Releases: adrian207/AD-Audit
Releases · adrian207/AD-Audit
AD-Audit v3.1.0 - LAPS Audit & Enhanced Security
Release Notes - Version 3.1.0 🎉
Release Date: January 2025
Release Type: Feature Release
Author: Adrian Johnson [email protected]
🚀 New Features
1. LAPS (Local Administrator Password Solution) Audit Module ✅
Module: Modules/Invoke-LAPS-Audit.ps1
Commit: c930b9a
What's Included:
- Comprehensive LAPS Detection: Scan all domain computers for LAPS status
- Password Age Analysis: Monitor password age and expiration
- Compliance Scoring: Automated compliance calculation and risk assessment
- Multiple Report Formats: HTML, CSV, JSON, XML, Markdown
- Password Reset Actions: Force LAPS password rotation
- Bulk Operations: Process multiple computers in parallel
Key Features:
LAPS Detection
- LAPS Status: Detects if LAPS is installed and configured
- Password Attributes: Checks
ms-Mcs-AdmPwdandms-Mcs-AdmPwdExpirationTime - Password Age: Calculates password age and identifies stale passwords
- Expiration Status: Identifies expired passwords
- Compliance Analysis: Determines overall LAPS compliance percentage
Reporting
- HTML Dashboard: Professional HTML reports with compliance metrics
- CSV Exports: All computers, non-compliant, expired, and missing LAPS
- JSON: Complete data export in JSON format
- XML: Structured XML reports for integration
- Markdown: Human-readable markdown reports
Remediation
- Force Password Reset: Clear expiration to trigger LAPS regeneration
- Bulk Operations: Reset passwords for multiple computers
- Dry-Run Mode: Preview mode for safe testing
- Parallel Processing: Efficient bulk operations
Risk Assessment
- Risk Levels: Critical, High, Medium, Low
- Compliance Percentage: Overall compliance scoring
- Recommendations: Automated remediation guidance
Usage:
# Basic LAPS audit
.\Invoke-LAPS-Audit.ps1 -DatabasePath "C:\Audits\AuditData.db"
# Full audit with all report formats
.\Invoke-LAPS-Audit.ps1 -DatabasePath "C:\Audits\AuditData.db" -ReportFormat All
# Audit with remediation (dry-run)
.\Invoke-LAPS-Audit.ps1 -DatabasePath "C:\Audits\AuditData.db" -EnableRemediation -DryRun
# Audit with actual remediation
.\Invoke-LAPS-Audit.ps1 -DatabasePath "C:\Audits\AuditData.db" -EnableRemediation
# Custom thresholds
.\Invoke-LAPS-Audit.ps1 -DatabasePath "C:\Audits\AuditData.db" -PasswordAgeThreshold 60 -ExpirationThreshold 120Report Outputs:
LAPS_Status_All.csv- All computers with LAPS statusLAPS_Non_Compliant.csv- Non-compliant computersLAPS_Expired.csv- Computers with expired passwordsLAPS_Missing.csv- Computers without LAPS installedLAPS_Compliance_Report_YYYYMMDD_HHMMSS.html- Professional HTML dashboardLAPS_Report_YYYYMMDD_HHMMSS.json- JSON data exportLAPS_Report_YYYYMMDD_HHMMSS.xml- XML reportLAPS_Report_YYYYMMDD_HHMMSS.md- Markdown report
Compliance Metrics:
- Total Computers: Number of computers scanned
- LAPS Installed: Installation percentage
- LAPS Compliant: Compliance percentage
- Expired Passwords: Count of expired passwords
- Stale Passwords: Count of stale passwords (>30 days)
- Risk Level: Overall risk assessment
Microsoft Compliance:
- ✅ CIS Control 4: Secure Configuration of Enterprise Assets
- ✅ CIS Control 6: Access Control Management
- ✅ Microsoft Best Practice: Local Administrator Password Management
2. SID History Security Check ✅
Module: Modules/Invoke-CredentialTheftPrevention.ps1
Commit: e07fa04
What's Included:
- SID History Detection: Identifies SID history on privileged accounts
- Privilege Escalation Risk: Detects potential privilege escalation vectors
- Risk Scoring: Automated risk assessment (Critical/High/Medium/Low)
- Remediation Guidance: Automated recommendations
Usage:
# Check for SID history on privileged accounts
.\Invoke-CredentialTheftPrevention.ps1 -DatabasePath "C:\Audits\AuditData.db" -IncludeSIDHistory
