Štítek: Windows

Posted in: Windows 10, Windows 11, Windows server

ASR Pravidla Microsoft Defender

Written by administrator

Dnes bych se rád podělil o malý kousek PowerShellu, který pomůže zabezpečit všechny uživatele MS Defender. Pro jeho pohodlné nastavení je potřeba Intune, je to možné také pomocí GPO nebo Local Policy, ale problém je v tom, že jednotlivá ASR pravidla se bez Intune nastavují pomocí GUID hodnot, které se musí do politky vložit z dokumentace.

Níže přikládám jedno z možných řešení, ke kterému mě inspiroval Mgr. Michael Grafnetter MVP, MCT, MCITP svou přednáškou Brána Firewall na DC, kdy můj kód se ani zdaleka neblíží Michaelovým kvalitám, ale i tak může být přínosný. Parametr doporučeno aktivuje ta nastavení, která si myslím, že jsou vhodná pro jednotlivce, malý podnik, školu, nebo středně velký podnik.

param(
    [switch]$BlockObfuscate,
    [switch]$BlockChiledProcessAdobePDF,
    [switch]$BlockChiledProcessOffice,
    [switch]$BlockExportLSASS,
    [switch]$BlockExecutableFromEmail,
    [switch]$BlockUntrustedExecutable,
    [switch]$BlockObfuscatedScripts,
    [switch]$BlockExecutableFomOffice,
    [switch]$BlockWMIpersitenc,
    [switch]$BlockCreaProcessWMIandPSexec,
    [switch]$BlockUntrustedExecutebleFromUSB,
    [switch]$BlockWebShell,
    [switch]$TurnOnAdvancedRansomwareProtection,
    [switch]$BlockExploitedDriveres,
    [switch]$BlockJSorVBSFromDownloaded,
    [switch]$BlockWMIObfuscateEvent,
    [switch]$BlockRebootInSafeMode,
    [switch]$BlockInpersonatedSystemTools,
    [switch]$BlockCallWin32FromMacros,
    [Switch]$Doporuceno,
    [switch]$ResetDeault
)
if($BlockObfuscate -or $Doporuceno){
    #Blokace obfuskovaného kódu 
    Add-MpPreference -AttackSurfaceReductionRules_Ids 56a863a9-875e-4185-98a7-b882c64b5ce5 -AttackSurfaceReductionRules_Actions Enabled 
}
if($ResetDeault){
    Add-MpPreference -AttackSurfaceReductionRules_Ids 56a863a9-875e-4185-98a7-b882c64b5ce5 -AttackSurfaceReductionRules_Actions NotConfigured
    Add-MpPreference -AttackSurfaceReductionRules_Ids 7674ba52-37eb-4a4f-a9a1-f0f9a1619a2c -AttackSurfaceReductionRules_Actions NotConfigured
    Add-MpPreference -AttackSurfaceReductionRules_Ids d4f940ab-401b-4efc-aadc-ad5f3c50688a -AttackSurfaceReductionRules_Actions NotConfigured
    Add-MpPreference -AttackSurfaceReductionRules_Ids d9e6c4e1f-7d60-472f-ba1a-a39ef669e4b2 -AttackSurfaceReductionRules_Actions NotConfigured
    Add-MpPreference -AttackSurfaceReductionRules_Ids be9ba2d9-53ea-4cdc-84e5-9b1eeee46550 -AttackSurfaceReductionRules_Actions NotConfigured
    Add-MpPreference -AttackSurfaceReductionRules_Ids 01443614-cd74-433a-b99e-2ecdc07bfc25 -AttackSurfaceReductionRules_Actions NotConfigured
    Add-MpPreference -AttackSurfaceReductionRules_Ids 5beb7efe-fd9a-4556-801d-275e5ffc04cc -AttackSurfaceReductionRules_Actions NotConfigured
    Add-MpPreference -AttackSurfaceReductionRules_Ids d3e037e1-3eb8-44c8-a917-57927947596d -AttackSurfaceReductionRules_Actions NotConfigured
    Add-MpPreference -AttackSurfaceReductionRules_Ids 3b576869-a4ec-4529-8536-b80a7769e899 -AttackSurfaceReductionRules_Actions NotConfigured
    Add-MpPreference -AttackSurfaceReductionRules_Ids 75668c1f-73b5-4cf0-bb93-3ecf5cb7cc84 -AttackSurfaceReductionRules_Actions NotConfigured
    Add-MpPreference -AttackSurfaceReductionRules_Ids 26190899-1602-49e8-8b27-eb1d0a1ce869 -AttackSurfaceReductionRules_Actions NotConfigured
    Add-MpPreference -AttackSurfaceReductionRules_Ids e6db77e5-3df2-4cf1-b95a-636979351e5b -AttackSurfaceReductionRules_Actions NotConfigured
    Add-MpPreference -AttackSurfaceReductionRules_Ids d1e49aac-8f56-4280-b9ba-993a6d77406c -AttackSurfaceReductionRules_Actions NotConfigured
    Add-MpPreference -AttackSurfaceReductionRules_Ids b2b3f03d-6a65-4f7b-a9c7-1c7ef74a9ba4 -AttackSurfaceReductionRules_Actions NotConfigured
    Add-MpPreference -AttackSurfaceReductionRules_Ids a8f5898e-1dc8-49a9-9878-85004b8a61e6 -AttackSurfaceReductionRules_Actions NotConfigured
    Add-MpPreference -AttackSurfaceReductionRules_Ids 92e97fa1-2edf-4476-bdd6-9dd0b4dddc7b -AttackSurfaceReductionRules_Actions NotConfigured
    Add-MpPreference -AttackSurfaceReductionRules_Ids c1db55ab-c21a-4637-bb3f-a12568109d35 -AttackSurfaceReductionRules_Actions NotConfigured
    Add-MpPreference -AttackSurfaceReductionRules_Ids 56a863a9-875e-4185-98a7-b882c64b5ce5 -AttackSurfaceReductionRules_Actions NotConfigured
    Add-MpPreference -AttackSurfaceReductionRules_Ids d3e037e1-3eb8-44c8-a917-57927947596d -AttackSurfaceReductionRules_Actions NotConfigured
    Add-MpPreference -AttackSurfaceReductionRules_Ids e6db77e5-3df2-4cf1-b95a-636979351e5b -AttackSurfaceReductionRules_Actions NotConfigured
    Add-MpPreference -AttackSurfaceReductionRules_Ids 33ddedf1-c6e0-47cb-833e-de6133960387 -AttackSurfaceReductionRules_Actions NotConfigured
    Add-MpPreference -AttackSurfaceReductionRules_Ids c0033c00-d16d-4114-a5a0-dc9b3a7d2ceb -AttackSurfaceReductionRules_Actions NotConfigured
    Add-MpPreference -AttackSurfaceReductionRules_Ids 92e97fa1-2edf-4476-bdd6-9dd0b4dddc7b -AttackSurfaceReductionRules_Actions NotConfigured
}
if($BlockChiledProcessAdobePDF -or $Doporuceno){
    #Blokace vytváření podřízených procesů pro Adobe PDF reader
    Add-MpPreference -AttackSurfaceReductionRules_Ids 7674ba52-37eb-4a4f-a9a1-f0f9a1619a2c -AttackSurfaceReductionRules_Actions Enabled
}
if($BlockChiledProcessOffice -or $Doporuceno){
    #Blokace vytváření podřízených procesů z Office aplikací
    Add-MpPreference -AttackSurfaceReductionRules_Ids d4f940ab-401b-4efc-aadc-ad5f3c50688a -AttackSurfaceReductionRules_Actions Enabled
}
if($BlockExportLSASS -or $Doporuceno){
    #Blokace vytvoření otisku paměti procesu LSASS
    Add-MpPreference -AttackSurfaceReductionRules_Ids d9e6c4e1f-7d60-472f-ba1a-a39ef669e4b2 -AttackSurfaceReductionRules_Actions Enabled
}
if($BlockExecutableFromEmail -or $Doporuceno){
    #Blokace spustitelného obsahu z emailu
    Add-MpPreference -AttackSurfaceReductionRules_Ids be9ba2d9-53ea-4cdc-84e5-9b1eeee46550 -AttackSurfaceReductionRules_Actions Enabled
}
if($BlockUntrustedExecutable -or $Doporuceno){
    #Blokování spouštění spustitelných souborů, pokud nesplňují kritérium prevalence, stáří nebo důvěryhodného seznamu
    Add-MpPreference -AttackSurfaceReductionRules_Ids 01443614-cd74-433a-b99e-2ecdc07bfc25 -AttackSurfaceReductionRules_Actions Enabled
}
if($BlockObfuscatedScripts -or $Doporuceno){
    #Blokace obfuskovaných skriptů
    Add-MpPreference -AttackSurfaceReductionRules_Ids 5beb7efe-fd9a-4556-801d-275e5ffc04cc -AttackSurfaceReductionRules_Actions Enabled
}
if($BlockJSorVBSFromDownloaded -or $Doporuceno){
    #Blokování stahování spustitelného obsahu pomocí Javascript a VBscript 
    Add-MpPreference -AttackSurfaceReductionRules_Ids d3e037e1-3eb8-44c8-a917-57927947596d -AttackSurfaceReductionRules_Actions Enabled
}
if($BlockExecutableFomOffice -or $Doporuceno){
    #Blokace vytváření spustitelného obsahu pomocí Office aplikací
    Add-MpPreference -AttackSurfaceReductionRules_Ids 3b576869-a4ec-4529-8536-b80a7769e899 -AttackSurfaceReductionRules_Actions Enabled
}
if($BlockExecutableFomOffice -or $Doporuceno){
    #Blokace vkládání kódu do procesů z Office aplikací
    Add-MpPreference -AttackSurfaceReductionRules_Ids 75668c1f-73b5-4cf0-bb93-3ecf5cb7cc84 -AttackSurfaceReductionRules_Actions Enabled
}
if($BlockChiledProcessOffice -or $Doporuceno){
    #Blokování komunikace aplikace Office při vytváření podřízených procesů
    Add-MpPreference -AttackSurfaceReductionRules_Ids 26190899-1602-49e8-8b27-eb1d0a1ce869 -AttackSurfaceReductionRules_Actions Enabled
}
if($BlockWMIpersitenc -or $Doporuceno){
    #Blokování persistence pomocí WMI
    Add-MpPreference -AttackSurfaceReductionRules_Ids e6db77e5-3df2-4cf1-b95a-636979351e5b -AttackSurfaceReductionRules_Actions Enabled
}
if($BlockCreaProcessWMIandPSexec -or $Doporuceno){
    #Blokování vytváření procesů z příkazů PSExec a WMI
    Add-MpPreference -AttackSurfaceReductionRules_Ids d1e49aac-8f56-4280-b9ba-993a6d77406c -AttackSurfaceReductionRules_Actions Enabled
}
if($BlockUntrustedExecutebleFromUSB -or $Doporuceno){
    #Blokování nedůvěryhodného a nepodepsaného spustitelného obsahu na USB médiích
    Add-MpPreference -AttackSurfaceReductionRules_Ids b2b3f03d-6a65-4f7b-a9c7-1c7ef74a9ba4 -AttackSurfaceReductionRules_Actions Enabled
}
if($BlockWebShell -or $Doporuceno){
    #Blokování vytvoření proscesu webshell
    Add-MpPreference -AttackSurfaceReductionRules_Ids a8f5898e-1dc8-49a9-9878-85004b8a61e6 -AttackSurfaceReductionRules_Actions Enabled
}
if($BlockExecutableFomOffice -or $Doporuceno){
    #Blokování volání aplikací z Office makra
    Add-MpPreference -AttackSurfaceReductionRules_Ids 92e97fa1-2edf-4476-bdd6-9dd0b4dddc7b -AttackSurfaceReductionRules_Actions Enabled
}
if($TurnOnAdvancedRansomwareProtection -or $Doporuceno){
    #Pokročilá ochrana před Ramsomware
    Add-MpPreference -AttackSurfaceReductionRules_Ids c1db55ab-c21a-4637-bb3f-a12568109d35 -AttackSurfaceReductionRules_Actions Enabled
}
if($BlockExploitedDriveres -or $Doporuceno){
    #Block abuse of exploited vulnerable signed drivers
    Add-MpPreference -AttackSurfaceReductionRules_Ids 56a863a9-875e-4185-98a7-b882c64b5ce5 -AttackSurfaceReductionRules_Actions Enabled
}
if($BlockJSorVBSFromDownloaded -or $Doporuceno){
    #Block JavaScript or VBScript from launching downloaded executable content
    Add-MpPreference -AttackSurfaceReductionRules_Ids d3e037e1-3eb8-44c8-a917-57927947596d -AttackSurfaceReductionRules_Actions Enabled
}
if($BlockWMIObfuscateEvent -or $BlockWMIpersitenc -or $Doporuceno){
    #Block persistence through WMI event subscription
    Add-MpPreference -AttackSurfaceReductionRules_Ids e6db77e5-3df2-4cf1-b95a-636979351e5b -AttackSurfaceReductionRules_Actions Enabled
}
if($BlockRebootInSafeMode){
    #Block rebooting machine in Safe Mode
    Add-MpPreference -AttackSurfaceReductionRules_Ids 33ddedf1-c6e0-47cb-833e-de6133960387 -AttackSurfaceReductionRules_Actions Enabled
}
if($BlockInpersonatedSystemTools -or $Doporuceno){
    #Block use of copied or impersonated system tools
    Add-MpPreference -AttackSurfaceReductionRules_Ids c0033c00-d16d-4114-a5a0-dc9b3a7d2ceb -AttackSurfaceReductionRules_Actions Enabled
}
if($BlockCallWin32FromMacros -or $Doporuceno){
    #Block Win32 API calls from Office macros
    Add-MpPreference -AttackSurfaceReductionRules_Ids 92e97fa1-2edf-4476-bdd6-9dd0b4dddc7b -AttackSurfaceReductionRules_Actions Enabled
}
Posted in: Windows 10, Windows 11, Windows 8 a 8.1, Windows server, Základy PowerShellu

Jak stará je vaše instalace Windows a jak dlouho systém běží?

Written by administrator

Nedávno jsem četl na Živě.cz článek: Jak stará je vaše instalace Windows a jak dlouho systém běží? Zjistíte to jednoduchým příkazem, který se zaobíral dobou běhu OS a datumem posledního upgrade OS. Ten běh OS tam napsali pěkně PowerShellově:

(gcim Win32_OperatingSystem).LastBootUpTime #datum a čas spuštění
#náže době běhu
(Get-Date) - (gcim Win32_OperatingSystem).LastBootUpTime | select Days, Hours, Minutes, Seconds

Ale co v tom článku měli již nepěkně, tak je datum a čas instalace, resp. posledního upgrade. Oni to tam parsovali textově z příkazu systeminfo, ale to je zbytečné a takováto data se špatně dále zpracovávají. Lepší cestou je využít WMI třídu Win32_OperatingSystem a vytáhnout to standardně PowerShellem:

(gcim Win32_OperatingSystem).InstallDate

což krásně vrátí objekt typu System.DateTime, takže je možné nyní si nechat spočítat stáří OS:

(get-date) - (gcim Win32_OperatingSystem).InstallDate | select days, hours, minutes
Posted in: Vývoj počítačů, Windows 10, Windows 11, Windows 8 a 8.1, Windows server

Informace o procesoru

Written by administrator

Každý asi zná, soudě dle reakce mých studentů, možnost zjisti ze správce úloh model procesoru, který je v počítači instalovaný. Trošku jsem si lámal hlavu nad tím, jak to vytáhnout z více strojů a hlavně, jak zjisti více informací, které se často o stávajícím procesoru hledají. Postupně jsem dospěl k následujícímu příkazu v PowerShellu, který spíš připomíná skript:

$Architecture = @{
  Name = 'Architecture'
  Expression = {
    $value = $_.Architecture
    
    switch([int]$value)
      {
        0          {'x86'}
        1          {'MIPS'}
        2          {'Alpha'}
        3          {'PowerPC'}
        6          {'ia64'}
        9          {'x64'}
        5          {'ARM'}
        12         {'ARM64'}
        default    {"$value"}
      }
      
  }  
}
$UpgradeMethod = @{
  Name = 'UpgradeMethod'
  Expression = {
    # property is an array, so process all values
    $value = $_.UpgradeMethod
    
    switch([int]$value)
      {
        1          {'Other'}
        2          {'Unknown'}
        3          {'Daughter Board'}
        4          {'ZIF Socket'}
        5          {'Replacement/Piggy Back'}
        6          {'None'}
        7          {'LIF Socket'}
        8          {'Slot 1'}
        9          {'Slot 2'}
        10         {'370 Pin Socket'}
        11         {'Slot A'}
        12         {'Slot M'}
        13         {'Socket 423'}
        14         {'Socket A (Socket 462)'}
        15         {'Socket 478'}
        16         {'Socket 754'}
        17         {'Socket 940'}
        18         {'Socket 939'}
        default    {"$value"}
      }
      
  }  
}
$ProcessorType = @{
  Name = 'ProcessorType'
  Expression = {
    # property is an array, so process all values
    $value = $_.ProcessorType
    
    switch([int]$value)
      {
        1          {'Other'}
        2          {'Unknown'}
        3          {'Central Processor'}
        4          {'Math Processor'}
        5          {'DSP Processor'}
        6          {'Video Processor'}
        default    {"$value"}
      }
      
  }  
}
Get-WmiObject -Class Win32_Processor | select PSComputerName, Manufacturer, Name, $ProcessorType, AddressWidth, DataWidth, L2CacheSize, L3CacheSize, Caption, NumberOfCores, NumberOfLogicalProcessors, PowerManagementSupported, ProcessorId, VirtualizationFirmwareEnabled, VMMonitorModeExtensions, $Architecture, SocketDesignation, $UpgradeMethod, SecondLevelAddressTranslationExtensions, family

Family je pouze číslo, na konci článku nechám legendu z dokumentace MS. Pro koho je toto příliš složité a zdlouhavé, mám jednoduší verzi, která vypíše základnější informace.

Get-WmiObject -Class Win32_Processor | select PSComputerName, Name, AddressWidth, DataWidth, L2CacheSize, L3CacheSize, Caption, NumberOfCores, NumberOfLogicalProcessors

Přehled rodin, aneb klíč k vlastnosti family

Číslo v poslední závorce je hodnota, kterou vypíše první verze příkladu na stránce výše.

