From 807ea420b053b4bf9c407e1b74889cce4dbce774 Mon Sep 17 00:00:00 2001
From: Przemyslaw Klys <przemyslaw.klys@evotec.pl>
Date: Wed, 18 Nov 2020 19:43:16 +0100
Subject: [PATCH] Support for Forest/IncludeDomains/ExcludeDomains

---
 Private/Invoke.GPOZaurrAnalysis.ps1            |  2 +-
 Private/Invoke.GPOZaurrBlockedInheritance.ps1  |  2 +-
 Private/Invoke.GPOZaurrConsistency.ps1         |  4 +++-
 Private/Invoke.GPOZaurrDuplicate.ps1           |  2 +-
 Private/Invoke.GPOZaurrFiles.ps1               |  2 +-
 Private/Invoke.GPOZaurrList.ps1                |  2 +-
 Private/Invoke.GPOZaurrNetLogonOwners.ps1      |  2 +-
 Private/Invoke.GPOZaurrNetLogonPermissions.ps1 |  2 +-
 Private/Invoke.GPOZaurrOrphans.ps1             |  2 +-
 Private/Invoke.GPOZaurrOwners.ps1              |  4 +++-
 Private/Invoke.GPOZaurrPassword.ps1            |  2 +-
 Private/Invoke.GPOZaurrPermissions.ps1         |  2 +-
 Private/Invoke.GPOZaurrPermissionsRead.ps1     |  2 +-
 Private/Invoke.GPOZaurrPermissionsRoot.ps1     |  2 +-
 Private/Invoke.GPOZaurrSysVolLegacyFiles.ps1   |  2 +-
 Public/Invoke-GPOZaurr.ps1                     | 14 ++++++++++++--
 16 files changed, 31 insertions(+), 17 deletions(-)

diff --git a/Private/Invoke.GPOZaurrAnalysis.ps1 b/Private/Invoke.GPOZaurrAnalysis.ps1
index acc9701..9b71e7a 100644
--- a/Private/Invoke.GPOZaurrAnalysis.ps1
+++ b/Private/Invoke.GPOZaurrAnalysis.ps1
@@ -4,7 +4,7 @@
     ActionRequired = $null
     Data           = $null
     Execute        = {
-        Invoke-GPOZaurrContent
+        Invoke-GPOZaurrContent -Forest $Forest -IncludeDomains $IncludeDomains -ExcludeDomains $ExcludeDomains
     }
     Processing     = {
 
diff --git a/Private/Invoke.GPOZaurrBlockedInheritance.ps1 b/Private/Invoke.GPOZaurrBlockedInheritance.ps1
index b4bf832..644c253 100644
--- a/Private/Invoke.GPOZaurrBlockedInheritance.ps1
+++ b/Private/Invoke.GPOZaurrBlockedInheritance.ps1
@@ -4,7 +4,7 @@
     ActionRequired = $null
     Data           = $null
     Execute        = {
-        Get-GPOZaurrInheritance -IncludeBlockedObjects -OnlyBlockedInheritance
+        Get-GPOZaurrInheritance -IncludeBlockedObjects -OnlyBlockedInheritance -Forest $Forest -IncludeDomains $IncludeDomains -ExcludeDomains $ExcludeDomains
     }
     Processing     = {
 
