N/A</TD><TD>
$strFont N/A</TD><TD>
$strFont No Permissions Set</TD>
</TR>
"@
}
}
}
}
else {
if ($boolACLSize -eq $true) {
if ($boolOUProtected -eq $true) {
if ($bolCriticalityLevel -eq $true) {
$strACLHTMLText = @"
$strACLHTMLText
<TR bgcolor="$strColor"><TD>
$strFont $strACLSize bytes</TD><TD>
$strFont $bolOUPRotected</TD><TD>
$strFont N/A</TD><TD>
$strFont N/A </TD><TD>
$strFont N/A</TD><TD>
$strFont N/A</TD><TD>
$strFont N/A</TD><TD>
$strFont No Permissions Set</TD><TD>
</TR>
"@
}
else {
$strACLHTMLText = @"
$strACLHTMLText
<TR bgcolor="$strColor"><TD>
$strFont $strACLSize bytes</TD><TD>
$strFont $bolOUPRotected</TD><TD>
$strFont N/A</TD><TD>
$strFont N/A </TD><TD>
$strFont N/A</TD><TD>
$strFont N/A</TD><TD>
$strFont N/A</TD><TD>
$strFont No Permissions Set</TD>
</TR>
"@
}
}
else {
if ($bolCriticalityLevel -eq $true) {
$strACLHTMLText = @"
$strACLHTMLText
<TR bgcolor="$strColor"><TD>
$strFont $strACLSize bytes</TD><TD>
$strFont N/A</TD><TD>
$strFont N/A </TD><TD>
$strFont N/A</TD><TD>
$strFont N/A</TD><TD>
$strFont N/A</TD><TD>
$strFont No Permissions Set</TD><TD>
</TR>
"@
}
else {
$strACLHTMLText = @"
$strACLHTMLText
<TR bgcolor="$strColor"><TD>
$strFont $strACLSize bytes</TD><TD>
$strFont N/A</TD><TD>
$strFont N/A </TD><TD>
$strFont N/A</TD><TD>
$strFont N/A</TD><TD>
$strFont N/A</TD><TD>
$strFont No Permissions Set</TD>
</TR>
"@
}
}
}
else {
if ($boolOUProtected -eq $true) {
if ($bolCriticalityLevel -eq $true) {
$strACLHTMLText = @"
<TR bgcolor="$strColor"><TD>$strFont
$strFont $bolOUPRotected</TD><TD>
$strFont $ou</TD><TD>
$strFont N/A</TD><TD>
$strFont N/A </TD><TD>
$strFont N/A</TD><TD>
$strFont N/A</TD><TD>
$strFont No Permissions Set</TD><TD>
</TR>
"@
}
else {
$strACLHTMLText = @"
<TR bgcolor="$strColor"><TD>$strFont
$strFont $bolOUPRotected</TD><TD>
$strFont $ou</TD><TD>
$strFont N/A</TD><TD>
$strFont N/A </TD><TD>
$strFont N/A</TD><TD>
$strFont N/A</TD><TD>
$strFont No Permissions Set</TD>
</TR>
"@
}
}
else {
if ($bolCriticalityLevel -eq $true) {
$strACLHTMLText = @"
<TR bgcolor="$strColor"><TD>$strFont
$strFont $ou</TD><TD>
$strFont N/A</TD><TD>
$strFont N/A </TD><TD>
$strFont N/A</TD><TD>
$strFont N/A</TD><TD>
$strFont No Permissions Set</TD><TD>
</TR>
"@
}
else {
$strACLHTMLText = @"
<TR bgcolor="$strColor"><TD>$strFont
$strFont $ou</TD><TD>
$strFont N/A</TD><TD>
$strFont N/A </TD><TD>
$strFont N/A</TD><TD>
$strFont N/A</TD><TD>
$strFont No Permissions Set</TD>
</TR>
"@
}
}
}
}#End If ReplMeta Data
}
}# End if
}# End If
$strHTMLText = $strHTMLText + $strACLHTMLText
Out-File -InputObject $strHTMLText -Append -FilePath $htmfileout
Out-File -InputObject $strHTMLText -Append -FilePath $strFileHTM
$strHTMLText = ""
}
#==========================================================================
# Function : InitiateHTM
# Arguments : Output htm file
# Returns : n/a
# Description : Wites base HTM table syntax, it appends info if the file exist
#==========================================================================
Function InitiateHTM([string] $htmfileout, [bool]$RepMetaDate , [bool]$ACLSize, [bool]$bolACEOUProtected, [bool]$bolCirticaltiy) {
$strHTMLText = "<TABLE BORDER=1>"
$strTHOUColor = "E5CF00"
$strTHColor = "EFAC00"
$strFont = @"
<FONT size="1" face="verdana, hevetica, arial">
"@
$strFontOU = @"
<FONT size="1" face="verdana, hevetica, arial">
"@
$strFontTH = @"
<FONT size="2" face="verdana, hevetica, arial">
"@
if ($RepMetaDate -eq $true) {