Other (1)
Unknown (2)
8086 (3)
80286 (4)
80386 (5)
80486 (6)
8087 (7)
80287 (8)
80387 (9)
80487 (10)
Pentium(R) brand (11)
Pentium(R) Pro (12)
Pentium(R) II (13)
Pentium(R) processor with MMX(TM) technology (14)
Celeron(TM) (15)
Pentium(R) II Xeon(TM) (16)
Pentium(R) III (17)
M1 Family (18)
M2 Family (19)
Intel(R) Celeron(R) M processor (20)
Intel(R) Pentium(R) 4 HT processor (21)
K5 Family (24)
K6 Family (25)
K6-2 (26)
K6-3 (27)
AMD Athlon(TM) Processor Family (28)
AMD(R) Duron(TM) Processor (29)
AMD29000 Family (30)
K6-2+ (31)
Power PC Family (32)
Power PC 601 (33)
Power PC 603 (34)
Power PC 603+ (35)
Power PC 604 (36)
Power PC 620 (37)
Power PC X704 (38)
Power PC 750 (39)
Intel(R) Core(TM) Duo processor (40)
Intel(R) Core(TM) Duo mobile processor (41)
Intel(R) Core(TM) Solo mobile processor (42)
Intel(R) Atom(TM) processor (43)
Alpha Family (48)
Alpha 21064 (49)
Alpha 21066 (50)
Alpha 21164 (51)
Alpha 21164PC (52)
Alpha 21164a (53)
Alpha 21264 (54)
Alpha 21364 (55)
AMD Turion(TM) II Ultra Dual-Core Mobile M Processor Family (56)
AMD Turion(TM) II Dual-Core Mobile M Processor Family (57)
AMD Athlon(TM) II Dual-Core Mobile M Processor Family (58)
AMD Opteron(TM) 6100 Series Processor (59)
AMD Opteron(TM) 4100 Series Processor (60)
MIPS Family (64)
MIPS R4000 (65)
MIPS R4200 (66)
MIPS R4400 (67)
MIPS R4600 (68)
MIPS R10000 (69)
SPARC Family (80)
SuperSPARC (81)
microSPARC II (82)
microSPARC IIep (83)
UltraSPARC (84)
UltraSPARC II (85)
UltraSPARC IIi (86)
UltraSPARC III (87)
UltraSPARC IIIi (88)
68040 (96)
68xxx Family (97)
68000 (98)
68010 (99)
68020 (100)
68030 (101)
Hobbit Family (112)
Crusoe(TM) TM5000 Family (120)
Crusoe(TM) TM3000 Family (121)
Efficeon(TM) TM8000 Family (122)
Weitek (128)
Itanium(TM) Processor (130)
AMD Athlon(TM) 64 Processor Family (131)
AMD Opteron(TM) Processor Family (132)
AMD Sempron(TM) Processor Family (133)
AMD Turion(TM) 64 Mobile Technology (134)
Dual-Core AMD Opteron(TM) Processor Family (135)
AMD Athlon(TM) 64 X2 Dual-Core Processor Family (136)
AMD Turion(TM) 64 X2 Mobile Technology (137)
Quad-Core AMD Opteron(TM) Processor Family (138)
Third-Generation AMD Opteron(TM) Processor Family (139)
AMD Phenom(TM) FX Quad-Core Processor Family (140)
AMD Phenom(TM) X4 Quad-Core Processor Family (141)
AMD Phenom(TM) X2 Dual-Core Processor Family (142)
AMD Athlon(TM) X2 Dual-Core Processor Family (143)
PA-RISC Family (144)
PA-RISC 8500 (145)
PA-RISC 8000 (146)
PA-RISC 7300LC (147)
PA-RISC 7200 (148)
PA-RISC 7100LC (149)
PA-RISC 7100 (150)
V30 Family (160)
Quad-Core Intel(R) Xeon(R) processor 3200 Series (161)
Dual-Core Intel(R) Xeon(R) processor 3000 Series (162)
Quad-Core Intel(R) Xeon(R) processor 5300 Series (163)
Dual-Core Intel(R) Xeon(R) processor 5100 Series (164)
Dual-Core Intel(R) Xeon(R) processor 5000 Series (165)
Dual-Core Intel(R) Xeon(R) processor LV (166)
Dual-Core Intel(R) Xeon(R) processor ULV (167)
Dual-Core Intel(R) Xeon(R) processor 7100 Series (168)
Quad-Core Intel(R) Xeon(R) processor 5400 Series (169)
Quad-Core Intel(R) Xeon(R) processor (170)
Dual-Core Intel(R) Xeon(R) processor 5200 Series (171)
Dual-Core Intel(R) Xeon(R) processor 7200 Series (172)
Quad-Core Intel(R) Xeon(R) processor 7300 Series (173)
Quad-Core Intel(R) Xeon(R) processor 7400 Series (174)
Multi-Core Intel(R) Xeon(R) processor 7400 Series (175)
Pentium(R) III Xeon(TM) (176)
Pentium(R) III Processor with Intel(R) SpeedStep(TM) Technology (177)
Pentium(R) 4 (178)
Intel(R) Xeon(TM) (179)
AS400 Family (180)
Intel(R) Xeon(TM) processor MP (181)
AMD Athlon(TM) XP Family (182)
AMD Athlon(TM) MP Family (183)
Intel(R) Itanium(R) 2 (184)
Intel(R) Pentium(R) M processor (185)
Intel(R) Celeron(R) D processor (186)
Intel(R) Pentium(R) D processor (187)
Intel(R) Pentium(R) Processor Extreme Edition (188)
Intel(R) Core(TM) Solo Processor (189)
K7 (190)
Intel(R) Core(TM)2 Duo Processor (191)
Intel(R) Core(TM)2 Solo processor (192)
Intel(R) Core(TM)2 Extreme processor (193)
Intel(R) Core(TM)2 Quad processor (194)
Intel(R) Core(TM)2 Extreme mobile processor (195)
Intel(R) Core(TM)2 Duo mobile processor (196)
Intel(R) Core(TM)2 Solo mobile processor (197)
Intel(R) Core(TM) i7 processor (198)
Dual-Core Intel(R) Celeron(R) Processor (199)
S/390 and zSeries Family (200)
ESA/390 G4 (201)
ESA/390 G5 (202)
ESA/390 G6 (203)
z/Architectur base (204)
Intel(R) Core(TM) i5 processor (205)
Intel(R) Core(TM) i3 processor (206)
Intel(R) Core(TM) i9 processor (207)
VIA C7(TM)-M Processor Family (210)
VIA C7(TM)-D Processor Family (211)
VIA C7(TM) Processor Family (212)
VIA Eden(TM) Processor Family (213)
Multi-Core Intel(R) Xeon(R) processor (214)
Dual-Core Intel(R) Xeon(R) processor 3xxx Series (215)
Quad-Core Intel(R) Xeon(R) processor 3xxx Series (216)
VIA Nano(TM) Processor Family (217)
Dual-Core Intel(R) Xeon(R) processor 5xxx Series (218)
Quad-Core Intel(R) Xeon(R) processor 5xxx Series (219)
Dual-Core Intel(R) Xeon(R) processor 7xxx Series (221)
Quad-Core Intel(R) Xeon(R) processor 7xxx Series (222)
Multi-Core Intel(R) Xeon(R) processor 7xxx Series (223)
Multi-Core Intel(R) Xeon(R) processor 3400 Series (224)
Embedded AMD Opteron(TM) Quad-Core Processor Family (230)
AMD Phenom(TM) Triple-Core Processor Family (231)
AMD Turion(TM) Ultra Dual-Core Mobile Processor Family (232)
AMD Turion(TM) Dual-Core Mobile Processor Family (233)
AMD Athlon(TM) Dual-Core Processor Family (234)
AMD Sempron(TM) SI Processor Family (235)
AMD Phenom(TM) II Processor Family (236)
AMD Athlon(TM) II Processor Family (237)
Six-Core AMD Opteron(TM) Processor Family (238)
AMD Sempron(TM) M Processor Family (239)
i860 (250)
i960 (251)
Reserved (SMBIOS Extension) (254)
Reserved (Un-initialized Flash Content – Lo) (255)
SH-3 (260)
SH-4 (261)
ARM (280)
StrongARM (281)
6×86 (300)
MediaGX (301)
MII (302)
WinChip (320)
DSP (350)
Video Processor (500)

Posted in: Windows 11

Windows 11 na starý HW

Written by administrator

Na webu je k dispozici celá řada návodů, jak dostat Windows 11 na nepodporovaný HW. Většina spočívá v úpravě registru pomocí klíče LabConfig (viz starší článek https://petrasekjan.cz/jak-obejit-kontrolu-hw-pri-instalaci-windows-11/), nebo užití nástroje Rufus. Obojí krásně funguje pro čistou instalaci, ale pro upgrade (přesněji inplace upgrade) je to složitější. Nedávno jsem objevil primitivní cestu, která spočívá pouze v kopírování souborů a použití oficiálních instalačních médií.

Tento postup vyžaduje, aby procesor podporoval instrukční sadu SSE4.2, což není tak těžké, procesory Intel Cotre i3, i5, i7 to podporují od 1. generace a AMD Ryzen rovněž od 1. generace. Doporučuji, aby počítač měl nějaké TPM (nemusí) a určitě aby musí mít 4 GB RAM, použitelné jsou 11 od 8 GB RAM.

Příprava

Budeme potřebovat nějaký USB klíč (flash disk), nebo v případě upgrade nějakou složku. Pokud již máte instalační flashku Windows 10 x64, máte většinu úspěchu.

Pokud máte instalační otisk Windows 10 22H2 x64 (ISO soubor), tak z něj vyrobte instalační flash disk, nebo jej rozbalte do složky. Pokud instalačku Windows 10 nemáte, stáhněte si ji https://www.microsoft.com/cs-cz/software-download/windows10 (do konce podpory) a vyrobte si instalační USB klíč.

Stáhněte si aktuální ISO Windows 11 https://www.microsoft.com/cs-cz/software-download/windows11 na webu užijte stažení pod nadpisem: Stažení bitové kopie disku (souboru ISO) systému Windows 11 pro zařízení x64

Vlastní úprava instalačního média

Nyní přijde primitivní krok, ve složce Sources na instalačním USB vyhledejte install.esd

Install.esd

Soubor install.esd smažte, nebo přejmenujte na Win10.esd (budete potřebovat 5 GB volného místa).

Nyní otevřete ISO soubor s Windows 11 a vyhledejte soubor install.wim ve složce Sources (pokud jste ISO vytvořili nástrojem pro upgrade, pak hledáte soubor install.esd).

Tento soubor zkopírujte do složky Sources na instalační USB Windows 10.

Instalace / upgrade

Nyní již běžným spuštěním setuzp.exe z kořenového adresáře instalačního USB flash disku můžeme spustit proces Upgrade. Využíváme instalátor pro Windows 10, takže náš PC musí vyhovět jen HW požadavkům na Windows 10. Reálně vybalení Windnows na disk provádí nástroje dism.exe, kterému je jedno, jaký wim, esd nebo ffu soubor mu přehodíme.

Licenční smlouvu obdržíme pro Windows 11, vezme se z wim souboru, stejně tak v potvrzovací akci budeme mít napsán Windows 11, v průběhu procesu nám setup.exe bude psát o instalaci Windows 10, ale to je jen grafika programu setup.exe, který na pozadí provádí příslušné vybalení wim obrazu.

Po 2. restartu již obvykle vidíte nové provedení grafiky spouštění Windows.

Posted in: Windows 10, Windows 11, Windows server

ASR pravidla

Written by administrator

MS Defender umí rozšíření zabezpečení formou tzv. ASR pravidel. Jejich úkolem je omezovat útočníkovi možnosti toho, co může využít k provedení útoku tím, že některé akce automaticky blokují. Originální dokumentace je zde: https://learn.microsoft.com/en-us/defender-endpoint/enable-attack-surface-reduction#group-policy a oficiální PowerShell pak zde: https://learn.microsoft.com/en-us/defender-endpoint/enable-attack-surface-reduction#powershell

Dnes bych se rád podělil o PowerShell kód, který umožní domácím uživatelům Windows 10 a starupům tato nastavení jednoduše využívat tím, že si zkopírují příkazy pro pravidla, která chtějí využívat. Požadavkem je edice Pro Windows 10 a vyšší edice, stejně tak Windows 11 a Windows Server 2012R2 a novější.

Sada příkazů k nastavení jednotlivých možností

#Blokace obfuskovaného kódu 
Add-MpPreference -AttackSurfaceReductionRules_Ids 56a863a9-875e-4185-98a7-b882c64b5ce5 -AttackSurfaceReductionRules_Actions Enabled 
#Blokace vytváření podřízených procesů pro Adobe PDF reader
Add-MpPreference -AttackSurfaceReductionRules_Ids 7674ba52-37eb-4a4f-a9a1-f0f9a1619a2c -AttackSurfaceReductionRules_Actions Enabled
#Blokace vytváření podřízených procesů z Office aplikací
Add-MpPreference -AttackSurfaceReductionRules_Ids d4f940ab-401b-4efc-aadc-ad5f3c50688a -AttackSurfaceReductionRules_Actions Enabled
#Blokace vytvoření otisku paměti procesu LSASS
Add-MpPreference -AttackSurfaceReductionRules_Ids d9e6c4e1f-7d60-472f-ba1a-a39ef669e4b2 -AttackSurfaceReductionRules_Actions Enabled
#Blokace spustitelného obsahu z emailu
Add-MpPreference -AttackSurfaceReductionRules_Ids be9ba2d9-53ea-4cdc-84e5-9b1eeee46550 -AttackSurfaceReductionRules_Actions Enabled
#Blokování spouštění spustitelných souborů, pokud nesplňují kritérium prevalence, stáří nebo důvěryhodného seznamu
Add-MpPreference -AttackSurfaceReductionRules_Ids 01443614-cd74-433a-b99e-2ecdc07bfc25 -AttackSurfaceReductionRules_Actions Enabled
#Blokace obfuskovaných skriptů
Add-MpPreference -AttackSurfaceReductionRules_Ids 5beb7efe-fd9a-4556-801d-275e5ffc04cc -AttackSurfaceReductionRules_Actions Enabled
#Blokování stahování spustitelného obsahu pomocí Javascript a VBscript 
Add-MpPreference -AttackSurfaceReductionRules_Ids d3e037e1-3eb8-44c8-a917-57927947596d -AttackSurfaceReductionRules_Actions Enabled
#Blokace vytváření spustitelného obsahu pomocí Office aplikací
Add-MpPreference -AttackSurfaceReductionRules_Ids 3b576869-a4ec-4529-8536-b80a7769e899 -AttackSurfaceReductionRules_Actions Enabled
#Blokace vkládání kódu do procesů z Office aplikací
Add-MpPreference -AttackSurfaceReductionRules_Ids 75668c1f-73b5-4cf0-bb93-3ecf5cb7cc84 -AttackSurfaceReductionRules_Actions Enabled
#Blokování komunikace aplikace Office při vytváření podřízených procesů
Add-MpPreference -AttackSurfaceReductionRules_Ids 26190899-1602-49e8-8b27-eb1d0a1ce869 -AttackSurfaceReductionRules_Actions Enabled
#Blokování persistence pomocí WMI
Add-MpPreference -AttackSurfaceReductionRules_Ids e6db77e5-3df2-4cf1-b95a-636979351e5b -AttackSurfaceReductionRules_Actions Enabled
#Blokování vytváření procesů z příkazů PSExec a WMI
Add-MpPreference -AttackSurfaceReductionRules_Ids d1e49aac-8f56-4280-b9ba-993a6d77406c -AttackSurfaceReductionRules_Actions Enabled
#Blokování nedůvěryhodného a nepodepsaného spustitelného obsahu na USB médiích
Add-MpPreference -AttackSurfaceReductionRules_Ids b2b3f03d-6a65-4f7b-a9c7-1c7ef74a9ba4 -AttackSurfaceReductionRules_Actions Enabled
#Blokování vytvoření proscesu webshell
Add-MpPreference -AttackSurfaceReductionRules_Ids a8f5898e-1dc8-49a9-9878-85004b8a61e6 -AttackSurfaceReductionRules_Actions Enabled
#Blokování volání aplikací z Office makra
Add-MpPreference -AttackSurfaceReductionRules_Ids 92e97fa1-2edf-4476-bdd6-9dd0b4dddc7b -AttackSurfaceReductionRules_Actions Enabled
#Pokročilá ochrana před Ramsomware
Add-MpPreference -AttackSurfaceReductionRules_Ids c1db55ab-c21a-4637-bb3f-a12568109d35 -AttackSurfaceReductionRules_Actions Enabled
Posted in: Vývoj počítačů, Windows 10, Windows 11, Windows server, Základy PowerShellu

Výpis pravidel Windows Firewall

Written by administrator

Určitě každý admin někdy narazí na to, že něco nefunguje kvůli chybám v síťové komunikaci. Někdy za to může nastavení Firewallu. Originální konzole je přehledná a super, ale ve velkém množství pravidel se špatně hledá, respektive jsou tam filtry, které fungují, ale fultextové vyhledání je problém. Zkuste využít předností PowerShellu a jeho výstupu GridView k hledání aktivních pravidel.

Get-NetFirewallRule | select Name, DisplayName, DisplayGroup,
@{Name='Protocol';Expression={($PSItem | Get-NetFirewallPortFilter).Protocol}},
@{Name='LocalPort';Expression={($PSItem | Get-NetFirewallPortFilter).LocalPort}},
@{Name='RemotePort';Expression={($PSItem | Get-NetFirewallPortFilter).RemotePort}},
@{Name='RemoteAddress';Expression={($PSItem | Get-NetFirewallAddressFilter).RemoteAddress}},
Enabled, Profile, Direction, Action | Out-GridView

Další zajímavou možností je odnést si seznam běžících pravidel a jejich konfigurace v textovém souboru, který si člověk může v klidu analyzovat, nebo takto porovnávat změny.

Get-NetFirewallRule | select Name, DisplayName, DisplayGroup,
@{Name='Protocol';Expression={($PSItem | Get-NetFirewallPortFilter).Protocol}},
@{Name='LocalPort';Expression={($PSItem | Get-NetFirewallPortFilter).LocalPort}},
@{Name='RemotePort';Expression={($PSItem | Get-NetFirewallPortFilter).RemotePort}},
@{Name='RemoteAddress';Expression={($PSItem | Get-NetFirewallAddressFilter).RemoteAddress}},
Enabled, Profile, Direction, Action | Out-File -FilePath C:\Firewall.txt
Posted in: Vývoj počítačů, Windows 10, Windows 11, Windows 8 a 8.1, Windows server, Základy PowerShellu

Hash textu v PowerShellu

Written by administrator

PowerShell nativně již nějaký pátek umí vypočítat hash souboru, což je velmi užitečné pro hledání duplicit, ověření po síti přeneseného souboru, ověření shody dvou souborů apod., takže super funkce.

Někdy je také potřeba spočítat hash z textu a nemusí jít zrovna jen nutně o heslo…. Na to PowerShell již vestavěnou funkci nemá, pro hash využívaný v AD již funkci implementoval Michael Grafnetter ve svém modulu DS Internals, já tedy zde uvedu funkci, která počítá především SHA, ale zvládne také MD5.

Function Get-StringHash {
    [cmdletbinding()]
    [OutputType([String])]
    param(
        [parameter(ValueFromPipeline, Mandatory = $true, Position = 0)][String]$String,
        [parameter(ValueFromPipelineByPropertyName, Mandatory = $true, Position = 1)]
        [ValidateSet("MD5", "RIPEMD160", "SHA1", "SHA256", "SHA384", "SHA512")][String]$HashName
    )
    begin {

    }
    Process {
        $StringBuilder = New-Object System.Text.StringBuilder
        [System.Security.Cryptography.HashAlgorithm]::Create($HashName).ComputeHash([System.Text.Encoding]::UTF8.GetBytes($String))| foreach-object {
            [Void]$StringBuilder.Append($_.ToString("x2"))
        }
        $output = $StringBuilder.ToString()
    }
    end {
        return $output
    }
}

Funkce přijímá 2 povinné parametry, text k výpočtu hash a požadovaný algoritmus.

Posted in: Vývoj počítačů, Windows 10, Windows 11, Windows 8 a 8.1, Windows server, Základy PowerShellu

Čtení velkých textových souborů PowerShell

Written by administrator

Určitě nejsem sám, kdo narazil u velkých souborů na to, že rutina Get-Content zabírá příliš mnoho RAM, u cca 150 MB txt souboru i více jak 4 GB RAM, pokud potřebuji zpracovávat soubor po jednotlivých řádcích. Obecně se doporučuje využít .NET rutiny, jak popisuje Yusuf Ozturk » PowerShell Performance Tips for Large Text Operations – Part 1: Reading Files

Z výše uvedeného se mi v praxi nejvíce osvědčilo:

$LogFilePath = Read-Host -Promt "Zadej cestu k souboru"
$Lines = [io.file]::ReadAllLines($LogFilePath)
[int]$LineNumber = 0;
 
# Read Lines
foreach ($Line in $Lines)
{
	$LineNumber++
        Write-Host $Line #vypíše aktuální řádek
}

V proměnné Line se nachází aktuální řádek souboru, takže je možné s nám dále pracovat.

Posted in: Windows 10, Windows 11, Windows 8 a 8.1

Vypnutí FastBoot

Written by administrator

Nastavení v GUI: Ovládací panely\Všechny položky Ovládacích panelů\Možnosti napájení\Nastavení systému\Nastavení vypnutí – odškrtnutí checkboxu „Zapnout rychlé spuštění (doporučeno)

Pomocí reg souboru

Níže přikládám zdrojový kód regsouboru.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Power]
"HiberbootEnabled"=dword:00000000
Posted in: Vývoj počítačů, Windows server

AD ACL Scanner

Written by administrator

Dnes bych se rád podělil o jeden skript od Robina Granberga, který jsem našel a vyzkoušel. Slouží k analýze oprávnění na objektech v AD a byť mám rád DSInsternals, tento skript představuje dobrý doplněk.

Zdrojový kód skriptu

<#
.Synopsis
ADACLScan.ps1

AUTHOR: Robin Granberg (robin.granberg@protonmail.com)

THIS CODE-SAMPLE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED 
OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR 
FITNESS FOR A PARTICULAR PURPOSE.

