-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathExport-ActiveDirectoryVisioMap.ps1
408 lines (369 loc) · 16.4 KB
/
Export-ActiveDirectoryVisioMap.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
#############################################################################
# Author : Tyler Cox
# Editor : Kyle Schuler
#
# Version : 1.3
# Created : 11/2/2021
# Modified : 09/04/2024
#
# Purpose : This script will build an inventory of all GPOs and their links.
#
# Requirements: A computer with Active Directory Admin Center (ADAC) installed and a
# user account with enough privileges
#
# Change Log: Ver 1.0 - Initial release
# Ver 1.1 - Fixed Visio Cmdlet Parameters,
# - Adjusted for Azure AD joined devices
# - Fixed issue with importing Visio module
# - Reduced output to console
# Ver 1.2 - Added more error handling and output, refactored, reformatted
# Ver 1.3 - Added options for user to include or exclude GPOs, and choose the direction of the layout
#
#############################################################################
Clear-Host
Write-Output "Starting up..."
#Import the modules
Try {
Write-Output "Importing the required modules"
Import-Module ActiveDirectory -ErrorAction Stop
Import-Module GroupPolicy -ErrorAction Stop
Import-Module Visio -ErrorAction Stop
}
Catch {
Write-Error "Error importing the required modules"
if($Error[0].Exception.Message -like "*ActiveDirectory*") {
Write-Error "Unable to import the ActiveDirectory module. Please ensure you have RSAT installed"
Read-Host "Press any key to exit"
exit
}
if($Error[0].Exception.Message -like "*GroupPolicy*") {
Write-Error "Unable to import the GroupPolicy module. Please ensure you have RSAT installed"
Read-Host "Press any key to exit"
exit
}
if($Error[0].Exception.Message -like "*Visio*") {
Write-Error "Unable to import the Visio module. Please ensure you have the Visio module installed"
Read-Host "Press any key to exit"
exit
}
}
################################################################
# Adjust the following variables to suit your environment
# Set up options
$IncludeGPOs = $true
$LayoutDirection = "TopToBottom"
################################################################
# Get user input
do{
if($IncludeGPOs){ $IncludeGPOsInput = "Y" }
else { $IncludeGPOsInput = "N" }
Write-Output ""
Write-Output "Would you like to include GPOs in the map? Y/N"
$IncludeGPOsInput = Read-Host "Type Y or N and press Enter, or press Enter to accept the default of $IncludeGPOsInput"
if($IncludeGPOsInput.ToUpper() -eq "Y") { $IncludeGPOs = $true; break }
elseif($IncludeGPOsInput.ToUpper() -eq "N") { $IncludeGPOs = $false; break }
else { Write-Output "Invalid input. Please try again." }
} while($true)
do{
if($LayoutDirection -eq "TopToBottom") { $LayoutDirectionInput = "1" }
else { $LayoutDirectionInput = "2" }
Write-Output ""
Write-Output "Choose the direction of the layout:"
Write-Output "1. Top to Bottom"
Write-Output "2. Left to Right"
$LayoutDirectionInput = Read-Host "Type 1 or 2 and press Enter, or press Enter to accept the default of $LayoutDirectionInput"
if($LayoutDirectionInput -eq "1") { $LayoutDirection = "TopToBottom"; break }
elseif($LayoutDirectionInput -eq "2") { $LayoutDirection = "LeftToRight"; break }
else { Write-Output "Invalid input. Please try again." }
} while($true)
try {
Write-Output "Creating the Visio Document"
#Create the Visio Application
New-VisioApplication
#Create the Visio Document