if ($ACLSize -eq $true) {
if ($bolACEOUProtected -eq $true) {
if ($bolCirticaltiy -eq $true) {
$strHTMLText = @"
$strHTMLText
<th bgcolor="$strTHColor">$strFontTH Security Descriptor Modified</font><th bgcolor="$strTHColor">$strFontTH DACL Size</font><th bgcolor="$strTHColor">$strFontTH Inheritance Disabled</font><th bgcolor="$strTHColor">$strFontTH OU</font></th><th bgcolor="$strTHColor">$strFontTH Trustee</font></th><th bgcolor="$strTHColor">$strFontTH Right</font></th><th bgcolor="$strTHColor">$strFontTH Inherited</font></th><th bgcolor="$strTHColor">$strFontTH Apply To</font></th><th bgcolor="$strTHColor">$strFontTH Permission</font></th><th bgcolor="$strTHColor">$strFontTH Criticality Level</font></th>
"@
}
else {
$strHTMLText = @"
$strHTMLText
<th bgcolor="$strTHColor">$strFontTH Security Descriptor Modified</font><th bgcolor="$strTHColor">$strFontTH DACL Size</font><th bgcolor="$strTHColor">$strFontTH Inheritance Disabled</font><th bgcolor="$strTHColor">$strFontTH OU</font></th><th bgcolor="$strTHColor">$strFontTH Trustee</font></th><th bgcolor="$strTHColor">$strFontTH Right</font></th><th bgcolor="$strTHColor">$strFontTH Inherited</font></th><th bgcolor="$strTHColor">$strFontTH Apply To</font></th><th bgcolor="$strTHColor">$strFontTH Permission</font></th>
"@
}
}
else {
if ($bolCirticaltiy -eq $true) {
$strHTMLText = @"
$strHTMLText
<th bgcolor="$strTHColor">$strFontTH Security Descriptor Modified</font><th bgcolor="$strTHColor">$strFontTH DACL Size</font><th bgcolor="$strTHColor">$strFontTH OU</font></th><th bgcolor="$strTHColor">$strFontTH Trustee</font></th><th bgcolor="$strTHColor">$strFontTH Right</font></th><th bgcolor="$strTHColor">$strFontTH Inherited</font></th><th bgcolor="$strTHColor">$strFontTH Apply To</font></th><th bgcolor="$strTHColor">$strFontTH Permission</font></th><th bgcolor="$strTHColor">$strFontTH Criticality Level</font></th>
"@
}
else {
$strHTMLText = @"
$strHTMLText
<th bgcolor="$strTHColor">$strFontTH Security Descriptor Modified</font><th bgcolor="$strTHColor">$strFontTH DACL Size</font><th bgcolor="$strTHColor">$strFontTH OU</font></th><th bgcolor="$strTHColor">$strFontTH Trustee</font></th><th bgcolor="$strTHColor">$strFontTH Right</font></th><th bgcolor="$strTHColor">$strFontTH Inherited</font></th><th bgcolor="$strTHColor">$strFontTH Apply To</font></th><th bgcolor="$strTHColor">$strFontTH Permission</font></th>
"@
}
}
}
else {
if ($bolACEOUProtected -eq $true) {
if ($bolCirticaltiy -eq $true) {
$strHTMLText = @"
$strHTMLText
<th bgcolor="$strTHColor">$strFontTH Security Descriptor Modified</font><th bgcolor="$strTHColor">$strFontTH Inheritance Disabled</font><th bgcolor="$strTHColor">$strFontTH OU</font></th><th bgcolor="$strTHColor">$strFontTH Trustee</font></th><th bgcolor="$strTHColor">$strFontTH Right</font></th><th bgcolor="$strTHColor">$strFontTH Inherited</font></th><th bgcolor="$strTHColor">$strFontTH Apply To</font></th><th bgcolor="$strTHColor">$strFontTH Permission</font></th><th bgcolor="$strTHColor">$strFontTH Criticality Level</font></th>
"@
}
else {
$strHTMLText = @"
$strHTMLText
<th bgcolor="$strTHColor">$strFontTH Security Descriptor Modified</font><th bgcolor="$strTHColor">$strFontTH Inheritance Disabled</font><th bgcolor="$strTHColor">$strFontTH OU</font></th><th bgcolor="$strTHColor">$strFontTH Trustee</font></th><th bgcolor="$strTHColor">$strFontTH Right</font></th><th bgcolor="$strTHColor">$strFontTH Inherited</font></th><th bgcolor="$strTHColor">$strFontTH Apply To</font></th><th bgcolor="$strTHColor">$strFontTH Permission</font></th>