diff --git a/Private/Invoke.GPOZaurrConsistency.ps1 b/Private/Invoke.GPOZaurrConsistency.ps1
index 4838481..14a4f59 100644
--- a/Private/Invoke.GPOZaurrConsistency.ps1
+++ b/Private/Invoke.GPOZaurrConsistency.ps1
@@ -3,7 +3,9 @@
     Enabled        = $true
     ActionRequired = $null
     Data           = $null
-    Execute        = { Get-GPOZaurrPermissionConsistency -Type All -VerifyInheritance }
+    Execute        = {
+        Get-GPOZaurrPermissionConsistency -Type All -VerifyInheritance -Forest $Forest -IncludeDomains $IncludeDomains -ExcludeDomains $ExcludeDomains
+    }
     Processing     = {
         foreach ($GPO in $Script:Reporting['GPOConsistency']['Data']) {
             if ($GPO.ACLConsistent -eq $true) {
diff --git a/Private/Invoke.GPOZaurrDuplicate.ps1 b/Private/Invoke.GPOZaurrDuplicate.ps1
index c5bc193..8affbde 100644
--- a/Private/Invoke.GPOZaurrDuplicate.ps1
+++ b/Private/Invoke.GPOZaurrDuplicate.ps1
@@ -4,7 +4,7 @@
     Action     = $null
     Data       = $null
     Execute    = {
-        Get-GPOZaurrDuplicateObject
+        Get-GPOZaurrDuplicateObject -Forest $Forest -IncludeDomains $IncludeDomains -ExcludeDomains $ExcludeDomains
     }
     Processing = {
         $Script:Reporting['GPODuplicates']['Variables']['RequireDeletion'] = $Script:Reporting['GPODuplicates']['Data'].Count
diff --git a/Private/Invoke.GPOZaurrFiles.ps1 b/Private/Invoke.GPOZaurrFiles.ps1
index a82843c..f96d416 100644
--- a/Private/Invoke.GPOZaurrFiles.ps1
+++ b/Private/Invoke.GPOZaurrFiles.ps1
@@ -4,7 +4,7 @@
     ActionRequired = $null
     Data           = $null
     Execute        = {
-        Get-GPOZaurrFiles
+        Get-GPOZaurrFiles -Forest $Forest -IncludeDomains $IncludeDomains -ExcludeDomains $ExcludeDomains
     }
     Processing     = {
 
diff --git a/Private/Invoke.GPOZaurrList.ps1 b/Private/Invoke.GPOZaurrList.ps1
index 7578f33..9a546ec 100644
--- a/Private/Invoke.GPOZaurrList.ps1
+++ b/Private/Invoke.GPOZaurrList.ps1
@@ -4,7 +4,7 @@
     Action     = $null
     Data       = $null
     Execute    = {
-        Get-GPOZaurr
+        Get-GPOZaurr -Forest $Forest -IncludeDomains $IncludeDomains -ExcludeDomains $ExcludeDomains
     }
     Processing = {
         foreach ($GPO in $Script:Reporting['GPOList']['Data']) {
diff --git a/Private/Invoke.GPOZaurrNetLogonOwners.ps1 b/Private/Invoke.GPOZaurrNetLogonOwners.ps1
index a22eb6a..3ad88c0 100644
--- a/Private/Invoke.GPOZaurrNetLogonOwners.ps1
+++ b/Private/Invoke.GPOZaurrNetLogonOwners.ps1
@@ -4,7 +4,7 @@
     ActionRequired = $null
     Data           = $null
     Execute        = {
-        Get-GPOZaurrNetLogon -OwnerOnly
+        Get-GPOZaurrNetLogon -OwnerOnly -Forest $Forest -IncludeDomains $IncludeDomains -ExcludeDomains $ExcludeDomains
     }
     Processing     = {
         foreach ($File in $Script:Reporting['NetLogonOwners']['Data']) {
diff --git a/Private/Invoke.GPOZaurrNetLogonPermissions.ps1 b/Private/Invoke.GPOZaurrNetLogonPermissions.ps1
index 81aff6c..fe3e2ca 100644
--- a/Private/Invoke.GPOZaurrNetLogonPermissions.ps1
+++ b/Private/Invoke.GPOZaurrNetLogonPermissions.ps1
@@ -4,7 +4,7 @@
     ActionRequired = $null
     Data           = $null
     Execute        = {
-        Get-GPOZaurrNetLogon -SkipOwner
+        Get-GPOZaurrNetLogon -SkipOwner -Forest $Forest -IncludeDomains $IncludeDomains -ExcludeDomains $ExcludeDomains
     }
     Processing     = {
         $Script:Reporting['NetLogonPermissions']['Variables']['PermissionWriteReviewPerDomain'] = @{}
diff --git a/Private/Invoke.GPOZaurrOrphans.ps1 b/Private/Invoke.GPOZaurrOrphans.ps1
index ec77123..ef349d6 100644
--- a/Private/Invoke.GPOZaurrOrphans.ps1
+++ b/Private/Invoke.GPOZaurrOrphans.ps1
@@ -4,7 +4,7 @@
     ActionRequired = $null
     Data           = $null
     Execute        = {
-        Get-GPOZaurrBroken
+        Get-GPOZaurrBroken -Forest $Forest -IncludeDomains $IncludeDomains -ExcludeDomains $ExcludeDomains
     }
     Processing     = {
         $Script:Reporting['GPOOrphans']['Variables']['ToBeDeletedPerDomain'] = @{}
diff --git a/Private/Invoke.GPOZaurrOwners.ps1 b/Private/Invoke.GPOZaurrOwners.ps1
index 29d9a8a..12fbcdd 100644
--- a/Private/Invoke.GPOZaurrOwners.ps1
+++ b/Private/Invoke.GPOZaurrOwners.ps1
@@ -3,7 +3,9 @@
     Enabled        = $true
     ActionRequired = $null
     Data           = $null
-    Execute        = { Get-GPOZaurrOwner -IncludeSysvol }
+    Execute        = {
+        Get-GPOZaurrOwner -IncludeSysvol -Forest $Forest -IncludeDomains $IncludeDomains -ExcludeDomains $ExcludeDomains
+    }
     Processing     = {
         # Create Per Domain Variables
         $Script:Reporting['GPOOwners']['Variables']['RequiresDiffFixPerDomain'] = @{}
diff --git a/Private/Invoke.GPOZaurrPassword.ps1 b/Private/Invoke.GPOZaurrPassword.ps1
index 3b882eb..af9c811 100644
--- a/Private/Invoke.GPOZaurrPassword.ps1
+++ b/Private/Invoke.GPOZaurrPassword.ps1
@@ -4,7 +4,7 @@
     Action     = $null
     Data       = $null
     Execute    = {
-        Get-GPOZaurrPassword
+        Get-GPOZaurrPassword -Forest $Forest -IncludeDomains $IncludeDomains -ExcludeDomains $ExcludeDomains
     }
     Processing = {
 