$VisioDoc = New-VisioDocument
#Create the Visio Page
$Page = $VisioDoc.Pages[1]
#Create the Visio Point at 1,1
$Point_1_1 = New-VisioPoint -X 1.0 -Y 1.0
}
catch {
Write-Error "Error creating the Visio document or page $_"
Read-Host "Press any key to exit"
exit
}
#Set our counters
$nodeCount = 0
$conCount = 0
$gpoCount = 0
#Get our root domain from the current logged on user
$DNSDomain = $env:USERDNSDOMAIN
if($null -eq $DNSDomain) {
Write-Warning "Unable to get the DNS Domain. Please ensure you are logged in to a domain joined computer, or have your default domain set"
Read-Host "Press any key to continue"
}
Write-Output "Getting the OUs from the domain $DNSDomain"
#Get all OUs except LostAndFound
try {
$OUs = Get-ADOrganizationalUnit -Server $DNSDomain -Filter 'Name -like "*"' -Properties Name, DistinguishedName, CanonicalName, LinkedGroupPolicyObjects | `
Where-Object {$_.canonicalname -notlike "*LostandFound*"} | Select-Object Name, Canonicalname, DistinguishedName, LinkedGroupPolicyObjects | `
Sort-Object CanonicalName # | Select -First 50
}
catch {
Write-Error "Error getting the OUs from the domain $DNSDomain $_"
Read-Host "Press any key to exit"
exit
}
try {
#Gather our shapes from Visio's stencils
$ADO_u = Open-VisioDocument "ADO_U.vss"
$connectors = Open-VisioDocument "Connectors.vss"
$masterOU = Get-VisioMaster "Organizational Unit" -Document $ADO_u
$connector = Get-VisioMaster "Dynamic Connector" -Document $Connectors
$masterDomain = Get-VisioMaster "Domain" -Document $ADO_u
$masterGPO = Get-VisioMaster "Policy" -Document $ADO_u
}
catch {
Write-Error "Error getting the Visio shapes $_"
Read-Host "Press any key to exit"
exit
}
try {
#Create our first shape. This is the root domain node
$n0 = New-VisioShape -Master $MasterDomain -Position $Point_1_1
#Set shape properties
$n0.Text = $DNSDomain
$n0.Name = "n" + $DNSDomain
}
catch {
Write-Error "Error creating the root domain shape $_"
Read-Host "Press any key to exit"
exit
}
if ($IncludeGPOs) {
Write-Output "Getting the GPOs linked to the root domain $DNSDomain"
#Get Root Domain linked GPOs and process them accordingly
try {
$RootGPOs = Get-ADObject -Server $DNSDomain -Identity (Get-ADDomain -Identity $DNSDomain).distinguishedName -Properties name, distinguishedName, gPLink, gPOptions
}
catch {
Write-Error "Error getting the GPOs linked to the root domain $DNSDomain $_"
Read-Host "Press any key to exit"
exit
}#Loop through each root GPO
Write-Output "Creating the GPO shapes and connecting them to the root domain"
ForEach ($gpolink in $RootGPOs.gPlink -split "\]\[") {
#Add to our counters (for naming)
$gpoCount += 1
$conCount += 1
#get only the GUID of the gpo
$gpoGUID = ([Regex]::Match($gpoLink, '{[a-zA-Z0-9]{8}[-][a-zA-Z0-9]{4}[-][a-zA-Z0-9]{4}[-][a-zA-Z0-9]{4}[-][a-zA-Z0-9]{12}}')).Value
#pull details for the GPO based on the GUID
try {
$gpo = Get-GPO -Guid $gpoGUID -Domain $DNSDomain
}
catch {
Write-Warning "Error getting the GPO with GUID $gpoGUID $_"
Write-Warning "Skipping this GPO"
Continue
}
#declare what we'll call the gpo shape
$shapename = "g" + $gpoCount
#Create the GPO shape
$shapeGPO = New-VisioShape -Master $MasterGPO -Position $Point_1_1
#Set the shape properties
$ShapeGPO.Text = $GPO.DisplayName
$ShapeGPO.Name = $shapename
#Set the shape's custom properties
$GUID = "{" + $gpo.id.guid + "}"
If ($GPO.DisplayName) {
Set-VisioCustomProperty -Shape $ShapeGPO -Name "GPOName" -Value $GPO.DisplayName
}
If ($GPO.Description) {