"@
}
}
else {
if ($bolCirticaltiy -eq $true) {
$strHTMLText = @"
$strHTMLText
<th bgcolor="$strTHColor">$strFontTH Security Descriptor Modified</font><th bgcolor="$strTHColor">$strFontTH OU</font></th><th bgcolor="$strTHColor">$strFontTH Trustee</font></th><th bgcolor="$strTHColor">$strFontTH Right</font></th><th bgcolor="$strTHColor">$strFontTH Inherited</font></th><th bgcolor="$strTHColor">$strFontTH Apply To</font></th><th bgcolor="$strTHColor">$strFontTH Permission</font></th><th bgcolor="$strTHColor">$strFontTH Criticality Level</font></th>
"@
}
else {
$strHTMLText = @"
$strHTMLText
<th bgcolor="$strTHColor">$strFontTH Security Descriptor Modified</font><th bgcolor="$strTHColor">$strFontTH OU</font></th><th bgcolor="$strTHColor">$strFontTH Trustee</font></th><th bgcolor="$strTHColor">$strFontTH Right</font></th><th bgcolor="$strTHColor">$strFontTH Inherited</font></th><th bgcolor="$strTHColor">$strFontTH Apply To</font></th><th bgcolor="$strTHColor">$strFontTH Permission</font></th>
"@
}
}
}
}
else {
if ($ACLSize -eq $true) {
if ($bolACEOUProtected -eq $true) {
if ($bolCirticaltiy -eq $true) {
$strHTMLText = @"
$strHTMLText
<th bgcolor="$strTHColor">$strFontTH DACL Size</font><th bgcolor="$strTHColor">$strFontTH Inheritance Disabled</font><th bgcolor="$strTHColor">$strFontTH OU</font></th><th bgcolor="$strTHColor">$strFontTH Trustee</font></th><th bgcolor="$strTHColor">$strFontTH Right</font></th><th bgcolor="$strTHColor">$strFontTH Inherited</font></th><th bgcolor="$strTHColor">$strFontTH Apply To</font></th><th bgcolor="$strTHColor">$strFontTH Permission</font></th><th bgcolor="$strTHColor">$strFontTH Criticality Level</font></th>
"@
}
else {
$strHTMLText = @"
$strHTMLText
<th bgcolor="$strTHColor">$strFontTH DACL Size</font><th bgcolor="$strTHColor">$strFontTH Inheritance Disabled</font><th bgcolor="$strTHColor">$strFontTH OU</font></th><th bgcolor="$strTHColor">$strFontTH Trustee</font></th><th bgcolor="$strTHColor">$strFontTH Right</font></th><th bgcolor="$strTHColor">$strFontTH Inherited</font></th><th bgcolor="$strTHColor">$strFontTH Apply To</font></th><th bgcolor="$strTHColor">$strFontTH Permission</font></th>
"@
}
}
else {
if ($bolCirticaltiy -eq $true) {
$strHTMLText = @"
$strHTMLText
<th bgcolor="$strTHColor">$strFontTH DACL Size</font><th bgcolor="$strTHColor">$strFontTH OU</font></th><th bgcolor="$strTHColor">$strFontTH Trustee</font></th><th bgcolor="$strTHColor">$strFontTH Right</font></th><th bgcolor="$strTHColor">$strFontTH Inherited</font></th><th bgcolor="$strTHColor">$strFontTH Apply To</font></th><th bgcolor="$strTHColor">$strFontTH Permission</font></th><th bgcolor="$strTHColor">$strFontTH Criticality Level</font></th>
"@
}
else {
$strHTMLText = @"
$strHTMLText
<th bgcolor="$strTHColor">$strFontTH DACL Size</font><th bgcolor="$strTHColor">$strFontTH OU</font></th><th bgcolor="$strTHColor">$strFontTH Trustee</font></th><th bgcolor="$strTHColor">$strFontTH Right</font></th><th bgcolor="$strTHColor">$strFontTH Inherited</font></th><th bgcolor="$strTHColor">$strFontTH Apply To</font></th><th bgcolor="$strTHColor">$strFontTH Permission</font></th>
"@
}
}
}
else {
if ($bolACEOUProtected -eq $true) {
if ($bolCirticaltiy -eq $true) {
$strHTMLText = @"
$strHTMLText
