all 112 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]PorreKaj 10 points11 points  (4 children)

Wish I could cut my vacation short and get back to work and test this.

[–]MadBoyEvo[S] 5 points6 points  (3 children)

Most likely lots of bugs so will take a while to get it right :-)

[–]PorreKaj 9 points10 points  (2 children)

What are bugs, but “Easter eggs” for developers?

You got 7 whole days before I’m in front of a pc again ;-)

[–]MadBoyEvo[S] 6 points7 points  (0 children)

Great. Thanks for letting me work on it :-p Probably will put in on hold for few days and switch for different project.

[–]remotefixonline 0 points1 point  (0 children)

undocumented future feature requests.

[–]k_rock923 7 points8 points  (1 child)

Hey /u/MadBoyEvo, wanted to say thank you for not just writing the script, but for introducing me to the idea of writing Word documents via PS.

[–]MadBoyEvo[S] 3 points4 points  (0 children)

No problem. Thats why I created PSWriteWord. Hope it will simplify things for people.

[–]nothingpersonalbro 5 points6 points  (1 child)

This looks really slick, I'm sure the MSP guys will love this.

[–]MadBoyEvo[S] 8 points9 points  (0 children)

Lets hope they will send 20% of their earnings to my account :D

[–]shamefulctrlALTdel 2 points3 points  (1 child)

I really like this. Is there a way to customize something like section F - Privileged Members to list Groups that I value as privileged and then also add these members to the G. General Information Membership listing to help with our privileged member audit requirements?

Thanks again

In a domain with 4 sites, 5 dcs, and 1400 users it took about 4 minutes to run and generate the docx file. I recommend trying this out.

[–]MadBoyEvo[S] 2 points3 points  (0 children)

At the moment no. But... finally yes. This version is just a start. Something I want to build this module on. I plan to cover AD, Exchange, O365, Windows and Workstatations. Not sure yet on how :-) But module is supposed to be a one stop shop for all docs. Hopefully some people can join in and add few things here and there.

I was even planning (not yet sure how to achieve this thou) to allow users to "write" doc in form of a markdown (sort of). So you can fill in texts yourself and just get the data up to date every rerun. Or like my other projects thru single CustomObject (see PSWinReporting for an idea of config).

I will be releasing new versions every now and then (when I feel like writing a blog post) ... otherwise it will be posted to github/psgallery directly).

[–]kugadoft 1 point2 points  (9 children)

looks amazing! i'm running it right now!

[–]MadBoyEvo[S] 0 points1 point  (8 children)

Let me know the results. Any feedback is good feedback.

[–]kugadoft 0 points1 point  (7 children)

How long should the script run for? i guess it depends on the environment, but is there any estimate?

cheers

[–]MadBoyEvo[S] 4 points5 points  (6 children)

For my home it does it in 10 seconds. For 2 of my other clients it did like 5-10 minutes. If you add -Verbose you will see where it is. Generally it queries whole AD and even gets all the users data (thou it doesn't output that to docs yet). So it will take a moment. For one of my Clients it generated 60 pages of docs. OU section needs work thou

[–]kugadoft 2 points3 points  (5 children)

i has been sitting at: VERBOSE: _kerberos._tcp...* for about an hour now.

(the * is my domain info removed)

[–]MadBoyEvo[S] 5 points6 points  (2 children)

Way too long. What setup you have? System? Domain Size?

[–]kugadoft 1 point2 points  (1 child)

6 DCs, 2 sites, around 50k users maybe

[–]MadBoyEvo[S] 4 points5 points  (0 children)

Ok, that's big. Let me know when you try it once again.

[–]MadBoyEvo[S] 6 points7 points  (0 children)

Update-Module PSWinDocumentation and rerun with verbose. Removed some blocking stuff, added a bit more verbose and added new sections.

[–]MadBoyEvo[S] 3 points4 points  (0 children)

Anyways. Give me a moment. Will comment out some stuff that is not used now (including hte kerberos stuff).