.DESCRIPTION
A tool with GUI or command linte used to create reports of access control lists (DACLs) and system access control lists (SACLs) in Active Directory.
See https://github.com/canix1/ADACLScanner

.EXAMPLE
.\ADACLScan.ps1

Start in GUI mode.

.EXAMPLE
.\ADACLScan.ps1 -Base „OU=CORP,DC=CONTOS,DC=COM“

Returns the permissions of the object CORP.

.EXAMPLE
.\ADACLScan.ps1 -Base rootdse

Returns the ACL of the domain root.

.EXAMPLE
.\ADACLScan.ps1 -Base „OU=CORP,DC=CONTOS,DC=COM“ -Credentials $CREDS -Server 10.0.0.20

Returns the permissions of the object CORP using credentials on Domain Controller 10.0.0.20.

.EXAMPLE
.\ADACLScan.ps1 -Base „OU=CORP,DC=CONTOS,DC=COM“ -Output HTML

Create a HTML file with the permissions of the object CORP.

.EXAMPLE
.\ADACLScan.ps1 -Base „OU=CORP,DC=CONTOS,DC=COM“ -Output EXCEL

Create a Excel file with the permissions of the object CORP.

.EXAMPLE
.\ADACLScan.ps1 -Base „OU=CORP,DC=CONTOS,DC=COM“ -Output HTML -Show

Opens the HTML (HTA) file with the permissions of the object CORP.

.EXAMPLE
.\ADACLScan.ps1 -Base „OU=CORP,DC=CONTOS,DC=COM“ -Output HTML -Show -SDDate

Opens the HTML (HTA) file with the permissions of the object CORP including the modified date of the security descriptor.

.EXAMPLE
.\ADACLScan.ps1 -Base „OU=CORP,DC=CONTOS,DC=COM“ -OutputFolder C:\Temp

Create a CSV file in the folder C:\Temp, with the permissions of the object CORP.

.EXAMPLE
.\ADACLScan.ps1 -Base „OU=CORP,DC=CONTOS,DC=COM“ -Scope subtree

Create a CSV file with the permissions of the object CORP and all child objects of type OrganizationalUnit.

.EXAMPLE
.\ADACLScan.ps1 -Base „OU=CORP,DC=CONTOS,DC=COM“ -Scope subtree -EffectiveRightsPrincipal joe

Create a CSV file with the effective permissions of all the objects in the path for the user "joe".

.EXAMPLE
.\ADACLScan.ps1 -Base „OU=CORP,DC=CONTOS,DC=COM“ -Scope subtree -Filter „(objectClass=user)“

Create a CSV file with the permissions of all the objects in the path and below that matches the filter (objectClass=user).

.EXAMPLE
.\ADACLScan.ps1 -Base „OU=CORP,DC=CONTOS,DC=COM“ -Scope subtree -Filter „(objectClass=user)“ -Server DC1

Targeted search against server "DC1" that will create a CSV file with the permissions of all the objects in the path and below that matches the filter (objectClass=user).

.EXAMPLE
.\ADACLScan.ps1 -Base „OU=CORP,DC=CONTOS,DC=COM“ -Scope subtree -Filter „(objectClass=user)“ -Server DC1 -Port 389

Targeted search against server "DC1" on port 389 that will create a CSV file with the permissions of all the objects in the path and below that matches the filter (objectClass=user).

.EXAMPLE
.\ADACLScan.ps1 -Base „ou=mig,dc=contoso,dc=com“ -Output CSVTEMPLATE

This will result in a CSV-file with a format adapted for comparing.

.EXAMPLE
.\ADACLScan.ps1 -Base „ou=mig,dc=contoso,dc=com“ -Template C:\Scripts\mig_CONTOSO_adAclOutput20220722_182746.csv

The following command will result in an output with the possibility to see the state of each ACE on the object compared with the CSV-template.

.EXAMPLE
.\ADACLScan.ps1 -Base „ou=mig,dc=contoso,dc=com“ -SDDL

The following command will result in an output with security descriptor in SDDL format.

.OUTPUTS
The output is an CSV,HTML or EXCEL report.

.LINK
https://github.com/canix1/ADACLScanner

.NOTES

Version: 7.9

12 September, 2023

New Features

  • Show security descriptor in SDDL format

>

Param
(
# DistinguishedName to start your search at or type RootDSE for the domain root. Will be included in the result if your filter matches the object.
[Alias(„b“)]
[Parameter(Mandatory=$false,
ValueFromPipeline=$true,
ValueFromPipelineByPropertyName=$true,
ValueFromRemainingArguments=$false,
Position=0,
ParameterSetName=’Default‘)]
[ValidateNotNull()]
[ValidateNotNullOrEmpty()]
[String]
$Base=““,

# Targets allows you to use a predefined search for specific objects
[Parameter(Mandatory=$false, 
            ValueFromPipeline=$true,
            ValueFromPipelineByPropertyName=$true, 
            ValueFromRemainingArguments=$false, 
            Position=0,
            ParameterSetName='Default')]
[ValidateSet("RiskyTemplates")]
[ValidateNotNull()]
[ValidateNotNullOrEmpty()]
[String] 
$Targets,

# Filter. Specify your custom filter. Default is OrganizationalUnit.
[Alias("filter")]
[Parameter(Mandatory=$false, 
            Position=1,
            ParameterSetName='Default')]

[validatescript({$_ -like „(*=*)“})]

[ValidateNotNull()] [ValidateNotNullOrEmpty()] [String] $LDAPFilter, # Scope. Set your scope. Default is base. [Parameter(Mandatory=$false, Position=2, ParameterSetName=’Default‘)] [ValidateSet(„base“, „onelevel“, „subtree“)] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [String] $Scope = „base“, # Server. Specify your specific server to target your search at. [Parameter(Mandatory=$false, Position=3, ParameterSetName=’Default‘)] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [String] $Server, # Port. Specify your custom port. [Parameter(Mandatory=$false, Position=4, ParameterSetName=’Default‘)] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [String] $Port, # Specify the samAccountName of a security principal to check for its effective permissions [Parameter(Mandatory=$false, Position=5, ParameterSetName=’Default‘)] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [String] $EffectiveRightsPrincipal, # Generates a HTML report, default is a CSV. [Parameter(Mandatory=$false, Position=6, ParameterSetName=’Default‘)] [ValidateSet(„CSV“,“CSVTEMPLATE“, „HTML“, „EXCEL“)] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [String] $Output = „“, # Output folder path for where results are written. [Parameter(Mandatory=$false, Position=7, ParameterSetName=’Default‘)] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [String] $OutputFolder, # Template to compare with. # This parameter will allow you compare the current state of a security descriptor with a previos created tempate. [Parameter(Mandatory=$false, Position=8, ParameterSetName=’Default‘)] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [String] $Template, # Filter what to return when comparing with a template. # This parameter will allow you to filter the out put on „ALL“, „MATCH“, „MISSING“,“NEW“ # Example 1. -Returns „ALL“ # Example 2. -Returns „MATCH“ # Example 3. -Returns „MISSING“ # Example 4. -Returns „NEW“ [Parameter(Mandatory=$false, Position=8, ParameterSetName=’Default‘)] [ValidateSet(„ALL“, „MATCH“, „MISSING“,“NEW“)] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [String] $TemplateFilter=“ALL“, # User ExcelFile to defined your own path for the excel output # This parameter will allow you to type the excel file path. # Example 1. -ExcelFile „C:\Temp\ExcelOutput.xlsx“ [Parameter(Mandatory=$false, ParameterSetName=’Default‘)] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [String] $ExcelFile=““, # Filter on Criticality. # This parameter will filter the result based on a defined criticality level [Alias(„c“)] [Parameter(Mandatory=$false, ParameterSetName=’Default‘)] [ValidateSet(„Critical“, „Warning“, „Medium“,“Low“,“Info“)] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [String] $Criticality=““, # Show color of criticality # This parameter will add colors to the report if you selected HTML or EXCEL using the -OUTPUT parameter [Alias(„color“)] [Parameter(Mandatory=$false, ParameterSetName=’Default‘)] [ValidateNotNull()] [ValidateNotNullOrEmpty()]

[switch]

$ShowCriticalityColor, # Skip default permissions # This parameter will skip permissions that match the permissions defined in the schema partition for the object [Alias(„sd“)] [Parameter(Mandatory=$false, ParameterSetName=’Default‘)] [ValidateNotNull()] [ValidateNotNullOrEmpty()]

[switch]

$SkipDefaults, # Skip protected permissions # This parameter will skip permissions that match the permissions set when selecting „protect object from accidental deletaion“ [Alias(„sp“)] [Parameter(Mandatory=$false, ParameterSetName=’Default‘)] [ValidateNotNull()] [ValidateNotNullOrEmpty()]

[switch]

$SkipProtected, # Skip Built-in security principals # This parameter will skip permissions that match the built in groups [Alias(„sb“)] [Parameter(Mandatory=$false, ParameterSetName=’Default‘)] [ValidateNotNull()] [ValidateNotNullOrEmpty()]

[switch]

$SkipBuiltIn, # Filter the trustees on object type. # This parameter will filter the result on an object type. [Alias(„rt“)] [Parameter(Mandatory=$false, ParameterSetName=’Default‘)] [ValidateSet(„user“, „computer“, „group“,“msds-groupmanagedserviceaccount“,“*“)] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [String] $ReturnObjectType=“*“, # Expand groups # This parameter will search any nested groups to show all security prinicpals that have access. [Alias(„rf“)] [Parameter(Mandatory=$false, ParameterSetName=’Default‘)] [ValidateNotNull()] [ValidateNotNullOrEmpty()]

[switch]

$RecursiveFind, # Filter on RecursiveObjectType. # This parameter will filter the nested groups to show only users that have access. [Alias(„ro“)] [Parameter(Mandatory=$false, ParameterSetName=’Default‘)] [ValidateSet(„User“, „Computer“, „Group“,“*“)] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [String] $RecursiveObjectType=“*“, # Translate GUIDs # This parameter will translate any GUIDs if necessary [Alias(„tr“)] [Parameter(Mandatory=$false, ParameterSetName=’Default‘)] [ValidateNotNull()] [ValidateNotNullOrEmpty()]

[switch]

$Translate, # Get Group Policy Objects linked # This parameter will let you search permissions on group policy objects that are linked to the path you have selected [Parameter(Mandatory=$false, ParameterSetName=’Default‘)] [ValidateNotNull()] [ValidateNotNullOrEmpty()]

[switch]

$GPO, # Open HTML report # This parameter will open the out report if you selected one using the -OUTPUT parameter [Alias(„s“)] [Parameter(Mandatory=$false, ParameterSetName=’Default‘)] [ValidateNotNull()] [ValidateNotNullOrEmpty()]

[switch]

$Show, # Include Security Descriptor modified date in report # This parameter will include the date when the security descriptor was last changed [Parameter(Mandatory=$false, ParameterSetName=’Default‘)] [ValidateNotNull()] [ValidateNotNullOrEmpty()]

[switch]

$SDDate, # Include Owner in report # This parameter will make the scan to search the owner section in the security descriptor. [Alias(„o“)] [Parameter(Mandatory=$false, ParameterSetName=’Default‘)] [ValidateNotNull()] [ValidateNotNullOrEmpty()]

[switch]

$Owner, # Include Canonical Names in report [Alias(„cn“)] [Parameter(Mandatory=$false, ParameterSetName=’Default‘)] [ValidateNotNull()] [ValidateNotNullOrEmpty()]

[switch]

$CanonicalNames, # Include if inheritance is disabled in report # This parameter will add information in the report whether the object have disabled it’s inheritnace [Alias(„p“)] [Parameter(Mandatory=$false, ParameterSetName=’Default‘)] [ValidateNotNull()] [ValidateNotNullOrEmpty()]

[switch]

$Protected, # Scan Default Security Descriptor # This parameter will make AD ACL Scanner to search the schema partition for security descriptors of all objects. [Alias(„dsd“)] [Parameter(Mandatory=$false)] [ValidateNotNull()] [ValidateNotNullOrEmpty()]

[switch]

$DefaultSecurityDescriptor, # Filter Default Security Descriptor on a schema object # This parameter let you select the schema object you would like to see the default security descriptor on. # Example 1. -SchemaObjectName „User“ # Example 2. -SchemaObjectName „Computer“ [Alias(„son“)] [Parameter(Mandatory=$false)] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [String] $SchemaObjectName=“*“, # Filter Default Security Descriptor on modified with version number higher than 1 # This parameter will check the metadata of the NTSecurityDescriptor if it have ever been changed, basically have a version number higher than 1. [Alias(„om“)] [Parameter(Mandatory=$false)] [ValidateNotNull()] [ValidateNotNullOrEmpty()]

[switch]

$OnlyModified, # Include inherited permissions # By default only explicit permissions are shown [Alias(„in“)] [Parameter(Mandatory=$false)] [ValidateNotNull()] [ValidateNotNullOrEmpty()]

[switch]

$IncludeInherited, # Returns ACE’s in the format that .Net presents access permissions # Use this option if you would like to create a template for compairson [Parameter(Mandatory=$false)] [ValidateNotNull()] [ValidateNotNullOrEmpty()]

[switch]

$RAW, # Returns ACE’s in the SDDL format [Parameter(Mandatory=$false)] [ValidateNotNull()] [ValidateNotNullOrEmpty()]

[switch]

$SDDL, # Filter ACL for access type # Example 1. -AccessType „Allow“ # Example 2. -AccessType „Deny“ [Alias(„acc“)] [Parameter(Mandatory=$false)] [ValidateSet(„Allow“, „Deny“)] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [String] $AccessType, # Filter ACL for a specific permission # Example 1. -Permissions „GenericAll“ # Example 2. -Permissions „WriteProperty|ExtendedRight“ [Alias(„perm“)] [Parameter(Mandatory=$false)] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [String] $Permission, # Filter ACL ObjectName # Example 1. -ApplyTo user # Example 2. -ApplyTo „user|computer“ [Alias(„at“)] [Parameter(Mandatory=$false)] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [String] $ApplyTo=““, # Filter ACL for matching strings in Trustee # Example 1 -FilterTrustee „*Domain*“ # Example 1 -FilterTrustee „contoso\user1“ [Alias(„ft“)] [Parameter(Mandatory=$false)] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [String] $FilterTrustee=““, # Show the progressbar in the CLI [Parameter(Mandatory=$false)] [ValidateNotNull()] [ValidateNotNullOrEmpty()]

[switch]

$ShowProgressBar, # Add Credentials to the command by first creating a pscredential object like for example $CREDS = get-credential [Parameter(Mandatory=$false)] [PSCredential] $Credentials

)

[string]$ADACLScanVersion = „——-nAD ACL Scanner 7.9 , Author: Robin Granberg, @ipcdollar1, Github: github.com/canix1n——-„
[string]$global:ACLHTMLFileName = „ACLHTML-$SessionID“
[string]$global:SPNHTMLFileName = „SPNHTML-$SessionID“
[string]$global:ModifiedDefSDAccessFileName = „ModifiedDefSDAccess-$SessionID“
[string]$global:LegendHTMLFileName = „LegendHTML-$SessionID“

if([threading.thread]::CurrentThread.ApartmentState.ToString() -eq ‚MTA‘)
{
write-host -ForegroundColor RED „RUN PowerShell.exe with -STA switch“
write-host -ForegroundColor RED „Example:“
write-host -ForegroundColor RED “ PowerShell -STA $PSCommandPath“

Write-Host „Press any key to continue …“
[VOID]$host.UI.RawUI.ReadKey(„NoEcho,IncludeKeyDown“)

Exit
}

Set global value for time out in paged searches

$global:TimeoutSeconds = 120

Set global value for page size in paged searches

$global:PageSize = 1000

Hash table for Forest Level

$global:ForestFLHashAD = @{
0=“Windows 2000 Server“;
1=“Windows Server 2003/Interim“;
2=“Windows Server 2003″;
3=“Windows Server 2008″;
4=“Windows Server 2008 R2″;
5=“Windows Server 2012″;
6=“Windows Server 2012 R2″;
7=“Windows Server 2016″;
8=“Windows Server 2019″
}

Hash table for Domain Level

$global:DomainFLHashAD = @{
0=“Windows 2000 Server“;
1=“Windows Server 2003/Interim“;
2=“Windows Server 2003″;
3=“Windows Server 2008″;
4=“Windows Server 2008 R2″;
5=“Windows Server 2012″;
6=“Windows Server 2012 R2″;
7=“Windows Server 2016″;
8=“Windows Server 2019″
}
$global:SchemaHashAD = @{
13=“Windows 2000 Server“;
30=“Windows Server 2003″;
31=“Windows Server 2003 R2″;
44=“Windows Server 2008″;
47=“Windows Server 2008 R2″;
56=“Windows Server 2012″;
69=“Windows Server 2012 R2″;
72=“Windows Server 2016 Technical Preview“;
81=“Windows Server 2016 Technical Preview 2″;
82=“Windows Server 2016 Technical Preview 3″;
85=“Windows Server 2016 Technical Preview 4″;
87=“Windows Server 2016″;
88=“Windows Server 2019″
}

List of Exchange Schema versions

$global:SchemaHashExchange = @{
4397=“Exchange Server 2000″;
4406=“Exchange Server 2000 SP3″;
6870=“Exchange Server 2003″;
6936=“Exchange Server 2003 SP3″;
10628=“Exchange Server 2007″;
10637=“Exchange Server 2007″;
11116=“Exchange Server 2007 SP1″;
14622=“Exchange Server 2007 SP2 or Exchange Server 2010″;
14726=“Exchange Server 2010 SP1″;
14732=“Exchange Server 2010 SP2″;
14734=“Exchange Server 2010 SP3″;
15137=“Exchange Server 2013 RTM“;
15254=“Exchange Server 2013 CU1″;
15281=“Exchange Server 2013 CU2″;
15283=“Exchange Server 2013 CU3″;
15292=“Exchange Server 2013 SP1/CU4″;
15300=“Exchange Server 2013 CU5″;
15303=“Exchange Server 2013 CU6″;
15312=“Exchange Server 2013 CU7″;
15317=“Exchange Server 2016″;
15323=“Exchange Server 2016 CU1″;
15325=“Exchange Server 2016 CU2″;
15326=“Exchange Server 2016 CU3-CU5″;
15330=“Exchange Server 2016 CU6″;
15332=“Exchange Server 2016 CU7-CU18″;
15333=“Exchange Server 2016 CU19″;
17000=“Exchange Server 2019″;
17001=“Exchange Server 2019 CU2-CU7″;
17002=“Exchange Server 2019 CU8″
}

List of Lync Schema versions

$global:SchemaHashLync = @{
1006=“LCS 2005″;
1007=“OCS 2007 R1″;
1008=“OCS 2007 R2″;
1100=“Lync Server 2010″;
1150=“Lync Server 2013/Skype for Business 2015″
}
Function BuildSchemaDic
{

$global:dicSchemaIDGUIDs = @{„BF967ABA-0DE6-11D0-A285-00AA003049E2″ =“user“; "BF967A86-0DE6-11D0-A285-00AA003049E2" = "computer";
„BF967A9C-0DE6-11D0-A285-00AA003049E2“ = „group“; "BF967ABB-0DE6-11D0-A285-00AA003049E2" = "volume";
„F30E3BBE-9FF0-11D1-B603-0000F80367C1“ = „gPLink“; "F30E3BBF-9FF0-11D1-B603-0000F80367C1" = "gPOptions";
„BF967AA8-0DE6-11D0-A285-00AA003049E2“ = „printQueue“; "4828CC14-1437-45BC-9B07-AD6F015E5F28" = "inetOrgPerson";
„5CB41ED0-0E4C-11D0-A286-00AA003049E2“ = „contact“; "BF967AA5-0DE6-11D0-A285-00AA003049E2" = "organizationalUnit";
„BF967A0A-0DE6-11D0-A285-00AA003049E2“ = „pwdLastSet“}

$global:dicNameToSchemaIDGUIDs = @{„user“=“BF967ABA-0DE6-11D0-A285-00AA003049E2“; "computer" = "BF967A86-0DE6-11D0-A285-00AA003049E2";
„group“ = „BF967A9C-0DE6-11D0-A285-00AA003049E2“; "volume" = "BF967ABB-0DE6-11D0-A285-00AA003049E2";
„gPLink“ = „F30E3BBE-9FF0-11D1-B603-0000F80367C1“; "gPOptions" = "F30E3BBF-9FF0-11D1-B603-0000F80367C1";
„printQueue“ = „BF967AA8-0DE6-11D0-A285-00AA003049E2“; "inetOrgPerson" = "4828CC14-1437-45BC-9B07-AD6F015E5F28";
„contact“ = „5CB41ED0-0E4C-11D0-A286-00AA003049E2“; "organizationalUnit" = "BF967AA5-0DE6-11D0-A285-00AA003049E2";
„pwdLastSet“ = „BF967A0A-0DE6-11D0-A285-00AA003049E2“}
}

BuildSchemaDic

$CurrentFSPath = $PSScriptRoot

Add-Type -Assembly PresentationFramework

$xamlBase = @“






                                    <TextBox x:Name="txtBoxDomainConnect" HorizontalAlignment="Left" Height="18"  Text="rootDSE" Width="285" Margin="0,0,0.0,0" IsEnabled="False"/>
                                </StackPanel>
                                <StackPanel Orientation="Horizontal"  Margin="05,05,0,0"  >
                                    <Button x:Name="btnDSConnect" Content="Connect" HorizontalAlignment="Left" Height="23" Margin="0,2,0,0" VerticalAlignment="Top" Width="84"/>
                                    <Button x:Name="btnListDdomain" Content="List Domains" HorizontalAlignment="Left" Height="23" Margin="50,2,0,0" VerticalAlignment="Top" Width="95"/>
                                </StackPanel>

                                <GroupBox x:Name="gBoxBrowse" Grid.Column="0" Header="Browse Options" HorizontalAlignment="Left" Height="47" Margin="00,05,0,0" VerticalAlignment="Top" Width="290" BorderBrush="Black">
                                    <StackPanel Orientation="Vertical" Margin="0,0">
                                        <StackPanel Orientation="Horizontal">
                                            <RadioButton x:Name="rdbBrowseOU" Content="OU's" HorizontalAlignment="Left" Height="18" Margin="5,05,0,0" VerticalAlignment="Top" Width="61" IsChecked="True"/>
                                            <RadioButton x:Name="rdbBrowseAll" Content="All Objects" HorizontalAlignment="Left" Height="18" Margin="20,05,0,0" VerticalAlignment="Top" Width="80"/>
                                            <CheckBox x:Name="chkBoxShowDel" Content="Show Deleted" HorizontalAlignment="Right" Margin="10,05,0,0" Height="18" />
                                        </StackPanel>
                                    </StackPanel>
                                </GroupBox>
                            </StackPanel>
                        </TabItem>
                        <TabItem x:Name="tabForestInfo" Header="Forest Info" Width="85">
                            <StackPanel Orientation="Vertical" Margin="0,05" Width="345" HorizontalAlignment="Left">
                                <Button x:Name="btnGetForestInfo" Content="Get Forest Info" Margin="0,0,0,0" Width="280" Height="19" />
                                <StackPanel Orientation="Horizontal" Margin="0,05">
                                    <Label x:Name="lblFFL" Content="Forest Functional Level:" Width="150" Height="24"/>
                                    <TextBox x:Name="txtBoxFFL" Text=""  Width="170" Margin="05,0" Height="19" />
                                </StackPanel>
                                <StackPanel Orientation="Horizontal" Margin="0,01">
                                    <Label x:Name="lblDFL" Content="Domain Functional Level:" Width="150" Height="24"/>
                                    <TextBox x:Name="txtBoxDFL" Text="" Width="170" Margin="05,0" Height="19" />
                                </StackPanel>
                                <StackPanel Orientation="Horizontal" Margin="0,01">
                                    <Label x:Name="ldblADSchema" Content="AD Schema Version:" Width="150" Height="24"/>
                                    <TextBox x:Name="txtBoxADSchema" Text="" Width="170" Margin="05,0" Height="19" />
                                </StackPanel>
                                <StackPanel Orientation="Horizontal" Margin="0,01">
                                    <Label x:Name="lblExchSchema" Content="Exchange Schema Version:" Width="150" Height="24"/>
                                    <TextBox x:Name="txtBoxExSchema" Text="" Width="170" Margin="05,0" Height="19" />
                                </StackPanel>
                                <StackPanel Orientation="Horizontal" Margin="0,01">
                                    <Label x:Name="lblLyncSchema" Content="Lync Schema Version:" Width="150" Height="24" VerticalAlignment="Top"/>
                                    <TextBox x:Name="txtBoxLyncSchema" Text="" Width="170" Margin="05,0,0,0" Height="19" />
                                </StackPanel>
                                <StackPanel Orientation="Horizontal" Margin="0,01">
                                    <Label x:Name="lblListObjectMode" Content="List Object Mode:" Width="150" Height="24" VerticalAlignment="Top"/>
                                    <TextBox x:Name="txtListObjectMode" Text="" Width="170" Margin="05,0,0,0" Height="19" />
                                </StackPanel>
                            </StackPanel>
                        </TabItem>
                        <TabItem x:Name="tabConnectionInfo" Header="Connection Info" Width="100" Margin="0,0,0,0">
                            <StackPanel Orientation="Vertical" Margin="0,0" HorizontalAlignment="Left" Width="345">
                                <Label x:Name="lblDC" Content="Domain Controller:" Width="175" Height="24" HorizontalAlignment="Left" />
                                <TextBox x:Name="txtDC" Text=""  Width="320" Margin="05,0" Height="19" HorizontalAlignment="Left"  />
                                <Label x:Name="lbldefaultnamingcontext" Content="Default Naming Context:" Width="175" Height="24" HorizontalAlignment="Left" />
                                <TextBox x:Name="txtdefaultnamingcontext" Text="" Width="320" Margin="05,0" Height="19" HorizontalAlignment="Left" />
                                <Label x:Name="lblconfigurationnamingcontext" Content="Configuration Naming Context:" Width="175" Height="24" HorizontalAlignment="Left" />
                                <TextBox x:Name="txtconfigurationnamingcontext" Text="" Width="320" Margin="05,0" Height="19" HorizontalAlignment="Left"  />
                                <Label x:Name="lblschemanamingcontext" Content="Schema Naming Context:" Width="175" Height="24" HorizontalAlignment="Left" />
                                <TextBox x:Name="txtschemanamingcontext" Text="" Width="320" Margin="05,0" Height="19" HorizontalAlignment="Left"  />
                                <Label x:Name="lblrootdomainnamingcontext" Content="Root Domain Naming Context:" Width="175" Height="24" HorizontalAlignment="Left" />
                                <TextBox x:Name="txtrootdomainnamingcontext" Text="" Width="320" Margin="05,0,0,0" Height="19" HorizontalAlignment="Left"  />
                            </StackPanel>
                        </TabItem>
                    </TabControl>
                    <GroupBox x:Name="gBoxSelectNodeTreeView" Grid.Column="0" Header="Nodes" HorizontalAlignment="Left" Height="330" Margin="0,0,0,0" VerticalAlignment="Top" Width="350"  Foreground="White" BorderThickness="0" BorderBrush="#FF2A3238" >
                        <StackPanel Orientation="Vertical">
                            <TreeView x:Name="treeView1"  Height="300" Width="340"  Margin="0,5,0,0" HorizontalAlignment="Left"
            DataContext="{Binding Source={StaticResource DomainOUData}, XPath=/DomainRoot}"
            ItemTemplate="{StaticResource NodeTemplate}"
            ItemsSource="{Binding}">
                                <TreeView.ContextMenu>
                                    <ContextMenu x:Name="ContextMUpdateNode"  >
                                        <MenuItem Header="Refresh Childs">
                                            <MenuItem.Icon>
                                                <Image Width="15" Height="15" Source="{Binding XPath=@Icon}" />
                                            </MenuItem.Icon>
                                        </MenuItem>
                                        <MenuItem Header="Exclude Node">
                                            <MenuItem.Icon>
                                                <Image Width="15" Height="15" Source="{Binding XPath=@Icon2}" />
                                            </MenuItem.Icon>
                                        </MenuItem>
                                    </ContextMenu>

                                </TreeView.ContextMenu>
                            </TreeView>
                        </StackPanel>
                    </GroupBox>
                    <StackPanel Orientation="Horizontal" >
                        <StackPanel Orientation="Horizontal" Margin="0,0,0,0">
                            <StackPanel Orientation="Vertical" >
                                <StackPanel Orientation="Horizontal" >
                                    <Label x:Name="lblStyleVersion1" Content="AD ACL Scanner 7.9" HorizontalAlignment="Left" Height="25" Margin="0,0,0,0" VerticalAlignment="Top" Width="140" Foreground="White" Background="{x:Null}" FontWeight="Bold" FontSize="14"/>
                                </StackPanel>
                                <StackPanel Orientation="Horizontal" >
                                    <Label x:Name="lblStyleVersion2" Content="written by Robin Granberg " HorizontalAlignment="Left" Height="27" Margin="0,0,0,0" VerticalAlignment="Top" Width="150" Foreground="White" Background="{x:Null}" FontSize="12"/>
                                    <Image x:Name="imgTwitter" HorizontalAlignment="Left" Height="15" VerticalAlignment="Center" Width="15"  />
                                    <Label x:Name="lblStyleVersion3" Content="@ipcdollar1" HorizontalAlignment="Left" Height="27" Margin="0,0,0,0" VerticalAlignment="Top" Width="72" Foreground="White" Background="{x:Null}" FontSize="12"/>
                                    <Image x:Name="imgGithub" HorizontalAlignment="Left" Height="15" VerticalAlignment="Center" Width="15"  />
                                    <Label x:Name="lblStyleVersion4" Content="@canix1" HorizontalAlignment="Left" Height="27" Margin="0,0,0,0" VerticalAlignment="Top" Width="53" Foreground="White" Background="{x:Null}" FontSize="12"/>
                                </StackPanel>
                            </StackPanel>
                        </StackPanel>
                    </StackPanel>
                </StackPanel>
                <StackPanel Orientation="Vertical">
                    <Label x:Name="lblSelectedNode" Content="Selected Object:" HorizontalAlignment="Left" Height="26" Margin="0,0,0,0" VerticalAlignment="Top" Width="158" Foreground="White" />
                    <StackPanel Orientation="Horizontal" >
                        <TextBox x:Name="txtBoxSelected" HorizontalAlignment="Left" Height="20" Margin="5,0,0,0" TextWrapping="NoWrap" VerticalAlignment="Top" Width="630"/>
                    </StackPanel>
                    <Label x:Name="lblStatusBar" Content="Log:" HorizontalAlignment="Left" Height="26" Margin="0,0,0,0" VerticalAlignment="Top" Width="158" Foreground="White" />
                    <ListBox x:Name="TextBoxStatusMessage" DisplayMemberPath="Message" SelectionMode="Extended" HorizontalAlignment="Left" Height="80" Margin="5,0,0,0" VerticalAlignment="Top" Width="630" ScrollViewer.HorizontalScrollBarVisibility="Auto">
                        <ListBox.ItemContainerStyle>
                            <Style TargetType="{x:Type ListBoxItem}">
                                <Style.Triggers>
                                    <DataTrigger Binding="{Binding Path=Type}" Value="Error">
                                        <Setter Property="ListBoxItem.Foreground" Value="Red" />
                                        <Setter Property="ListBoxItem.Background" Value="LightGray" />
                                    </DataTrigger>
                                    <DataTrigger Binding="{Binding Path=Type}" Value="Warning">
                                        <Setter Property="ListBoxItem.Foreground" Value="Yellow" />
                                        <Setter Property="ListBoxItem.Background" Value="Gray" />
                                    </DataTrigger>
                                    <DataTrigger Binding="{Binding Path=Type}" Value="Info">
                                        <Setter Property="ListBoxItem.Foreground" Value="Black" />
                                        <Setter Property="ListBoxItem.Background" Value="White" />
                                    </DataTrigger>
                                </Style.Triggers>
                            </Style>
                        </ListBox.ItemContainerStyle>
                    </ListBox>
                    <TabControl x:Name="tabScanTop"   HorizontalAlignment="Left" Height="405"  VerticalAlignment="Top" Width="630" Margin="5,5,0,0">
                        <TabItem x:Name="tabScan" Header="Scan Options" Width="85">
                            <Grid >
                                <StackPanel Orientation="Vertical" Margin="0,0">
                                    <StackPanel Orientation="Horizontal" Margin="0,0">
                                        <StackPanel Orientation="Vertical" Margin="0,0">
                                            <GroupBox x:Name="gBoxScanType" Header="Scan Type" HorizontalAlignment="Left" Height="71" Margin="2,1,0,0" VerticalAlignment="Top" Width="290" >
                                                <StackPanel Orientation="Vertical" Margin="0,0">
                                                    <StackPanel Orientation="Horizontal">
                                                        <RadioButton x:Name="rdbDACL" Content="DACL (Access)" HorizontalAlignment="Left" Height="18" Margin="5,10,0,0" VerticalAlignment="Top" Width="95" IsChecked="True"/>
                                                        <RadioButton x:Name="rdbSACL" Content="SACL (Audit)" HorizontalAlignment="Left" Height="18" Margin="20,10,0,0" VerticalAlignment="Top" Width="90"/>

                                                    </StackPanel>
                                                    <StackPanel Orientation="Horizontal" Height="35" Margin="0,0,0.2,0">
                                                        <CheckBox x:Name="chkBoxRAWSDDL" Content="RAW SDDL" HorizontalAlignment="Left" Height="18" Margin="5,05,0,0" VerticalAlignment="Top" Width="120"/>
                                                    </StackPanel>
                                                </StackPanel>
                                            </GroupBox>
                                            <GroupBox x:Name="gBoxScanDepth" Header="Scan Depth" HorizontalAlignment="Left" Height="51" Margin="2,1,0,0" VerticalAlignment="Top" Width="290">
                                                <StackPanel Orientation="Vertical" Margin="0,0">
                                                    <StackPanel Orientation="Horizontal">
                                                        <RadioButton x:Name="rdbBase" Content="Base" HorizontalAlignment="Left" Height="18" Margin="5,10,0,0" VerticalAlignment="Top" Width="61" IsChecked="True"/>
                                                        <RadioButton x:Name="rdbOneLevel" Content="One Level" HorizontalAlignment="Left" Height="18" Margin="20,10,0,0" VerticalAlignment="Top" Width="80"/>
                                                        <RadioButton x:Name="rdbSubtree" Content="Subtree" HorizontalAlignment="Left" Height="18" Margin="20,10,0,0" VerticalAlignment="Top" Width="80"/>
                                                    </StackPanel>
                                                </StackPanel>
                                            </GroupBox>
                                            <GroupBox x:Name="gBoxRdbFile" Header="Output Options" HorizontalAlignment="Left" Height="158" Margin="2,0,0,0" VerticalAlignment="Top" Width="290">
                                                <StackPanel Orientation="Vertical" Margin="0,0">
                                                    <StackPanel Orientation="Horizontal">
                                                        <RadioButton x:Name="rdbOnlyHTA" Content="HTML" HorizontalAlignment="Left" Height="18" Margin="5,05,0,0" VerticalAlignment="Top" Width="61" GroupName="rdbGroupOutput" IsChecked="True"/>
                                                        <RadioButton x:Name="rdbOnlyCSV" Content="CSV file" HorizontalAlignment="Left" Height="18" Margin="20,05,0,0" VerticalAlignment="Top" Width="61" GroupName="rdbGroupOutput"/>
                                                        <RadioButton x:Name="rdbOnlyCSVTEMPLATE" Content="CSV Template" HorizontalAlignment="Left" Height="18" Margin="20,05,0,0" VerticalAlignment="Top" Width="91" GroupName="rdbGroupOutput"/>
                                                    </StackPanel>
                                                    <StackPanel Orientation="Horizontal">
                                                        <RadioButton x:Name="rdbEXcel" Content="Excel file" HorizontalAlignment="Left" Height="18" Margin="5,05,0,0" VerticalAlignment="Top" Width="155" GroupName="rdbGroupOutput"/>
                                                    </StackPanel>
                                                    <CheckBox x:Name="chkBoxTranslateGUID" Content="Translate GUID's in CSV output" HorizontalAlignment="Left" Height="18" Margin="5,05,0,0" VerticalAlignment="Top" Width="200"/>
                                                    <Label x:Name="lblTempFolder" Content="CSV file destination" />
                                                    <TextBox x:Name="txtTempFolder" Margin="0,0,02,0"/>
                                                    <StackPanel Orientation="Horizontal" HorizontalAlignment="Right" >
                                                        <Button x:Name="btnGetTemplateFolder" Content="Change Folder" Width="90" Margin="-100,00,0,0"  />
                                                    </StackPanel>
                                                </StackPanel>
                                            </GroupBox>
                                        </StackPanel>
                                        <StackPanel Orientation="Vertical" Margin="0,0">
                                            <GroupBox x:Name="gBoxRdbScan" Header="Objects to scan" HorizontalAlignment="Left" Height="75" Margin="2,0,0,0" VerticalAlignment="Top" Width="310">
                                                <StackPanel Orientation="Vertical" Margin="0,0">
                                                    <StackPanel Orientation="Horizontal">
                                                        <RadioButton x:Name="rdbScanOU" Content="OUs" HorizontalAlignment="Left" Height="18" Margin="5,10,0,0" VerticalAlignment="Top" Width="61" IsChecked="True" GroupName="rdbGroupFilter"/>
                                                        <RadioButton x:Name="rdbScanContainer" Content="Containers" HorizontalAlignment="Left" Height="18" Margin="5,10,0,0" VerticalAlignment="Top" Width="80" GroupName="rdbGroupFilter"/>
                                                        <RadioButton x:Name="rdbScanAll" Content="All Objects" HorizontalAlignment="Left" Height="18" Margin="5,10,0,0" VerticalAlignment="Top" Width="80" GroupName="rdbGroupFilter"/>
                                                        <RadioButton x:Name="rdbGPO" Content="GPOs" HorizontalAlignment="Left" Height="18" Margin="5,10,0,0" VerticalAlignment="Top" Width="80" GroupName="rdbGroupFilter"/>
                                                    </StackPanel>
                                                    <StackPanel Orientation="Horizontal">
                                                        <RadioButton x:Name="rdbScanFilter" Content="" HorizontalAlignment="Left" Height="18" Margin="5,5,0,0" VerticalAlignment="Top" Width="15" GroupName="rdbGroupFilter"/>
                                                        <TextBox x:Name="txtCustomFilter" Text="(objectClass=*)" HorizontalAlignment="Left" Height="18" Width="250" Margin="0,0,0.0,0" IsEnabled="False"/>
                                                    </StackPanel>
                                                </StackPanel>
                                            </GroupBox>
                                            <GroupBox x:Name="gBoxReportOpt" Header="View in report" HorizontalAlignment="Left" Height="220" Margin="2,0,0,0" VerticalAlignment="Top" Width="310">
                                                <StackPanel Orientation="Vertical" Margin="0,0">
                                                    <StackPanel Orientation="Horizontal">
                                                        <CheckBox x:Name="chkBoxGetOwner" Content="View Owner" HorizontalAlignment="Left" Height="18" Margin="5,05,0,0" VerticalAlignment="Top" Width="120"/>
                                                        <CheckBox x:Name="chkBoxACLSize" Content="DACL Size" HorizontalAlignment="Left" Height="18" Margin="30,05,0,0" VerticalAlignment="Top" Width="80"/>
                                                    </StackPanel>
                                                    <StackPanel Orientation="Horizontal" Margin="0,0,0.2,0" Height="35">
                                                        <CheckBox x:Name="chkInheritedPerm" Content="Inherited&#10;Permissions" HorizontalAlignment="Left" Height="30" Margin="5,05,0,0" VerticalAlignment="Top" Width="120"/>
                                                        <CheckBox x:Name="chkBoxGetOUProtected" Content="Inheritance&#10;Disabled" HorizontalAlignment="Left" Height="30" Margin="30,05,0,0" VerticalAlignment="Top" Width="120"/>
                                                    </StackPanel>
                                                    <StackPanel Orientation="Horizontal" Height="35" Margin="0,0,0.2,0">
                                                        <CheckBox x:Name="chkBoxDefaultPerm" Content="Skip Default&#10;Permissions" HorizontalAlignment="Left" Height="30" Margin="5,05,0,0" VerticalAlignment="Top" Width="120"/>
                                                        <CheckBox x:Name="chkBoxReplMeta" Content="SD Modified date" HorizontalAlignment="Left" Height="30" Margin="30,05,0,0" VerticalAlignment="Top" Width="120"/>
                                                    </StackPanel>
                                                    <StackPanel Orientation="Horizontal" Height="35" Margin="0,0,0.2,0">
                                                        <CheckBox x:Name="chkBoxSkipProtectedPerm" Content="Skip Protected&#10;Permissions" HorizontalAlignment="Left" Height="30" Margin="5,05,0,0" VerticalAlignment="Top" Width="120"/>
                                                        <CheckBox x:Name="chkBoxObjType" Content="ObjectClass" HorizontalAlignment="Left" Height="30" Margin="30,05,0,0" VerticalAlignment="Top" Width="90"/>
                                                    </StackPanel>
                                                    <StackPanel Orientation="Vertical"  Margin="0,0,0,0">
                                                        <StackPanel Orientation="Horizontal" Height="19" Margin="0,0,0.2,0">
                                                            <CheckBox x:Name="chkBoxUseCanonicalName" Content="Canonical Name" HorizontalAlignment="Left" Margin="5,05,0,0" VerticalAlignment="Top" Width="120"/>
                                                            <CheckBox x:Name="chkBoxSDDLView" Content="SDDL" HorizontalAlignment="Left" Height="30" Margin="30,05,0,0" VerticalAlignment="Top" Width="90"/>
                                                        </StackPanel>
                                                        <Label x:Name="lblReturnObjectType" Content="Filter report on security principal type:"  Margin="5,0,0,0"/>
                                                        <ComboBox x:Name="combReturnObjectType" HorizontalAlignment="Left" Margin="5,0,0,0" VerticalAlignment="Top" Width="120" IsEnabled="True"/>
                                                    </StackPanel>
                                                </StackPanel>
                                            </GroupBox>
                                        </StackPanel>
                                    </StackPanel>
                                    <GroupBox  x:Name="gBoxExclude" Header="Excluded Path (matching string in distinguishedName):" HorizontalAlignment="Left" Height="75" Margin="2,0,0,0" VerticalAlignment="Top" Width="605">
                                        <StackPanel Orientation="Vertical">
                                            <StackPanel Orientation="Vertical">
                                                <TextBox x:Name="txtBoxExcluded" HorizontalAlignment="Left" Height="20" Margin="5,10,0,0" TextWrapping="NoWrap" VerticalAlignment="Top" Width="585" />
                                                <Button x:Name="btnClearExcludedBox" Content="Clear"  Height="21" Margin="10,0,0,0" IsEnabled="true" Width="100"/>
                                            </StackPanel>
                                        </StackPanel>
                                    </GroupBox>
                                </StackPanel>
                            </Grid>
                        </TabItem>
                        <TabItem x:Name="tabFilter" Header="Filter">
                            <Grid>
                                <StackPanel Orientation="Horizontal">
                                    <StackPanel Orientation="Vertical" Margin="0,0">
                                        <CheckBox x:Name="chkBoxFilter" Content="Enable Filter" HorizontalAlignment="Left" Margin="5,5,0,0" VerticalAlignment="Top"/>
                                        <Label x:Name="lblAccessCtrl" Content="Filter by Access Type:(example: Allow)" />
                                        <StackPanel Orientation="Horizontal" Margin="0,0">
                                            <CheckBox x:Name="chkBoxType" Content="" HorizontalAlignment="Left" Margin="5,0,0,0" VerticalAlignment="Top" IsEnabled="False"/>
                                            <ComboBox x:Name="combAccessCtrl" HorizontalAlignment="Left" Margin="5,0,0,0" VerticalAlignment="Top" Width="120" IsEnabled="False"/>
                                        </StackPanel>
                                        <Label x:Name="lblFilterExpl" Content="Filter by Object:&#10;Examples:&#10;* &#10;User|Computer" />
                                        <StackPanel Orientation="Horizontal" Margin="0,0">
                                            <CheckBox x:Name="chkBoxObject" Content="" HorizontalAlignment="Left" Margin="5,0,0,0" VerticalAlignment="Top" IsEnabled="False"/>
                                            <TextBox x:Name="txtBoxObjectFilter" HorizontalAlignment="Left" Margin="5,0,0,0" VerticalAlignment="Top" Width="160" IsEnabled="False"/>
                                        </StackPanel>