<th bgcolor="$strTHColor">$strFontTH Inheritance Disabled</font><th bgcolor="$strTHColor">$strFontTH OU</font></th><th bgcolor="$strTHColor">$strFontTH Trustee</font></th><th bgcolor="$strTHColor">$strFontTH Right</font></th><th bgcolor="$strTHColor">$strFontTH Inherited</font></th><th bgcolor="$strTHColor">$strFontTH Apply To</font></th><th bgcolor="$strTHColor">$strFontTH Permission</font></th><th bgcolor="$strTHColor">$strFontTH Criticality Level</font></th>
"@
}
else {
$strHTMLText = @"
$strHTMLText
<th bgcolor="$strTHColor">$strFontTH Inheritance Disabled</font><th bgcolor="$strTHColor">$strFontTH OU</font></th><th bgcolor="$strTHColor">$strFontTH Trustee</font></th><th bgcolor="$strTHColor">$strFontTH Right</font></th><th bgcolor="$strTHColor">$strFontTH Inherited</font></th><th bgcolor="$strTHColor">$strFontTH Apply To</font></th><th bgcolor="$strTHColor">$strFontTH Permission</font></th>
"@
}
}
else {
if ($bolCirticaltiy -eq $true) {
$strHTMLText = @"
$strHTMLText
<th bgcolor="$strTHColor">$strFontTH OU</font></th><th bgcolor="$strTHColor">$strFontTH Trustee</font></th><th bgcolor="$strTHColor">$strFontTH Right</font></th><th bgcolor="$strTHColor">$strFontTH Inherited</font></th><th bgcolor="$strTHColor">$strFontTH Apply To</font></th><th bgcolor="$strTHColor">$strFontTH Permission</font></th><th bgcolor="$strTHColor">$strFontTH Criticality Level</font></th>
"@
}
else {
$strHTMLText = @"
$strHTMLText
<th bgcolor="$strTHColor">$strFontTH OU</font></th><th bgcolor="$strTHColor">$strFontTH Trustee</font></th><th bgcolor="$strTHColor">$strFontTH Right</font></th><th bgcolor="$strTHColor">$strFontTH Inherited</font></th><th bgcolor="$strTHColor">$strFontTH Apply To</font></th><th bgcolor="$strTHColor">$strFontTH Permission</font></th>
"@
}
}
}
}
Out-File -InputObject $strHTMLText -Append -FilePath $htmfileout
}
#==========================================================================
# Function : InitiateCompareHTM
# Arguments : Output htm file
# Returns : n/a
# Description : Wites base HTM table syntax, it appends info if the file exist
#==========================================================================
Function InitiateCompareHTM([string] $htmfileout, [boolean]$RepMetaDate) {
$strHTMLText = "<TABLE BORDER=1>"
$strTHOUColor = "E5CF00"
$strTHColor = "EFAC00"
$strFont = @"
<FONT size="1" face="verdana, hevetica, arial">
"@
$strFontOU = @"
<FONT size="1" face="verdana, hevetica, arial">
"@
$strFontTH = @"
<FONT size="2" face="verdana, hevetica, arial">
"@
if ($RepMetaDate -eq $true) {
$strHTMLText = @"
$strHTMLText
<th bgcolor="$strTHColor">$strFontTH Security Descriptor Modified</font><th bgcolor="$strTHColor">$strFontTH OU</font></th><th bgcolor="$strTHColor">$strFontTH Trustee</font></th><th bgcolor="$strTHColor">$strFontTH Right</font></th><th bgcolor="$strTHColor">$strFontTH Inherited</font></th><th bgcolor="$strTHColor">$strFontTH Apply To</font></th><th bgcolor="$strTHColor">$strFontTH Permission</font></th><th bgcolor="$strTHColor">$strFontTH State</font></th>
"@
}
else {
$strHTMLText = @"
$strHTMLText
<th bgcolor="$strTHColor">$strFontTH OU</font></th><th bgcolor="$strTHColor">$strFontTH Trustee</font></th><th bgcolor="$strTHColor">$strFontTH Right</font></th><th bgcolor="$strTHColor">$strFontTH Inherited</font></th><th bgcolor="$strTHColor">$strFontTH Apply To</font></th><th bgcolor="$strTHColor">$strFontTH Permission</font></th><th bgcolor="$strTHColor">$strFontTH State</font></th>
