Jorge's Quest For Knowledge!

All About Identity And Security On-Premises And In The Cloud – It's Just Like An Addiction, The More You Have, The More You Want To Have!

(2015-03-16) Documenting Your Active Directory

Posted by Jorge on 2015-03-16

Have you ever wanted to document your Active Directory to quite some detail, but you could not find a free tool available to get the job done? Wait no longer! Keep reading, you will like it!

Amongst other scripts, Carl Webster has created an Active Directory documentation PowerShell script that is able to procedure a report in Word, PDF or HTML. The script must be executed on a Windows computer with at least PowerShell v3, RSAT and Word. In general you just require a regular user account with no specific privileges. However, if you want to gather DC specific information (e.g. hardware and services), you require Domain Admins equivalent privileges which is obvious.

More information about the AD documentation script can be found through the link: Documenting Microsoft Active Directory with Microsoft Word and PowerShell

All the scripts can be downloaded through the link: Where to Get Copies of the Various Documentation Scripts

In my test/demo environment I executed the AD documentation PowerShell script using the following PowerShell command line:

.\ADDS_Inventory_v1.1.ps1 -PDF -Hardware -ADForest IAMTEC.NET -Hardware -Services -UserName "Jorge de Almeida Pinto" -CompanyName "IAM Technologies" -Verbose


Figure 1: Sample Output


Figure 2: Sample Output


Figure 3: Sample Output


Figure 4: Sample Output

To view a sample of the report you can click here. It displays all the information about my test/demo AD environment.

Be aware, that if your AD is large and/or distributed (e.g. many AD domains, many DCs, many OUs, many objects, etc.), this documentation script may take some time to complete!

* This posting is provided "AS IS" with no warranties and confers no rights!
* Always evaluate/test yourself before using/implementing this!
############### Jorge’s Quest For Knowledge #############
######### ########

4 Responses to “(2015-03-16) Documenting Your Active Directory”

  1. Webster said

    Thanks for the mention.



  2. albertwt said

    Hi Jorge and Carl,

    Does this script is write only or not making any changes to the AD environment ?
    What account permission as minimum I need to run this Powershell script ?



    • Jorge said

      when using the HARDWARE and SERVICES switch, and therefore to properly retrieve the WMI hardware inventory and or get a list of Services running on the domain controllers, the user running the script must have Domain Administrator rights in the AD Forest being processed.

      when not using either one of the switches, a regular user account should be good enough


  3. Albertwt, none of my documentation scripts make any changes to what is being documented (AD, DHCP, DNS, VMware, etc). I only use GET cmdlets or LDAP queries.




Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: