Support for Forest/IncludeDomains/ExcludeDomains

EvotecIT · Nov 18, 2020 · 807ea42 · 807ea42
1 parent 9cd28b1
commit 807ea42
Show file tree

Hide file tree

Showing 16 changed files with 31 additions and 17 deletions.
diff --git a/Private/Invoke.GPOZaurrAnalysis.ps1 b/Private/Invoke.GPOZaurrAnalysis.ps1
@@ -4,7 +4,7 @@
     ActionRequired = $null
     Data           = $null
     Execute        = {
-        Invoke-GPOZaurrContent
+        Invoke-GPOZaurrContent -Forest $Forest -IncludeDomains $IncludeDomains -ExcludeDomains $ExcludeDomains
     }
     Processing     = {
 

diff --git a/Private/Invoke.GPOZaurrBlockedInheritance.ps1 b/Private/Invoke.GPOZaurrBlockedInheritance.ps1
@@ -4,7 +4,7 @@
     ActionRequired = $null
     Data           = $null
     Execute        = {
-        Get-GPOZaurrInheritance -IncludeBlockedObjects -OnlyBlockedInheritance
+        Get-GPOZaurrInheritance -IncludeBlockedObjects -OnlyBlockedInheritance -Forest $Forest -IncludeDomains $IncludeDomains -ExcludeDomains $ExcludeDomains
     }
     Processing     = {
 

diff --git a/Private/Invoke.GPOZaurrConsistency.ps1 b/Private/Invoke.GPOZaurrConsistency.ps1
@@ -3,7 +3,9 @@
     Enabled        = $true
     ActionRequired = $null
     Data           = $null
-    Execute        = { Get-GPOZaurrPermissionConsistency -Type All -VerifyInheritance }
+    Execute        = {
+        Get-GPOZaurrPermissionConsistency -Type All -VerifyInheritance -Forest $Forest -IncludeDomains $IncludeDomains -ExcludeDomains $ExcludeDomains
+    }
     Processing     = {
         foreach ($GPO in $Script:Reporting['GPOConsistency']['Data']) {
             if ($GPO.ACLConsistent -eq $true) {

diff --git a/Private/Invoke.GPOZaurrDuplicate.ps1 b/Private/Invoke.GPOZaurrDuplicate.ps1
@@ -4,7 +4,7 @@
     Action     = $null
     Data       = $null
     Execute    = {
-        Get-GPOZaurrDuplicateObject
+        Get-GPOZaurrDuplicateObject -Forest $Forest -IncludeDomains $IncludeDomains -ExcludeDomains $ExcludeDomains
     }
     Processing = {
         $Script:Reporting['GPODuplicates']['Variables']['RequireDeletion'] = $Script:Reporting['GPODuplicates']['Data'].Count

diff --git a/Private/Invoke.GPOZaurrFiles.ps1 b/Private/Invoke.GPOZaurrFiles.ps1
@@ -4,7 +4,7 @@
     ActionRequired = $null
     Data           = $null
     Execute        = {
-        Get-GPOZaurrFiles
+        Get-GPOZaurrFiles -Forest $Forest -IncludeDomains $IncludeDomains -ExcludeDomains $ExcludeDomains
     }
     Processing     = {
 

diff --git a/Private/Invoke.GPOZaurrList.ps1 b/Private/Invoke.GPOZaurrList.ps1
@@ -4,7 +4,7 @@
     Action     = $null
     Data       = $null
     Execute    = {
-        Get-GPOZaurr
+        Get-GPOZaurr -Forest $Forest -IncludeDomains $IncludeDomains -ExcludeDomains $ExcludeDomains
     }
     Processing = {
         foreach ($GPO in $Script:Reporting['GPOList']['Data']) {

diff --git a/Private/Invoke.GPOZaurrNetLogonOwners.ps1 b/Private/Invoke.GPOZaurrNetLogonOwners.ps1
@@ -4,7 +4,7 @@
     ActionRequired = $null
     Data           = $null
     Execute        = {
-        Get-GPOZaurrNetLogon -OwnerOnly
+        Get-GPOZaurrNetLogon -OwnerOnly -Forest $Forest -IncludeDomains $IncludeDomains -ExcludeDomains $ExcludeDomains
     }
     Processing     = {
         foreach ($File in $Script:Reporting['NetLogonOwners']['Data']) {