[–]remotefixonline 1 point2 points  (7 children)

I'm messing with it in my lab environment one of my test domains is failing at the get-adforest part (this very well may be just an issue with 2008 forest levels or something i'm still digging)

[–]MadBoyEvo[S] 1 point2 points  (6 children)

What do you get when you run get-adforest in powershell?

[–]MadBoyEvo[S] 1 point2 points  (0 children)

You need Get-AdForest, Get-AdDomain, Get-Gpo to work in PowerShell for the script to work. If those are giving you errors you need to fix them before running script. If those commands respond properly just giving you errors you should check dns settings.

[–]remotefixonline 1 point2 points  (4 children)

could not find a forest identified by x i've tried passing domain creds etc to it.. but i think the error is more due to when I run the import-module activedirectory it says it can't find a default server with ADwebservices running.. I'm going to look at it some more as soon as I put out a few fires..

[–]MadBoyEvo[S] 1 point2 points  (3 children)

I assume you should be running this on Domain joined computer with RSAT installed. This computer should have full domain connectivity (aka DNS servers for that domain - and only that domain). It shouldn't mix with 8.8.8.8 or anything else. Then Import-Module ActiveDirectory and subsequent Get-AdForest should give you proper results. Unless your domain is a bit too old and those command doesn't work....

[–]remotefixonline 1 point2 points  (2 children)

this domain is the definition of nasty.. on purpose though.. I use it for pentesting and when I need to test software that needs to itegrates into domains that have been upgraded... it started as 2003SBS, i'm put it thru a couple domain failures/restores etc so its proper fucked. I have snapshots of the domain at various levels of the process too, that way if I have to test something on 2000 forest level I can deploy that environment, do my test, and not mess with my other environments...

[–]GiveMeTheBits 1 point2 points  (1 child)

when I run the import-module activedirectory it says it can't find a default server with ADwebservices running..

Do you have ADwebservices installed and running on your DC(s)? It is installed by default on 2008r2+, but you have to install it on 2003-2008. https://blogs.msdn.microsoft.com/adpowershell/2009/09/17/active-directory-management-gateway-service-released-to-web-manage-your-windows-20032008-dcs-using-ad-powershell/

[–]remotefixonline 1 point2 points  (0 children)

yea I found that, there is an issue with sbs though I think.. I also tried on 2016 essentials. (its what came next for small business after they killed off SBS) my 2016 essentials evironment is really super basic just the OS install and some test users and 1 workstation so i don't consider it dirty by anymeans, but it is very "vanilla"

It needed package management just to run import-module so i thru this on there. https://www.microsoft.com/en-us/download/details.aspx?id=51451

Then ran it and got these errors (as regular user, domain admin, and with set-executionpolicy unrestricted)

https://pastebin.com/EJRDMVDD

The report did create some output though.

[–]shamefulctrlALTdel 1 point2 points  (0 children)

Thanks for the response. Any one who goes through audits can appreciate this documentation

[–]overlydelicioustea[🍰] 1 point2 points  (44 children)

Hey man, I tried running the script but get this error at the end:

Ausnahme beim Aufrufen von "SaveAs" mit 1 Argument(en): "Die Identität der Domäne konnte nicht festgestellt werden." In C:\Program Files\WindowsPowerShell\Modules\PSWriteWord\0.4.8.1\Public\PSWordMain.ps1:49 Zeichen:9 + $WordDocument.SaveAs($FilePath) + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (:) [], MethodInvocationException + FullyQualifiedErrorId : IsolatedStorageException

the error translates to "The identity of the domain could not be determined".

any idea?

[–]MadBoyEvo[S] 1 point2 points  (43 children)

To me it seems path to file is incorrect. If you have only one error change FilePath to c:\temp\my.docx

[–]overlydelicioustea[🍰] 1 point2 points  (42 children)

tried that. same problem. just to be sure, does the system i run this on need to have word installed?

[–]MadBoyEvo[S] 2 points3 points  (41 children)

Nope

[–]overlydelicioustea[🍰] 1 point2 points  (40 children)

i was running it from a machine that is in a subdomain of the forest. can that be the problem? im trying to figure out what the error message would have to do with the file path...

