TestimoX

API Reference

Command

Invoke-TestimoXService

Namespace TestimoX.PowerShell
Outputs
TestimoX.PowerShell.ServiceInvocationAcceptance

Queues a one-time TestimoX workload through the connected Management API.

Examples

Authored help example

Example 1: Trigger the currently deployed workload once

PS>


Connect-TestimoXService -UseSaved; Invoke-TestimoXService

Use this after a config update when you want to validate the workload immediately instead of waiting for the next schedule.

Example 2: Run only Users and Groups snapshot streams once

PS>


Invoke-TestimoXService -RunSnapshot -Streams Users,Groups

Example 3: Run a targeted rule subset once without editing service.json

PS>


$cs = [TestimoX.Definitions.CSharpRule]; $ps = [TestimoX.RulesPowerShell.PowerShellRule]; Invoke-TestimoXService -RunTest -IncludeRules 'ForestRecycleBinAndLifetimes' -IncludeCSharpRules $cs::DomainPasswordPolicy -IncludePowerShellRules $ps::ForestRecycleBinAndLifetimes -RuleConfigPath 'C:\Ops\TestimoX\Configs\rules-overrides.json'

This is ideal for smoke-testing a focused rule pack before promoting the same changes into the persisted service config.

Common Parameters

This command supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable.

For more information, see about_CommonParameters.

Syntax

Invoke-TestimoXService [-IncludeCSharpRules <AdminPrivilegedActivityPosture>] [-IncludePowerShellRules <DCDFS>] [-IncludeRules <string[]>] [-RuleConfigPath <string>] [-RunSnapshot] [-RunTest] [-Streams <string[]>] [<CommonParameters>]
#