"@
}
Out-File -InputObject $strHTMLText -Append -FilePath $htmfileout
}
#==========================================================================
# Function : CreateHTA
# Arguments : OU Name, Ou put HTA file
# Returns : n/a
# Description : Initiates a base HTA file with Export(Save As),Print and Exit buttons.
#==========================================================================
function CreateHTA([string]$NodeName, [string]$htafileout, [string]$htmfileout, [string] $folder) {
$strHTAText = @"
<html>
<head>
<hta:Application ID="hta"
ApplicationName="Report">
<title>Report on $NodeName</title>
<script type="text/vbscript">
Sub ExportToCSV()
Dim objFSO,objFile,objNewFile,oShell,oEnv
Set oShell=CreateObject("wscript.shell")
Set oEnv=oShell.Environment("System")
strTemp=oShell.ExpandEnvironmentStrings("%USERPROFILE%")
strTempFile="$htmfileout"
strOutputFolder="$folder"
strFile=SaveAs("$NodeName.htm",strOutputFolder)
If strFile="" Then Exit Sub
Set objFSO=CreateObject("Scripting.FileSystemObject")
objFSO.CopyFile strTempFile,strFile, true
MsgBox "Finished exporting to " & strFile,vbOKOnly+vbInformation,"Export"
End Sub
Function SaveAs(strFile,strOutFolder)
Dim objDialog
SaveAs=InputBox("Enter the filename and path."&vbCrlf&vbCrlf&"Example: "&strOutFolder&"\CONTOSO-contoso.htm","Export",strOutFolder&"\"&strFile)
End Function
</script>
</head>
<body>
<input type="button" value="Export" onclick="ExportToCSV" tabindex="9">
<input id="print_button" type="button" value="Print" name="Print_button" class="Hide" onClick="Window.print()">
<input type="button" value="Exit" onclick=self.close name="B3" tabindex="1" class="btn">
"@
Out-File -InputObject $strHTAText -Force -FilePath $htafileout
}
#==========================================================================
# Function : WriteSPNHTM
# Arguments : Security Principal Name, Output htm file
# Returns : n/a
# Description : Wites the account membership info to a HTM table, it appends info if the file exist
#==========================================================================
function WriteSPNHTM([string] $strSPN, $tokens, [string]$objType, [int]$intMemberOf, [string] $strColorTemp, [string] $htafileout, [string] $htmfileout) {
$strTHOUColor = "E5CF00"
$strTHColor = "EFAC00"
$strFont = @"
<FONT size="1" face="verdana, hevetica, arial">
"@
$strFontOU = @"
<FONT size="1" face="verdana, hevetica, arial">
"@
$strFontTH = @"
<FONT size="2" face="verdana, hevetica, arial">
"@
$strHTMLText = @"
<TR bgcolor="$strTHOUColor"><TD><b>$strFontOU $strSPN</b><TD><b>$strFontOU $objType</b><TD><b>$strFontOU $intMemberOf</b></TR>
"@
$strHTMLText = @"
$strHTMLText
<TR bgcolor="$strTHColor"><TD><b>$strFontTH Groups</b></TD><TD></TD><TD></TD></TR>
"@
$tokens | ForEach-Object {
if ($($_.toString()) -ne $strSPN) {
Switch ($strColorTemp) {
"1" {
$strColor = "DDDDDD"
$strColorTemp = "2"
}
"2" {
$strColor = "AAAAAA"
$strColorTemp = "1"
}
"3" {
$strColor = "FF1111"
}
"4" {
$strColor = "00FFAA"
}
"5" {
$strColor = "FFFF00"
}
}# End Switch
$strGroupText = $strGroupText + @"
<TR bgcolor="$strColor"><TD>
$strFont $($_.toString())</TD></TR>
"@
}
}
$strHTMLText = $strHTMLText + $strGroupText
Out-File -InputObject $strHTMLText -Append -FilePath $htafileout
Out-File -InputObject $strHTMLText -Append -FilePath $htmfileout
$strHTMLText = ""
