TestimoX

API Reference

Command

Invoke-ADXDirectoryEssentials

Namespace ADPlayground.PowerShell
Outputs
ADPlayground.DirectoryEssentials.DirectoryEssentialsSnapshot

Generates a Directory Essentials HTML report for user, computer, group, and security hygiene.

Examples

Generated fallback example

Generated fallback example from command syntax.


Invoke-ADXDirectoryEssentials -LogoPath 'C:\Path'

Common Parameters

This command supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable.

For more information, see about_CommonParameters.

Syntax

Invoke-ADXDirectoryEssentials [-Type <All>] [-Author <string>] [-Data <DirectoryEssentialsSnapshot>] [-Description <string>] [-ExcludeDomains <string[]>] [-FooterText <string>] [-Forest <string>] [-HeaderText <string>] [-HideHTML] [-HideSteps] [-IncludeBitLocker] [-IncludeCannotChangePassword] [-IncludeDomains <string[]>] [-IncludeExchange] [-IncludeGroupMemberCount] [-IncludeLapsAcl] [-IncludeLapsHistory] [-IncludeManagerAcl] [-IncludeManagerDetails] [-IncludeOwners] [-LogoAltText <string>] [-LogoPath <string>] [-NoBitLocker] [-NoCannotChangePassword] [-NoExchange] [-NoGroupMemberCount] [-NoLapsAcl] [-NoLapsHistory] [-NoManagerAcl] [-NoManagerDetails] [-NoOwners] [-Online] [-PageSize <int>] [-PassThru] [-ReportPath <string>] [-ResolveTrueLastLogon] [-RowLimitPerDomain <int>] [-ShowError] [-ShowWarning] [-SplitReports] [-Subtitle <string>] [-Title <string>] [-TrueLastLogonDegreeOfParallelism <int>] [-UseGroupMemberCountRangeQuery] [-UseManagerDetailsLookup] [-UseOwnerSecurityDescriptor] [<CommonParameters>]
#