Parameters

IncludeCSharpRules CSharpRule[] optionalposition: namedpipeline: falsevalues: 387
Typed C# rules to execute for this invocation only. Possible values: AdminPrivilegedActivityPosture, AdminSdHolderAclDrift, Backup, ComputersAesDisabled, ComputersObsoleteDomainControllers, ComputersObsoleteServers, ComputersObsoleteWorkstations, ComputersPrimaryGroupCompliance, ComputersRbcdExposure, ComputersUnconstrainedDelegation, ComputersUnsupported, ComputersUnsupportedMainstream, DCDNSForwaders, DFS, DHCPAuthorized, Diagnostics, DirectoryAclPostureInventory, DirectoryDangerousExtendedRights, DirectoryDefaultOuChanged, DirectoryDisplaySpecifiersForeignPaths, DirectoryEmptyOrganizationalUnits, DirectoryLdapConnectivity, DirectoryUnprotectedOus, DirectoryWellKnownFolderPosture, DiskSpace, DnsAdminsMembership, DnsDelegationRisk, DNSForwarders, DnsNameServers, DNSResolveExternal, DNSResolveInternal, DNSScavengingForPrimaryDNSServer, DNSZonesAging, DNSZonesDomain0ADEL, DnsZonesDynamicUpdatesSecure, DNSZonesForest0ADEL, DnsZonesReadExposure, DnsZonesSecurity, DomainAccountDelegationPosture, DomainAccountsReversiblePasswordStorage, DomainAdminGroupDelegationRisk, DomainAuthentication, DomainBackupMetadata, DomainBroadTrusteeDelegationExposure, DomainComputerSecurityBaselinePosture, DomainComputersLapsCoverage, DomainComputersLapsDelegation, DomainComputersLapsDsrmDelegation, DomainComputersLifecycle, DomainConstrainedDelegationOverview, DomainConstrainedDelegationTargets, DomainConstrainedDelegationToDcServices, DomainControllerAppControlRuntimeLocal, DomainControllerAuditPolicyLocal, DomainControllerBackupPostureRuntimeLocal, DomainControllerBrowserPolicyRuntimeLocal, DomainControllerCertificatePostureRuntimeLocal, DomainControllerCredentialPostureLocal, DomainControllerCriticalServices, DomainControllerDiagnosticPosture, DomainControllerDiskSpacePosture, DomainControllerDnsDynamicUpdates, DomainControllerDnsPrimaryZoneNameServerPosture, DomainControllerDnsServerPosture, DomainControllerDnsZoneTransfer, DomainControllerDsaFileLocationPostureLocal, DomainControllerEventLogPolicyLocal, DomainControllerExploitProtectionRuntimeLocal, DomainControllerFeaturePostureRuntimeLocal, DomainControllerFileSystemLocal, DomainControllerInformationPosture, DomainControllerLanManager, DomainControllerLdapChannelBinding, DomainControllerLdapConnectivity, DomainControllerLdapSigning, DomainControllerLocalIdentityRuntimeLocal, DomainControllerLogonUxUacLocal, DomainControllerLsaProtectionLocal, DomainControllerMdmPostureRuntimeLocal, DomainControllerMssLegacyNetworkPostureLocal, DomainControllerNetlogonSiteCoverage, DomainControllerNetSessionEnumerationLocal, DomainControllerNetworkAdapterPosture, DomainControllerNetworkHardeningRuntimeLocal, DomainControllerNtdsParametersLocal, DomainControllerNullSession, DomainControllerOfficePostureRuntimeLocal, DomainControllerOperatingSystemPosture, DomainControllerOptionalFeaturePostureLocal, DomainControllerPersistencePostureRuntimeLocal, DomainControllerPingPosture, DomainControllerPkiEnrollmentChannelBinding, DomainControllerPlatformSecurityRuntimeLocal, DomainControllerPortPosture, DomainControllerPrivacyPostureRuntimeLocal, DomainControllerRdpSecurityLocal, DomainControllerRebootCadence, DomainControllerRemoteAccessRuntimeLocal, DomainControllers, DomainControllersAuditPolicy, DomainControllerSchannelProtocolsLocal, DomainControllersDeploymentHealth, DomainControllersDnsAndSiteRegistration, DomainControllerSecureBootCertificateRolloutLocal, DomainControllerSmbCompliance, DomainControllerSmbSharePermissions, DomainControllerSmbShares, DomainControllerSmbSigning, DomainControllersOverallPosture, DomainControllersRodcPolicy, DomainControllersRodcSysvolWriteAccess, DomainControllersSpoolerExposure, DomainControllerSystemStateBackup