                                    </StackPanel>
                                    <StackPanel Orientation="Vertical" Margin="5,5,0,0" Width="320">
                                        <Label x:Name="lblPermission" Content="Filter by permissions:&#10;Examples:&#10;GenericAll &#10;WriteProperty|ExtendedRight" />
                                        <StackPanel Orientation="Horizontal" Margin="0,0">
                                            <CheckBox x:Name="chkBoxPermission" Content="" HorizontalAlignment="Left" Margin="5,0,0,0" VerticalAlignment="Top" IsEnabled="False"/>
                                            <TextBox x:Name="txtPermission" HorizontalAlignment="Left" Margin="5,0,0,0" VerticalAlignment="Top" Width="160" IsEnabled="False"/>
                                        </StackPanel>
                                        <Label x:Name="lblFilterTrusteeExpl" Content="Filter by Trustee:&#10;Examples:&#10;CONTOSO\User&#10;CONTOSO\JohnDoe*&#10;*Smith&#10;*Doe*" />
                                        <StackPanel Orientation="Horizontal" Margin="0,0">
                                            <CheckBox x:Name="chkBoxTrustee" Content="" HorizontalAlignment="Left" Margin="5,0,0,0" VerticalAlignment="Top" IsEnabled="False"/>
                                            <TextBox x:Name="txtFilterTrustee" HorizontalAlignment="Left" Margin="5,0,0,0" VerticalAlignment="Top" Width="160" IsEnabled="False"/>
                                        </StackPanel>

                                        <StackPanel Orientation="Horizontal" Margin="0,0">
                                            <CheckBox x:Name="chkBoxFilterBuiltin" Content="" HorizontalAlignment="Left" Margin="5,5,0,0" VerticalAlignment="Top" IsEnabled="False"/>
                                            <Label x:Name="lblFilterBuiltin" Content="Exclude all built-in security principals" />
                                        </StackPanel>
                                    </StackPanel>
                                </StackPanel>
                            </Grid>
                        </TabItem>
                        <TabItem x:Name="tabAssess" Header="Assessment">
                            <Grid >
                                <StackPanel Orientation="Horizontal">
                                    <StackPanel Orientation="Vertical" Margin="0,0">
                                        <GroupBox x:Name="gBoxdCriticals" Header="Assessment Options" HorizontalAlignment="Left" Height="200" Margin="0,5,0,0" VerticalAlignment="Top" Width="290">
                                            <StackPanel>
                                                <Label x:Name="lblFilterServerity" Content="Filter by Severity" />
                                                <StackPanel Orientation="Horizontal" Margin="0,0">
                                                    <CheckBox x:Name="chkBoxSeverity" Content="" HorizontalAlignment="Left" Margin="5,0,0,0" VerticalAlignment="Top" IsEnabled="True"/>
                                                    <ComboBox x:Name="combServerity" HorizontalAlignment="Left" Margin="5,0,0,0" VerticalAlignment="Top" Width="120" IsEnabled="false"/>
                                                </StackPanel>
                                              <Label x:Name="lblRecursiveFind" Content="Perform a recursive search and return these objects:" />
                                                <StackPanel Orientation="Horizontal" Margin="0,0">
                                                    <CheckBox x:Name="chkBoxRecursiveFind" Content="" HorizontalAlignment="Left" Margin="5,0,0,0" VerticalAlignment="Top" IsEnabled="True"/>
                                                    <ComboBox x:Name="combRecursiveFind" HorizontalAlignment="Left" Margin="5,0,0,0" VerticalAlignment="Top" Width="120" IsEnabled="false"/>
                                                </StackPanel>
                                            </StackPanel>
                                        </GroupBox>
                                    </StackPanel>
                                    <StackPanel Orientation="Vertical" Margin="5,5">
                                        <GroupBox x:Name="gBoxCriticality" Header="Access Rights Criticality" HorizontalAlignment="Left" Height="150" Margin="2,0,0,0" VerticalAlignment="Top" Width="290">
                                            <StackPanel Orientation="Vertical" Margin="0,0">
                                                <CheckBox x:Name="chkBoxEffectiveRightsColor" Content="Show color coded criticality" HorizontalAlignment="Left" Margin="5,10,0,0" VerticalAlignment="Top" IsEnabled="True"/>
                                                <Label x:Name="lblEffectiveRightsColor" Content="Use colors in report to identify criticality level of &#10;permissions.This might help you in implementing &#10;Least-Privilege Administrative Models" />
                                                <Button x:Name="btnViewLegend" Content="View Color Legend" HorizontalAlignment="Left" Margin="5,0,0,0" IsEnabled="True" Width="110"/>
                                            </StackPanel>

                                        </GroupBox>
                                    </StackPanel>
                                </StackPanel>
                            </Grid>
                        </TabItem>
                        <TabItem x:Name="tabEffectiveR" Header="Effective Rights">
                            <Grid >
                                <StackPanel Orientation="Horizontal">
                                    <StackPanel Orientation="Vertical" Margin="0,0">
                                        <CheckBox x:Name="chkBoxEffectiveRights" Content="Enable Effective Rights" HorizontalAlignment="Left" Margin="5,5,0,0" VerticalAlignment="Top"/>
                                        <Label x:Name="lblEffectiveDescText" Content="Effective Access allows you to view the effective &#10;permissions for a user, group, or device account." />
                                        <Label x:Name="lblEffectiveText" Content="Type the account name (samAccountName) for a &#10;user, group or computer" />
                                        <Label x:Name="lblSelectPrincipalDom" Content=":" />
                                        <TextBox x:Name="txtBoxSelectPrincipal" IsEnabled="False"  />
                                        <StackPanel  Orientation="Horizontal" Margin="0,0">
                                            <Button x:Name="btnGetSPAccount" Content="Get Account" Margin="5,0,0,0" IsEnabled="False"/>
                                            <Button x:Name="btnListLocations" Content="Locations..." Margin="50,0,0,0" IsEnabled="False"/>
                                        </StackPanel>

                                    </StackPanel>
                                    <StackPanel Orientation="Vertical" Margin="5,5,0,0" Width="320">
                                        <StackPanel  Orientation="Vertical" Margin="0,0"   >
                                            <GroupBox x:Name="gBoxEffectiveSelUser" Header="Selected Security Principal:" HorizontalAlignment="Left" Height="50" Margin="2,2,0,0" VerticalAlignment="Top" Width="290">
                                                <StackPanel Orientation="Vertical" Margin="0,0">
                                                    <Label x:Name="lblEffectiveSelUser" Content="" />
                                                </StackPanel>
                                            </GroupBox>
                                            <Button x:Name="btnGETSPNReport" HorizontalAlignment="Left" Content="View Account" Margin="5,2,0,0" IsEnabled="False" Width="110"/>
                                        </StackPanel>
                                    </StackPanel>
                                </StackPanel>
                            </Grid>
                        </TabItem>
                        <TabItem x:Name="tabCompare" Header="Compare">
                            <Grid>
                                <StackPanel Orientation="Horizontal">
                                    <StackPanel Orientation="Vertical" Margin="0,0" HorizontalAlignment="Left">
                                        <CheckBox x:Name="chkBoxCompare" Content="Enable Compare" HorizontalAlignment="Left" Margin="5,5,0,0" VerticalAlignment="Top"/>
                                        <Label x:Name="lblCompareDescText" Content="You can compare the current state with  &#10;a previously created CSV file." />
                                        <Label x:Name="lblCompareTemplate" Content="CSV Template File" />
                                        <TextBox x:Name="txtCompareTemplate" Margin="2,0,0,0" Width="275" IsEnabled="False"/>
                                        <Button x:Name="btnGetCompareInput" Content="Select Template" HorizontalAlignment="Right" Height="19" Margin="65,00,00,00" IsEnabled="False"/>
                                        <StackPanel Orientation="Horizontal" Margin="5,5,0,0">
                                            <Label x:Name="lblReturn" Content="Return:" />
                                            <ComboBox x:Name="combReturns" HorizontalAlignment="Left" Margin="05,02,00,00" VerticalAlignment="Top" Width="80" IsEnabled="False" SelectedValue="ALL"/>
                                        </StackPanel>
                                        <StackPanel Orientation="Vertical">
                                            <CheckBox x:Name="chkBoxTemplateNodes" Content="Use nodes from template." HorizontalAlignment="Left" Width="160" Margin="2,5,00,00" IsEnabled="False" />
                                            <CheckBox x:Name="chkBoxScanUsingUSN" Content="Faster compare using USNs of the&#10;NTSecurityDescriptor. This requires that your &#10;template to contain USNs.Requires SD Modified&#10;date selected when creating the template." HorizontalAlignment="Left"  Width="280" Margin="2,5,00,00" IsEnabled="False" />
                                        </StackPanel>

                                    </StackPanel>
                                    <StackPanel Orientation="Vertical" Width="300">

                                        <Label x:Name="lblReplaceDN" Content="Replace DN in file with current domain DN.&#10;E.g. DC=contoso,DC=com&#10;Type the old DN to be replaced:" />
                                        <TextBox x:Name="txtReplaceDN" Margin="2,0,0,0" Width="250" IsEnabled="False"/>
                                        <Label x:Name="lblReplaceNetbios" Content="Replace principals prefixed domain name with&#10;current domain. E.g. CONTOSO&#10;Type the old NETBIOS name to be replaced:" />
                                        <TextBox x:Name="txtReplaceNetbios" Margin="2,0,0,0" Width="250" IsEnabled="False"/>
                                        <Label x:Name="lblDownloadCSVDefACLs" Content="Download CSV templates for comparing with&#10;your environment:" Margin="05,20,00,00" />
                                        <Button x:Name="btnDownloadCSVDefACLs" Content="Download CSV Templates" HorizontalAlignment="Left" Width="140" Height="19" Margin="05,05,00,00" IsEnabled="True"/>
                                    </StackPanel>
                                </StackPanel>
                            </Grid>
                        </TabItem>
                        <TabItem x:Name="tabOther" Header="Default SD">
                            <Grid>
                                <StackPanel Orientation="Horizontal">
                                    <StackPanel Orientation="Vertical" Margin="0,0,0,-40">
                                        <GroupBox x:Name="gBoxdDefSecDesc" Header="Output Format" HorizontalAlignment="Left" Height="45" Margin="0,0,0,0" VerticalAlignment="Top" Width="290">
                                            <StackPanel Orientation="Horizontal" Margin="0,0">
                                                <RadioButton x:Name="rdbDefSD_Access" Content="DACL" HorizontalAlignment="Left" Height="18" Margin="5,05,0,0" VerticalAlignment="Top" Width="50" IsChecked="True"/>
                                                <RadioButton x:Name="rdbDefSD_SDDL" Content="SDDL" HorizontalAlignment="Left" Height="18" Margin="10,05,0,0" VerticalAlignment="Top" Width="50"/>
                                            </StackPanel>
                                        </GroupBox>
                                        <CheckBox x:Name="chkModifedDefSD" Content="Only modified defaultSecurityDescriptors" HorizontalAlignment="Left" Margin="5,10,0,0" VerticalAlignment="Top"/>
                                        <Label x:Name="lblObjectDefSD" Content="Select objects to scan:" />
                                        <StackPanel Orientation="Horizontal" Margin="0,0">
                                            <ComboBox x:Name="combObjectDefSD" HorizontalAlignment="Left" Margin="05,05,00,00" VerticalAlignment="Top" Width="120" IsEnabled="True" SelectedValue="*"/>
                                            <Button x:Name="btnScanDefSD" Content="Run Scan" HorizontalAlignment="Right" Width="90" Height="19" Margin="37,05,00,00" IsEnabled="True"/>
                                        </StackPanel>
                                        <StackPanel Orientation="Horizontal" Margin="0,0">
                                            <Button x:Name="btnGetSchemaClass" Content="Load all classSchema" HorizontalAlignment="Left" Width="120" Height="19" Margin="05,05,00,00" IsEnabled="True"/>
                                            <Button x:Name="btnExportDefSD" Content="Export to CSV" HorizontalAlignment="Right" Width="90" Height="19" Margin="37,05,00,00" IsEnabled="True"/>
                                        </StackPanel>
                                    </StackPanel>
                                    <GroupBox x:Name="gBoxdDefSecDescCompare" Header="Compare" HorizontalAlignment="Left" Height="260" Margin="0,0,0,0" VerticalAlignment="Top" Width="290">
                                        <StackPanel  Margin="0,0">
                                            <Label x:Name="lblCompareDefSDText" Content="You can compare the current state with  &#10;a previously created CSV file." />
                                            <Label x:Name="lblCompareDefSDTemplate" Content="CSV Template File" />
                                            <TextBox x:Name="txtCompareDefSDTemplate" Margin="2,0,0,0" Width="275" IsEnabled="True"/>
                                            <Button x:Name="btnGetCompareDefSDInput" Content="Select Template" HorizontalAlignment="Right" Width="90" Height="19" Margin="162,05,00,00" IsEnabled="True"/>
                                            <Button x:Name="btnCompDefSD" Content="Run Compare" HorizontalAlignment="Right" Width="90" Height="19" Margin="162,05,00,00" IsEnabled="True"/>
                                            <Label x:Name="lblDownloadCSVDefSD" Content="Download CSV templates for comparing with&#10;your defaultSecurityDescriptors:" Margin="05,20,00,00" />
                                            <Button x:Name="btnDownloadCSVDefSD" Content="Download CSV Templates" HorizontalAlignment="Left" Width="140" Height="19" Margin="05,05,00,00" IsEnabled="True"/>
                                        </StackPanel>
                                    </GroupBox>
                                </StackPanel>
                            </Grid>
                        </TabItem>
                        <TabItem x:Name="tabOfflineScan" Header="Additional Options">
                            <Grid>
                                <StackPanel>
                                    <GroupBox x:Name="gBoxImportCSV" Header="CSV to HTML" HorizontalAlignment="Left" Height="136" Margin="2,1,0,0" VerticalAlignment="Top" Width="290">
                                        <StackPanel Orientation="Vertical" Margin="0,0">
                                            <Label x:Name="lblCSVImport" Content="This file will be converted HTML:" />
                                            <TextBox x:Name="txtCSVImport"/>
                                            <StackPanel Orientation="Horizontal" HorizontalAlignment="Right">
                                                <Button x:Name="btnGetCSVFile" Content="Select CSV" />
                                            </StackPanel>
                                            <CheckBox x:Name="chkBoxTranslateGUIDinCSV" Content="CSV file do not contain object GUIDs" HorizontalAlignment="Left" Height="18" Margin="5,10,0,0" VerticalAlignment="Top" Width="290"/>
                                            <StackPanel Orientation="Horizontal" HorizontalAlignment="Right">
                                                <Button x:Name="btnCreateHTML" Content="Create HTML View" />
                                            </StackPanel>
                                        </StackPanel>
                                    </GroupBox>
                                    <GroupBox x:Name="gBoxProgress" Header="Progress Bar" HorizontalAlignment="Left" Height="75" Margin="2,0,0,0" VerticalAlignment="Top" Width="290">
                                        <StackPanel Orientation="Vertical" Margin="0,0">
                                            <CheckBox x:Name="chkBoxSkipProgressBar" Content="Use Progress Bar" HorizontalAlignment="Left" Margin="5,10,0,0" VerticalAlignment="Top" IsEnabled="True" IsChecked="True"/>
                                            <Label x:Name="lblSkipProgressBar" Content="For increased speed, turn off the progress bar." />
                                        </StackPanel>
                                    </GroupBox>
                                </StackPanel>
                            </Grid>
                        </TabItem>
                    </TabControl>
                    <StackPanel Orientation="Horizontal" Margin="5,5">
                        <Button x:Name="btnScan" Content="Run Scan" HorizontalAlignment="Left" Height="19" Margin="0,0,0,0" VerticalAlignment="Top" Width="66"/>
                        <Button x:Name="btnExit" Content="Exit" HorizontalAlignment="Left" Margin="100,0,0,0" VerticalAlignment="Top" Width="75"/>
                        <Button x:Name="btnSupport" Height="23" Tag="Support Statement"  Margin="270,0,0,0" Foreground="White" HorizontalAlignment="Right">
                            <TextBlock TextDecorations="Underline" Text="{Binding Path=Tag, RelativeSource={RelativeSource Mode=FindAncestor, AncestorType={x:Type Button}}}" />
                            <Button.Template>
                                <ControlTemplate TargetType="{x:Type Button}">
                                    <ContentPresenter />
                                </ControlTemplate>
                            </Button.Template>
                        </Button>
                    </StackPanel>
                </StackPanel>
            </StackPanel>
            <StackPanel >
            </StackPanel>
        </StackPanel>