}
#==========================================================================
# Function : CreateColorLegenedReportHTA
# Arguments : OU Name, Ou put HTA file
# Returns : n/a
# Description : Initiates a base HTA file with Export(Save As),Print and Exit buttons.
#==========================================================================
function CreateColorLegenedReportHTA([string]$htafileout) {
$strHTAText = @"
<html>
<head>
<hta:Application ID="hta"
ApplicationName="Legend">
<title>Color Code</title>
<script type="text/vbscript">
Sub Window_Onload
self.ResizeTo 500,500
End sub
</script>
</head>
<body>
<input type="button" value="Exit" onclick=self.close name="B3" tabindex="1" class="btn">
"@
$strTHOUColor = "E5CF00"
$strTHColor = "EFAC00"
$strFont = @"
<FONT size="1" face="verdana, hevetica, arial">
"@
$strFontOU = @"
<FONT size="1" face="verdana, hevetica, arial">
"@
$strFontTH = @"
<FONT size="2" face="verdana, hevetica, arial">
"@
$strLegendColorInfo = @"
bgcolor="#A4A4A4"
"@
$strLegendColorLow = @"
bgcolor="#0099FF"
"@
$strLegendColorMedium = @"
bgcolor="#FFFF00"
"@
$strLegendColorWarning = @"
bgcolor="#FFCC00"
"@
$strLegendColorCritical = @"
bgcolor="#DF0101"
"@
$strHTAText = @"
$strHTAText
<h4>Use colors in report to identify criticality level of permissions.<br>This might help you in implementing <B>Least-Privilege</B> Administrative Models.</h4>
<TABLE BORDER=1>
<th bgcolor="$strTHColor">$strFontTH Permissions</font></th><th bgcolor="$strTHColor">$strFontTH Criticality</font></th>
<TR><TD> $strFontTH <B>Deny Permissions<TD $strLegendColorInfo> Info</TR>
<TR><TD> $strFontTH <B>List<TD $strLegendColorInfo>Info</TR>
<TR><TD> $strFontTH <B>Read Properties<TD $strLegendColorLow>Low</TR>
<TR><TD> $strFontTH <B>Read Object<TD $strLegendColorLow>Low</TR>
<TR><TD> $strFontTH <B>Read Permissions<TD $strLegendColorLow>Low</TR>
<TR><TD> $strFontTH <B>Write Propeties<TD $strLegendColorMedium>Medium</TR>
<TR><TD> $strFontTH <B>Create Object<TD $strLegendColorWarning>Warning</TR>
<TR><TD> $strFontTH <B>Delete Object<TD $strLegendColorWarning>Warning</TR>
<TR><TD> $strFontTH <B>ExtendedRight<TD $strLegendColorWarning>Warning</TR>
<TR><TD> $strFontTH <B>Modify Permisions<TD $strLegendColorCritical>Critical</TR>
<TR><TD> $strFontTH <B>Full Control<TD $strLegendColorCritical>Critical</TR>
"@
##
Out-File -InputObject $strHTAText -Force -FilePath $htafileout
}
#==========================================================================
# Function : CreateServicePrincipalReportHTA
# Arguments : OU Name, Ou put HTA file
# Returns : n/a
# Description : Initiates a base HTA file with Export(Save As),Print and Exit buttons.
#==========================================================================
function CreateServicePrincipalReportHTA([string]$SPN, [string]$htafileout, [string]$htmfileout, [string] $folder) {
$strHTAText = @"
<html>
<head>
<hta:Application ID="hta"
ApplicationName="Report">
<title>Membership Report on $SPN</title>
<script type="text/vbscript">
Sub ExportToCSV()
Dim objFSO,objFile,objNewFile,oShell,oEnv
Set oShell=CreateObject("wscript.shell")
Set oEnv=oShell.Environment("System")
strTemp=oShell.ExpandEnvironmentStrings("%USERPROFILE%")
strTempFile="$htmfileout"
strOutputFolder="$folder"
strFile=SaveAs("$SPN.htm",strOutputFolder)
If strFile="" Then Exit Sub
Set objFSO=CreateObject("Scripting.FileSystemObject")
objFSO.CopyFile strTempFile,strFile, true
MsgBox "Finished exporting to " & strFile,vbOKOnly+vbInformation,"Export"
End Sub
Function SaveAs(strFile,strOutFolder)
Dim objDialog
SaveAs=InputBox("Enter the filename and path."&vbCrlf&vbCrlf&"Example: "&strOutFolder&"\CONTOSO-contoso.htm","Export",strOutFolder&"\"&strFile)
End Function
</script>
</head>
<body>
<input type="button" value="Export" onclick="ExportToCSV" tabindex="9">
<input id="print_button" type="button" value="Print" name="Print_button" class="Hide" onClick="Window.print()">
<input type="button" value="Exit" onclick=self.close name="B3" tabindex="1" class="btn">
"@
Out-File -InputObject $strHTAText -Force -FilePath $htafileout
}
#==========================================================================
# Function : CreateHTM
# Arguments : OU Name, Ou put HTM file
# Returns : n/a
# Description : Initiates a base HTM file with Export(Save As),Print and Exit buttons.
#==========================================================================
function CreateSPNHTM([string]$SPN, [string]$htmfileout) {
$strHTAText = @"
<html>
<head[string]$SPN
<title>Membership Report on $SPN</title>
"@
Out-File -InputObject $strHTAText -Force -FilePath $htmfileout
}
#==========================================================================
# Function : InitiateHTM
# Arguments : Output htm file
# Returns : n/a
# Description : Wites base HTM table syntax, it appends info if the file exist
#==========================================================================
Function InitiateSPNHTM([string] $htmfileout) {
$strHTMLText = "<TABLE BORDER=1>"
$strTHOUColor = "E5CF00"
$strTHColor = "EFAC00"
$strFont = @"
<FONT size="1" face="verdana, hevetica, arial">
"@
$strFontOU = @"
<FONT size="1" face="verdana, hevetica, arial">
"@
$strFontTH = @"
<FONT size="2" face="verdana, hevetica, arial">
"@
$strHTMLText = @"
$strHTMLText
<th bgcolor="$strTHColor">$strFontTH Account Name</font></th><th bgcolor="$strTHColor">$strFontTH Object Type</font></th><th bgcolor="$strTHColor">$strFontTH Number of Groups</font></th>
