TestimoX

API Reference

Command

Get-TestimoX

Namespace TestimoX.PowerShell
Outputs
System.Object TestimoX.Execution.RuleResultEnvelope TestimoX.Execution.RuleSummaryRow

Fast, data-only rule execution that returns typed objects.

Remarks

Executes only the rule Source methods (no UI, no tests), making it ideal for quick inventory, ad-hoc data exploration, and scripting scenarios. You can select rules by name (-Rule) or via typed enums for IntelliSense support (-IncludeRules for C# rules and -IncludePowerShellRules for embedded PowerShell rules). Use shaping switches like -AsSummary, -AsResult, or -Raw to control the output.

Examples

Authored help example

Example 1: Get a quick summary for a single rule by name

PS>


Get-TestimoX -Rule 'ForestRecycleBinAndLifetimes' -AsSummary

Example 2: Select rules via typed enums (C# + PowerShell) and return raw objects

PS>


$cs = [TestimoX.Definitions.CSharpRule]
$ps = [TestimoX.RulesPowerShell.PowerShellRule]
Get-TestimoX -IncludeRules $cs::DomainPasswordPolicy -IncludePowerShellRules $ps::ForestRecycleBinAndLifetimes -Raw

Example 3: Filter by category and emit an aggregated result object

PS>


Get-TestimoX -Category Forest,Security -AsResult

Example 4: Pass custom parameters understood by a specific rule

PS>


Get-TestimoX -Rule DirectoryLdapConnectivity -Additional @{ Port = 389; UseSsl = $false }

Common Parameters

This command supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable.

For more information, see about_CommonParameters.

Syntax

Get-TestimoX [-Additional <Hashtable>] [-AsResult] [-AsSummary] [-AsSummaryObject] [-Category <string[]>] [-Domain <string>] [-DomainController <string>] [-Forest <string>] [-Include <object[]>] [-IncludePowerShellRules <DCDFS>] [-IncludeRules <AdminPrivilegedActivityPosture>] [-Raw] [-Rule <string[]>] [-Tag <string[]>] [-Throttle <int>] [-TimeoutSeconds <int>] [<CommonParameters>]
#