    </Grid>
</ScrollViewer>

„@

[XML] $XAML = $xamlBase
$xaml.Window.RemoveAttribute(„x:Class“)

$reader=(New-Object System.Xml.XmlNodeReader $XAML)
$Window=[Windows.Markup.XamlReader]::Load( $reader )

Replace x:Name to XML variable Name

$xamlBase = $xamlBase.Replace(„x:Name“,“Name“)
[XML] $XAML = $xamlBase

Search the XML data for object and create variables

$XAML.SelectNodes(„//*[@Name]“)| %{set-variable -Name ($_.Name) -Value $Window.FindName($_.Name)}

$Icon = @“
iVBORw0KGgoAAAANSUhEUgAAAGQAAABkCAMAAABHPGVmAAAABGdBTUEAALGPC/xhBQAAAwBQTFRFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAszD0iAAAAQB0Uk5T////////////////////////////////////////////////////////////////////////
//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
//////////////////////////////////////////////////////////////////////AFP3ByUAAAAJcEhZcwAADsIAAA7CARUoSoAAAAAYdEVYdFNvZnR3YXJlAHBhaW50Lm5ldCA0LjEuNWRHWFIAAAI3SURBVGhD7ZLRluQgCETn/3+6t4WrYoIKmfTM7p7c
hwhFQb3k6/UDPCEpnpAUT0iKJyRFLuSrgRAj4eZ8AzlA1MrhAwx3xHzcdMCwJuLi3gRMKwIejilTacXWwqUCCiAWUKasDRwpoAwwKqD4LKasK2gHGCpoDqcRGyPMHDCMMGtEQphMwGRh0tiHoC/A2EFvbEIQt2AHxMYqBCUISwWUxiSEJo2/7YdQX8Bd/8WQyyn+9n
8coj7qPO7yzSH+8r8YItuUnV8MobxANqQUgnRH7EBcfUkKi6NYvyCdBb1g+lrKO+BJdrMgbQdVMQqlPCOOtglBBCNRyjPiaKeQwYNUMZqW8j3giGaxPQ3pDUaU0sUZmcX2VKR9QwueZpmO2JOnm7Q9LrmiYTaqe/VVtDvt+GpnF6KFap8JaUV1aXNXSF/rVWs+G6L1
x0LURn1TiN0617eGWAZdm46vdqIh6rO1wVc77kiXRoaBNB1XNORCTilajNqZcIg9Z/BU0SxeyME7tDQNTxTNkg1xD1JXRLPMQ2jeaO+nOFIo5GQ9CvTCSXgjmuVKSGEQZNxB7Tgh9/OEpPgLQiZ/y0DA8+0Le0cwZGHaGgqb8e7IZgy7+frMctjZGlaHFqOBvWN+aj
o4ErDMjk1kh4jHP+eKPiFTPWjMCMF13g2cbG7a6DbvDo7qWcpoRjjEXO4w2RIPOaUgB0hYDymIETJeG4MQI+euMTRRsv4SQxEnv3GBJyTFE5LiCUnxhCR4vf4AzHXw0b9akGYAAAAASUVORK5CYII=
„@

$IconImage = New-Object System.Windows.Media.Imaging.BitmapImage
$IconImage.BeginInit()
$IconImage.StreamSource = [System.IO.MemoryStream][System.Convert]::FromBase64String($Icon)
$IconImage.EndInit()

Freeze() prevents memory leaks.

$IconImage.Freeze()

$Window.Icon = $IconImage

$twittericon = @“
iVBORw0KGgoAAAANSUhEUgAAAC0AAAAtCAYAAAA6GuKaAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAApSSURBVGhDtVkNjFRXFT7vzezszu6wC8uPLEv5sbAIi0hKadMmVtTWBi2iTdSYgDWmTVM1GtNYMLWFoEmtiWJNrbHVlFRq1Vg1bZVGWqXFgpVgkUJpF1p+Csuyu+wKuzOzOzszz+877947b4ZZZM3yzZx3zz3/97777n2z60kVzFz3qFc3d96K+KSpK/2a+FLxYzNFvCYY1wcSJL1A8I2AUawgGpEy01eTChsGCTx8PT8DLhsUg3NSLJ4s5nOv5ft7ns8cPbKj88E7y1IR0RSK+T/feVNN87SH/PrUwjK1ZSOFKCoKcYjaRW2q8YAzd/JACpnBA/m+7m8cvv2DL1BiYcMqFvxyz/3x5ukbvZjP8fOrKBkhmo0eyYLZD6cefScmw8YLja1e4QLDE7yaOFhHEORBoRiM9HVt6Fi7/DuhohRG2p7Yc1/N5JZNNoLLQUd0yJNMyBKsvpqyUlY1QCii/6hxIBjpPb2h4wvLN7FHE7nyZy/fWDdjzl8kFuO0OWiwkL0kjFJTiIsEK1ONFqRYCIY7j9185M4btseuuOcRL/ne9me8RN00GrsAZEDkbUCnM6jsEyozvmwIZ2MFhOVN6/IYv7K4lHlAPH51bPbCR/zEFfNXeMlUO55cIfEeBUVtDB/ggUbHkLVT24p+QCfK6Wd5xoroHc+P5inFYR62o8X1a1MLU7Pet8KPN01dyZHY2fEQiElDCmUkJojaVSXaaCFROS740s+S9l2eqG1UV4WAWNOUlb748aUcSVEDhKOqHK3y1KPV2TC8mwlLEf+QZ0jTBzFHmU0FuZhGzwBRvcpi8aW+iD9LChgCZ8gQRwV7HbHODGVWR4I99cqztWTilAhCytCoPf2MTvuG3B2I6thG41lbz5/lLdh66JRXVz8DIl381I03ZjbE5VOzG2TxpIQkY76czuTlb6ez8kJnVgpaoQHYhhpf0nlWWR3FoUyn1/bEGwOxuoYUBepuKrdPL8+BZVNq5V89w06vs2J4m1Pd9KJdBffc2xc0ylfbmySB86oSB/tzcvc/eqUTg7hmWp18dm5KXsRAnjmeVr3dsxnX5iwMpdPe/C0HhmLJVG2kDs1r2zok27l6pmw9PCAPHfgPJKUAWjQNMTFlhwNAky8vapKvLZ4YCkbB+ZFwVhsxw692D8mXXjqD2YeAsaiw8dhCFmTTwz7WmBfQisTFjtYDWVn7xIRMQMC7UMC9S5slRkfaocJKP9eC2ibUyFfaL14wwWJJe3uG5Ef/7pe18xplVn0cSRCL8QxJ3sX3fGXQV8KgSbRhnzM4uRbPqsHatgny2IemyZTamLNVMr768Bjfz8+bIDhfLxmLJtXKUze14M6KHD8/guIgNHGjOTgAzDR6LNxWSipCSxk+/UP0LuH66Ul57hOt8rkrUxJHUc4ffiQba9nUWuNxaahDsB/v75efvo4lyJiMZ2K5+tjiw+XBYz0UoGVi1qwO6O/HA5g2685iImZ/07VT5E+3tMqatkZpwu21/tzHSZNwN8aCLW+ck4f39btCLZUVrHVik/Yo4Nco9baweFN4NleQrW+eCyNXYE5jjdx/zWTZ9ZlZ8qubZ8jdVzXLqjkpuQqzPHSRbasautL5UnFaR6kGR5x9yL25D+8b9pOphPF1u4YFl0Aci/PJla3ygTHe8rFg/d+75XcdA3azcDVon5MKhnwhO5jzuXY4OkvhLQiJd+EjM+vlF3hA/nk6I5mKZTKe6BrIm7xFnVVXDynyrHAAfmk5GAUNTJ90GAfAtS1JuWPJJKnn2r0MQEY50jesefk8lRVchXSmXaFmAJAbJ5GjfTk5dBYBLyO6BvM609EZZW595yChLsrCPncPFKn7K0kHECrsQ8Cd4IFXesKBXCbsfDeteVwdJrcjHYyRoV5f+0ZZGmU5v/NEWtb9tUtyHOBlwLMd5zVPWDhy6kSW6nA8i8VXT0QuCQouMFIdoqJ9+uA5ueWpY7LtyIDkKR8nHMUzs+tEBjnQMbMc1oIWdXHJ6rJlTTjKueZLx7hTlpxVZgLUY+/73keny+ymGhkZxxn/yZ6zUkAxgdk1QmL+sLUTqDKmBa/LQ2caHTvbJCczNIjjfM/JjCyaWifJcdpF9ncNye8PmmPbFKgUrYcFkiL16INoH0AtmH22JMrdqAP5AQ6AXVjf44EhzO43n++Ugs3PPDa39iuIMmMbbnmqgJc62SIjQUAc4TAOl9t+e1we3t0rgzkY/J9ANLlv+2k51J01OZgTy8PUwlyUaz2RGqinzmvd8Oowfm4lPB6SjMag0bOUPFr3ck8ebX3Cl+vwE+q7H2uRVryDjAWbccc27+xxL/YK5VGQSWTzqDpiF+TS5hi3Tyc/dATPvuo4MrRuximD3dWtSVl3w7QxFUzX7+84Iz98udvNqM1T+eKm9dCBZGxI1Hkzvr172K9tSECkCMep/iGPi49LUzIm8/Fb8brZKVm1qFEW4IEcC/qzBVn33Cn5cwfeGBE8moewfXIoTVvLEfb3YnE4nfNm3Lt7yEs0RF7fQgdiIgq96/qpsnZZs0zA+7FdImNBATPzB7zYP/Bil5zBcW1yX4BK+Wh2KHrYa/nW7kGvtr7BWlxgDEFrY0JuWz5Zbl0yUVoucTn04P34WfwQ3oJ9+O1e8+5igrMhNI9NWCa8EFwdnLRgJDPotazffcpL8O8eJU/lSpfQA62P7Xkxfm4tn1UvbVge0zGABvMbcnC4KF34bXcYP1D3vpuR17uyODlNRLoTrhPmUdiu5iCsDn2t0hioGCdiLtvpveeeV970axoWROP8TyCO3WHY2LyEpjbTUh6S67NSdhGYoGFTukou/ZaPRXdCk5gntpxgZHThE236+PJp1z8UahvaWJ43KCrTbFZG3unIG3I1GD2+bMM4qF55iAuFE36QH9mnmzucwjYkOkdlDOL6Njj7ThYhE0NJZZE4+o5heFxUp20oUz7SujpItB3J7/MLg2e3qZajIcirkeFZoLboW171YZBwFqu01pYgbygUGZ3lra36UWRkam91obyYPrvNz/Uc21EcHjzkRkInfbuzM0JnyDQwvioLc2ks01d/leNi/FRn/SxZe6NTQl8LtIecsSnLAcJ2d7DQ/c6OWO6t7VLXvqrDr0utwaqza16hDS/qyQ550zoYARtD6mftqvmytfxogN6UoQiKhaBwvmtN36/veFv/opJ97TfvJN//6QC7yId1myFsUIzQbRUuKRnI2FBn+4TdJglrb22N2PFRP2vLVnlcXF4si8GejWcf++Tj7Lo/A2X2PvlScsnqwIsnVyAQrPGFscYOTcoBoQlZ0kcNLc+2Gk/YvsrCfBcAM1wc7N3Y++jH9d9xhM3r0PzFp2/0GyZv9hMNi1WtFtzGsHLIc+ajXuSjMxYFxTx7RtFXk7rzBJdgJH2okOn7et/jt24PtSGqZMI7x+oHPb9pzgo/2byS/5Ph/8Zh2ISI9XhAkxyDejI4EeWJSh1hKzQtV5GaeJiOwMsGfpCB4JxXLJwMgvy+YqZv28j5ozsG/rjeRjIQ+S9Qcb3TaPwbqQAAAABJRU5ErkJggg==
„@

Create a streaming image by streaming the base64 string to a bitmap streamsource

$Twitterbitmap = New-Object System.Windows.Media.Imaging.BitmapImage
$Twitterbitmap.BeginInit()
$Twitterbitmap.StreamSource = [System.IO.MemoryStream][System.Convert]::FromBase64String($twittericon)
$Twitterbitmap.EndInit()

Freeze() prevents memory leaks.

$Twitterbitmap.Freeze()

$imgTwitter.Source = $Twitterbitmap

$githubicon = @“
iVBORw0KGgoAAAANSUhEUgAAAC0AAAAtCAYAAAA6GuKaAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAAgjSURBVGhDxZl7VBNnFsAnk4fyhgCigIiKwIItSqWColZbF7tiPVW69nHag213t93uqqeeup7uq2u77XZ7uvbUHltdkUI9BUUUiQIF5CHlEUIgMCYQXgJ5kISQB3mRZJLZmfiVcyyZPDC4v3/47p2Z+12+uXO/e79QoIeAxymlBQQGZ4WExm1nLAl6AqbSE2GYGg1R4FCYQqHY7TYrhmFKzI5OoKhFMGtUsTWq8YaUDQeHgIlHx1B/dbpyavAbvV6htDn88hyLxYjNaKXIpJh3Aum+EgFMLh4jg/WZ+ErVWa0m4MLDYTKqDAqZ4PTdnvJIMIXv4PPKw5RyYaHVYrSD+XyKwaBUi8bYv+24U/RQ4TrHvaGmbL1OLgL2Fw2bDcWUisFbPE5JOJh6YYjG2fnmWZ0Z2H0kzGgkI3d5FcnABe8QjXUew2N3UcLBHXqdYorPY6UBVzwDj698q+X/4/BPzGhlio6W75KAS64ZGWzIftQhQcaUfHj4esm/mcC1Oajgr4NebikzdlVGvZ8/MwyoHgDD7FBDbZkuMNAf31TCYKBeEHY7CvV0NUFqtWI2clksDagfwD+AyaTRKKnhS+HSpvZuoP0ZCll/IfgnnSKXjWKHX9z7+4///nZyP3KnnmxjwXc/zGqddWQEZ2jUcuzzT06Icp/Jel7Ir8uz28kjEQ9TrLG26E3gooO5lRbyqzNXxKadoVLppLmS38eBOtpa/3D669Jh1KS+lJIaHxYYyNwslY5Adxqr7c23bwpqa8qaa6uu1TU13Kxra6lhCxDOkFRyz6BWycNDgoMYOp0K+vTD9zt7uMiOytpW7suHds1ErVj3LpXGALM8CEylQYwlS7KXBWEF9c0cE6Gbey2RUUkf0el+LpM7XktANCpVQYzPfVthx40dCw7yQxBk2IxabVVVDe3TjhudsPfpLEZ0TOQ2CkTZrFbrzlbUtGjuX6EQr+P+kIQVMYnMzdlbTkLQ2feACoIECCudeA3uEI8LsHfyDySCx3yCoI+1G18MMAM546N9+qNv5Dk+SsfHFBG57nc0+lJi6JKo6DVQQlJcLhB9AjNiTQ6F4v6bjolLDsjctimfGMNtjYU0P//QPMcVNzTfrsA62nvHgOgTpGJhoUGvVAGRFPxbg+LXpr7mEPh9lds8KS8HB7qw13695wPHQz5GgPywBy9Z3W5mE2N87Dev5K6Gmcz47TDsNE3OgdfyUFlJEc+gN30IVD4l5bGcGo1KVAZEUpaviIfWJcXvghlLg9KBjpSRYQRCeIKPy6uabUDlc+STwtM21AIk59AZ/lDsypVPwnisuN3fEV6XAd8OK4G4KEjEIrbRoJIDkZSQ0MgU2NHTuUGtUnSXVjaYgbgo7Nn3DobaLL1AJIWxxH8VnmsoIUAmxWo1S8BwUbHbUB0YkoKHRjix0m6TZDgz0n0S9wFUKm1eRecEPxjfjVAgkLI8Ju4XYLhotDYV0PANbiMQSUGtVhTG058ayKQkJKYmHn/7UAIQFwW8PM3xDwgPBSIpJpNRh680KgIyKcujEyj7854/AkSf01x/gYIXbH/GQxVoyNHrtJOwzWoWApkUCoUCPZ6+461b1790+/oWwuq1648Eh8ZmAdEFGCSbFI/AJpOWCzQuCQldTs/M3ne1s7U4Cqh8wuhQ096o6PWfebLKeBsIjY6O90I9nLJNqNXzllCrEQ8J+ipTgJ0F0/jDOWjiXvthb/rRAX4nduDZbb+EqirOwFq1VAL0HmEyaYyicc7JbvalBaXCu7zyOKVisIxoy7zh++IzhtxdmX4OI1Ix8h+g9xiir9PNTEomxby/9nEvr3EYckEP+3tYyL+1FXe2YNakmQVmPIY4Pzxx9NXLwBwEcdmXk82z+gWfc5jNeqyzjfUFMDePiTHO6/oZ2RReEIEnvIfb2YDte2ZLDmHPsRs+sfnQgFYjZRFjZxDtPh+5g5JVYQxGAKRUal8H4jzodP+NAUFRETBeyC8EojetqiznW63WOkKe28IlIuRvFrPBaelJ1NvBwWGyKtbFj3RahdPCST4pdXTKzlDIhko92HhJ4XGboR9b2Kdqmjl2Qp5zemPGwd4pxch5IM5j5ar1sYlJKcnXr57bwe28PWA03N9I8TcH9fW0QFW3qgocCifIZZMc/OO1AtErzGYD9N23F1ptqN15k9DSeCFYoxLfux9F80FRMybkN5zKSk+hvfFq7nP//Mcfvzp5PL9059aNb23dlOqy8FKrxDJgxgvsWFHB57M7s9JSgRnn9HJvZJmMGtLcSeT0SUnfeR6nxKvTe/W0WA5MeExnRy32q6czjwITrhm4e/uwxey60TQZ1RatRoJo1SKuVi3mdHfefAU87hRvnR4d7sNeeO6p4uyM9Z7/OiBAGt6zeHCA8xOs68Wkp0sE6mmRx05PjPdjL+ftrs7akOz8rMwVXWzWMZNxxv3xD05FWaHLrkPlodPC/i7spYO7WZkbkhfeeNRWFx5QKsZngE1SbpQXuXTaXXgQR2O1NVewnJ0ZXz6ZluT6TMMTvvjs3aTe7kY23iuCKeZTcdX1SrtyWjUtxT45dVyZkZb4ArjdNzyeupZafPFfRwYEnGlnJ1LunHYWHkajBiu59LVt/7PZF9etjlkGbvU927ekhXzz1Qd/aW2plup102B6DLt2pcC100qRI08TYSARD2Lnz346u3/v9uLHkuK9LnMX/GNjakIcPX1Typ6du57Ki4iMzmFVVIz+t+jaFnB5Hi1N1/4kFI68j/T2dLS3dd8wGExX+EPjSnDZCyDofzRoPO+k4gwnAAAAAElFTkSuQmCC
„@

Create a streaming image by streaming the base64 string to a bitmap streamsource

$Githubbitmap = New-Object System.Windows.Media.Imaging.BitmapImage
$Githubbitmap.BeginInit()
$Githubbitmap.StreamSource = [System.IO.MemoryStream][System.Convert]::FromBase64String($githubicon)
$Githubbitmap.EndInit()

Freeze() prevents memory leaks.

