Mayyhem · January 30, 2025 18:58
diff --git a/Get-SCCMCollectionLDAP b/Get-SCCMCollectionLDAP
 function Get-SCCMCollectionLDAP {
    [CmdletBinding()]
    param(
        [Parameter(Mandatory=$true)]
        [string]$DomainFQDN
    )    

    # Import Active Directory module
    Import-Module ActiveDirectory

    $domainDN = ($DomainFQDN -split '\.') -replace '^', 'DC=' -join ','

    # Define the System Management container's Distinguished Name
    $systemManagementDN = "CN=System Management,CN=System,$domainDN"

    # Initialize arrays to store results
    $siteResults = @()
    $permissionResults = @()

    # Get all mSSMSSite objects and their attributes
    $siteObjects = Get-ADObject -LDAPFilter "(objectClass=mSSMSSite)" -SearchBase $systemManagementDN -Properties mSSMSHealthState, mSSMSSiteCode, objectClass, objectGUID, distinguishedName, cn

    # Collect site information
    foreach ($site in $siteObjects) {
        $siteResults += [PSCustomObject]@{
            Type = "Site Information"
            HealthState = $site.mSSMSHealthState
            SiteCode = $site.mSSMSSiteCode
            ObjectClass = $site.objectClass
            DistinguishedName = $site.distinguishedName
        }
    }

    # Get primary site information 
    Write-Output "`nSite Information"
    Write-Output "======================================`n"
    foreach ($site in $siteResults) {
        Write-Output "Health State: $($site.HealthState)"
        Write-Output "Site Code: $($site.SiteCode)"
        Write-Output "Object Class: $($site.ObjectClass)"
        Write-Output "Distinguished Name: $($site.DistinguishedName)`n"
    }

    # Get all mSSMSManagementPoint objects and their attributes
    $mpObjects = Get-ADObject -LDAPFilter "(ObjectClass=mSSMSManagementPoint)" -SearchBase $systemManagementDN -Properties mSSMSMPName, mSSMSSiteCode
    Write-Output "`nManagement Points"
    Write-Output "=================`n"
    foreach ($mp in $mpObjects) {
        Write-Host "FQDN:      " $mp.mSSMSMPName
        Write-Host "Site Code: " $mp.mSSMSSiteCode `n
    }

    # Get systems with WDS/PXE enabled
    $objects = Get-ADObject -LDAPFilter "(&(objectclass=connectionPoint)(netbootserver=*))" -SearchBase $domainDN
    Write-Output "`nNetwork Boot Servers"
    Write-Output "====================`n"
    foreach ($object in $objects) {

        # Extract everything after the first comma
        $afterFirstComma = $object.DistinguishedName -replace '^[^,]+,', ''
        Write-Host "DistinguishedName: " $afterFirstComma `n
    }

    # Search for patterns
    $searchPatterns = @(
        "sccm", "mecm", "mcm", "memcm", "configm", "cfgm", "sms"
    )

    # Build the LDAP filter dynamically
    $ldapFilter = "(&(objectCategory=computer)(|"

    # Add search patterns for each attribute we want to check
    foreach ($pattern in $searchPatterns) {
        $ldapFilter += "(samaccountname=*$pattern*)"
        $ldapFilter += "(description=*$pattern*)"
        $ldapFilter += "(name=*$pattern*)"
        $ldapFilter += "(displayname=*$pattern*)"
        $ldapFilter += "(serviceprincipalname=*$pattern*)"
        $ldapFilter += "(dnshostname=*$pattern*)"
    }

    $ldapFilter += "))"

    # Execute the search
    $matches = Get-ADObject -LDAPFilter $ldapFilter -SearchBase $domainDN -Properties samaccountname, description, name, displayname, serviceprincipalname, dnshostname, objectClass, objectSid

    # Display results with relevant properties
    Write-Output "`nNaming Convention Matches"
    Write-Output "=========================`n"
    foreach ($match in $matches){
        Write-Output $match.samaccountname
        Write-Output $match.dnshostname
        Write-Output $match.objectSid.value `n
    }

    # Get accounts with GenericAll on the System Management container
    $acl = Get-Acl -Path "AD:\$systemManagementDN"
    $acl.Access | Where-Object {
        $_.AccessControlType -eq "Allow" -and
        $_.ActiveDirectoryRights -eq "GenericAll" -and
        $_.IdentityReference -match '\$$'
    } | ForEach-Object {
        $permissionResults += [PSCustomObject]@{
            Type = "Permission"
            Account = $_.IdentityReference
        }
    }
    Write-Output "Accounts with GenericAll on System Management container"
    Write-Output "=======================================================`n"
    foreach ($perm in $permissionResults) {
        Write-Output "$($perm.Account)"
    }
 }

