API Reference
Command
Invoke-TestimoX
Invoke the TestimoX engine once from the current session.
Examples
Example 1: Run specific typed rules
$cs = [TestimoX.Definitions.CSharpRule]
$ps = [TestimoX.RulesPowerShell.PowerShellRule]
Invoke-TestimoX -IncludeCSharpRules @($cs::ForestSystemStateBackups) -IncludePowerShellRules @($ps::ForestRecycleBinAndLifetimes)
Example 2: Combine string and typed rules
$cs = [TestimoX.Definitions.CSharpRule]
$ps = [TestimoX.RulesPowerShell.PowerShellRule]
Invoke-TestimoX -IncludeRules 'ForestRecycleBinAndLifetimes' -IncludeCSharpRules $cs::ForestSystemStateBackups -IncludePowerShellRules $ps::ForestRecycleBinAndLifetimes -Verbosity Detailed -View Standard
Example 3: Resume a partially completed run
Invoke-TestimoX -StoreDir 'C:\Data\TestimoX' -RunId '2025-10-24T1300' -ResumeFromRun '2025-10-24T1300' -IncludeCSharpRules ([TestimoX.Definitions.CSharpRule]::ForestPkiConfiguration)
Example 4: Publish HTML from the store (no execution)
Invoke-TestimoX -PublishFromStore -StoreDir 'C:\Data\TestimoX' -HtmlReportPath 'C:\Reports\TestimoX-FromStore.html'
Common Parameters
This command supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable.
For more information, see about_CommonParameters.
Syntax
Invoke-TestimoX [-Baseline] [-ConfigPath <string>] [-ExcludeCategories <Configuration>] [-ExcludeCSharpRules <CSharpRule[]>] [-ExcludeHeavy] [-ExcludeRules <string[]>] [-ExcludeTags <string[]>] [-Filter <string>] [-ForestName <string>] [-HtmlReportPath <string>] [-IncludeCategories <Configuration>] [-IncludeCSharpRules <CSharpRule[]>] [-IncludePowerShellRules <PowerShellRule[]>] [-IncludeRules <string[]>] [-IncludeSuperseded] [-IncludeTags <string[]>] [-Interactive] [-MachineName <string>] [-MaxCost <Trivial|Light|Moderate|Heavy|Extreme>] [-PowerShellCacheDirectory <string>] [-PowerShellCacheMode <Persistent|Temporary|Disabled>] [-PowerShellCatalogMode <Legacy|Auto|CompiledOnly>] [-PowerShellRulesDirectory <string>] [-Preflight <Enforce|Soft|Off>] [-Profile <AdSecurityAssessment>] [-PublishFromStore] [-ResumeFromRun <string>] [-RuleConfigPath <string>] [-RunId <string>] [-StoreAcceptStale] [-StoreComputersTtl <TimeSpan>] [-StoreDir <string>] [-StoreMatch <MatchPolicy>] [-StorePolicy <StoragePolicy>] [-StoreRaw <RawPolicy>] [-StoreTtl <TimeSpan>] [-StoreUsersTtl <TimeSpan>] [-StrictParity] [-Verbosity <Quiet|Normal|Detailed|Debug>] [-View <Auto|Standard|Ansi>] [<CommonParameters>]Parameters
- Baseline SwitchParameter
- Prefer a safe baseline selection (skips DomainController-scoped rules).
- ConfigPath string
- Run from a JSON configuration file (service.json or run.json) and exit. When provided, other selection parameters are ignored.
- ExcludeCategories Category[]
- Categories to exclude during rule selection. Possible values: Configuration, Health, Security, Cleanup, Performance, Maintenance, Vulnerability, Compliance, Monitoring, Backup, Network, Storage, Identity, Authentication, Authorization, Audit, Availability, Replication, DNS
- Possible values:
Configuration,Health,Security,Cleanup,Performance,Maintenance,Vulnerability,Compliance,Monitoring,Backup,Network,Storage,Identity,Authentication,Authorization,Audit,Availability,Replication,DNS - ExcludeCSharpRules CSharpRule[]
- C# rules to exclude (optional enum for IntelliSense convenience)
- ExcludeHeavy SwitchParameter
- Exclude Heavy/Extreme rules regardless of MaxCost.
- ExcludeRules string[]
- PowerShell rules to exclude
- ExcludeTags string[]
- Tags to exclude (match any).
- Filter string
- Case-insensitive substring filter applied to rule names during selection.