"@
Out-File -InputObject $strHTMLText -Append -FilePath $htmfileout
}
#==========================================================================
# Function : CreateHTM
# Arguments : OU Name, Ou put HTM file
# Returns : n/a
# Description : Initiates a base HTM file with Export(Save As),Print and Exit buttons.
#==========================================================================
function CreateHTM([string]$NodeName, [string]$htmfileout) {
$strHTAText = @"
<html>
<head>
<title>Report on $NodeName</title>
"@
Out-File -InputObject $strHTAText -Force -FilePath $htmfileout
}
#==========================================================================
# Function : BuildTree
# Arguments : TreeView Node
# Returns : TreeView Node
# Description : Build the Tree with AD objects
#==========================================================================
Function BuildTree($treeNode) {
#$de = New-Object system.directoryservices.directoryEntry("LDAP://$strDC/$($treeNode.Name)")
# Add all Children found as Sub Nodes to the selected TreeNode
$strFilterOUCont = "(&(|(objectClass=organizationalUnit)(objectClass=container)))"
$strFilterAll = "(&(name=*))"
$srch = New-Object System.DirectoryServices.DirectorySearcher
$srch.SizeLimit = 100
$treeNodePath = $treeNode.name
$treeNodePath = $treeNodePath.Replace("/", "\/")
$srch.SearchRoot = "LDAP://$global:strDC/" + $treeNodePath
If ($rdbBrowseAll.checked -eq $true) {
$srch.Filter = $strFilterAll
}
else {
$srch.Filter = $strFilterOUCont
}
$srch.SearchScope = "OneLevel"
foreach ($res in $srch.FindAll()) {
$oOU = $res.GetDirectoryEntry()
If ($null -ne $oOU.name) {
$TN = New-Object System.Windows.Forms.TreeNode
$TN.Name = $oOU.distinguishedName
$TN.Text = $oOU.name
$TN.tag = "NotEnumerated"
$treeNode.Nodes.Add($TN)
}
}
$treeNode.tag = "Enumerated"
}
#==========================================================================
# Function : GetADPartitions
# Arguments : domain name
# Returns : N/A
# Description : Returns AD Partitions
#==========================================================================
function GetADPartitions {
Param($strDomain)
$ADPartlist = @{"domain" = $strDomain }
$objDomain = [ADSI]"LDAP://$strDomain"
[string]$strDomainObjectCateory = $objDomain.objectCategory
[array] $dnSplit = $strDomainObjectCateory.split(",")
$intSplit = ($dnSplit).count - 1
$strConfig = ""
for ($i = $intSplit; $i -ge 0; $i-- ) {
If ($dnSplit[$i] -match "CN=Configuration") {
$intConfig = $i
$strDomainConfig = $dnSplit[$i]
}
If ($i -gt $intConfig) {
If ($strConfig.Length -eq 0) {
$strConfig = $dnSplit[$i]
}
else {
$strConfig = $dnSplit[$i] + "," + $strConfig
}
}
}
$strDomainConfig = $strDomainConfig + "," + $strConfig
$strDNSchema = "LDAP://CN=Enterprise Schema,CN=Partitions," + $strDomainConfig
$ojbSchema = [ADSI]$strDNSchema
$ADPartlist.Add("config", $strDomainConfig)
$ADPartlist.Add("schema", $ojbSchema.nCName)
return $ADPartlist
}
#==========================================================================
# Function : Select-File
# Arguments : n/a
# Returns : folder path
# Description : Dialogbox for selecting a file
#==========================================================================
function Select-File {
param (
[System.String]$Title = "Select Template File",
[System.String]$InitialDirectory = $CurrentFSPath,
[System.String]$Filter = "All Files(*.csv)|*.csv"
)
$dialog = New-Object System.Windows.Forms.OpenFileDialog
$dialog.Filter = $filter
$dialog.InitialDirectory = $initialDirectory
$dialog.ShowHelp = $true
$dialog.Title = $title
$result = $dialog.ShowDialog($owner)
if ($result -eq "OK") {
return $dialog.FileName
}
else {
return ""
}
}
#==========================================================================
# Function : Select-Folder
# Arguments : n/a
# Returns : folder path
# Description : Dialogbox for selecting a folder
#==========================================================================