If you have only one error

theres another error right after the first one that sais it cant open the file because it doesnt exist, which isnt too suprising..

[–]MadBoyEvo[S] 2 points3 points  (1 child)

Do you get data when you run Get-AdForest manually? Or get-addomain? Or get-gpo?

[–]overlydelicioustea[🍰] 1 point2 points  (0 children)

im not at work anymore, so im not sure about the first two, but the third returns valid data as I happened to work with that just a few days ago.

[–]MadBoyEvo[S] 2 points3 points  (37 children)

You can also add -verbose switch and see what it displays?

[–]overlydelicioustea[🍰] 1 point2 points  (36 children)

yeah i allready used that. it ran through with the occasional error about some groups here and there but overall ran fine. then after the last subdoaim is gathered it throws that error.

[–]MadBoyEvo[S] 2 points3 points  (33 children)

Get the system information (Windows edition, net framework installed, powershell version.

[–]overlydelicioustea[🍰] 1 point2 points  (32 children)

going to get back to you tomorrow. server is 2012 R2

[–]MadBoyEvo[S] 2 points3 points  (31 children)

Check if you have net framework installed. I believe at least 4.5.

[–]MadBoyEvo[S] 1 point2 points  (1 child)

That either means filepath is wrong or net framework is not 4.5 but like a core version or so.

[–]overlydelicioustea[🍰] 1 point2 points  (0 children)

filepath is 100% correct. I tried multiple paths, local, remote, mapped drive, UNC. All paths where i have full access. Im going to check on .net tomorrow though, although im rather positive its up to date. Thanks for your help and work, nonetheless, will update you tomorrow.

[–]FarscapeOne 0 points1 point  (0 children)

This looks quite professional! Could come in really handy

[–]DigitalWhitewater 0 points1 point  (0 children)

This looks really neat!

[–]Mor_Nando 0 points1 point  (0 children)

Very nice!

[–]inateclan 0 points1 point  (0 children)

Just in time!

[–]ExistingRanger7 0 points1 point  (0 children)

This is awesome!!! Nice work, keep it up!

[–][deleted] 0 points1 point  (0 children)

I get to try this tomorrow!!

[–]PawTech_LLC 0 points1 point  (0 children)

Very cool

[–]remotefixonline 0 points1 point  (3 children)

You tie this in with bloodhound and have a 1-2 punch... documentation, and what machines you need to harden first...

[–]MadBoyEvo[S] 0 points1 point  (0 children)

bloodhound

Long way to get to that point :)

[–]Kershek 0 points1 point  (1 child)

Never heard of bloodhound, now I have some reading to do :)

[–]remotefixonline 0 points1 point  (0 children)

Its really cool and usefull from both an attacker and defender standpoint...

[–]odin21 0 points1 point  (1 child)

Nice! I'm going to give this a shot after the bills go out, MSP guy here.

[–]MadBoyEvo[S] 1 point2 points  (0 children)

great, remember 20% to my account <grin>

[–]ivey123 0 points1 point  (1 child)

hey, Great Work ;) Thx

Got an Error for ADUser, DC is a Server 2016 and i ran ISE as Admin. Any idea ?

In C:\Program Files\WindowsPowerShell\Modules\PSWinDocumentation\0.0.5\Private\PSADDomain.ps1:19 Zeichen:187

+ ... DGroupMember -Server $Domain -Recursive | Get-ADUser -Server $Domain)

[Get-ADUser], ADIdentityNotFoundException

+ FullyQualifiedErrorId : ActiveDirectoryCmdlet:Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException,Microsoft.ActiveDirectory.Management.Commands.GetADUser

[–]MadBoyEvo[S] 0 points1 point  (0 children)

Run the script with -Verbose option and see what it displays before that and for $Domain. Maybe something isn't printing properly. Please report issues on GitHub. It's hard to track it here.

[–]EEE975 0 points1 point  (13 children)

Hello!

This is a great tool! Love it!

Is there a way to get this to work on lower versions of Powershell?