$Githubbitmap.Freeze()

$imgGithub.Source = $Githubbitmap

Base64 representation of Icon file from mmcndmgr.dll Index 0

$OUpng = @“
iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAYAAABzenr0AAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAAUrSURBVFhH7Zd7TJVlHMdtq9ZWIEyBuUAEQYutOhS51tJs2Wazi80uVixzsHVzbi3LodwEBLkGiJqIpBkzScp0ioJFaXEXkIsgcgnkfrgjyOEIv76/533fc14OL8fm/KM/erbP3ud9nt/z/X5/D4dxmPP/uJuj8tRnb7Xl+tO17I9n0JLzCfHehQw/X5TeD+4Rh+7mYIOhq2lWqT0fQih1BBxi+ij65fPA5ryviGn67UtqxFNiKzX9vpWaLwRQy8Xt1JofRO2FodRZHEbdlyJIX7HLBJtYjm1ZRF8cbDQFyNzz3gbY2QDzLbD5QFUI/Zn56R1RfnIztf6xhXoKttBQb/M0YrMaKSC1ROwx1TkBfAsLwH3CnEd/VazomsbOE40yuSCH6MZZkE00wpzRpDZ7E+Uc/NAU4nbIATzBg8KchzA3lhF1JBJ1JYFkGZ6DTswV2lFz/WuiVsBPhOgo2UFHol+lo3FrKTNxHf2c8g6d+3Yj5WV8hBvaRAVZmwWqAF7AVpjz4BugiVKIw6yDDWdBmAM2VwK0g7FfpVvjWxk8TtT/gyb5x/ysBDAUSYJtLAoTgWzAa7x3PQHGQMzV6wryfku8DL/Le6gdrI0SPy5YagQY/0s6oD6k0AoxgWzARoqZMGSw/3ecRDPD7xzCjPUAY3nmYj6oPqwYTYNrJLMpTeIlUMNwndUAU6PnUIQgAqULwAJCUIMm0BhLk40xMjwHTWamFLBuPcDwCSIUMVMNEpMyUxAXCLE4mICGOLp1LQZEmzDK8HyyQQY1CtYDDGZKQvUssMuEsZ6fbASRegQCijHvTVxVE0UTdVFkAEboSPtYk/etB+j/Xhw04ICCEYdEIAt4nQVFPRiHsBoDmKibvn/zSpT1AJO9380Ugoi5O9yGjNLleG2kxBULxPlIYTpWE2nCaoBbPek4gEPVO2UkMQOEuCNmHILMzRoWVomjXlATIRitZnbSjSomwsRtAqTRKIoY5QCLqDsYq+F3CZNBZQSNWKA2Vq8PoqFZAxg796MonIYvh4snI0LIQSRDORybqIQtGRZP1gqjoQoJng/gVjUD6C/HkLF977TikcowmHAQtbgUjEMyQxUKZiOBbDysXitHAITXDNBdFk2Gtt3mYhnFyAy6A5Z1CoMVOwTKfKAclEn0gz6c1QzQUYJfmbYk+aBaVN0lKJcYnAHOqRgAbNh/KZT61EBTM0BrAT7p+AMkEqspgxgji3I4gWKk7Ku6NFEaSr1AXxpC+hKJPqxrBmi8GEGGFgRAgUSooF9GWlMbTkfqFlcMQwV9cbCgB3QXBVNXUZAIpBmgLi8MARJmXhnMGTYwh1N1CVO1cS93C3rQbTeM2bSr0ExvySwBqnNDaRw3oO5AYBnIYr0XRoy+BN0C0a0wBoWB1FkQSB35ZvTFIXR6v+/MALmH/SnnkD++x/nR2fSNdAYpTx/YQKdSP6CT3/jSiX3v00973qXjKevpx+S36Vjim3Q0YR1lxL9BR2LX0uHo1+hQ1CuUHrmG0iJeptTw1bQv9CXaG7yKUoJepN2BL1Dy9pWUtG0lJQY8PzPAUg9HGx+dy1JPdwedp9t8ndcSR28vT+AxD8zH3El+d/Re7rNo2eurHn129Yolzzz9uLPPI4sdnvRwnafzWGinW+xsI3B3ttWt8Fm4zM3Z3tvdxV7n5mwn8bCtztnpoSdguQiYvxVj3At4Ye6/wc72AbvlPq4O69c85vTcU64OLgvm2mvVWYG92POOB/9Xo4Xl0Fr7r4w5c/4B2rPd2qevIDUAAAAASUVORK5CYII=
„@

Base64 representation of Icon file from mmcndmgr.dll Index 60

$Computerpng = @“
iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAYAAABzenr0AAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAACqSURBVFhH7Y5BCsMwEAPzdD/NP3Mj1JCQlevQlaEUj5mbV9K26NAm+JhWa7WLXMaPkQFZkcv4MfejhMUxoCV0DWj34Kf+zYCvXQPWgDUgPaCkTQ1wilzGj5EBWZHL+M8cH2faRS53ix7WReSBW/SwLiIP3KKHdZHz0/tdD0fivqf4Jzk/lf3T7vXQJXpYF5EHbtHDuog8cIse1kXkgVv0sE5zfJjp4pfYthfqvQdyNdrtOAAAAABJRU5ErkJggg==
„@

Base64 representation of Icon file from mmcndmgr.dll Index 66

$Containerpng = @“
iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAYAAABzenr0AAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAAEISURBVFhH1Y4BboQwEAP5/6v42bUOu9U2nQQHaE8daaQ7sL1s/43XRR/htYo6R/U+MemjzlG9T0z6qHNU7xOTPuqEt4lJH3X2fW/qd3iJmPRRJ49X9Ty0iUkfdeh4VZlwSkz6qEMHq8oUh8Skjzp0sKpMJ0LBU+lglTqfIrPCD/tDJPVCxC03a5akThFZGqJsSvlOBMdSva9SRva5gQgO9io3yuY7QwRHRypfO/nfFPl2wFW9CyJ4wFHdRREcd1R3wSE47qiu6RQcd1TX8JQWpANnZnfiEq1Eh0ZmZ+Bl2gAd7M0s+AhtjA6nmel8nDZsfsCv0o5MPuDP+PqQ/K2H7+Ctxx9g2z4AyFihLQt96+cAAAAASUVORK5CYII=
„@

Base64 representation of Icon file from mmcndmgr.dll Index 95

$DomainDNSpng = @“
iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAYAAABzenr0AAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAADuSURBVFhH7ZZRDoQgDEQ9OkfzZq6P2tishcJKzJowyQsEpkztl8s/a/uRIdrWde2GuoNbch+PoC6ldLsBfaAbwoc04H1dBHWzgYBmuQE1qAGRv6pnJ5QbUgJ/SvVwXfHhzykVqakZaaAeztrcgPelJfDzsJ2C7rUxvQf8OaUiN6gEfg2ykrNrE/hzSkVuUAn8+rjo3Mt63gP+nFKRG1QCvwZZydlbJ9CLBlnJ2Vsn4AWVwK9BVnI2JzAn8MAEgBrFm4C93wnlhkRQZ/6GvumSGxBB3fwnfLyBPSXDnroR4egS1AJ1B0NkH+zhjVqWDwWbZLRmE0YzAAAAAElFTkSuQmCC
„@

Base64 representation of Icon file from mmcndmgr.dll Index 59

$Grouppng = @“
iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAYAAABzenr0AAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAAFWSURBVFhH7ZFRkoMwDEM5OkfjZu0KolQxckiAz9XMG2diWwrt8lCfCV6VCxhlWs7kKUNyi2/SlVt4m1Ru+Dbbtn0gVCA9Kx14jIazll6qxmAUDZCQescqPau6OIMGsOKeZ61lJ1U1nQHSID4ghCqp3HAXSMMh3OsdxlCP876XigOXaAAU+1CcQQVlxqoxcdAoVrQ0wM2wFi8rNk/0DGMFVzvF96QaGOHiaHU7vC9Y6UCDGo1W7PHMWvxS1cAMGmVVQuodq/RS1eUeNMxqb6Z4dFWDHDTKKkN4jhSfrmqYAyYMy6rbE4bkFpuQHphd13Wn7N6WDYe0F+HMKw+AYrgGMMTNvPIAZ6z1F7La3pNH7KbOWOsvAH/LMd/26gPIkP4GYUho1PtKcJ5vfcD1I8JC5DCG2q9UdJbn+guArsrCFS5Qe00gGFZYjOaRe185o2jc4183tCxfI3xJToZZFYUAAAAASUVORK5CYII=
„@

Base64 representation of Icon file from mmcndmgr.dll Index 58

$Userpng = @“
iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAYAAABzenr0AAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAAECSURBVFhH7ZFBDsMwCATz9DwtP0tDDNWCwDXY6SkjjahkvGs120uBM+FSvIJRp/FCs5bxwqqm8UJmTOOF/PQ4jpOgScJZCrw4LJbL5LM0KnhUKZX51wdIKU4+K6HCewalaAkvSEnYcpp0RLP9vndLfIusXmk0Sb6XRpWiEj46+V4aVYqOlNrJd1OoUk8JjyYUk2nwcqiURZP3yqgyq5RE8/EH9Mpl8u4UqlTEkp68vwS3nMAzx2XcZbZc5r7vt7TX1tcTluMjaK+tr0WCu4946gFXIH1nkUqa9hFPfIYrCMut7SGE+QfQKa4Ar9iKhe5ZGQlgbbgVd9TdZdjgni8DbNsHGNd/8V9LX0IAAAAASUVORK5CYII=
„@

Base64 representation of Icon file from mmcndmgr.dll Index 126

$Otherpng = @“
iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAYAAABzenr0AAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAAErSURBVFhH1ZABjsMwCATzdD8tP2s1GCMUNQY3JFVXQtu7sDvI27/qpfMTvbrsiEcPMbh3/q9zqwR2hHtnR6dcBsk4+zolktII+snJ6nwtK7vi9OgsScJR+YrT2atjWajK6dQJZaEqp7O1ljrAQlVOJ/DWci8gSyN81eka8IUXsEvld9e6k/fw9Avs+y4FOH8zXXknc4QvvYA/YhSOb13nzt4n+FcvcHS+M11rcFzzU0nR7IgBGrtdMRzX3FQh3Dv7YyI4rrtTpeHeyUVwnD2hTJSGeicXwXH2hDJRGuqdXATH2RPKRGmod3IVcJSGeidXAUdpqHdyFXAkgQzUO5kKuJeEM3Cc3Uq4lxRFR7BzB9xLSs+O4NudcC8BnL2Afn9EAvMvoPO4LsK37Q0ZagAN4BkscgAAAABJRU5ErkJggg==
„@

Base64 representation of Icon file from shell32.dll Index 234

$excludepng = @“
iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAYAAABzenr0AAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAANTSURBVFhH7ZZLTxNRGIbnBwBFQcFLjD8B2erCGBUFGveujCuNG68ovwBR8IKgK9yCeElASltughZFRRAXGAKllrZUoPTCRmNsPt93phchpZ0ZcOeXvGkaynme882Zc47yvzLV6qRVVj9bJaamWmITWqLMeDJVEvn0V8a0hMcqJfwxnZUPaiYSQ+srwiX4yGQeiiwwLUizSMSpSiSG1lecOQeLe2oxQN86QLasgy88EAlD4P1JowLV6oDGBDLAAxRwSMiwAJ41B9UvsAE80AQB+78WyAIP3NcERg0KcLVz8NwCOeCBeyIrZgTwmhGQXUAH3E+BHlneegGdcP9dCNhk+d0JowJVKiizgAG4/445Ae5smQUMwrdWwATc1wiBbll6u2kBk3BfAwRemhDAobJGwCzcd3uzAjcSAibh/FsIAiMGBXiksu3xOQr06oLHnDUysHe/xBzXNDgTwP+FumTRdVQWRyrKOPYLpbAM8fBThWUqnuNse3zuOgScuuD9BaXiVbbLG3zGHFe1Lix1yM+5BllyHYFExcTAgX2HnUphZBq/68Tn840kNIGWtECOtnPmhEeVIllGhiERHaiX+GK7hEet8mvqvATarNKfVyw+/G4B+Yo8QycSyLWlCTRDoEY9z3M9c7adMyc8jCwiQ5Y94gf0x5ezEu0+J4MFJSk4Ze3oAAQyd4A3GLY97qaAIys8ueDYds6c8BASBGQwf4d46k8Zg7NUAbQ97saCwnGaC65m/pZEHZdlCBKELyEBxKVsMwZnaQJNaQEdcJmvR25K1H5JXkGC8O8IZZLwXqyBnHAW73Bse9yN1YzzXC9cjbdOvI2n1Zkn4ZQZxvfJ2nJ9+wGvUGy7JtBjCB61X8QzL021nXA/4kGc6MBTPR1QBdD2uPsKBGym4Ww7Z074POJGbFgDHYoluwSvUGx7SsAkvC+/WDx1ldKHt4Dwb8gMhLoVS+RJNglNwHzbCe+37BZva7n8nrogkc4z4izYqcLnkGmkCxLtG0nwDsdLRDI8zVLBwYJ9XYtLi21XCQZNw7naZx8fkuDr4xIcZo7JTOtBsecVqfBZZBxpUyyZd0KjxYOFezu312zvOdvOmROOdRCBQO4Fqbd4sADsyfWes+2cuQZXlD9Le+RDT9WknQAAAABJRU5ErkJggg==
„@

Base64 representation of Icon file from mmcndmgr.dll Index 6

$Expandpng = @“
iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAYAAABzenr0AAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAABCSURBVFhH7c6xDQAgFALRv//SusAVxKCN9xJaYCTp0II85YG/DtBYmgoqTlNBxWkqqDhNBRWnuebpGPGABySpZGYDyjh8hAYS3OQAAAAASUVORK5CYII=
„@

Base64 representation of Icon file from shell32.dll Index 238

$refreshpng = @“
iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAYAAABzenr0AAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAAPkSURBVFhH7Vc7UxNRFOYXKOIDeagQIA9C2M0mAbTiJ/ATQHkEMGHxgcyIEJ8zykjUUUEt0t0iKZzZJiVFipQpaCgyk4bCLj/h+J3lbtwkuyTY6pn5ZvZx7zln755zv+92/LN2YU50ysv2zXdfzIysiszwqij5Hhrk38iTD/A+ztPNuCj1L4lM35KYkcNd7eKcyCCBaXl7to0mRGcgIVKBtWxVeV6gaPqY7vz45YjoxzL5nxWofyVbvb4gUt0LzV/ZeVdkuu8b1FYCY0mhBhOiEn5VpKn9E7r9/VdbmMRYf6pIPcu5yrV5oUp3HZcQPPC6RMPbxdYJhNbE7PiGQbFPZZqC079B+EOZ+pMGXZ0Xs5fvnQbn50OtElAQXHli0AS+ZBIT7OBn4d0jCr0o0phE8HmRlHdHFPvaPJ6f9SEJDm49G3p2RgKqLlSVg2PixDcElGBHoVSBfMlcBUWYHloR0x5gYFlM34qL6Rtxkb65mqvw0kcb5jbC0yKBShTFFMNACxHccxGiC3Q5zNX6FoV+I/GzqqbrfdjhmkBYFykNBRc9QEVLaPiPo3q2ik6oFVMr61kUam88S9qXkzpfFgbdEtAeZqsRLF8Eg0zAQRDB0YptB2dDAmbB1fw0wDEBbV3MaC8KpGGABeUlCizZetnthl9gBrf7acTAlkMCkXWRCe8dU3gf7cP4jKJbz1Xk67aMd0IOXvPhArcEDnnDYaj4cmX7kLARpeXrloYuyAzoBnl3ijTCQK/zhsM9z23HhcdLz+heyzvXwH/7ty22laeJN0WKvcZGJBEBeGNiWMUZeGQQtuKMnNbSQERpz+ahWZxWgUIPHMrXf4yDO3G8HdrbErEgkVPasuvxXGXy4KTmQ3l/zAk0dxcn4MTtFjg4uOBcwaEFdB++2O7H87TACTSrphgSaORzCxzcf87gUENqTzxbjYG+LT983bWYrcoh9cb/3s7jFpj/QUacwHnJqMqCxO6LNyZIspQcVm+cgBN3M5ieRx/8bIuOe0HHfctZk47tPhTcQ5K5b+1c9U7cbYFFxjjUj9cmSAYhRmqCZOlUkHghSplR7XP5vidhUNe9M1bRbD0wFYP/uQI9GHXgc6Zoll8swxijUEABIPT2yHzXOJ41QS+CQxPOylDOxj3PXG0GXxOZUFLMhpAEC5JGPm8X43tlUw9egSiVYdwtwhsOgkOS1aodWkAN6rkKLz1/iRO3O4GpnNkQnVAny880bdMgSDLHVuODiR+aMLhTMIvJieMZY7vHNLJVIC5Ct4OJq7EgkZeu5rWOZiuixMexEWD4UZ486wZBD5wezRZbH83+2x/r6PgNVo1XtD2bLOEAAAAASUVORK5CYII=
„@

$txtTempFolder.Text = $CurrentFSPath
$global:bolConnected = $false
$global:strPinDomDC = „“
$global:strPrinDomAttr = „“
$global:strPrinDomDir = „“
$global:strPrinDomFlat = „“
$global:strPrincipalDN =““
$global:strDomainPrinDNName = „“
$global:strEffectiveRightSP = „“
$global:strEffectiveRightAccount = „“
$global:strSPNobjectClass = „“
$global:tokens = New-Object System.Collections.ArrayList
$global:tokens.Clear()
$global:strDomainSelect = „rootDSE“
$global:bolTempValue_InhertiedChkBox = $false
[void]$combReturns.Items.Add(„ALL“)
[void]$combReturns.Items.Add(„NEW“)
[void]$combReturns.Items.Add(„MATCH“)
[void]$combReturns.Items.Add(„MISSING“)

[void]$combServerity.Items.Add(„Critical“)
[void]$combServerity.Items.Add(„Warning“)
[void]$combServerity.Items.Add(„Medium“)
[void]$combServerity.Items.Add(„Low“)
[void]$combServerity.Items.Add(„Info“)

[void]$combRecursiveFind.Items.Add(„„) [void]$combRecursiveFind.Items.Add(„User“) [void]$combRecursiveFind.Items.Add(„Group“) [void]$combRecursiveFind.Items.Add(„Computer“) $combRecursiveFind.SelectedValue=“

[void]$combReturnObjectType.Items.Add(„„) [void]$combReturnObjectType.Items.Add(„user“) [void]$combReturnObjectType.Items.Add(„group“) [void]$combReturnObjectType.Items.Add(„computer“) [void]$combReturnObjectType.Items.Add(„msds-groupmanagedserviceaccount“) $combReturnObjectType.SelectedValue=“

[void]$combAccessCtrl.Items.Add(„Allow“)
[void]$combAccessCtrl.Items.Add(„Deny“)
[void]$combObjectDefSD.Items.Add(„All Objects“)
$combObjectDefSD.SelectedValue=“All Objects“

$CREDS = $null
$script:CREDS = $null

#

TODO: Place custom script here

Check if UI should be loaded

if((!($base) -and (!($GPO)) -and (!($Targets))))
{

$Window.Add_Loaded({
$Global:observableCollection = New-Object System.Collections.ObjectModel.ObservableCollection[System.Object]
$TextBoxStatusMessage.ItemsSource = $Global:observableCollection
})

if ($PSVersionTable.PSVersion -gt „2.0“)
{

try
{
Add-Type @“

public class DelegateCommand : System.Windows.Input.ICommand

{

    private System.Action<object> _action;

    public DelegateCommand(System.Action<object> action)

    {

        _action = action;

    }



    public bool CanExecute(object parameter)

    {

        return true;

    }



    public event System.EventHandler CanExecuteChanged = delegate { };



    public void Execute(object parameter)

    {

        _action(parameter);

    }

}

„@
}catch
{}

}

try{
Add-Type @“
using System;
using System.Runtime.InteropServices;
public class SFW {
[DllImport(„user32.dll“)]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool SetForegroundWindow(IntPtr hWnd);
}
„@
}
catch
{}

Add-Type -AssemblyName System.Windows.Forms | Out-Null

$chkBoxShowDel.add_Checked({
$global:bolShowDeleted= $true
})

$chkBoxShowDel.add_UnChecked({
$global:bolShowDeleted= $false
})

$btnDownloadCSVDefACLs.add_Click({
GenerateTemplateDownloader
})

$btnDownloadCSVDefSD.add_Click({
GenerateTemplateDownloaderSchemaDefSD
})
$rdbScanOU.add_Click({
$txtCustomFilter.IsEnabled = $false

})
$rdbScanContainer.add_Click({
$txtCustomFilter.IsEnabled = $false

})
$rdbScanAll.add_Click({
$txtCustomFilter.IsEnabled = $false

})
$rdbScanFilter.add_Click({
$txtCustomFilter.IsEnabled = $true

})

$rdbEXcel.add_Click({
if(!$(get-module ImportExcel))

$global:observableCollection.Insert(0,(LogMessage -strMessage „Checking for ImportExcel PowerShell Module…“  -strType „Info“ -DateStamp ))
if(!$(get-module -ListAvailable | Where-Object name -eq „ImportExcel“))
{
$global:observableCollection.Insert(0,(LogMessage -strMessage „You need to install the PowerShell module ImportExcel found in the PSGallery“  -strType „Error“ -DateStamp ))
$rdbOnlyHTA.IsChecked = $true
}
else
{
Import-Module ImportExcel
}