Set-VisioCustomProperty -Shape $ShapeGPO -Name "Description" -Value $GPO.Description
}
If ($GPO.ID.Guid) {
Set-VisioCustomProperty -Shape $shapeGPO -Name "GUID" -Value $GUID
}
If ($GPO.GPOStatus) {
Set-VisioCustomProperty -Shape $shapeGPO -Name "Status" -Value $GPO.GpoStatus.ToString()
}
If ($GPO.CreationTime) {
Set-VisioCustomProperty -Shape $shapeGPO -Name "CreationTime" -Value $GPO.CreationTime.ToString()
}
If ($GPO.ModificationTime) {
Set-VisioCustomProperty -Shape $shapeGPO -Name "ModifiedTime" -Value $GPO.ModificationTime.ToString()
}
If ($GPO.WmiFilter) {
Set-VisioCustomProperty -Shape $shapeGPO -Name "WMIFilterName" -Value $GPO.WMIFilter.Name
}
#Create the shape's connections
$con = Connect-VisioShape -From $n0 -To $shapeGPO -Master $connector
#Set the connections custom properties
$con.text = "GPO"
$con.name = "gcon" + $conCount #We name it like this so that later we can identify all GPO connections for formatting of the connector's text
$con_cells = New-VisioShapeCells
$con_cells.LineColor = "rgb(0,175,240)"
$con_cells.LineEndArrowSize = "3"
$con_cells.LineBeginArrowSize = "2"
$con_cells.LineEndArrow = "42"
$con_cells.LineBeginArrow = "4"
$con_cells.CharColor = "rgb(0,175,240)"
#Set the shape properties
Set-VisioShapeCells -Cells $con_cells -Shape $con
}
}
Write-Output "Creating the OU shapes and connecting them to the root domain"
#Loop through each OU
ForEach ($ou in $OUs) {
#Add to our counters
$nodeCount += 1
$conCount += 1
#Massage the OU details to get the name
$OUName = $OU.Name
#Massage the OU details to get the Canonical name. We use this to get the previous OU name
$OUConName = $OU.Canonicalname
$nameSplit = $ou.CanonicalName -split '(?<!\\)/'
$nameRecombined = $nameSplit[0..($nameSplit.length - 2)] -join "/"
#If the previous OU name is the root domain..
If ($nameSplit[$index - 2] -eq $DNSDomain) {
#declare what we'll call the shape
$shapename = "n" + $OUConName
#Create the new shape
$shape = New-VisioShape -Master $MasterOU -Position $Point_1_1
#Set the shape details
$Shape.Text = $OUName
$Shape.Name = $shapename
#Set custom properties of the shape
Set-VisioCustomProperty -Shape $shape -Name "OU_Name" -Value $OU.Name
Set-VisioCustomProperty -Shape $shape -Name "DistinguishedName" -Value $OU.DistinguishedName
if ($IncludeGPOs) {
Set-VisioCustomProperty -Shape $shape -Name "Linked_GPOs" -Value $OU.LinkedGroupPolicyObjects.Count
}
#Connect the shape to the root domain shape
Connect-VisioShape -From $n0 -To $shape -Master $connector | Out-Null
}
#If it's not the root domain, then do this..
else {
#Set the name of the previous shape
$prevOUName = "n" + $nameRecombined
#Get the previous shape from Visio based on the name
$prevOUshape = Get-VisioShape -Name * | Where-Object {$_.Nameu -eq $prevOUName}
#Set the name of the new shape
$shapename = "n" + $OUConName
#Create the new shape
$shape = New-VisioShape -Master $MasterOU -Position $Point_1_1
#Set the shape properties
$Shape.Text = $OUName
$Shape.Name = $shapename
#Set custom properties of the shape
Set-VisioCustomProperty -Shape $shape -Name "OU_Name" -Value $OU.Name
Set-VisioCustomProperty -Shape $shape -Name "DistinguishedName" -Value $OU.DistinguishedName
if ($IncludeGPOs) {
Set-VisioCustomProperty -Shape $shape -Name "Linked_GPOs" -Value $OU.LinkedGroupPolicyObjects.Count
}
#Connect the shape to the previous shape
Connect-VisioShape -From $prevOUshape -To $shape -Master $connector | Out-Null
}
#If the OU had linked GPOs..