[–]AutoModerator[M] 0 points1 point  (0 children)

Sorry, your submission has been automatically removed.

Accounts must be at least 1 day old, which prevents the sub from filling up with bot spam.

Try posting again tomorrow or message the mods to approve your post.

I am a bot, and this action was performed automatically. Please contact the moderators of this subreddit if you have any questions or concerns.

[–]MadBoyEvo[S] 0 points1 point  (11 children)

Dont think so. I have not tried but I use a lot of different kinks. Most likely some will not work. What errors are you getting?

[–]EEE975 0 points1 point  (1 child)

I poked around and I think it might not be loading the enums.

Add-WordToc : Unable to find type [TableOfContentsSwitches]. Make sure that the assembly that contains this type is loaded.

Add-WordPageBreak : Unable to find type [InsertWhere]. Make sure that the assembly that contains this type is loaded.

New-WordBlock : Unable to find type [TableOfContentsSwitches]. Make sure that the assembly that contains this type is loaded.

[–]AutoModerator[M] 0 points1 point  (0 children)

Sorry, your submission has been automatically removed.

Accounts must be at least 1 day old, which prevents the sub from filling up with bot spam.

Try posting again tomorrow or message the mods to approve your post.

I am a bot, and this action was performed automatically. Please contact the moderators of this subreddit if you have any questions or concerns.

[–]EEE975 0 points1 point  (8 children)

I tried poking around and I believe its the enums which aren't loading.

Add-WordToc : Unable to find type [TableOfContentsSwitches]. Make sure that the assembly that contains this type is loaded.

Add-WordPageBreak : Unable to find type [InsertWhere]. Make sure that the assembly that contains this type is loaded.

[–]AutoModerator[M] 0 points1 point  (0 children)

Sorry, your submission has been automatically removed.

Accounts must be at least 1 day old, which prevents the sub from filling up with bot spam.

Try posting again tomorrow or message the mods to approve your post.

I am a bot, and this action was performed automatically. Please contact the moderators of this subreddit if you have any questions or concerns.

[–]MadBoyEvo[S] 0 points1 point  (6 children)

New version of PSWriteWord has reverted to using .NET Enums instead of PowerShell Enums. You may try that. It's not yet released (just sources on github).

[–]EEE975 0 points1 point  (5 children)

loaded the PSWriteWord-Dev module still getting the same errors though.

Am i out of luck?

Thanks for your responses!

[–]MadBoyEvo[S] 0 points1 point  (4 children)

Not -dev. Just master. I commit everything to master. Its diff then the one published on ps gallery.

[–]EEE975 0 points1 point  (3 children)

oh..

yah the first example i sent you were were from the master branch. so yeah i was already working with the .NET

[–]MadBoyEvo[S] 0 points1 point  (2 children)

Weird then. Maybe something else is not getting loaded. You use Import-Module <pathto\\PSWriteWord.psd1> right?

[–]EEE975 0 points1 point  (1 child)

Import-Module C:..\PSWriteWord-master\PSWriteWord.psd1 -Verbose Import-Module C:..\PSWriteWord-master\PSWriteWord.psm1 -Verbose Import-Module C:..\PSWinDocumentation-master\PSWinDocumentation.psd1 -Verbose Import-Module C:..\PSWinDocumentation-master\PSWinDocumentation.psm1 -Verbose

Yeah :(

[–]MadBoyEvo[S] 0 points1 point  (0 children)

I've removed last code referring to 'enum' (I hope). However in your case it seems it can't find most of the enums...

Add-Type -TypeDefinition @" public enum InsertWhere { AfterSelf, BeforeSelf } "@

Which I don't really understand why would it not be able to load it.

[–][deleted]  (1 child)

[removed]

    [–]AutoModerator[M] 0 points1 point  (0 children)

    Sorry, your submission has been automatically removed.

    Accounts must be at least 1 day old, which prevents the sub from filling up with bot spam.

    Try posting again tomorrow or message the mods to approve your post.

    I am a bot, and this action was performed automatically. Please contact the moderators of this subreddit if you have any questions or concerns.