Parameters

Type DirectoryEssentialsReportType[] optionalposition: 0pipeline: falsevalues: 10
Report types to include (omit for all). Possible values: All, Users, Computers, Groups, PasswordPolicies, LapsAndBitLocker, LapsOnly, BitLockerOnly, LapsAcl, ForestAclOwners
Possible values: All, Users, Computers, Groups, PasswordPolicies, LapsAndBitLocker, LapsOnly, BitLockerOnly, LapsAcl, ForestAclOwners
Author string optionalposition: namedpipeline: false
Override the report author.
Data DirectoryEssentialsSnapshot optionalposition: namedpipeline: false
Optional pre-collected report data (primarily for testing).
Description string optionalposition: namedpipeline: false
Override the report description.
ExcludeDomains string[] optionalposition: namedpipeline: false
Exclude domains from the scan (DNS names).
FooterText string optionalposition: namedpipeline: false
Footer text (optional).
Forest string optionalposition: namedpipeline: falsealiases: ForestName
Target a different forest (DNS name). When omitted, the current forest is used.
HeaderText string optionalposition: namedpipeline: false
Header text (optional).
HideHTML SwitchParameter optionalposition: namedpipeline: false
Do not automatically open the report in the default browser.
HideSteps SwitchParameter optionalposition: namedpipeline: false
Do not show remediation steps/wizards in the report.
IncludeBitLocker SwitchParameter optionalposition: namedpipeline: false
Include BitLocker recovery scan for computers (default on for ADEssentials parity).
IncludeCannotChangePassword SwitchParameter optionalposition: namedpipeline: false
Compute CannotChangePassword flag (ACL-based, default on for ADEssentials parity).
IncludeDomains string[] optionalposition: namedpipeline: falsealiases: Domain, Domains
Include only specific domains (DNS names). When omitted, all forest domains are scanned.
IncludeExchange SwitchParameter optionalposition: namedpipeline: false
Include Exchange-specific attributes when present in schema (default on for ADEssentials parity).
IncludeGroupMemberCount SwitchParameter optionalposition: namedpipeline: false
Include group member counts (expensive for very large groups). Default on for ADEssentials parity.
IncludeLapsAcl SwitchParameter optionalposition: namedpipeline: false
Include LAPS ACL scanning (SELF write permissions, default on for ADEssentials parity).
IncludeLapsHistory SwitchParameter optionalposition: namedpipeline: false
Include Windows LAPS history attributes where available (default on for ADEssentials parity).
IncludeManagerAcl SwitchParameter optionalposition: namedpipeline: false
Include manager membership update ACL checks for groups (default on for ADEssentials parity).
IncludeManagerDetails SwitchParameter optionalposition: namedpipeline: false
Include manager details (display name, status, last logon). Default on for ADEssentials parity.
IncludeOwners SwitchParameter optionalposition: namedpipeline: false
Include ACL owner details (default on for ADEssentials parity).
LogoAltText string optionalposition: namedpipeline: false
Logo alt text (optional).
LogoPath string optionalposition: namedpipeline: false
Logo path for report branding (optional).
NoBitLocker SwitchParameter optionalposition: namedpipeline: false
Disable BitLocker recovery scan for computers.
NoCannotChangePassword SwitchParameter optionalposition: namedpipeline: false
Disable CannotChangePassword computation.
NoExchange SwitchParameter optionalposition: namedpipeline: false
Disable Exchange-specific attribute collection.
NoGroupMemberCount SwitchParameter optionalposition: namedpipeline: false
Disable group member counts (reduces memory for very large groups).
NoLapsAcl SwitchParameter optionalposition: namedpipeline: false
Disable LAPS ACL scanning.
NoLapsHistory SwitchParameter optionalposition: namedpipeline: false
Disable Windows LAPS history attributes.
NoManagerAcl SwitchParameter optionalposition: namedpipeline: false
Disable manager membership update ACL checks for groups.
NoManagerDetails SwitchParameter optionalposition: namedpipeline: false
Disable manager details for users/groups/computers.
NoOwners SwitchParameter optionalposition: namedpipeline: false
Disable ACL owner details (default includes owners for ADEssentials parity).
Online SwitchParameter optionalposition: namedpipeline: false
Use online resources in HTML (CDN). When omitted, the report is generated offline (inlined).
PageSize int optionalposition: namedpipeline: false
LDAP page size used for Directory Essentials queries.
PassThru SwitchParameter optionalposition: namedpipeline: false
Return collected data after generating the report.
ReportPath string optionalposition: namedpipeline: falsealiases: FilePath
Output path (file or directory). When omitted, a temp-like path is chosen.
ResolveTrueLastLogon SwitchParameter optionalposition: namedpipeline: false
Resolve true lastLogon across domain controllers (expensive).
RowLimitPerDomain int optionalposition: namedpipeline: falsealiases: RowLimit
Optional server-side row limit per domain.
ShowError SwitchParameter optionalposition: namedpipeline: false
Show captured errors in the HTML report (best-effort).
ShowWarning SwitchParameter optionalposition: namedpipeline: false
Show captured warnings in the HTML report (best-effort).
SplitReports SwitchParameter optionalposition: namedpipeline: false
Split report into multiple files (one per report type).
Subtitle string optionalposition: namedpipeline: false
Override the report subtitle.
Title string optionalposition: namedpipeline: false
Override the report title.
TrueLastLogonDegreeOfParallelism int optionalposition: namedpipeline: false
Maximum concurrent DC lookups when resolving true lastLogon.
UseGroupMemberCountRangeQuery SwitchParameter optionalposition: namedpipeline: false
Use LDAP range retrieval to count group members (reduces memory, increases LDAP round-trips). Requires -IncludeGroupMemberCount.
UseManagerDetailsLookup SwitchParameter optionalposition: namedpipeline: false
Resolve manager details via targeted LDAP lookups (reduces memory, increases LDAP round-trips). Requires -IncludeManagerDetails.
UseOwnerSecurityDescriptor SwitchParameter optionalposition: namedpipeline: false
Prefer owner SID from ntSecurityDescriptor during the main query (reduces per-object binds). Requires -IncludeOwners.

Outputs

ADPlayground.DirectoryEssentials.DirectoryEssentialsSnapshot