diff --git a/Private/Invoke.GPOZaurrPermissions.ps1 b/Private/Invoke.GPOZaurrPermissions.ps1
index f98adb3..e710d88 100644
--- a/Private/Invoke.GPOZaurrPermissions.ps1
+++ b/Private/Invoke.GPOZaurrPermissions.ps1
@@ -4,7 +4,7 @@
     Action     = $null
     Data       = $null
     Execute    = {
-        Get-GPOZaurrPermission -Type All -IncludePermissionType GpoEditDeleteModifySecurity, GpoEdit, GpoCustom #-IncludeOwner
+        Get-GPOZaurrPermission -Type All -IncludePermissionType GpoEditDeleteModifySecurity, GpoEdit, GpoCustom -Forest $Forest -IncludeDomains $IncludeDomains -ExcludeDomains $ExcludeDomains
     }
     Processing = {
 
diff --git a/Private/Invoke.GPOZaurrPermissionsRead.ps1 b/Private/Invoke.GPOZaurrPermissionsRead.ps1
index 61973b7..aca77fe 100644
--- a/Private/Invoke.GPOZaurrPermissionsRead.ps1
+++ b/Private/Invoke.GPOZaurrPermissionsRead.ps1
@@ -5,7 +5,7 @@
     Data       = $null
     Execute    = {
         [ordered] @{
-            Permissions = Get-GPOZaurrPermission -Type AuthenticatedUsers -ReturnSecurityWhenNoData
+            Permissions = Get-GPOZaurrPermission -Type AuthenticatedUsers -ReturnSecurityWhenNoData -Forest $Forest -IncludeDomains $IncludeDomains -ExcludeDomains $ExcludeDomains
             Issues      = Get-GPOZaurrPermissionIssue
         }
     }
diff --git a/Private/Invoke.GPOZaurrPermissionsRoot.ps1 b/Private/Invoke.GPOZaurrPermissionsRoot.ps1
index 4e3fc0a..4713737 100644
--- a/Private/Invoke.GPOZaurrPermissionsRoot.ps1
+++ b/Private/Invoke.GPOZaurrPermissionsRoot.ps1
@@ -4,7 +4,7 @@
     Action     = $null
     Data       = $null
     Execute    = {
-        Get-GPOZaurrPermissionRoot -SkipNames
+        Get-GPOZaurrPermissionRoot -SkipNames -Forest $Forest -IncludeDomains $IncludeDomains -ExcludeDomains $ExcludeDomains
     }
     Processing = {
 