diff --git a/Private/Invoke.GPOZaurrNetLogonPermissions.ps1 b/Private/Invoke.GPOZaurrNetLogonPermissions.ps1
@@ -4,7 +4,7 @@
     ActionRequired = $null
     Data           = $null
     Execute        = {
-        Get-GPOZaurrNetLogon -SkipOwner
+        Get-GPOZaurrNetLogon -SkipOwner -Forest $Forest -IncludeDomains $IncludeDomains -ExcludeDomains $ExcludeDomains
     }
     Processing     = {
         $Script:Reporting['NetLogonPermissions']['Variables']['PermissionWriteReviewPerDomain'] = @{}

diff --git a/Private/Invoke.GPOZaurrOrphans.ps1 b/Private/Invoke.GPOZaurrOrphans.ps1
@@ -4,7 +4,7 @@
     ActionRequired = $null
     Data           = $null
     Execute        = {
-        Get-GPOZaurrBroken
+        Get-GPOZaurrBroken -Forest $Forest -IncludeDomains $IncludeDomains -ExcludeDomains $ExcludeDomains
     }
     Processing     = {
         $Script:Reporting['GPOOrphans']['Variables']['ToBeDeletedPerDomain'] = @{}

diff --git a/Private/Invoke.GPOZaurrOwners.ps1 b/Private/Invoke.GPOZaurrOwners.ps1
@@ -3,7 +3,9 @@
     Enabled        = $true
     ActionRequired = $null
     Data           = $null
-    Execute        = { Get-GPOZaurrOwner -IncludeSysvol }
+    Execute        = {
+        Get-GPOZaurrOwner -IncludeSysvol -Forest $Forest -IncludeDomains $IncludeDomains -ExcludeDomains $ExcludeDomains
+    }
     Processing     = {
         # Create Per Domain Variables
         $Script:Reporting['GPOOwners']['Variables']['RequiresDiffFixPerDomain'] = @{}

diff --git a/Private/Invoke.GPOZaurrPassword.ps1 b/Private/Invoke.GPOZaurrPassword.ps1
@@ -4,7 +4,7 @@
     Action     = $null
     Data       = $null
     Execute    = {
-        Get-GPOZaurrPassword
+        Get-GPOZaurrPassword -Forest $Forest -IncludeDomains $IncludeDomains -ExcludeDomains $ExcludeDomains
     }
     Processing = {
 

diff --git a/Private/Invoke.GPOZaurrPermissions.ps1 b/Private/Invoke.GPOZaurrPermissions.ps1
@@ -4,7 +4,7 @@
     Action     = $null
     Data       = $null
     Execute    = {
-        Get-GPOZaurrPermission -Type All -IncludePermissionType GpoEditDeleteModifySecurity, GpoEdit, GpoCustom #-IncludeOwner
+        Get-GPOZaurrPermission -Type All -IncludePermissionType GpoEditDeleteModifySecurity, GpoEdit, GpoCustom -Forest $Forest -IncludeDomains $IncludeDomains -ExcludeDomains $ExcludeDomains
     }
     Processing = {
 

diff --git a/Private/Invoke.GPOZaurrPermissionsRead.ps1 b/Private/Invoke.GPOZaurrPermissionsRead.ps1
@@ -5,7 +5,7 @@
     Data       = $null
     Execute    = {
         [ordered] @{
-            Permissions = Get-GPOZaurrPermission -Type AuthenticatedUsers -ReturnSecurityWhenNoData
+            Permissions = Get-GPOZaurrPermission -Type AuthenticatedUsers -ReturnSecurityWhenNoData -Forest $Forest -IncludeDomains $IncludeDomains -ExcludeDomains $ExcludeDomains
             Issues      = Get-GPOZaurrPermissionIssue
         }
     }

