Write a powershell script that will thoroughly analyse an Active directory for flaws in password policies,

admin permission, passwords that are set to never change, accounts with admin permissions. Be as
thorough as possible assuming the script executor has admin rights.

This purpose is a comprehensive security audit

# Begin Script

# Set Variables

$Domain = “YourDomainName”

$AdminGroup = “Domain Admins”

$AdminGroupMembers = Get-ADGroupMember -Identity $AdminGroup

$PasswordNeverExpires = Get-ADUser -Filter {PasswordNeverExpires -eq $true} -Properties

PasswordNeverExpires

$PasswordPolicy = Get-ADDefaultDomainPasswordPolicy

# Check Password Policy

Write-Host “Checking Password Policy…”

Write-Host “Minimum Password Length: $($PasswordPolicy.MinPasswordLength)”

Write-Host “Password Complexity: $($PasswordPolicy.PasswordComplexity)”

Write-Host “Password History: $($PasswordPolicy.PasswordHistoryCount)”

Write-Host “Maximum Password Age: $($PasswordPolicy.MaxPasswordAge.Days) days”

Write-Host “Account Lockout Threshold: $($PasswordPolicy.LockoutThreshold)”

Write-Host “Account Lockout Duration: $($PasswordPolicy.LockoutDuration.Minutes) minutes”

Write-Host “Account Lockout Observation Window: $

($PasswordPolicy.LockoutObservationWindow.Minutes) minutes”

# Check Admin Permissions

Write-Host “Checking Admin Permissions…”

Write-Host “Members of the $AdminGroup group:”

$AdminGroupMembers | Select Name | Format-Table -AutoSize

# Check Passwords Set to Never Change

Write-Host “Checking Passwords Set to Never Change…”

Write-Host “Users with passwords set to never expire:”

$PasswordNeverExpires | Select Name | Format-Table -AutoSize

# Check Accounts with Admin Permissions

Write-Host “Checking Accounts with Admin Permissions…”

$AdminAccounts = Get-ADUser -Filter {Enabled -eq $true} -SearchBase “OU=Users,DC=$Domain” -

SearchScope Subtree -Properties MemberOf | Where-Object {$_.MemberOf -like “*$AdminGroup*”}

Write-Host “Users with admin permissions:”

$AdminAccounts | Select Name | Format-Table -AutoSize

# End Script