Parameters

Additional Hashtable optionalposition: namedpipeline: false
Hashtable of custom parameters passed to rules that accept them.
AsResult SwitchParameter optionalposition: namedpipeline: false
Return a single object with rule list, count, and aggregated data.
AsSummary SwitchParameter optionalposition: namedpipeline: false
Emit summary-shaped output when the rule provides hints; otherwise falls back to raw objects.
AsSummaryObject SwitchParameter optionalposition: namedpipeline: false
When used with -AsSummary, outputs flattened PowerShell objects instead of typed summary rows.
Category string[] optionalposition: namedpipeline: false
Filter by rule category label(s) such as Forest, Domain, Security.
Domain string optionalposition: namedpipeline: false
Override the AD domain to target (optional).
DomainController string optionalposition: namedpipeline: false
Use a specific domain controller (DNS name) when the rule needs one.
Forest string optionalposition: namedpipeline: false
Override the Active Directory forest to target (optional).
Include object[] optionalposition: namedpipeline: false
Additional selectors: accepts strings or enums; mixed with -Rule/IncludeRules to form the final set.
IncludePowerShellRules PowerShellRule[] optionalposition: namedpipeline: falsevalues: 89
Typed PowerShell rules to execute (enum for IntelliSense). Alternative to -Rule. Possible values: DCDFS, DCDiagnostics, DCDiskSpace, DCDNSForwarders, DCDnsNameServers, DCDnsResolveExternal, DCDnsResolveInternal, DCEventLogs, DCFileSystem, DCGroupPolicySYSVOLDC, DCInformation, DCLanManagerSettings, DCLanManServer, DCLDAP, DCLDAPInsecureBindings, DCMSSLegacy, DCNetSessionEnumeration, DCNetworkCardSettings, DCNTDSParameters, DCOperatingSystem, DCPingable, DCPorts, DCRDPPorts, DCRDPSecurity, DCServices, DCServiceWINRM, DCSMBProtocols, DCSMBShares, DCSMBSharesPermissions, DCTimeSettings, DCTimeSynchronizationExternal, DCTimeSynchronizationInternal, DCUNCHardenedPaths, DCWindowsFeaturesOptional, DCWindowsRemoteManagement, DCWindowsRolesAndFeatures, DCWindowsUpdates, DomainComputersUnsupported, DomainComputersUnsupportedMainstream, DomainDHCPAuthorized, DomainDNSForwarders, DomainDNSScavengingForPrimaryDNSServer, DomainDnsZonesAging, DomainDNSZonesDomain0ADEL, DomainDNSZonesForest0ADEL, DomainDomainControllers, DomainDuplicateObjects, DomainExchangeUsers, DomainGroupPolicyADM, DomainGroupPolicyAssessment, DomainGroupPolicyOwner, DomainGroupPolicyPermissionConsistency, DomainGroupPolicyPermissions, DomainGroupPolicySysvol, DomainLDAP, DomainMachineQuota, DomainNetLogonOwner, DomainOrganizationalUnitsEmpty, DomainOrganizationalUnitsProtected, DomainOrphanedForeignSecurityPrincipals, DomainPasswordComplexity, DomainRoles, DomainSecurityComputers, DomainSecurityDelegatedObjects, DomainSecurityGroupsAccountOperators, DomainSecurityGroupsSchemaAdmins, DomainSecurityKrbtgt, DomainSecurityUsers, DomainSecurityUsersAcccountAdministrator, DomainSysVolDFSR, DomainWellKnownFolders, ForestBackup, ForestConfigurationPartitionOwners, ForestConfigurationPartitionOwnersContainers, ForestDHCP, ForestDuplicateSPN, ForestOptionalFeatures, ForestOrphanedAdmins, ForestReplication, ForestReplicationStatus, ForestRoles, ForestRootKDS, ForestSiteLinks, ForestSiteLinksConnections, ForestSites, ForestSubnets, ForestTombstoneLifetime, ForestTrusts, ForestVulnerableSchemaClass