 Get-SCCMCollectionLDAP -DomainFQDN mayyhem.com
	function Get-SCCMCollectionLDAP {
	[CmdletBinding()]
	param(
	[Parameter(Mandatory=$true)]
	[string]$DomainFQDN
	)

	# Import Active Directory module
	Import-Module ActiveDirectory

	$domainDN = ($DomainFQDN -split '\.') -replace '^', 'DC=' -join ','

	# Define the System Management container's Distinguished Name
	$systemManagementDN = "CN=System Management,CN=System,$domainDN"

	# Initialize arrays to store results
	$siteResults = @()
	$permissionResults = @()

	# Get all mSSMSSite objects and their attributes
	$siteObjects = Get-ADObject -LDAPFilter "(objectClass=mSSMSSite)" -SearchBase $systemManagementDN -Properties mSSMSHealthState, mSSMSSiteCode, objectClass, objectGUID, distinguishedName, cn

	# Collect site information
	foreach ($site in $siteObjects) {
	$siteResults += [PSCustomObject]@{
	Type = "Site Information"
	HealthState = $site.mSSMSHealthState
	SiteCode = $site.mSSMSSiteCode
	ObjectClass = $site.objectClass
	DistinguishedName = $site.distinguishedName
	}
	}

	# Get primary site information
	Write-Output "`nSite Information"
	Write-Output "======================================`n"
	foreach ($site in $siteResults) {
	Write-Output "Health State: $($site.HealthState)"
	Write-Output "Site Code: $($site.SiteCode)"
	Write-Output "Object Class: $($site.ObjectClass)"
	Write-Output "Distinguished Name: $($site.DistinguishedName)`n"
	}

	# Get all mSSMSManagementPoint objects and their attributes
	$mpObjects = Get-ADObject -LDAPFilter "(ObjectClass=mSSMSManagementPoint)" -SearchBase $systemManagementDN -Properties mSSMSMPName, mSSMSSiteCode
	Write-Output "`nManagement Points"
	Write-Output "=================`n"
	foreach ($mp in $mpObjects) {
	Write-Host "FQDN: " $mp.mSSMSMPName
	Write-Host "Site Code: " $mp.mSSMSSiteCode `n
	}

	# Get systems with WDS/PXE enabled
	$objects = Get-ADObject -LDAPFilter "(&(objectclass=connectionPoint)(netbootserver=*))" -SearchBase $domainDN
	Write-Output "`nNetwork Boot Servers"
	Write-Output "====================`n"
	foreach ($object in $objects) {

	# Extract everything after the first comma
	$afterFirstComma = $object.DistinguishedName -replace '^[^,]+,', ''
	Write-Host "DistinguishedName: " $afterFirstComma `n
	}

	# Search for patterns
	$searchPatterns = @(
	"sccm", "mecm", "mcm", "memcm", "configm", "cfgm", "sms"
	)

	# Build the LDAP filter dynamically
	$ldapFilter = "(&(objectCategory=computer)(\|"

	# Add search patterns for each attribute we want to check
	foreach ($pattern in $searchPatterns) {
	$ldapFilter += "(samaccountname=$pattern)"
	$ldapFilter += "(description=$pattern)"
	$ldapFilter += "(name=$pattern)"
	$ldapFilter += "(displayname=$pattern)"
	$ldapFilter += "(serviceprincipalname=$pattern)"
	$ldapFilter += "(dnshostname=$pattern)"
	}

	$ldapFilter += "))"

	# Execute the search
	$matches = Get-ADObject -LDAPFilter $ldapFilter -SearchBase $domainDN -Properties samaccountname, description, name, displayname, serviceprincipalname, dnshostname, objectClass, objectSid

	# Display results with relevant properties
	Write-Output "`nNaming Convention Matches"
	Write-Output "=========================`n"
	foreach ($match in $matches){
	Write-Output $match.samaccountname
	Write-Output $match.dnshostname
	Write-Output $match.objectSid.value `n
	}

	# Get accounts with GenericAll on the System Management container
	$acl = Get-Acl -Path "AD:\$systemManagementDN"
	$acl.Access \| Where-Object {
	$_.AccessControlType -eq "Allow" -and
	$_.ActiveDirectoryRights -eq "GenericAll" -and
	$_.IdentityReference -match '\$$'
	} \| ForEach-Object {
	$permissionResults += [PSCustomObject]@{
	Type = "Permission"
	Account = $_.IdentityReference
	}
	}
	Write-Output "Accounts with GenericAll on System Management container"
	Write-Output "=======================================================`n"
	foreach ($perm in $permissionResults) {
	Write-Output "$($perm.Account)"
	}
	}

	Get-SCCMCollectionLDAP -DomainFQDN mayyhem.com
No results found