diff --git a/Private/Invoke.GPOZaurrSysVolLegacyFiles.ps1 b/Private/Invoke.GPOZaurrSysVolLegacyFiles.ps1
index d8dbf70..c4eb180 100644
--- a/Private/Invoke.GPOZaurrSysVolLegacyFiles.ps1
+++ b/Private/Invoke.GPOZaurrSysVolLegacyFiles.ps1
@@ -4,7 +4,7 @@
     Action     = $null
     Data       = $null
     Execute    = {
-        Get-GPOZaurrLegacyFiles
+        Get-GPOZaurrLegacyFiles -Forest $Forest -IncludeDomains $IncludeDomains -ExcludeDomains $ExcludeDomains
     }
     Processing = {
 
diff --git a/Public/Invoke-GPOZaurr.ps1 b/Public/Invoke-GPOZaurr.ps1
index 249873b..32b9c5b 100644
--- a/Public/Invoke-GPOZaurr.ps1
+++ b/Public/Invoke-GPOZaurr.ps1
@@ -5,7 +5,11 @@
         [string] $FilePath,
         [string[]] $Type,
         [switch] $PassThru,
-        [switch] $HideHTML
+        [switch] $HideHTML,
+
+        [alias('ForestName')][string] $Forest,
+        [string[]] $ExcludeDomains,
+        [alias('Domain', 'Domains')][string[]] $IncludeDomains
     )
     Reset-GPOZaurrStatus # This makes sure types are at it's proper status
 
@@ -30,6 +34,12 @@
         Write-Color '[i]', "[GPOZaurr] ", 'Not supported types', ' [Informative] ', "Please use one/multiple from the list: ", ($Script:GPOConfiguration.Keys -join ', ') -Color Yellow, DarkGray, Yellow, DarkGray, Yellow, Magenta
         return
     }
+    $DisplayForest = if ($Forest) { $Forest } else { 'Not defined. Using current one' }
+    $DisplayIncludedDomains = if ($IncludeDomains) { $IncludeDomains -join "," } else { 'Not defined. Using all domains of forest' }
+    $DisplayExcludedDomains = if ($ExcludeDomains) { $ExcludeDomains -join ',' } else { 'No exclusions provided' }
+    Write-Color '[i]', "[GPOZaurr] ", 'Domain Information', ' [Informative] ', "Forest: ", $DisplayForest -Color Yellow, DarkGray, Yellow, DarkGray, Yellow, Magenta
+    Write-Color '[i]', "[GPOZaurr] ", 'Domain Information', ' [Informative] ', "Included Domains: ", $DisplayIncludedDomains -Color Yellow, DarkGray, Yellow, DarkGray, Yellow, Magenta
+    Write-Color '[i]', "[GPOZaurr] ", 'Domain Information', ' [Informative] ', "Excluded Domains: ", $DisplayExcludedDomains -Color Yellow, DarkGray, Yellow, DarkGray, Yellow, Magenta
 
     # Lets make sure we only enable those types which are requestd by user
     if ($Type) {
@@ -56,7 +66,7 @@
             }
             $TimeLogGPOList = Start-TimeLog
             Write-Color -Text '[i]', '[Start] ', $($Script:GPOConfiguration[$T]['Name']) -Color Yellow, DarkGray, Yellow
-            $Script:Reporting[$T]['Data'] = Invoke-Command -ScriptBlock $Script:GPOConfiguration[$T]['Execute'] -WarningVariable CommandWarnings -ErrorVariable CommandErrors
+            $Script:Reporting[$T]['Data'] = Invoke-Command -ScriptBlock $Script:GPOConfiguration[$T]['Execute'] -WarningVariable CommandWarnings -ErrorVariable CommandErrors -ArgumentList $Forest, $ExcludeDomains, $IncludeDomains
             Invoke-Command -ScriptBlock $Script:GPOConfiguration[$T]['Processing']
             $Script:Reporting[$T]['WarningsAndErrors'] = @(
                 foreach ($War in $CommandWarnings) {