diff --git a/Private/Invoke.GPOZaurrPermissionsRoot.ps1 b/Private/Invoke.GPOZaurrPermissionsRoot.ps1
@@ -4,7 +4,7 @@
     Action     = $null
     Data       = $null
     Execute    = {
-        Get-GPOZaurrPermissionRoot -SkipNames
+        Get-GPOZaurrPermissionRoot -SkipNames -Forest $Forest -IncludeDomains $IncludeDomains -ExcludeDomains $ExcludeDomains
     }
     Processing = {
 

diff --git a/Private/Invoke.GPOZaurrSysVolLegacyFiles.ps1 b/Private/Invoke.GPOZaurrSysVolLegacyFiles.ps1
@@ -4,7 +4,7 @@
     Action     = $null
     Data       = $null
     Execute    = {
-        Get-GPOZaurrLegacyFiles
+        Get-GPOZaurrLegacyFiles -Forest $Forest -IncludeDomains $IncludeDomains -ExcludeDomains $ExcludeDomains
     }
     Processing = {
 

diff --git a/Public/Invoke-GPOZaurr.ps1 b/Public/Invoke-GPOZaurr.ps1
@@ -5,7 +5,11 @@
         [string] $FilePath,
         [string[]] $Type,
         [switch] $PassThru,
-        [switch] $HideHTML
+        [switch] $HideHTML,
+
+        [alias('ForestName')][string] $Forest,
+        [string[]] $ExcludeDomains,
+        [alias('Domain', 'Domains')][string[]] $IncludeDomains
     )
     Reset-GPOZaurrStatus # This makes sure types are at it's proper status
 
@@ -30,6 +34,12 @@
         Write-Color '[i]', "[GPOZaurr] ", 'Not supported types', ' [Informative] ', "Please use one/multiple from the list: ", ($Script:GPOConfiguration.Keys -join ', ') -Color Yellow, DarkGray, Yellow, DarkGray, Yellow, Magenta
         return
     }
+    $DisplayForest = if ($Forest) { $Forest } else { 'Not defined. Using current one' }
+    $DisplayIncludedDomains = if ($IncludeDomains) { $IncludeDomains -join "," } else { 'Not defined. Using all domains of forest' }
+    $DisplayExcludedDomains = if ($ExcludeDomains) { $ExcludeDomains -join ',' } else { 'No exclusions provided' }
+    Write-Color '[i]', "[GPOZaurr] ", 'Domain Information', ' [Informative] ', "Forest: ", $DisplayForest -Color Yellow, DarkGray, Yellow, DarkGray, Yellow, Magenta
+    Write-Color '[i]', "[GPOZaurr] ", 'Domain Information', ' [Informative] ', "Included Domains: ", $DisplayIncludedDomains -Color Yellow, DarkGray, Yellow, DarkGray, Yellow, Magenta
+    Write-Color '[i]', "[GPOZaurr] ", 'Domain Information', ' [Informative] ', "Excluded Domains: ", $DisplayExcludedDomains -Color Yellow, DarkGray, Yellow, DarkGray, Yellow, Magenta
 
     # Lets make sure we only enable those types which are requestd by user
     if ($Type) {
@@ -56,7 +66,7 @@
             }
             $TimeLogGPOList = Start-TimeLog
             Write-Color -Text '[i]', '[Start] ', $($Script:GPOConfiguration[$T]['Name']) -Color Yellow, DarkGray, Yellow
-            $Script:Reporting[$T]['Data'] = Invoke-Command -ScriptBlock $Script:GPOConfiguration[$T]['Execute'] -WarningVariable CommandWarnings -ErrorVariable CommandErrors
+            $Script:Reporting[$T]['Data'] = Invoke-Command -ScriptBlock $Script:GPOConfiguration[$T]['Execute'] -WarningVariable CommandWarnings -ErrorVariable CommandErrors -ArgumentList $Forest, $ExcludeDomains, $IncludeDomains
             Invoke-Command -ScriptBlock $Script:GPOConfiguration[$T]['Processing']
             $Script:Reporting[$T]['WarningsAndErrors'] = @(
                 foreach ($War in $CommandWarnings) {