- ForestName string
- Forest name to target
- HtmlReportPath string
- Optional path/filename for the HTML report. If omitted, a name is autogenerated inside a local "Reports" folder.
- IncludeCategories Category[]
- Categories to include during rule selection. Possible values: Configuration, Health, Security, Cleanup, Performance, Maintenance, Vulnerability, Compliance, Monitoring, Backup, Network, Storage, Identity, Authentication, Authorization, Audit, Availability, Replication, DNS
- Possible values:
Configuration,Health,Security,Cleanup,Performance,Maintenance,Vulnerability,Compliance,Monitoring,Backup,Network,Storage,Identity,Authentication,Authorization,Audit,Availability,Replication,DNS - IncludeCSharpRules CSharpRule[]
- C# rules to include (optional enum for IntelliSense convenience)
- IncludePowerShellRules PowerShellRule[]
- Typed PowerShell rules to include (enum for IntelliSense). Can be combined with -IncludeRules; duplicates are ignored.
- IncludeRules string[]
- PowerShell rules to include
- IncludeSuperseded SwitchParameter
- Include rules that are marked as superseded (run legacy/alternate implementations).
- IncludeTags string[]
- Tags to include (match any).
- Interactive SwitchParameter
- Run wizard-like interactive selection, similar to CLI.
- MachineName string
- Optional computer name used by the cmdlet.
- MaxCost RuleCost
- Maximum rule cost to include. When omitted, includes all costs. Possible values: Trivial, Light, Moderate, Heavy, Extreme
- Possible values:
Trivial,Light,Moderate,Heavy,Extreme - PowerShellCacheDirectory string
- Overrides the root directory used for extracted PowerShell scripts.
- PowerShellCacheMode PowerShellCacheMode
- Controls how legacy PowerShell scripts are cached on disk when used. Possible values: Persistent, Temporary, Disabled
- Possible values:
Persistent,Temporary,Disabled - PowerShellCatalogMode PowerShellCatalogMode
- Controls how compiled PowerShell catalogs are used (Legacy, Auto, or CompiledOnly). Possible values: Legacy, Auto, CompiledOnly
- Possible values:
Legacy,Auto,CompiledOnly - PowerShellRulesDirectory string
- Path to a directory containing user PowerShell rules (.ps1). Overrides TESTIMOX_PS_RULES_DIR.
- Preflight PreflightMode
- LDAP preflight behavior: Enforce, Soft, Off Possible values: Enforce, Soft, Off
- Possible values:
Enforce,Soft,Off - Profile RuleSelectionProfile
- Optional curated rule-selection profile to apply before explicit filters. Possible values: None, AdSecurityAssessment
- Possible values:
AdSecurityAssessment - PublishFromStore SwitchParameter
- Generate HTML from an existing store without executing rules. Requires -StoreDir.
- ResumeFromRun string
- Resume from a previously started run identified by this ID. Rules already recorded in that run are skipped.
- RuleConfigPath string
- Optional path to a rules configuration file (overrides RuleConfigPath in the JSON config).
- RunId string
- Optional explicit run identifier. When set, results are grouped under this ID and can be resumed later.
- StoreAcceptStale SwitchParameter
- Allow reuse of stale entries older than TTL.
- StoreComputersTtl TimeSpan
- Override TTL for Computers snapshots (e.g., 12:00:00 for 12 hours). Defaults to -StoreTtl.
- StoreDir string
- Enable durable store and set directory.
- StoreMatch MatchPolicy
- Match policy for reuse: Config or Strict.
- StorePolicy StoragePolicy
- Store policy: Off, Read, Write, ReadWrite.
- StoreRaw RawPolicy
- Raw payload policy: Smart, All, None.
- StoreTtl TimeSpan
- Reuse TTL (e.g., 7.00:00:00 for 7 days).
- StoreUsersTtl TimeSpan
- Override TTL for Users snapshots (e.g., 1.00:00:00 for 1 day). Defaults to -StoreTtl.
- StrictParity SwitchParameter
- When set, selects all rules after filtering, skipping interactive selection.
- Verbosity VerbosityLevel
- Verbosity level: Quiet, Normal, Detailed, Debug Possible values: Quiet, Normal, Detailed, Debug
- Possible values:
Quiet,Normal,Detailed,Debug - View ConsoleView
- Console rendering view: Auto, Standard, Ansi Possible values: Auto, Standard, Ansi
- Possible values:
Auto,Standard,Ansi
Outputs
TestimoX.Definitions.RuleComplete, TestimoX.PowerShell.StoreReportResult