# All security checks including SID history
.\Invoke-CredentialTheftPrevention.ps1 -DatabasePath "C:\Audits\AuditData.db" -IncludeAll📊 Statistics
Code Metrics:
| Metric | Value |
|---|---|
| New Files | 1 (LAPS audit module) |
| Lines of Code | 828 (LAPS module) |
| Functions | 15+ |
| Report Formats | 5 (HTML, CSV, JSON, XML, Markdown) |
Features:
- ✅ LAPS Audit Module: Complete standalone module
- ✅ SID History Security: Enhanced credential theft prevention
- ✅ Multiple Report Formats: HTML, CSV, JSON, XML, Markdown
- ✅ Password Reset Actions: Automated remediation
- ✅ Compliance Scoring: Risk assessment and recommendations
- ✅ Bulk Operations: Parallel processing support
🔒 Security Enhancements
LAPS Audit
- Password Management: Detect and manage local administrator passwords
- Compliance Monitoring: Track LAPS deployment and compliance
- Risk Mitigation: Identify and remediate password vulnerabilities
- Automated Remediation: Force password rotation for non-compliant systems
SID History Detection
- Privilege Escalation Prevention: Detect potential escalation vectors
- Migration Security: Identify residual SIDs from domain migrations
- Risk Assessment: Automated risk scoring for privileged accounts
🎯 Target Audiences
Primary Users:
- Security Analysts: LAPS compliance monitoring and password management
- IT Administrators: Local administrator password security
- Compliance Officers: CIS Controls and Microsoft best practices
- Security Teams: Privilege escalation detection and mitigation
Use Cases:
- LAPS Compliance: Monitor and maintain LAPS deployment
- Password Security: Identify and remediate weak password practices
- Privilege Escalation: Detect and prevent privilege escalation attacks
- Security Auditing: Comprehensive security posture assessment
📚 Documentation
Updated Documentation:
Modules/Invoke-LAPS-Audit.ps1- Complete inline documentationModules/Invoke-CredentialTheftPrevention.ps1- Updated with SID history feature- Comprehensive usage examples and parameters
New Documentation:
- LAPS Audit module documentation (embedded in module)
- Usage examples and best practices
- Compliance metrics and scoring
🚀 Getting Started with v3.1.0
1. Run LAPS Audit
.\Invoke-LAPS-Audit.ps1 -DatabasePath "C:\Audits\AuditData.db"2. Check SID History
.\Invoke-CredentialTheftPrevention.ps1 -DatabasePath "C:\Audits\AuditData.db" -IncludeSIDHistory3. Generate All Reports
.\Invoke-LAPS-Audit.ps1 -DatabasePath "C:\Audits\AuditData.db" -ReportFormat All4. Remediate Non-Compliant Systems
.\Invoke-LAPS-Audit.ps1 -DatabasePath "C:\Audits\AuditData.db" -EnableRemediation -DryRun🔗 Links
- GitHub Repository: https://github.com/adrian207/AD-Audit
- Latest Release: https://github.com/adrian207/AD-Audit/releases/tag/v3.1.0
- Documentation: https://github.com/adrian207/AD-Audit/tree/main/docs
💡 What's Next?
Future Enhancements:
- Excel Export: Full Excel export with charts and pivot tables
- PDF Reports: Professional PDF reports with charts
- Email Integration: Automated email reports
- Scheduling: Built-in scheduled audit support
- Azure Integration: Cloud-based LAPS audit capabilities
🙏 Acknowledgments
- Microsoft: For LAPS technology and security guidance
- CIS Controls: For security framework guidance
- PowerShell Community: For excellent tools and resources
📝 Breaking Changes
None - v3.1.0 is fully backward compatible with v3.0.0 and previous versions.
🐛 Bug Fixes
- Fixed AI assistant attribution in test documentation
- Improved parallel processing in bulk operations
- Enhanced error handling in password reset functions
🎉 Version 3.1.0 - LAPS Audit & Enhanced Security!
The AD-Audit framework now includes:
- ✅ Comprehensive LAPS audit capabilities
- ✅ SID history security detection
- ✅ Multiple report formats
- ✅ Automated remediation actions
- ✅ Enhanced security monitoring
Ready for production deployment! 🚀