, DomainControllerSysvolReplication, DomainControllerTimeServiceStatus, DomainControllerTimeSynchronizationExternal, DomainControllerTimeSynchronizationInternal, DomainControllerVsCodeExtensionsRuntimeLocal, DomainControllerWebClientDisabled, DomainControllerWindowsUpdatePosture, DomainControllerWinRmSecurityLocal, DomainDcShadowIndicators, DomainDelegationInventory, DomainDhcpAuthorizationPosture, DomainDirectoryDescriptionSecrets, DomainDirectoryHiddenObjects, DomainDnsApexAuthorityPosture, DomainDnsApplicationPartitionOwnerPosture, DomainDnsCleanupPreview, DomainDnsDanglingRecordTargets, DomainDnsDcLocatorIntegrity, DomainDnsDelegationIntegrity, DomainDnsDhcpOwnershipPosture, DomainDnsDnssecPosture, DomainDnsDynamicUpdateConfiguration, DomainDnsEventLogRetentionPosture, DomainDnsForwarderConsistency, DomainDnsForwardReverseParity, DomainDnsLoggingPosture, DomainDnsRecordAgingPosture, DomainDnsRecursiveResolverPosture, DomainDnsReverseZoneCoverage, DomainDnsRrsetTtlConsistency, DomainDnsZoneHostingConfigurationPosture, DomainDnsZonePtrAutomation, DomainDnsZoneTransferPosture, DomainDsHeuristics, DomainDuplicateAccounts, DomainExchangeUserAliasPosture, DomainFineGrainedPasswordPolicies, DomainFsmoRolePosture, DomainFSMORoles, DomainFunctionalLevel, DomainGpoAnalysis, DomainGpoAnonymousExposureConfiguration, DomainGpoBlockedInheritance, DomainGpoBrokenGpos, DomainGpoBrokenLinks, DomainGpoDangerousUserRightsExposure, DomainGpoDefaultPoliciesRecentChanges, DomainGpoDefenderAsrPolicy, DomainGpoDelegationExposure, DomainGpoDuplicates, DomainGpoEventLogPolicyBaseline, DomainGpoEveryoneAuthorizedGpo, DomainGpoEveryoneIncludesAnonymousDisabled, DomainGpoExternalArtifacts, DomainGpoFiles, DomainGpoFirewallProfilesBaseline, DomainGpoFirewallScriptBlock, DomainGpoFolderOptionsExposure, DomainGpoHardenedPaths, DomainGpoInventoryHealth, DomainGpoKdcProxyPolicy, DomainGpoKerberosClientArmoring, DomainGpoKerberosCryptoBaseline, DomainGpoKerberosKdcArmoring, DomainGpoKerberosPacHardeningBaseline, DomainGpoLapsDsrmPolicy, DomainGpoLapsPolicy, DomainGpoLdapHardening, DomainGpoLimitBlankPasswordUse, DomainGpoLinks, DomainGpoList, DomainGpoLlmnrWdigestConfiguration, DomainGpoLogonUxUacBaseline, DomainGpoLsaProtectionBaseline, DomainGpoMissingSysvolFiles, DomainGpoNameResolutionBaseline, DomainGpoNetlogonConfiguration, DomainGpoNetSessionHardening, DomainGpoNoLmHash, DomainGpoNtlmRestrictConfiguration, DomainGpoOrganizationalUnit, DomainGpoOwners, DomainGpoPassword, DomainGpoPermissionBaseline, DomainGpoPermissionConsistency, DomainGpoPermissions, DomainGpoPermissionsAdministrative, DomainGpoPermissionsRead, DomainGpoPermissionsRoot, DomainGpoPermissionsUnknown, DomainGpoPku2uPolicy, DomainGpoPowerShellAuditing, DomainGpoPowerShellLoggingBaseline, DomainGpoRdpRedirectionPolicyBaseline, DomainGpoRecoveryConsoleAutoAdminLogon, DomainGpoRedirect, DomainGpoSchannelPolicyBaseline, DomainGpoScriptPreferenceExposure, DomainGpoServicePolicy, DomainGpoSysvolPosture, DomainGpoTerminalServicesTimeout, DomainGpoTimeServicePolicy, DomainGpoUpdates, DomainGpoWinRmPolicyBaseline, DomainGpoWpadHardeningExample, DomainGpoWsusConfiguration, DomainJoinComputerOwner, DomainKerberosCryptoOverview, DomainKerberosDesConfiguration, DomainKerberosDuplicateSpns, DomainKerberosRc4Only, DomainLapsOuDelegation, DomainLDAP, DomainMachineAccountQuota, DomainObjectsRecentCreation, DomainObjectStatistics, DomainOuDelegationRisk, DomainPasswordPolicy, DomainPasswordPolicyRollup, DomainPrimaryGroupReadability, DomainPrivilegedGroupOwnerRisk, DomainPrivilegedGroupRecentChanges, DomainRidMasterHealth, DomainServiceAccountsAdminCount, DomainServiceAccountsSpnHygiene, DomainServiceAccountsUsage, DomainShadowCredentialsRisk, DomainSpnHygieneOverview, DomainSysvolReplicationPosture, DomainTechnicalAzureAdSso