Describe the bug
I receive the following error when executing the as-built script:
New-AsBuiltReport : Exception calling "GetCurrentDomain" with "0" argument(s): "Current security context is not
associated with an Active Directory domain or forest."
At line:1 char:1
- New-AsBuiltReport -report Microsoft.AD -target domain2.domain2.priv - ...
-
+ CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException
+ FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,New-AsBuiltReport
To Reproduce
Windows 10 21H2 domain joined VM named desktop1. I'm running the script from this VM.
Windows 2016 domain controller (domain2 is the servername and domain2.priv is the domain) in a 2-way trust with a second 2016 domain controller (domain1 is the servername and domain1.priv is the domain)
Used a user account (user1) that has been added to the enterprise admin security group (and removed domain user permissions) or using the domain administrator account
Expected behavior
I would expect it to generate a word and html report. I have run this same script on the domain controller itself and it has had no problems generating the report.
Screenshots
< As Built Report Configuration >
---------------------------------------------- Would you like to save the As Built Report configuration file? (y/n): n Please wait while the Microsoft AD As Built Report is being generated. WARNING: [ 10:47:09:748 ] [ Document ] - Please refer to the AsBuiltReport.Microsoft.AD github website for more detailed information about this project. WARNING: [ 10:47:09:748 ] [ Document ] - Do not forget to update your report configuration file after each new release.
WARNING: [ 10:47:09:764 ] [ Document ] - Documentation: https://github.com/AsBuiltReport/AsBuiltReport.Microsoft.AD
WARNING: [ 10:47:09:764 ] [ Document ] - Issues or bug reporting:
https://github.com/AsBuiltReport/AsBuiltReport.Microsoft.AD/issues
WARNING: [ 10:47:09:779 ] [ Document ] - AsBuiltReport.Microsoft.AD 0.7.10 is currently installed.
WARNING: [ 10:47:32:373 ] [ Document ] - Cannot index into a null array.
WARNING: [ 10:47:32:391 ] [ Document ] - Cannot index into a null array.
WARNING: [ 10:47:32:391 ] [ Document ] - Cannot index into a null array.
New-AsBuiltReport : Exception calling "GetCurrentDomain" with "0" argument(s): "Current security context is not
associated with an Active Directory domain or forest."
At line:1 char:1
- New-AsBuiltReport -report Microsoft.AD -target domain2.domain2.priv - ...
-
+ CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException
+ FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,New-AsBuiltReport
Additional context
This is the full script that I am running to execute the report. I have run just the AD-Asbuilt command and it generates the same error, so I don't believe my other lines of code are affecting it. The script is writtento install all the required modules and the end generates some excel output files. This is for a project I am working on to setup a trust between 2 domains. A feature request I might suggest would be for the As-Built to dump out a list of users, groups, computers and what users/computers belong to what groups into the report. These options might be better off as a flag as there could be a lot of information and some people may not be interested in such a large report. In our case, we have to be mindful of user overlap between two non-joined domains. If at some point in the future the end user decides to join them and migrate users, conflicts can occur, so having that information is crucial. I have included my full script below for your info.
Write-Host "This script will perform an inventory of an active directory domain for you."
Write-Host "It must be run from the domain controller or a domain joined Windows 10 machine."
Write-Host "The user account used will need to be an Enterprise Admin for the full collection to work"
Write-Host ""
Write-Host ""
Write-Host "What type of machine are you running this from?"
Write-Host "(1) Windows 10 domain attached"
Write-Host "(2) A domain controller in the domain"
$system = Read-Host "Enter Number: "
Write-Host ""
Write-Host ""
$domain = Read-Host "Enter the domain controller FQDN: "
$username = Read-Host "Enter username to access the domain controller: "
$password = Read-Host "Enter password for the account: "
$Foldername ="c:\temp"
Create c:\temp directory
if (Test-Path $foldername) {
Write-Host "Folder c:\temp exists, continuing..."
}
else {
New-Item $Foldername -ItemType Directory
Write-Host "Folder c:\temp created successfully, continuing..."
}
if ($system -eq 1) {
Windows 10 Host
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::TLs12
Install-Module -Name PSPKI -Force
Install-Module -Name PScriboCharts -Force
Install-Module -Name AsBuiltReport.Microsoft.AD -Force
Install-Module -Name ImportExcel -Force
Add-WindowsCapability -online -Name 'Rsat.ActiveDirectory.DS-LDS.Tools~~~~0.0.1.0'
Add-WindowsCapability -Online -Name 'Rsat.CertificateServices.Tools~~~~0.0.1.0'
Add-WindowsCapability -online -Name 'Rsat.GroupPolicy.Management.Tools~~~~0.0.1.0'
Add-WindowsCapability –online –Name 'Rsat.Dns.Tools~~~~0.0.1.0'
Add-WindowsCapability -online -Name 'Rsat.DHCP.Tools~~~~0.0.1.0'
}
if ($system -eq 2) {
Domain Controller Host
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
[Net.ServicePointManager]::SecurityProtocol
Install-PackageProvider -Name Nuget -MinimumVersion 2.8.5.201 -Force
Install-Module -Name ImportExcel -Force
Install-Module -Name PSPKI -Force
Install-Module -Name PScriboCharts -Force
Install-Module -Name AsBuiltReport.Microsoft.AD -Force
Install-WindowsFeature -Name RSAT-ADCS
Enable-WindowsOptionalFeature -FeatureName RSAT-AD-PowerShell
Enable-WindowsOptionalFeature -FeatureName RSAT-ADCS,RSAT-ADCS-mgmt
Enable-WindowsOptionalFeature -FeatureName RSAT-DNS-Server
Enable-WindowsOptionalFeature -FeatureName RSAT-DHCP
Enable-WindowsOptionalFeature -FeatureName GPMC
}
As-Built Script Execution
New-AsBuiltReport -Report Microsoft.AD -Target $domain -Username $username -Password $password -Format Html,Word -OutputFolderPath $foldername -Timestamp -EnableHealthCheck
Get Domain Attached Computer List
get-adcomputer -filter * -Properties * | export-excel -path $foldername\computerexport.xlsx
Get Domain User List
get-aduser -filter * -Properties * | Select-Object Name, Surname, GivenName, SamAccountName, CanonicalName, DistinguishedName | export-excel -path $foldername\userexport.xlsx
Get Domain Group Info
get-adgroup -filter * -Properties * | export-excel -path $foldername\groupexport.xlsx
Get Group Name
get-adgroup -filter * | select-object Name | export-csv -path $foldername\grouplist.csv
Get group membership
import-csv $foldername\grouplist.csv | Foreach-object {
Get-ADGroupMember -Identity $($.Name) | Select-Object Name, ObjectClass, SAMaccountName | export-excel -path $foldername"Group.xlsx" -Append -Worksheet $($.Name)
}