Possible values: DCDFS, DCDiagnostics, DCDiskSpace, DCDNSForwarders, DCDnsNameServers, DCDnsResolveExternal, DCDnsResolveInternal, DCEventLogs, DCFileSystem, DCGroupPolicySYSVOLDC, DCInformation, DCLanManagerSettings, DCLanManServer, DCLDAP, DCLDAPInsecureBindings, DCMSSLegacy, DCNetSessionEnumeration, DCNetworkCardSettings, DCNTDSParameters, DCOperatingSystem, DCPingable, DCPorts, DCRDPPorts, DCRDPSecurity, DCServices, DCServiceWINRM, DCSMBProtocols, DCSMBShares, DCSMBSharesPermissions, DCTimeSettings, DCTimeSynchronizationExternal, DCTimeSynchronizationInternal, DCUNCHardenedPaths, DCWindowsFeaturesOptional, DCWindowsRemoteManagement, DCWindowsRolesAndFeatures, DCWindowsUpdates, DomainComputersUnsupported, DomainComputersUnsupportedMainstream, DomainDHCPAuthorized, DomainDNSForwarders, DomainDNSScavengingForPrimaryDNSServer, DomainDnsZonesAging, DomainDNSZonesDomain0ADEL, DomainDNSZonesForest0ADEL, DomainDomainControllers, DomainDuplicateObjects, DomainExchangeUsers, DomainGroupPolicyADM, DomainGroupPolicyAssessment, DomainGroupPolicyOwner, DomainGroupPolicyPermissionConsistency, DomainGroupPolicyPermissions, DomainGroupPolicySysvol, DomainLDAP, DomainMachineQuota, DomainNetLogonOwner, DomainOrganizationalUnitsEmpty, DomainOrganizationalUnitsProtected, DomainOrphanedForeignSecurityPrincipals, DomainPasswordComplexity, DomainRoles, DomainSecurityComputers, DomainSecurityDelegatedObjects, DomainSecurityGroupsAccountOperators, DomainSecurityGroupsSchemaAdmins, DomainSecurityKrbtgt, DomainSecurityUsers, DomainSecurityUsersAcccountAdministrator, DomainSysVolDFSR, DomainWellKnownFolders, ForestBackup, ForestConfigurationPartitionOwners, ForestConfigurationPartitionOwnersContainers, ForestDHCP, ForestDuplicateSPN, ForestOptionalFeatures, ForestOrphanedAdmins, ForestReplication, ForestReplicationStatus, ForestRoles, ForestRootKDS, ForestSiteLinks, ForestSiteLinksConnections, ForestSites, ForestSubnets, ForestTombstoneLifetime, ForestTrusts, ForestVulnerableSchemaClass
IncludeRules CSharpRule[] optionalposition: namedpipeline: falsevalues: 360
Typed C# rules to execute (enum for IntelliSense). Alternative to -Rule. Possible values: AdminPrivilegedActivityPosture, AdminSdHolderAclDrift, Backup, ComputersAesDisabled, ComputersObsoleteDomainControllers, ComputersObsoleteServers, ComputersObsoleteWorkstations, ComputersPrimaryGroupCompliance, ComputersRbcdExposure, ComputersUnconstrainedDelegation, ComputersUnsupported, ComputersUnsupportedMainstream, DCDNSForwaders, DFS, DHCPAuthorized, Diagnostics, DirectoryAclPostureInventory, DirectoryDangerousExtendedRights, DirectoryDefaultOuChanged, DirectoryDisplaySpecifiersForeignPaths, DirectoryEmptyOrganizationalUnits, DirectoryLdapConnectivity, DirectoryUnprotectedOus, DirectoryWellKnownFolderPosture, DiskSpace, DnsAdminsMembership, DnsDelegationRisk, DNSForwarders, DnsNameServers, DNSResolveExternal, DNSResolveInternal, DNSScavengingForPrimaryDNSServer, DNSZonesAging, DNSZonesDomain0ADEL, DnsZonesDynamicUpdatesSecure, DNSZonesForest0ADEL, DnsZonesReadExposure, DnsZonesSecurity, DomainAccountDelegationPosture, DomainAdminGroupDelegationRisk, DomainAuthentication, DomainBackupMetadata, DomainBroadTrusteeDelegationExposure, DomainComputerSecurityBaselinePosture, DomainComputersLapsCoverage, DomainComputersLapsDelegation, DomainComputersLapsDsrmDelegation, DomainComputersLifecycle, DomainConstrainedDelegationOverview, DomainConstrainedDelegationTargets, DomainConstrainedDelegationToDcServices, DomainControllerAppControlRuntimeLocal, DomainControllerAuditPolicyLocal, DomainControllerBackupPostureRuntimeLocal, DomainControllerBrowserPolicyRuntimeLocal, DomainControllerCertificatePostureRuntimeLocal, DomainControllerCredentialPostureLocal, DomainControllerCriticalServices, DomainControllerDiagnosticPosture, DomainControllerDiskSpacePosture, DomainControllerDnsDynamicUpdates, DomainControllerDnsPrimaryZoneNameServerPosture, DomainControllerDnsServerPosture, DomainControllerDnsZoneTransfer, DomainControllerDsaFileLocationPostureLocal, DomainControllerEventLogPolicyLocal, DomainControllerExploitProtectionRuntimeLocal, DomainControllerFeaturePostureRuntimeLocal, DomainControllerFileSystemLocal, DomainControllerInformationPosture, DomainControllerLanManager, DomainControllerLdapChannelBinding, DomainControllerLdapConnectivity, DomainControllerLdapSigning, DomainControllerLocalIdentityRuntimeLocal, DomainControllerLogonUxUacLocal, DomainControllerLsaProtectionLocal, DomainControllerMdmPostureRuntimeLocal, DomainControllerMssLegacyNetworkPostureLocal, DomainControllerNetlogonSiteCoverage, DomainControllerNetSessionEnumerationLocal, DomainControllerNetworkAdapterPosture, DomainControllerNetworkHardeningRuntimeLocal, DomainControllerNtdsParametersLocal, DomainControllerNullSession, DomainControllerOfficePostureRuntimeLocal, DomainControllerOperatingSystemPosture, DomainControllerOptionalFeaturePostureLocal, DomainControllerPersistencePostureRuntimeLocal, DomainControllerPingPosture, DomainControllerPkiEnrollmentChannelBinding, DomainControllerPlatformSecurityRuntimeLocal, DomainControllerPortPosture, DomainControllerPrivacyPostureRuntimeLocal, DomainControllerRdpSecurityLocal, DomainControllerRebootCadence, DomainControllerRemoteAccessRuntimeLocal, DomainControllers, DomainControllersAuditPolicy, DomainControllerSchannelProtocolsLocal, DomainControllersDeploymentHealth, DomainControllersDnsAndSiteRegistration, DomainControllerSecureBootCertificateRolloutLocal, DomainControllerSmbCompliance, DomainControllerSmbSharePermissions, DomainControllerSmbShares, DomainControllerSmbSigning, DomainControllersOverallPosture, DomainControllersRodcPolicy, DomainControllersRodcSysvolWriteAccess, DomainControllersSpoolerExposure, DomainControllerSystemStateBackup, DomainControllerSysvolReplication, DomainControllerTimeServiceStatus, DomainControllerTimeSynchronizationExternal, DomainControllerTimeSynchronizationInternal, DomainControllerVsCodeExtensionsRuntimeLocal, DomainControllerWebClientDisabled, DomainControllerWindowsUpdatePosture, DomainControllerWinRmSecurityLocal, DomainDcShadowIndicators, DomainDelegationInventory, DomainDhcpAuthorizationPosture, DomainDnsApplicationPartitionOwnerPosture, DomainDnsForwarderConsistency, DomainDsHeuristics, DomainDuplicateAccounts, DomainExchangeUserAliasPosture, DomainFineGrainedPasswordPolicies, DomainFsmoRolePosture, DomainFSMORoles, DomainFunctionalLevel, DomainGpoAnalysis, DomainGpoAnonymousExposureConfiguration, DomainGpoBlockedInheritance, DomainGpoBrokenGpos, DomainGpoBrokenLinks, DomainGpoDangerousUserRightsExposure, DomainGpoDefaultPoliciesRecentChanges, DomainGpoDefenderAsrPolicy, DomainGpoDelegationExposure, DomainGpoDuplicates, DomainGpoEventLogPolicyBaseline, DomainGpoEveryoneAuthorizedGpo, DomainGpoEveryoneIncludesAnonymousDisabled, DomainGpoExternalArtifacts, DomainGpoFiles, DomainGpoFirewallProfilesBaseline, DomainGpoFirewallScriptBlock, DomainGpoFolderOptionsExposure, DomainGpoHardenedPaths, DomainGpoInventoryHealth, DomainGpoKdcProxyPolicy, DomainGpoKerberosClientArmoring, DomainGpoKerberosCryptoBaseline, DomainGpoKerberosKdcArmoring, DomainGpoKerberosPacHardeningBaseline, DomainGpoLapsDsrmPolicy, DomainGpoLapsPolicy, DomainGpoLdapHardening, DomainGpoLimitBlankPasswordUse, DomainGpoLinks, DomainGpoList, DomainGpoLlmnrWdigestConfiguration, DomainGpoLogonUxUacBaseline, DomainGpoLsaProtectionBaseline, DomainGpoMissingSysvolFiles, DomainGpoNameResolutionBaseline, DomainGpoNetlogonConfiguration, DomainGpoNetSessionHardening, DomainGpoNoLmHash, DomainGpoNtlmRestrictConfiguration, DomainGpoOrganizationalUnit, DomainGpoOwners, DomainGpoPassword, DomainGpoPermissionBaseline, DomainGpoPermissionConsistency, DomainGpoPermissions, DomainGpoPermissionsAdministrative, DomainGpoPermissionsRead, DomainGpoPermissionsRoot, DomainGpoPermissionsUnknown, DomainGpoPku2uPolicy, DomainGpoPowerShellAuditing, DomainGpoPowerShellLoggingBaseline, DomainGpoRdpRedirectionPolicyBaseline, DomainGpoRecoveryConsoleAutoAdminLogon, DomainGpoRedirect, DomainGpoSchannelPolicyBaseline, DomainGpoScriptPreferenceExposure, DomainGpoServicePolicy, DomainGpoSysvolPosture, DomainGpoTerminalServicesTimeout, DomainGpoTimeServicePolicy, DomainGpoUpdates, DomainGpoWinRmPolicyBaseline, DomainGpoWpadHardeningExample, DomainGpoWsusConfiguration, DomainKerberosCryptoOverview, DomainKerberosDesConfiguration, DomainKerberosDuplicateSpns, DomainKerberosRc4Only, DomainLapsOuDelegation, DomainLDAP, DomainMachineAccountQuota, DomainObjectsRecentCreation, DomainObjectStatistics, DomainOuDelegationRisk, DomainPasswordPolicy, DomainPasswordPolicyRollup, DomainPrimaryGroupReadability, DomainPrivilegedGroupOwnerRisk, DomainPrivilegedGroupRecentChanges, DomainRidMasterHealth, DomainServiceAccountsSpnHygiene, DomainServiceAccountsUsage, DomainShadowCredentialsRisk, DomainSpnHygieneOverview, DomainSysvolReplicationPosture, DomainTechnicalAzureAdSso, DomainTrustsConfiguration, DomainTrustSidHistory, DomainUnprivilegedGroupRecentChanges, DomainUsersCredentialHygiene, DomainUsersSmartCardConfiguration, DsHeuristicsCompliance, DummyDomainStaleAdminAccounts, DummyExampleNew, DummyForestBackup, DummyForestReplicationStatus, DummySystemHealth, DummyTestimoDebug, DuplicateObjects, DuplicateSPN, EventLogs, ExchangeUsers, FileSystem, ForestBackupMetadataPosture, ForestConfigurationPartitionContainerOwnerPosture, ForestConfigurationPartitionOwnerPosture, ForestConfigurationPartitionOwners, ForestConfigurationPartitionOwnersContainer, ForestDHCP, ForestDhcpInfrastructurePosture, ForestDirectoryDiscoveryDiagnostics, ForestDuplicateComputerHostnames, ForestExchangeSchemaVulnerabilityPosture, ForestFsmoRolePosture, ForestFSMORoles, ForestFunctionalLevel, ForestKdsRootKeyPosture, ForestKerberosDuplicateSpns, ForestOptionalFeaturePosture, ForestPkiConfiguration, ForestPkiTemplatesConfiguration, ForestPkiTemplatesRiskOverview, ForestRecycleBinAndLifetimes, ForestReplicationPosture, ForestSchemaDefaultSecurityDescriptorChanges, ForestSchemaJavaExposure, ForestSchemaLapsAttributes, ForestSiteConnectionPosture, ForestSiteLinkPosture, ForestSubnetCoveragePosture, ForestSubnets, ForestTrustsOverview, GroupPolicy, GroupPolicyADM, GroupPolicyOwners, GroupPolicyPermission, GroupPolicyPermissionConsistency, GroupPolicySysvol, GroupPolicySYSVOLDC, GroupsCriticalMembership, GroupsForeignSecurityPrincipalsPrivilegedExposure, GroupsOperatorsEmpty, GroupsOrphanedForeignSecurityPrincipals, GroupsPreWindows2000Exposure, GroupsPrivilegedDelegationRisk, Information, KerberosSecurity, KrbtgtHealth, LanManagerSettings, LanManServer, Ldap, LdapInsecureBindings, MachineQuota, MSSLegacy, NetLogonOwner, NetSessionEnumeration, NetworkCardSettings, NTDSParameters, OperatingSystem, OptionalFeatures, OrganizationalUnitsEmpty, OrganizationalUnitsProtected, OrphanedAdmins, OrphanedSecurityPrincipals, PasswordComplexity, Pingable, PkiCaRocaConfirmed, PkiCaRocaSuspected, PkiCaWeakKeySize, PkiCaWeakRsaComponent, PkiCaWeakSignature, PkiEnrollmentHttpsRequired, Ports, RDPPorts, RDPSecurity, Replication, ReplicationStatus, RootDseAnonymousBind, RootKDS, SecurityComputers, SecurityDelegatedObjects, SecurityGroupsAccountOperators, SecurityGroupsSchemaAdmins, SecurityKRBGT, SecurityUsers, SecurityUsersAccountAdministrator, ServersGpoSmbSigningBaseline, Services, ServiceWINRM, SiteLinks, SiteLinksConnections, Sites, SMBProtocols, SMBShares, SMBSharesPermissions, StaleAdminAccountsManual, SysVOLDFSR, SysvolGpoConsistency, SysvolLegacyAdmFiles, SysvolNetlogonOwners, SysvolNetlogonPermissions, TimeSettings, TimeSynchronizationExternal, TimeSynchronizationInternal, TombstoneLifetime, TrustAzureAdSso, Trusts, UNCHardenedPaths, UsersAdminProtection, UsersBuiltInAdministrator, UsersGppStoredPasswords, UsersGuestAccount, UsersPasswordNeverExpires, UsersPrimaryGroupCompliance, UsersPrivilegedDelegationProtection, UsersPrivilegedEmailPresent, UsersPrivilegedInactivity, UsersStaleAccounts, UsersUnconstrainedDelegation, VurnerableSchemaClass, WellKnownFolders, WindowsFeaturesOptional, WindowsRemoteManagement, WindowsRolesAndFeatures, WindowsUpdates, WorkstationsGpoSmbSigningBaseline