, DomainTier0ExposureGraph, DomainTrustsConfiguration, DomainTrustSidHistory, DomainUnprivilegedGroupRecentChanges, DomainUsersBadPasswordCount, DomainUsersCredentialHygiene, DomainUsersSmartCardConfiguration, DsHeuristicsCompliance, DummyDomainStaleAdminAccounts, DummyExampleNew, DummyForestBackup, DummyForestReplicationStatus, DummySystemHealth, DummyTestimoDebug, DuplicateObjects, DuplicateSPN, EventLogs, ExchangeUsers, FileSystem, ForestBackupMetadataPosture, ForestConfigurationPartitionContainerOwnerPosture, ForestConfigurationPartitionOwnerPosture, ForestConfigurationPartitionOwners, ForestConfigurationPartitionOwnersContainer, ForestDHCP, ForestDhcpInfrastructurePosture, ForestDirectoryDiscoveryDiagnostics, ForestDuplicateComputerHostnames, ForestExchangeSchemaVulnerabilityPosture, ForestFsmoRolePosture, ForestFSMORoles, ForestFunctionalLevel, ForestKdsRootKeyPosture, ForestKerberosDuplicateSpns, ForestOptionalFeaturePosture, ForestPkiCertNoobFindings, ForestPkiConfiguration, ForestPkiTemplatesConfiguration, ForestPkiTemplatesRiskOverview, ForestRecycleBinAndLifetimes, ForestReplicationPosture, ForestSchemaDefaultSecurityDescriptorChanges, ForestSchemaJavaExposure, ForestSchemaLapsAttributes, ForestShadowPrincipalsPosture, ForestSiteConnectionPosture, ForestSiteLinkPosture, ForestSubnetCoveragePosture, ForestSubnets, ForestTrustsOverview, GroupPolicy, GroupPolicyADM, GroupPolicyOwners, GroupPolicyPermission, GroupPolicyPermissionConsistency, GroupPolicySysvol, GroupPolicySYSVOLDC, GroupsCriticalMembership, GroupsForeignSecurityPrincipalsPrivilegedExposure, GroupsOperatorsEmpty, GroupsOrphanedForeignSecurityPrincipals, GroupsPreWindows2000Exposure, GroupsPrivilegedDelegationRisk, Information, KerberosSecurity, KrbtgtHealth, LanManagerSettings, LanManServer, Ldap, LdapInsecureBindings, MachineQuota, MSSLegacy, NetLogonOwner, NetSessionEnumeration, NetworkCardSettings, NTDSParameters, OperatingSystem, OptionalFeatures, OrganizationalUnitsEmpty, OrganizationalUnitsProtected, OrphanedAdmins, OrphanedSecurityPrincipals, PasswordComplexity, Pingable, PkiCaRocaConfirmed, PkiCaRocaSuspected, PkiCaWeakKeySize, PkiCaWeakRsaComponent, PkiCaWeakSignature, PkiEnrollmentHttpsRequired, Ports, RDPPorts, RDPSecurity, Replication, ReplicationStatus, RootDseAnonymousBind, RootKDS, SecurityComputers, SecurityDelegatedObjects, SecurityGroupsAccountOperators, SecurityGroupsSchemaAdmins, SecurityKRBGT, SecurityUsers, SecurityUsersAccountAdministrator, ServersGpoSmbSigningBaseline, Services, ServiceWINRM, SiteLinks, SiteLinksConnections, Sites, SMBProtocols, SMBShares, SMBSharesPermissions, StaleAdminAccountsManual, SysVOLDFSR, SysvolGpoConsistency, SysvolLegacyAdmFiles, SysvolNetlogonOwners, SysvolNetlogonPermissions, TimeSettings, TimeSynchronizationExternal, TimeSynchronizationInternal, TombstoneLifetime, TrustAzureAdSso, Trusts, UNCHardenedPaths, UsersAdminProtection, UsersBuiltInAdministrator, UsersGppStoredPasswords, UsersGuestAccount, UsersPasswordNeverExpires, UsersPrimaryGroupCompliance, UsersPrivilegedDelegationProtection, UsersPrivilegedEmailPresent, UsersPrivilegedInactivity, UsersStaleAccounts, UsersUnconstrainedDelegation, VurnerableSchemaClass, WellKnownFolders, WindowsFeaturesOptional, WindowsRemoteManagement, WindowsRolesAndFeatures, WindowsUpdates, WorkstationsGpoSmbSigningBaseline