function Select-Folder($message = 'Select a folder', $path = 0) {
$object = New-Object -comObject Shell.Application
$folder = $object.BrowseForFolder(0, $message, 0, $path)
if ($null -ne $folder) {
$folder.self.Path
}
}
#==========================================================================
# Function : Get-Perm
# Arguments : List of OU Path
# Returns : All Permissions on a speficied object
# Description : Enumerates all access control entries on a speficied object
#==========================================================================
Function Get-Perm {
Param([System.Collections.ArrayList]$ALOUdn, [string]$DomainNetbiosName, [boolean]$SkipDefaultPerm, [boolean]$FilterEna, [boolean]$bolGetOwnerEna, [boolean]$bolCSVOnly, [boolean]$bolRepMeta, [boolean]$bolACLsize, [boolean]$bolEffectiveR, [boolean] $bolGetOUProtected)
$SDResult = $false
$strOwner = ""
$strACLSize = ""
$bolOUProtected = $false
$aclcount = 0
If ($bolCSV) {
If ((Test-Path $strFileCSV) -eq $true) {
Remove-Item $strFileCSV
}
}
$count = 0
while ($count -le $ALOUdn.count - 1) {
$sd = New-Object System.Collections.ArrayList
$GetOwnerEna = $bolGetOwnerEna
$ADObjDN = $($ALOUdn[$count])
if ($ADObjDN -match "/") {
#if ($rdbOneLevel.checked -eq $false)
#{
# if ($ADObjDN -match "/")
# {
$ADObjDN = $ADObjDN.Replace("/", "\/")
# }
#}
#else
#{
#if($count -lt $ALOUdn.count -1)
#{
# if ($ADObjDN -match "/")
# {
# $ADObjDN = $ADObjDN.Replace("/", "\/")
# }
#}
#}
}
$DSobject = [adsi]("LDAP://$global:strDC/$ADObjDN")
$secd = $DSobject.psbase.get_objectSecurity().getAccessRules($true, $chkInheritedPerm.checked, [System.Security.Principal.NTAccount])
$sd.clear()
$(ConvertTo-ObjectArrayListFromPsCustomObject $secd) | ForEach-Object { [void]$sd.add($_) }
If ($GetOwnerEna -eq $true) {
$strOwner = $DSobject.psbase.get_objectSecurity().getOwner([System.Security.Principal.NTAccount])
$newSdOwnerObject = New-Object psObject | `
Add-Member NoteProperty IdentityReference $strOwner -PassThru |`
Add-Member NoteProperty ActiveDirectoryRights "Modify permissions" -PassThru |`
Add-Member NoteProperty InheritanceType "None" -PassThru |`
Add-Member NoteProperty ObjectType "None" -PassThru |`
Add-Member NoteProperty ObjectFlags "None" -PassThru |`
Add-Member NoteProperty AccessControlType "Owner" -PassThru |`
Add-Member NoteProperty IsInherited "False" -PassThru |`
Add-Member NoteProperty InheritanceFlags "None" -PassThru |`
Add-Member NoteProperty InheritedObjectType "None" -PassThru |`
Add-Member NoteProperty PropagationFlags "None" -PassThru
[void]$sd.insert(0, $newSdOwnerObject)
}
If ($SkipDefaultPerm) {
$strNodeObjectClass = $DSobject.objectClass.tostring()
[array] $arrObjClassSplit = $strNodeObjectClass.split(" ")
foreach ($strObjClass in $arrObjClassSplit) {
}
$objNodeDefSD = Get-ADSchemaClass $strObjClass
}
if ($bolACLsize -eq $true) {
$strACLSize = $DSobject.psbase.get_objectSecurity().GetSecurityDescriptorBinaryForm().length
}
if ($bolGetOUProtected -eq $true) {
$bolOUProtected = $DSobject.psbase.get_objectSecurity().areaccessrulesprotected
}
if ($bolRepMeta -eq $true) {
$AclChange = $(GetACLMeta $global:strDC $ADObjDN)
$objLastChange = $AclChange.split(";")[0]
$strOrigInvocationID = $AclChange.split(";")[1]
$strOrigUSN = $AclChange.split(";")[2]
}
If (($FilterEna -eq $true) -and ($bolEffectiveR -eq $false)) {
If ($chkBoxType.Checked) {
if ($combAccessCtrl.SelectedIndex -gt -1) {
$sd = @($sd | Where-Object { $_.AccessControlType -eq $combAccessCtrl.SelectedItem })
}
}
If ($chkBoxObject.Checked) {
if ($combObjectFilter.SelectedIndex -gt -1) {
$sd = @($sd | Where-Object { ($_.ObjectType -eq $global:dicNameToSchemaIDGUIDs.Item($combObjectFilter.SelectedItem)) -or ($_.InheritedObjectType -eq $global:dicNameToSchemaIDGUIDs.Item($combObjectFilter.SelectedItem)) })
}
}
If ($chkBoxTrustee.Checked) {
if ($txtFilterTrustee.Text.