Possible values: AdminPrivilegedActivityPosture, AdminSdHolderAclDrift, Backup, ComputersAesDisabled, ComputersObsoleteDomainControllers, ComputersObsoleteServers, ComputersObsoleteWorkstations, ComputersPrimaryGroupCompliance, ComputersRbcdExposure, ComputersUnconstrainedDelegation, ComputersUnsupported, ComputersUnsupportedMainstream, DCDNSForwaders, DFS, DHCPAuthorized, Diagnostics, DirectoryAclPostureInventory, DirectoryDangerousExtendedRights, DirectoryDefaultOuChanged, DirectoryDisplaySpecifiersForeignPaths, DirectoryEmptyOrganizationalUnits, DirectoryLdapConnectivity, DirectoryUnprotectedOus, DirectoryWellKnownFolderPosture, DiskSpace, DnsAdminsMembership, DnsDelegationRisk, DNSForwarders, DnsNameServers, DNSResolveExternal, DNSResolveInternal, DNSScavengingForPrimaryDNSServer, DNSZonesAging, DNSZonesDomain0ADEL, DnsZonesDynamicUpdatesSecure, DNSZonesForest0ADEL, DnsZonesReadExposure, DnsZonesSecurity, DomainAccountDelegationPosture, DomainAdminGroupDelegationRisk, DomainAuthentication, DomainBackupMetadata, DomainBroadTrusteeDelegationExposure, DomainComputerSecurityBaselinePosture, DomainComputersLapsCoverage, DomainComputersLapsDelegation, DomainComputersLapsDsrmDelegation, DomainComputersLifecycle, DomainConstrainedDelegationOverview, DomainConstrainedDelegationTargets, DomainConstrainedDelegationToDcServices, DomainControllerAppControlRuntimeLocal, DomainControllerAuditPolicyLocal, DomainControllerBackupPostureRuntimeLocal, DomainControllerBrowserPolicyRuntimeLocal, DomainControllerCertificatePostureRuntimeLocal, DomainControllerCredentialPostureLocal, DomainControllerCriticalServices, DomainControllerDiagnosticPosture, DomainControllerDiskSpacePosture, DomainControllerDnsDynamicUpdates, DomainControllerDnsPrimaryZoneNameServerPosture, DomainControllerDnsServerPosture, DomainControllerDnsZoneTransfer, DomainControllerDsaFileLocationPostureLocal, DomainControllerEventLogPolicyLocal, DomainControllerExploitProtectionRuntimeLocal, DomainControllerFeaturePostureRuntimeLocal, DomainControllerFileSystemLocal, DomainControllerInformationPosture, DomainControllerLanManager, DomainControllerLdapChannelBinding, DomainControllerLdapConnectivity, DomainControllerLdapSigning, DomainControllerLocalIdentityRuntimeLocal, DomainControllerLogonUxUacLocal, DomainControllerLsaProtectionLocal, DomainControllerMdmPostureRuntimeLocal, DomainControllerMssLegacyNetworkPostureLocal, DomainControllerNetlogonSiteCoverage, DomainControllerNetSessionEnumerationLocal, DomainControllerNetworkAdapterPosture, DomainControllerNetworkHardeningRuntimeLocal, DomainControllerNtdsParametersLocal, DomainControllerNullSession, DomainControllerOfficePostureRuntimeLocal, DomainControllerOperatingSystemPosture, DomainControllerOptionalFeaturePostureLocal, DomainControllerPersistencePostureRuntimeLocal, DomainControllerPingPosture, DomainControllerPkiEnrollmentChannelBinding, DomainControllerPlatformSecurityRuntimeLocal, DomainControllerPortPosture, DomainControllerPrivacyPostureRuntimeLocal, DomainControllerRdpSecurityLocal, DomainControllerRebootCadence, DomainControllerRemoteAccessRuntimeLocal, DomainControllers, DomainControllersAuditPolicy, DomainControllerSchannelProtocolsLocal, DomainControllersDeploymentHealth, DomainControllersDnsAndSiteRegistration, DomainControllerSecureBootCertificateRolloutLocal, DomainControllerSmbCompliance, DomainControllerSmbSharePermissions, DomainControllerSmbShares, DomainControllerSmbSigning, DomainControllersOverallPosture, DomainControllersRodcPolicy, DomainControllersRodcSysvolWriteAccess, DomainControllersSpoolerExposure, DomainControllerSystemStateBackup, DomainControllerSysvolReplication, DomainControllerTimeServiceStatus, DomainControllerTimeSynchronizationExternal, DomainControllerTimeSynchronizationInternal, DomainControllerVsCodeExtensionsRuntimeLocal, DomainControllerWebClientDisabled, DomainControllerWindowsUpdatePosture, DomainControllerWinRmSecurityLocal, DomainDcShadowIndicators, DomainDelegationInventory, DomainDhcpAuthorizationPosture, DomainDnsApplicationPartitionOwnerPosture, DomainDnsForwarderConsistency, DomainDsHeuristics, DomainDuplicateAccounts, DomainExchangeUserAliasPosture, DomainFineGrainedPasswordPolicies, DomainFsmoRolePosture, DomainFSMORoles, DomainFunctionalLevel, DomainGpoAnalysis, DomainGpoAnonymousExposureConfiguration, DomainGpoBlockedInheritance, DomainGpoBrokenGpos, DomainGpoBrokenLinks, DomainGpoDangerousUserRightsExposure, DomainGpoDefaultPoliciesRecentChanges, DomainGpoDefenderAsrPolicy, DomainGpoDelegationExposure, DomainGpoDuplicates, DomainGpoEventLogPolicyBaseline, DomainGpoEveryoneAuthorizedGpo, DomainGpoEveryoneIncludesAnonymousDisabled, DomainGpoExternalArtifacts, DomainGpoFiles, DomainGpoFirewallProfilesBaseline, DomainGpoFirewallScriptBlock, DomainGpoFolderOptionsExposure, DomainGpoHardenedPaths, DomainGpoInventoryHealth, DomainGpoKdcProxyPolicy, DomainGpoKerberosClientArmoring, DomainGpoKerberosCryptoBaseline, DomainGpoKerberosKdcArmoring, DomainGpoKerberosPacHardeningBaseline, DomainGpoLapsDsrmPolicy, DomainGpoLapsPolicy, DomainGpoLdapHardening, DomainGpoLimitBlankPasswordUse, DomainGpoLinks, DomainGpoList, DomainGpoLlmnrWdigestConfiguration, DomainGpoLogonUxUacBaseline, DomainGpoLsaProtectionBaseline, DomainGpoMissingSysvolFiles, DomainGpoNameResolutionBaseline, DomainGpoNetlogonConfiguration, DomainGpoNetSessionHardening, DomainGpoNoLmHash, DomainGpoNtlmRestrictConfiguration, DomainGpoOrganizationalUnit, DomainGpoOwners, DomainGpoPassword, DomainGpoPermissionBaseline, DomainGpoPermissionConsistency, DomainGpoPermissions, DomainGpoPermissionsAdministrative, DomainGpoPermissionsRead, DomainGpoPermissionsRoot, DomainGpoPermissionsUnknown, DomainGpoPku2uPolicy, DomainGpoPowerShellAuditing, DomainGpoPowerShellLoggingBaseline, DomainGpoRdpRedirectionPolicyBaseline, DomainGpoRecoveryConsoleAutoAdminLogon, DomainGpoRedirect, DomainGpoSchannelPolicyBaseline, DomainGpoScriptPreferenceExposure, DomainGpoServicePolicy, DomainGpoSysvolPosture, DomainGpoTerminalServicesTimeout, DomainGpoTimeServicePolicy, DomainGpoUpdates, DomainGpoWinRmPolicyBaseline, DomainGpoWpadHardeningExample, DomainGpoWsusConfiguration, DomainKerberosCryptoOverview, DomainKerberosDesConfiguration, DomainKerberosDuplicateSpns, DomainKerberosRc4Only, DomainLapsOuDelegation, DomainLDAP, DomainMachineAccountQuota, DomainObjectsRecentCreation, DomainObjectStatistics, DomainOuDelegationRisk, DomainPasswordPolicy, DomainPasswordPolicyRollup, DomainPrimaryGroupReadability, DomainPrivilegedGroupOwnerRisk, DomainPrivilegedGroupRecentChanges, DomainRidMasterHealth, DomainServiceAccountsSpnHygiene, DomainServiceAccountsUsage, DomainShadowCredentialsRisk, DomainSpnHygieneOverview, DomainSysvolReplicationPosture, DomainTechnicalAzureAdSso, DomainTrustsConfiguration, DomainTrustSidHistory, DomainUnprivilegedGroupRecentChanges, DomainUsersCredentialHygiene, DomainUsersSmartCardConfiguration, DsHeuristicsCompliance, DummyDomainStaleAdminAccounts, DummyExampleNew, DummyForestBackup, DummyForestReplicationStatus, DummySystemHealth, DummyTestimoDebug, DuplicateObjects, DuplicateSPN, EventLogs, ExchangeUsers, FileSystem, ForestBackupMetadataPosture, ForestConfigurationPartitionContainerOwnerPosture, ForestConfigurationPartitionOwnerPosture, ForestConfigurationPartitionOwners, ForestConfigurationPartitionOwnersContainer, ForestDHCP, ForestDhcpInfrastructurePosture, ForestDirectoryDiscoveryDiagnostics, ForestDuplicateComputerHostnames, ForestExchangeSchemaVulnerabilityPosture, ForestFsmoRolePosture, ForestFSMORoles, ForestFunctionalLevel, ForestKdsRootKeyPosture, ForestKerberosDuplicateSpns, ForestOptionalFeaturePosture, ForestPkiConfiguration, ForestPkiTemplatesConfiguration, ForestPkiTemplatesRiskOverview, ForestRecycleBinAndLifetimes, ForestReplicationPosture, ForestSchemaDefaultSecurityDescriptorChanges, ForestSchemaJavaExposure, ForestSchemaLapsAttributes, ForestSiteConnectionPosture, ForestSiteLinkPosture, ForestSubnetCoveragePosture, ForestSubnets, ForestTrustsOverview, GroupPolicy, GroupPolicyADM, GroupPolicyOwners, GroupPolicyPermission, GroupPolicyPermissionConsistency, GroupPolicySysvol, GroupPolicySYSVOLDC, GroupsCriticalMembership, GroupsForeignSecurityPrincipalsPrivilegedExposure, GroupsOperatorsEmpty, GroupsOrphanedForeignSecurityPrincipals, GroupsPreWindows2000Exposure, GroupsPrivilegedDelegationRisk, Information, KerberosSecurity, KrbtgtHealth, LanManagerSettings, LanManServer, Ldap, LdapInsecureBindings, MachineQuota, MSSLegacy, NetLogonOwner, NetSessionEnumeration, NetworkCardSettings, NTDSParameters, OperatingSystem, OptionalFeatures, OrganizationalUnitsEmpty, OrganizationalUnitsProtected, OrphanedAdmins, OrphanedSecurityPrincipals, PasswordComplexity, Pingable, PkiCaRocaConfirmed, PkiCaRocaSuspected, PkiCaWeakKeySize, PkiCaWeakRsaComponent, PkiCaWeakSignature, PkiEnrollmentHttpsRequired, Ports, RDPPorts, RDPSecurity, Replication, ReplicationStatus, RootDseAnonymousBind, RootKDS, SecurityComputers, SecurityDelegatedObjects, SecurityGroupsAccountOperators, SecurityGroupsSchemaAdmins, SecurityKRBGT, SecurityUsers, SecurityUsersAccountAdministrator, ServersGpoSmbSigningBaseline, Services, ServiceWINRM, SiteLinks, SiteLinksConnections, Sites, SMBProtocols, SMBShares, SMBSharesPermissions, StaleAdminAccountsManual, SysVOLDFSR, SysvolGpoConsistency, SysvolLegacyAdmFiles, SysvolNetlogonOwners, SysvolNetlogonPermissions, TimeSettings, TimeSynchronizationExternal, TimeSynchronizationInternal, TombstoneLifetime, TrustAzureAdSso, Trusts, UNCHardenedPaths, UsersAdminProtection, UsersBuiltInAdministrator, UsersGppStoredPasswords, UsersGuestAccount, UsersPasswordNeverExpires, UsersPrimaryGroupCompliance, UsersPrivilegedDelegationProtection, UsersPrivilegedEmailPresent, UsersPrivilegedInactivity, UsersStaleAccounts, UsersUnconstrainedDelegation, VurnerableSchemaClass, WellKnownFolders, WindowsFeaturesOptional, WindowsRemoteManagement, WindowsRolesAndFeatures, WindowsUpdates, WorkstationsGpoSmbSigningBaseline
Raw SwitchParameter optionalposition: namedpipeline: false
Write data exactly as produced by rules (no shaping or aggregation).
Rule string[] optionalposition: namedpipeline: false
Rule names or display names to execute (exact or display-name match).
Tag string[] optionalposition: namedpipeline: false
Filter by rule tags (free-form labels attached to rules).
Throttle int optionalposition: namedpipeline: false
Limit concurrent rule execution (0 = unlimited).
TimeoutSeconds int optionalposition: namedpipeline: false
Cancel the run after this many seconds (0 = no timeout).

Outputs

System.Object, TestimoX.Execution.RuleResultEnvelope, TestimoX.Execution.RuleSummaryRow