Possible values: AdminPrivilegedActivityPosture, AdminSdHolderAclDrift, Backup, ComputersAesDisabled, ComputersObsoleteDomainControllers, ComputersObsoleteServers, ComputersObsoleteWorkstations, ComputersPrimaryGroupCompliance, ComputersRbcdExposure, ComputersUnconstrainedDelegation, ComputersUnsupported, ComputersUnsupportedMainstream, DCDNSForwaders, DFS, DHCPAuthorized, Diagnostics, DirectoryAclPostureInventory, DirectoryDangerousExtendedRights, DirectoryDefaultOuChanged, DirectoryDisplaySpecifiersForeignPaths, DirectoryEmptyOrganizationalUnits, DirectoryLdapConnectivity, DirectoryUnprotectedOus, DirectoryWellKnownFolderPosture, DiskSpace, DnsAdminsMembership, DnsDelegationRisk, DNSForwarders, DnsNameServers, DNSResolveExternal, DNSResolveInternal, DNSScavengingForPrimaryDNSServer, DNSZonesAging, DNSZonesDomain0ADEL, DnsZonesDynamicUpdatesSecure, DNSZonesForest0ADEL, DnsZonesReadExposure, DnsZonesSecurity, DomainAccountDelegationPosture, DomainAccountsReversiblePasswordStorage, DomainAdminGroupDelegationRisk, DomainAuthentication, DomainBackupMetadata, DomainBroadTrusteeDelegationExposure, DomainComputerSecurityBaselinePosture, DomainComputersLapsCoverage, DomainComputersLapsDelegation, DomainComputersLapsDsrmDelegation, DomainComputersLifecycle, DomainConstrainedDelegationOverview, DomainConstrainedDelegationTargets, DomainConstrainedDelegationToDcServices, DomainControllerAppControlRuntimeLocal, DomainControllerAuditPolicyLocal, DomainControllerBackupPostureRuntimeLocal, DomainControllerBrowserPolicyRuntimeLocal, DomainControllerCertificatePostureRuntimeLocal, DomainControllerCredentialPostureLocal, DomainControllerCriticalServices, DomainControllerDiagnosticPosture, DomainControllerDiskSpacePosture, DomainControllerDnsDynamicUpdates, DomainControllerDnsPrimaryZoneNameServerPosture, DomainControllerDnsServerPosture, DomainControllerDnsZoneTransfer, DomainControllerDsaFileLocationPostureLocal, DomainControllerEventLogPolicyLocal, DomainControllerExploitProtectionRuntimeLocal, DomainControllerFeaturePostureRuntimeLocal, DomainControllerFileSystemLocal, DomainControllerInformationPosture, DomainControllerLanManager, DomainControllerLdapChannelBinding, DomainControllerLdapConnectivity, DomainControllerLdapSigning, DomainControllerLocalIdentityRuntimeLocal, DomainControllerLogonUxUacLocal, DomainControllerLsaProtectionLocal, DomainControllerMdmPostureRuntimeLocal, DomainControllerMssLegacyNetworkPostureLocal, DomainControllerNetlogonSiteCoverage, DomainControllerNetSessionEnumerationLocal, DomainControllerNetworkAdapterPosture, DomainControllerNetworkHardeningRuntimeLocal, DomainControllerNtdsParametersLocal, DomainControllerNullSession, DomainControllerOfficePostureRuntimeLocal, DomainControllerOperatingSystemPosture, DomainControllerOptionalFeaturePostureLocal, DomainControllerPersistencePostureRuntimeLocal, DomainControllerPingPosture, DomainControllerPkiEnrollmentChannelBinding, DomainControllerPlatformSecurityRuntimeLocal, DomainControllerPortPosture, DomainControllerPrivacyPostureRuntimeLocal, DomainControllerRdpSecurityLocal, DomainControllerRebootCadence, DomainControllerRemoteAccessRuntimeLocal, DomainControllers, DomainControllersAuditPolicy, DomainControllerSchannelProtocolsLocal, DomainControllersDeploymentHealth, DomainControllersDnsAndSiteRegistration, DomainControllerSecureBootCertificateRolloutLocal, DomainControllerSmbCompliance, DomainControllerSmbSharePermissions, DomainControllerSmbShares, DomainControllerSmbSigning, DomainControllersOverallPosture, DomainControllersRodcPolicy, DomainControllersRodcSysvolWriteAccess, DomainControllersSpoolerExposure, DomainControllerSystemStateBackup, DomainControllerSysvolReplication, DomainControllerTimeServiceStatus, DomainControllerTimeSynchronizationExternal, DomainControllerTimeSynchronizationInternal, DomainControllerVsCodeExtensionsRuntimeLocal, DomainControllerWebClientDisabled, DomainControllerWindowsUpdatePosture, DomainControllerWinRmSecurityLocal, DomainDcShadowIndicators, DomainDelegationInventory, DomainDhcpAuthorizationPosture, DomainDirectoryDescriptionSecrets, DomainDirectoryHiddenObjects, DomainDnsApexAuthorityPosture, DomainDnsApplicationPartitionOwnerPosture, DomainDnsCleanupPreview, DomainDnsDanglingRecordTargets, DomainDnsDcLocatorIntegrity, DomainDnsDelegationIntegrity, DomainDnsDhcpOwnershipPosture, DomainDnsDnssecPosture, DomainDnsDynamicUpdateConfiguration, DomainDnsEventLogRetentionPosture, DomainDnsForwarderConsistency, DomainDnsForwardReverseParity, DomainDnsLoggingPosture, DomainDnsRecordAgingPosture, DomainDnsRecursiveResolverPosture, DomainDnsReverseZoneCoverage, DomainDnsRrsetTtlConsistency, DomainDnsZoneHostingConfigurationPosture, DomainDnsZonePtrAutomation, DomainDnsZoneTransferPosture, DomainDsHeuristics, DomainDuplicateAccounts, DomainExchangeUserAliasPosture, DomainFineGrainedPasswordPolicies, DomainFsmoRolePosture, DomainFSMORoles, DomainFunctionalLevel, DomainGpoAnalysis, DomainGpoAnonymousExposureConfiguration, DomainGpoBlockedInheritance, DomainGpoBrokenGpos, DomainGpoBrokenLinks, DomainGpoDangerousUserRightsExposure, DomainGpoDefaultPoliciesRecentChanges, DomainGpoDefenderAsrPolicy, DomainGpoDelegationExposure, DomainGpoDuplicates, DomainGpoEventLogPolicyBaseline, DomainGpoEveryoneAuthorizedGpo, DomainGpoEveryoneIncludesAnonymousDisabled, DomainGpoExternalArtifacts, DomainGpoFiles, DomainGpoFirewallProfilesBaseline, DomainGpoFirewallScriptBlock, DomainGpoFolderOptionsExposure, DomainGpoHardenedPaths, DomainGpoInventoryHealth, DomainGpoKdcProxyPolicy, DomainGpoKerberosClientArmoring, DomainGpoKerberosCryptoBaseline, DomainGpoKerberosKdcArmoring, DomainGpoKerberosPacHardeningBaseline, DomainGpoLapsDsrmPolicy, DomainGpoLapsPolicy, DomainGpoLdapHardening, DomainGpoLimitBlankPasswordUse, DomainGpoLinks, DomainGpoList, DomainGpoLlmnrWdigestConfiguration, DomainGpoLogonUxUacBaseline, DomainGpoLsaProtectionBaseline, DomainGpoMissingSysvolFiles, DomainGpoNameResolutionBaseline, DomainGpoNetlogonConfiguration, DomainGpoNetSessionHardening, DomainGpoNoLmHash, DomainGpoNtlmRestrictConfiguration, DomainGpoOrganizationalUnit, DomainGpoOwners, DomainGpoPassword, DomainGpoPermissionBaseline, DomainGpoPermissionConsistency, DomainGpoPermissions, DomainGpoPermissionsAdministrative, DomainGpoPermissionsRead, DomainGpoPermissionsRoot, DomainGpoPermissionsUnknown, DomainGpoPku2uPolicy, DomainGpoPowerShellAuditing, DomainGpoPowerShellLoggingBaseline, DomainGpoRdpRedirectionPolicyBaseline, DomainGpoRecoveryConsoleAutoAdminLogon, DomainGpoRedirect, DomainGpoSchannelPolicyBaseline, DomainGpoScriptPreferenceExposure, DomainGpoServicePolicy, DomainGpoSysvolPosture, DomainGpoTerminalServicesTimeout, DomainGpoTimeServicePolicy, DomainGpoUpdates, DomainGpoWinRmPolicyBaseline, DomainGpoWpadHardeningExample, DomainGpoWsusConfiguration, DomainJoinComputerOwner, DomainKerberosCryptoOverview, DomainKerberosDesConfiguration, DomainKerberosDuplicateSpns, DomainKerberosRc4Only, DomainLapsOuDelegation, DomainLDAP, DomainMachineAccountQuota, DomainObjectsRecentCreation, DomainObjectStatistics, DomainOuDelegationRisk, DomainPasswordPolicy, DomainPasswordPolicyRollup, DomainPrimaryGroupReadability, DomainPrivilegedGroupOwnerRisk, DomainPrivilegedGroupRecentChanges, DomainRidMasterHealth, DomainServiceAccountsAdminCount, DomainServiceAccountsSpnHygiene, DomainServiceAccountsUsage, DomainShadowCredentialsRisk, DomainSpnHygieneOverview, DomainSysvolReplicationPosture, DomainTechnicalAzureAdSso, DomainTier0ExposureGraph, DomainTrustsConfiguration, DomainTrustSidHistory, DomainUnprivilegedGroupRecentChanges, DomainUsersBadPasswordCount, DomainUsersCredentialHygiene, DomainUsersSmartCardConfiguration, DsHeuristicsCompliance, DummyDomainStaleAdminAccounts, DummyExampleNew, DummyForestBackup, DummyForestReplicationStatus, DummySystemHealth, DummyTestimoDebug, DuplicateObjects, DuplicateSPN, EventLogs, ExchangeUsers, FileSystem, ForestBackupMetadataPosture, ForestConfigurationPartitionContainerOwnerPosture, ForestConfigurationPartitionOwnerPosture, ForestConfigurationPartitionOwners, ForestConfigurationPartitionOwnersContainer, ForestDHCP, ForestDhcpInfrastructurePosture, ForestDirectoryDiscoveryDiagnostics, ForestDuplicateComputerHostnames, ForestExchangeSchemaVulnerabilityPosture, ForestFsmoRolePosture, ForestFSMORoles, ForestFunctionalLevel, ForestKdsRootKeyPosture, ForestKerberosDuplicateSpns, ForestOptionalFeaturePosture, ForestPkiCertNoobFindings, ForestPkiConfiguration, ForestPkiTemplatesConfiguration, ForestPkiTemplatesRiskOverview, ForestRecycleBinAndLifetimes, ForestReplicationPosture, ForestSchemaDefaultSecurityDescriptorChanges, ForestSchemaJavaExposure, ForestSchemaLapsAttributes, ForestShadowPrincipalsPosture, ForestSiteConnectionPosture, ForestSiteLinkPosture, ForestSubnetCoveragePosture, ForestSubnets, ForestTrustsOverview, GroupPolicy, GroupPolicyADM, GroupPolicyOwners, GroupPolicyPermission, GroupPolicyPermissionConsistency, GroupPolicySysvol, GroupPolicySYSVOLDC, GroupsCriticalMembership, GroupsForeignSecurityPrincipalsPrivilegedExposure, GroupsOperatorsEmpty, GroupsOrphanedForeignSecurityPrincipals, GroupsPreWindows2000Exposure, GroupsPrivilegedDelegationRisk, Information, KerberosSecurity, KrbtgtHealth, LanManagerSettings, LanManServer, Ldap, LdapInsecureBindings, MachineQuota, MSSLegacy, NetLogonOwner, NetSessionEnumeration, NetworkCardSettings, NTDSParameters, OperatingSystem, OptionalFeatures, OrganizationalUnitsEmpty, OrganizationalUnitsProtected, OrphanedAdmins, OrphanedSecurityPrincipals, PasswordComplexity, Pingable, PkiCaRocaConfirmed, PkiCaRocaSuspected, PkiCaWeakKeySize, PkiCaWeakRsaComponent, PkiCaWeakSignature, PkiEnrollmentHttpsRequired, Ports, RDPPorts, RDPSecurity, Replication, ReplicationStatus, RootDseAnonymousBind, RootKDS, SecurityComputers, SecurityDelegatedObjects, SecurityGroupsAccountOperators, SecurityGroupsSchemaAdmins, SecurityKRBGT, SecurityUsers, SecurityUsersAccountAdministrator, ServersGpoSmbSigningBaseline, Services, ServiceWINRM, SiteLinks, SiteLinksConnections, Sites, SMBProtocols, SMBShares, SMBSharesPermissions, StaleAdminAccountsManual, SysVOLDFSR, SysvolGpoConsistency, SysvolLegacyAdmFiles, SysvolNetlogonOwners, SysvolNetlogonPermissions, TimeSettings, TimeSynchronizationExternal, TimeSynchronizationInternal, TombstoneLifetime, TrustAzureAdSso, Trusts, UNCHardenedPaths, UsersAdminProtection, UsersBuiltInAdministrator, UsersGppStoredPasswords, UsersGuestAccount, UsersPasswordNeverExpires, UsersPrimaryGroupCompliance, UsersPrivilegedDelegationProtection, UsersPrivilegedEmailPresent, UsersPrivilegedInactivity, UsersStaleAccounts, UsersUnconstrainedDelegation, VurnerableSchemaClass, WellKnownFolders, WindowsFeaturesOptional, WindowsRemoteManagement, WindowsRolesAndFeatures, WindowsUpdates, WorkstationsGpoSmbSigningBaseline
IncludePowerShellRules PowerShellRule[] optionalposition: namedpipeline: falsevalues: 89
Typed embedded PowerShell rules to execute for this invocation only. Possible values: DCDFS, DCDiagnostics, DCDiskSpace, DCDNSForwarders, DCDnsNameServers, DCDnsResolveExternal, DCDnsResolveInternal, DCEventLogs, DCFileSystem, DCGroupPolicySYSVOLDC, DCInformation, DCLanManagerSettings, DCLanManServer, DCLDAP, DCLDAPInsecureBindings, DCMSSLegacy, DCNetSessionEnumeration, DCNetworkCardSettings, DCNTDSParameters, DCOperatingSystem, DCPingable, DCPorts, DCRDPPorts, DCRDPSecurity, DCServices, DCServiceWINRM, DCSMBProtocols, DCSMBShares, DCSMBSharesPermissions, DCTimeSettings, DCTimeSynchronizationExternal, DCTimeSynchronizationInternal, DCUNCHardenedPaths, DCWindowsFeaturesOptional, DCWindowsRemoteManagement, DCWindowsRolesAndFeatures, DCWindowsUpdates, DomainComputersUnsupported, DomainComputersUnsupportedMainstream, DomainDHCPAuthorized, DomainDNSForwarders, DomainDNSScavengingForPrimaryDNSServer, DomainDnsZonesAging, DomainDNSZonesDomain0ADEL, DomainDNSZonesForest0ADEL, DomainDomainControllers, DomainDuplicateObjects, DomainExchangeUsers, DomainGroupPolicyADM, DomainGroupPolicyAssessment, DomainGroupPolicyOwner, DomainGroupPolicyPermissionConsistency, DomainGroupPolicyPermissions, DomainGroupPolicySysvol, DomainLDAP, DomainMachineQuota, DomainNetLogonOwner, DomainOrganizationalUnitsEmpty, DomainOrganizationalUnitsProtected, DomainOrphanedForeignSecurityPrincipals, DomainPasswordComplexity, DomainRoles, DomainSecurityComputers, DomainSecurityDelegatedObjects, DomainSecurityGroupsAccountOperators, DomainSecurityGroupsSchemaAdmins, DomainSecurityKrbtgt, DomainSecurityUsers, DomainSecurityUsersAcccountAdministrator, DomainSysVolDFSR, DomainWellKnownFolders, ForestBackup, ForestConfigurationPartitionOwners, ForestConfigurationPartitionOwnersContainers, ForestDHCP, ForestDuplicateSPN, ForestOptionalFeatures, ForestOrphanedAdmins, ForestReplication, ForestReplicationStatus, ForestRoles, ForestRootKDS, ForestSiteLinks, ForestSiteLinksConnections, ForestSites, ForestSubnets, ForestTombstoneLifetime, ForestTrusts, ForestVulnerableSchemaClass
Possible values: DCDFS, DCDiagnostics, DCDiskSpace, DCDNSForwarders, DCDnsNameServers, DCDnsResolveExternal, DCDnsResolveInternal, DCEventLogs, DCFileSystem, DCGroupPolicySYSVOLDC, DCInformation, DCLanManagerSettings, DCLanManServer, DCLDAP, DCLDAPInsecureBindings, DCMSSLegacy, DCNetSessionEnumeration, DCNetworkCardSettings, DCNTDSParameters, DCOperatingSystem, DCPingable, DCPorts, DCRDPPorts, DCRDPSecurity, DCServices, DCServiceWINRM, DCSMBProtocols, DCSMBShares, DCSMBSharesPermissions, DCTimeSettings, DCTimeSynchronizationExternal, DCTimeSynchronizationInternal, DCUNCHardenedPaths, DCWindowsFeaturesOptional, DCWindowsRemoteManagement, DCWindowsRolesAndFeatures, DCWindowsUpdates, DomainComputersUnsupported, DomainComputersUnsupportedMainstream, DomainDHCPAuthorized, DomainDNSForwarders, DomainDNSScavengingForPrimaryDNSServer, DomainDnsZonesAging, DomainDNSZonesDomain0ADEL, DomainDNSZonesForest0ADEL, DomainDomainControllers, DomainDuplicateObjects, DomainExchangeUsers, DomainGroupPolicyADM, DomainGroupPolicyAssessment, DomainGroupPolicyOwner, DomainGroupPolicyPermissionConsistency, DomainGroupPolicyPermissions, DomainGroupPolicySysvol, DomainLDAP, DomainMachineQuota, DomainNetLogonOwner, DomainOrganizationalUnitsEmpty, DomainOrganizationalUnitsProtected, DomainOrphanedForeignSecurityPrincipals, DomainPasswordComplexity, DomainRoles, DomainSecurityComputers, DomainSecurityDelegatedObjects, DomainSecurityGroupsAccountOperators, DomainSecurityGroupsSchemaAdmins, DomainSecurityKrbtgt, DomainSecurityUsers, DomainSecurityUsersAcccountAdministrator, DomainSysVolDFSR, DomainWellKnownFolders, ForestBackup, ForestConfigurationPartitionOwners, ForestConfigurationPartitionOwnersContainers, ForestDHCP, ForestDuplicateSPN, ForestOptionalFeatures, ForestOrphanedAdmins, ForestReplication, ForestReplicationStatus, ForestRoles, ForestRootKDS, ForestSiteLinks, ForestSiteLinksConnections, ForestSites, ForestSubnets, ForestTombstoneLifetime, ForestTrusts, ForestVulnerableSchemaClass
IncludeRules string[] optionalposition: namedpipeline: falsealiases: RuleNames
Rule names to execute for this invocation only.
RuleConfigPath string optionalposition: namedpipeline: false
Optional local path to a rule-overrides JSON file that should be applied only to this invocation.
RunSnapshot SwitchParameter optionalposition: namedpipeline: false
Requests an AD snapshot during this one-time invocation.
RunTest SwitchParameter optionalposition: namedpipeline: false
Requests a rule run instead of snapshot streams for this one-time invocation.
Streams string[] optionalposition: namedpipeline: false
Snapshot stream names to run during this one-time invocation, for example Users or Groups.

Outputs

TestimoX.PowerShell.ServiceInvocationAcceptance