If ($OU.LinkedGroupPolicyObjects -and $IncludeGPOs) {
#Loop through each GPO
Foreach ($gpoLink in $OU.LinkedGroupPolicyObjects) {
#increase our counters
$gpoCount += 1
$conCount += 1
#get only the GUID of the gpo
$gpoGUID = ([Regex]::Match($gpoLink, '{[a-zA-Z0-9]{8}[-][a-zA-Z0-9]{4}[-][a-zA-Z0-9]{4}[-][a-zA-Z0-9]{4}[-][a-zA-Z0-9]{12}}')).Value
#Create the GPO shape
try {
$gpo = Get-GPO -Guid $gpoGUID -Domain $DNSDomain
}
catch {
Write-Warning "Error getting the GPO with GUID $gpoGUID $_"
Write-Warning "Skipping this GPO"
Continue
}
#declare what we'll call the gpo shape
$shapename = "g" + $gpoCount
#Create the GPO shape
$shapeGPO = New-VisioShape -Master $MasterGPO -Position $Point_1_1
#Set the shape properties
$ShapeGPO.Text = $GPO.DisplayName
$ShapeGPO.Name = $shapename
$GUID = "{" + $gpo.id.guid + "}"
If ($GPO.DisplayName) {
Set-VisioCustomProperty -Shape $ShapeGPO -Name "GPOName" -Value $GPO.DisplayName
}
If ($GPO.Description) {
Set-VisioCustomProperty -Shape $ShapeGPO -Name "Description" -Value $GPO.Description
}
If ($GPO.ID.Guid) {
Set-VisioCustomProperty -Shape $shapeGPO -Name "GUID" -Value $GUID
}
If ($GPO.GPOStatus) {
Set-VisioCustomProperty -Shape $shapeGPO -Name "Status" -Value $GPO.GpoStatus.ToString()
}
If ($GPO.CreationTime) {
Set-VisioCustomProperty -Shape $shapeGPO -Name "CreationTime" -Value $GPO.CreationTime.ToString()
}
If ($GPO.ModificationTime) {
Set-VisioCustomProperty -Shape $shapeGPO -Name "ModifiedTime" -Value $GPO.ModificationTime.ToString()
}
If ($GPO.WmiFilter) {
Set-VisioCustomProperty -Shape $shapeGPO -Name "WMIFilterName" -Value $GPO.WMIFilter.Name
}
#Create the shape's connections
$con = Connect-VisioShape -From $shape -To $shapeGPO -Master $connector
$con.text = "GPO"
$con.Name = "gcon" + $conCount #We name it like this so that later we can identify all GPO connections for formatting of the connector's text
$con_cells = New-VisioShapeCells
$con_cells.LineColor = "rgb(0,175,240)"
$con_cells.LineEndArrowSize = "3"
$con_cells.LineBeginArrowSize = "2"
$con_cells.LineEndArrow = "42"
$con_cells.LineBeginArrow = "4"
$con_cells.CharColor = "rgb(0,175,240)"
#Set the shape properties
Set-VisioShapeCells -Cells $con_cells -Shape $con
}
}
}
try {
Write-Output "Formatting the Visio Page"
#Create a new layout object
$ls = New-Object VisioAutomation.Models.LayoutStyles.hierarchyLayoutStyle
#set object properties (this is how we format the page)
$ls.AvenueSizeX = 1
$ls.AvenueSizeY = 1
$ls.LayoutDirection = $LayoutDirection
$ls.ConnectorStyle = "Simple"
$ls.ConnectorAppearance = "Straight"
$ls.horizontalAlignment = "Left"
$ls.verticalAlignment = "Top"
#Apply the layout object to the page
Format-VisioPage -LayoutStyle $ls
#Change the page's size to match the new data
Format-VisioPage -FitContents -BorderWidth 1.0 -BorderHeight 1.0
#This section is to set text for the GPO shapes based on the length of the line. We had to move the shapes around first before we could run this part.
#Create a new Shape Cell Object
$con_cells = New-VisioShapeCells
#Set the location of the text based on the length of the line
$con_cells.TextFormPinX = "=POINTALONGPATH(Geometry1.Path,1)"
$con_cells.TextFormPinY = "=POINTALONGPATH(Geometry1.Path,.75)"
#Get all gpo connections
$gpoShapes = Get-VisioShape -Name * | Where-Object {$_.Nameu -like "gcon*"}
#Loop through each connection
ForEach($shape in $gpoShapes) {
#Set the shape from the shape cell object
Set-VisioShapeCells -Cells $con_cells -Shape $shape
}
Write-Output "Visio Page formatted"
Write-Output "Visio Document created"
}
catch {
Write-Warning "Error formatting the Visio page $_"
Write-Output "Unless there were errors, the Visio document should be created, but may not be formatted correctly"
}
# Powershell garbage collection
[System.GC]::Collect()
[System.GC]::WaitForPendingFinalizers()