}

})
$btnGetForestInfo.add_Click({

if ($global:bolConnected -eq $true)
{
    Get-SchemaData -CREDS $CREDS
    $global:observableCollection.Insert(0,(LogMessage -strMessage "Information collected!" -strType "Info" -DateStamp ))
}
    else
{
    $global:observableCollection.Insert(0,(LogMessage -strMessage "Connect to your naming context first!" -strType "Error" -DateStamp ))
}

})

$btnClearExcludedBox.add_Click({
$txtBoxExcluded.text = „“

})
$btnGetSchemaClass.add_Click(
{

if ($global:bolConnected -eq $true)
{
    $LDAPConnection = New-Object System.DirectoryServices.Protocols.LDAPConnection($global:strDC, $CREDS)
    $LDAPConnection.SessionOptions.ReferralChasing = "None"
    $SearchFilter = "(objectClass=classSchema)"
    $request = New-Object System.directoryServices.Protocols.SearchRequest("$global:SchemaDN", $SearchFilter, "Subtree")
    [System.DirectoryServices.Protocols.PageResultRequestControl]$pagedRqc = new-object System.DirectoryServices.Protocols.PageResultRequestControl($global:PageSize)
    $request.Controls.Add($pagedRqc) | Out-Null
    [void]$request.Attributes.Add("name")

    $arrSchemaObjects = New-Object System.Collections.ArrayList
    while ($true)
    {
        $response = $LdapConnection.SendRequest($request, (new-object System.Timespan(0,0,$global:TimeoutSeconds))) -as [System.DirectoryServices.Protocols.SearchResponse];

        #for paged search, the response for paged search result control - we will need a cookie from result later
        if($global:PageSize -gt 0) {
            [System.DirectoryServices.Protocols.PageResultResponseControl] $prrc=$null;
            if ($response.Controls.Length -gt 0)
            {
                foreach ($ctrl in $response.Controls)
                {
                    if ($ctrl -is [System.DirectoryServices.Protocols.PageResultResponseControl])
                    {
                        $prrc = $ctrl;
                        break;
                    }
                }
            }
            if($null -eq $prrc) {
                #server was unable to process paged search
                throw "Find-LdapObject: Server failed to return paged response for request $SearchFilter"
            }
        }
        #now process the returned list of distinguishedNames and fetch required properties using ranged retrieval
        $colResults = $response.Entries
        foreach ($objResult in $colResults)
        {             
            [void]$arrSchemaObjects.Add($objResult.attributes.name[0])


        }
        if($global:PageSize -gt 0) {
            if ($prrc.Cookie.Length -eq 0) {
                #last page --> we're done
                break;
            }
            #pass the search cookie back to server in next paged request
            $pagedRqc.Cookie = $prrc.Cookie;
        } else {
            #exit the processing for non-paged search
            break;
        }
    }#End While
    $arrSchemaObjects.Sort()
    foreach ($object in $arrSchemaObjects)
    {
        [void]$combObjectDefSD.Items.Add($object)
    }
    $global:observableCollection.Insert(0,(LogMessage -strMessage "All classSchema collected!" -strType "Info" -DateStamp ))
    $object = $null
    Remove-Variable object
    $arrSchemaObjects = $null
    Remove-Variable arrSchemaObjects
}
    else
{
    $global:observableCollection.Insert(0,(LogMessage -strMessage "Connect to your naming context first!" -strType "Error" -DateStamp ))
}

})

$btnExportDefSD.add_Click(
{
$global:bolProgressBar = $chkBoxSkipProgressBar.IsChecked
if ($global:bolConnected -eq $true)
{
$global:observableCollection.Insert(0,(LogMessage -strMessage „Scanning…“ -strType „Info“ -DateStamp ))
$strFileCSV = $txtTempFolder.Text + „\“ +$global:strDomainShortName + „_DefaultSecDescriptor“ + $date + „.csv“
Write-DefaultSDCSV -fileout $strFileCSV -CREDS $CREDS
$global:observableCollection.Insert(0,(LogMessage -strMessage „Finished“ -strType „Info“ -DateStamp ))
}
else
{
$global:observableCollection.Insert(0,(LogMessage -strMessage „Connect to your naming context first!“ -strType „Error“ -DateStamp ))
}

})

$btnCompDefSD.add_Click(
{
$global:bolProgressBar = $chkBoxSkipProgressBar.IsChecked
if ($global:bolConnected -eq $true)
{

    if ($txtCompareDefSDTemplate.Text -eq "")
    {
        $global:observableCollection.Insert(0,(LogMessage -strMessage "No Template CSV file selected!" -strType "Error" -DateStamp ))
    }
    else
    {
        $global:bolProgressBar = $chkBoxSkipProgressBar.IsChecked
        $global:bolDefaultSDCSVLoaded = $false
        $strDefaultSDCompareFile = $txtCompareDefSDTemplate.Text
        &{#Try
            $global:bolDefaultSDCSVLoaded = $true
            $global:csvdefSDTemplate = import-Csv $strDefaultSDCompareFile 
        }
        Trap [SystemException]
        {
            $strCSVErr = $_.Exception.Message
            $global:observableCollection.Insert(0,(LogMessage -strMessage "Failed to load CSV. $strCSVErr" -strType "Error" -DateStamp ))
            $global:bolDefaultSDCSVLoaded = $false
            continue
        }
        if($bolDefaultSDCSVLoaded)
        {
            if(TestCSVColumnsDefaultSD $global:csvdefSDTemplate)            
            {
                $strSelectedItem = $combObjectDefSD.SelectedItem
                if($strSelectedItem -eq "All Objects")
                {
                    $strSelectedItem = "*"
                }
                $global:observableCollection.Insert(0,(LogMessage -strMessage "Scanning..." -strType "Info" -DateStamp ))
                Get-DefaultSDCompare -strObjectClass $strSelectedItem -strTemplate $strDefaultSDCompareFile -CREDS $CREDS
                $global:observableCollection.Insert(0,(LogMessage -strMessage "Finished" -strType "Info" -DateStamp ))
            }
            else
            {
                $global:observableCollection.Insert(0,(LogMessage -strMessage "CSV file got wrong format! File:  $strDefaultSDCompareFile" -strType "Error" -DateStamp ))
            } #End if test column names exist 
        }
    }#end if txtCompareDefSDTemplate.Text is empty

}
    else
{
    $global:observableCollection.Insert(0,(LogMessage -strMessage "Connect to your naming context first!" -strType "Error" -DateStamp ))
}

})

$btnScanDefSD.add_Click(
{
$global:bolProgressBar = $chkBoxSkipProgressBar.IsChecked

$bolReplMeta = $true

$strFileDefSDHTA = $env:temp + "\"+$global:ACLHTMLFileName+".hta" 
#Set the path for the HTM file name
if($OutputFolder -gt "")
{
    #Check if foler exist if not use current folder
    if(Test-Path $OutputFolder)
    {
        $strFileDefSDHTM = $OutputFolder + "\"+"$global:strDomainShortName-$strSelectedItem-$global:SessionID"+".htm" 
    }
    else
    {
        Write-host "Path:$OutputFolder was not found! Writting to current folder." -ForegroundColor red
        $strFileDefSDHTM = $CurrentFSPath + "\"+"$global:strDomainShortName-$strSelectedItem-$global:SessionID"+".htm" 
    }
}
else
{
    $strFileDefSDHTM = $CurrentFSPath + "\"+"$global:strDomainShortName-$strSelectedItem-$global:SessionID"+".htm"  
}

if ($global:bolConnected -eq $true)
{
    $global:observableCollection.Insert(0,(LogMessage -strMessage "Scanning..." -strType "Info" -DateStamp ))

    $strSelectedItem = $combObjectDefSD.SelectedItem
    if($strSelectedItem -eq "All Objects")
    {
        $strSelectedItem = "*"
    }
    if($chkBoxSeverity.isChecked -or $chkBoxEffectiveRightsColor.isChecked)
    {
        $bolShowCriticalityColor = $true
    }
    else
    {
        $bolShowCriticalityColor = $false
    }
    $bolSDDL = $rdbDefSD_SDDL.IsChecked
    if($bolSDDL -eq $true)
    {
            CreateDefaultSDReportHTA $global:strDomainLongName $strFileDefSDHTA $strFileDefSDHTM $CurrentFSPath
            CreateDefSDHTM $global:strDomainLongName $strFileDefSDHTM
            InitiateDefSDHTM $strFileDefSDHTM $strSelectedItem
            InitiateDefSDHTM $strFileDefSDHTA $strSelectedItem
    }
    else
    {
        CreateHTM $strSelectedItem $strFileDefSDHTM                    
        CreateHTA $strSelectedItem $strFileDefSDHTA $strFileDefSDHTM $CurrentFSPath $global:strDomainDNName $global:strDC
        InitiateDefSDAccessHTM $strFileDefSDHTA $strSelectedItem $bolReplMeta $false "" $bolShowCriticalityColor
        InitiateDefSDAccessHTM $strFileDefSDHTM $strSelectedItem $bolReplMeta $false "" $bolShowCriticalityColor
    }

    Get-DefaultSD -strObjectClass $strSelectedItem -bolChangedDefSD $chkModifedDefSD.IsChecked -bolSDDL $rdbDefSD_SDDL.IsChecked -Show $true -File $strFileDefSDHTM -OutType "HTML" -bolShowCriticalityColor $bolShowCriticalityColor -Assess $chkBoxSeverity.IsChecked -Criticality $combServerity.SelectedItem -bolReplMeta $bolReplMeta -CREDS $CREDS

    $global:observableCollection.Insert(0,(LogMessage -strMessage "Finished" -strType "Info" -DateStamp ))

}
    else
{
    $global:observableCollection.Insert(0,(LogMessage -strMessage "Connect to your naming context first!" -strType "Error" -DateStamp ))
}

})
$btnGETSPNReport.add_Click(
{
If(($global:strEffectiveRightSP -ne „“) -and ($global:tokens.count -gt 0))
{

    $strFileSPNHTA = $env:temp + "\"+$global:SPNHTMLFileName+".hta" 
    $strFileSPNHTM = $env:temp + "\"+"$global:strEffectiveRightAccount"+".htm" 
    CreateServicePrincipalReportHTA $global:strEffectiveRightSP $strFileSPNHTA $strFileSPNHTM $CurrentFSPath
    CreateSPNHTM $global:strEffectiveRightSP $strFileSPNHTM
    InitiateSPNHTM $strFileSPNHTA 
    $strColorTemp = 1
    WriteSPNHTM $global:strEffectiveRightSP $global:tokens $global:strSPNobjectClass $($global:tokens.count-1) $strColorTemp $strFileSPNHTA $strFileSPNHTM
    Invoke-Item $strFileSPNHTA 
}
else
{
    $global:observableCollection.Insert(0,(LogMessage -strMessage "No service principal selected!" -strType "Error" -DateStamp ))

}

})

$btnViewLegend.add_Click(
{

DisplayLegend

})

$btnGetSPAccount.add_Click(
{

if ($global:bolConnected -eq $true)
{

    If (!($txtBoxSelectPrincipal.Text -eq ""))
    {
        GetEffectiveRightSP $txtBoxSelectPrincipal.Text $global:strDomainPrinDNName -CREDS $CREDS
    }
    else
    {
        $global:observableCollection.Insert(0,(LogMessage -strMessage "Enter a principal name!" -strType "Error" -DateStamp ))
    }
}
    else
{
    $global:observableCollection.Insert(0,(LogMessage -strMessage "Connect to your naming context first!" -strType "Error" -DateStamp ))
}

})

$btnListDdomain.add_Click(
{

GenerateDomainPicker

$txtBoxDomainConnect.Text = $global:strDomainSelect

})

$btnListLocations.add_Click(
{

if ($global:bolConnected -eq $true)
{
    GenerateTrustedDomainPicker -CREDS $CREDS
}
    else
{
    $global:observableCollection.Insert(0,(LogMessage -strMessage "Connect to your naming context first!" -strType "Error" -DateStamp ))
}

})

$chkBoxScanUsingUSN.add_Click(
{
If($chkBoxScanUsingUSN.IsChecked)
{
$global:bolTempValue_chkBoxReplMeta = $chkBoxReplMeta.IsChecked
$chkBoxReplMeta.IsChecked = $true

}
else
{
    if ($null -ne $global:bolTempValue_chkBoxReplMeta)
    {
     $chkBoxReplMeta.IsChecked = $global:bolTempValue_chkBoxReplMeta
    }

}

})

$chkBoxCompare.add_Click(
{
If($chkBoxCompare.IsChecked)
{
if ($null -ne $global:bolTempValue_InhertiedChkBox)
{
$chkInheritedPerm.IsChecked = $global:bolTempValue_InhertiedChkBox
}

    if ($null -ne $global:bolTempValue_chkBoxGetOwner)
    {
    $chkBoxGetOwner.IsChecked = $global:bolTempValue_chkBoxGetOwner
    }

    $chkInheritedPerm.IsEnabled = $true
    $chkBoxGetOwner.IsEnabled = $true
    #Activate Compare Objects
    $txtCompareTemplate.IsEnabled = $true
    $combReturns.IsEnabled = $true
    $chkBoxTemplateNodes.IsEnabled = $true
    $chkBoxScanUsingUSN.IsEnabled = $true
    $btnGetCompareInput.IsEnabled = $true
    $txtReplaceDN.IsEnabled = $true
    $txtReplaceNetbios.IsEnabled = $true

    #Deactivate Effective Rights and Filter objects
    $chkBoxFilter.IsChecked = $false
    $chkBoxEffectiveRights.IsChecked = $false
    $txtBoxSelectPrincipal.IsEnabled = $false
    $btnGetSPAccount.IsEnabled = $false
    $btnListLocations.IsEnabled = $false
    $btnGETSPNReport.IsEnabled = $false
    $chkBoxType.IsEnabled = $false
    $chkBoxObject.IsEnabled = $false
    $chkBoxTrustee.IsEnabled =  $false
    $chkBoxPermission.IsEnabled =  $false
    $chkBoxPermission.IsChecked =  $false
    $txtPermission.IsEnabled =  $false
    $chkBoxFilterBuiltin.IsEnabled =  $false
    $chkBoxType.IsChecked = $false
    $chkBoxObject.IsChecked = $false
    $txtBoxObjectFilter.IsEnabled = $false
    $txtFilterTrustee.IsEnabled = $false
    $combAccessCtrl.IsEnabled = $false

}
else
{
    #Deactivate Compare Objects
    $txtCompareTemplate.IsEnabled = $false
    $combReturns.IsEnabled = $false
    $chkBoxTemplateNodes.IsEnabled = $false
    $chkBoxScanUsingUSN.IsEnabled = $false
    $btnGetCompareInput.IsEnabled = $false
    $txtReplaceDN.IsEnabled = $false
    $txtReplaceNetbios.IsEnabled = $false        
}

})
$chkBoxEffectiveRights.add_Click(
{
If($chkBoxEffectiveRights.IsChecked)
{

    $global:bolTempValue_InhertiedChkBox = $chkInheritedPerm.IsChecked
    $global:bolTempValue_chkBoxGetOwner = $chkBoxGetOwner.IsChecked
    $chkBoxFilter.IsChecked = $false

    #Deactivate Compare Objects
    $chkBoxCompare.IsChecked = $false
    $txtCompareTemplate.IsEnabled = $false
    $combReturns.IsEnabled = $false
    $chkBoxTemplateNodes.IsEnabled = $false
    $chkBoxScanUsingUSN.IsEnabled = $false
    $btnGetCompareInput.IsEnabled = $false
    $txtReplaceDN.IsEnabled = $false
    $txtReplaceNetbios.IsEnabled = $false        

    $txtBoxSelectPrincipal.IsEnabled = $true
    $btnGetSPAccount.IsEnabled = $true
    $btnListLocations.IsEnabled = $true
    $btnGETSPNReport.IsEnabled = $true
    $chkInheritedPerm.IsEnabled = $false
    $chkInheritedPerm.IsChecked = $true
    $chkBoxGetOwner.IsEnabled = $false
    $chkBoxGetOwner.IsChecked= $true

    $chkBoxType.IsEnabled = $false
    $chkBoxObject.IsEnabled = $false
    $chkBoxTrustee.IsEnabled =  $false
    $chkBoxPermission.IsEnabled =  $false
    $chkBoxPermission.IsChecked =  $false
    $txtPermission.IsEnabled =  $false
    $chkBoxType.IsChecked = $false
    $chkBoxObject.IsChecked = $false
    $chkBoxFilterBuiltin.IsChecked =  $false
    $txtBoxObjectFilter.IsEnabled = $false
    $txtFilterTrustee.IsEnabled = $false
    $combAccessCtrl.IsEnabled = $false

}
else
{

 $txtBoxSelectPrincipal.IsEnabled = $false
 $btnGetSPAccount.IsEnabled = $false
 $btnListLocations.IsEnabled = $false
 $btnGETSPNReport.IsEnabled = $false
 $chkInheritedPerm.IsEnabled = $true
 $chkInheritedPerm.IsChecked = $global:bolTempValue_InhertiedChkBox
$chkBoxGetOwner.IsEnabled = $true
$chkBoxGetOwner.IsChecked = $global:bolTempValue_chkBoxGetOwner
}

})

$chkBoxSeverity.add_Click(
{
If($chkBoxSeverity.IsChecked -eq $true)
{
$combServerity.IsEnabled = $true
}
else
{
$combServerity.IsEnabled = $false
}
})

$chkBoxRecursiveFind.add_Click(
{
If($chkBoxRecursiveFind.IsChecked -eq $true)
{
$combRecursiveFind.IsEnabled = $true
}
else
{
$combRecursiveFind.IsEnabled = $false
}
})

$chkBoxFilter.add_Click(
{

If($chkBoxFilter.IsChecked -eq $true)
{
    #Deactivate Compare Objects
    $chkBoxCompare.IsChecked = $false
    $txtCompareTemplate.IsEnabled = $false
    $combReturns.IsEnabled = $false
    $chkBoxTemplateNodes.IsEnabled = $false
    $chkBoxScanUsingUSN.IsEnabled = $false
    $btnGetCompareInput.IsEnabled = $false
    $txtReplaceDN.IsEnabled = $false
    $txtReplaceNetbios.IsEnabled = $false  

    $chkBoxEffectiveRights.IsChecked = $false
    $chkBoxType.IsEnabled = $true
    $chkBoxObject.IsEnabled = $true
    $chkBoxTrustee.IsEnabled =  $true
    $chkBoxPermission.IsEnabled =  $true
    $txtPermission.IsEnabled =  $true
    $chkBoxFilterBuiltin.IsEnabled =  $true
    $txtBoxObjectFilter.IsEnabled = $true
    $txtFilterTrustee.IsEnabled = $true
    $combAccessCtrl.IsEnabled = $true
    $txtBoxSelectPrincipal.IsEnabled = $false
    $btnGetSPAccount.IsEnabled = $false
    $btnListLocations.IsEnabled = $false
    $btnGETSPNReport.IsEnabled = $false
    $chkInheritedPerm.IsEnabled = $true
    $chkInheritedPerm.IsChecked = $global:bolTempValue_InhertiedChkBox
    $chkBoxGetOwner.IsEnabled = $true
    if ($null -ne $global:bolTempValue_chkBoxGetOwner)
    {
        $chkBoxGetOwner.IsChecked = $global:bolTempValue_chkBoxGetOwner
    }

}
else
{
    $chkBoxType.IsEnabled = $false
    $chkBoxObject.IsEnabled = $false
    $chkBoxTrustee.IsEnabled =  $false
    $chkBoxPermission.IsEnabled =  $false
    $chkBoxPermission.IsChecked =  $false
    $txtPermission.IsEnabled =  $false
    $chkBoxFilterBuiltin.IsEnabled =  $false
    $chkBoxType.IsChecked = $false
    $chkBoxObject.IsChecked = $false
    $txtBoxObjectFilter.IsEnabled = $false
    $txtFilterTrustee.IsEnabled = $false
    $combAccessCtrl.IsEnabled = $false

}
})

$rdbDSSchm.add_Click(
{
If($rdbCustomNC.IsChecked -eq $true)
{
$txtBoxDomainConnect.IsEnabled = $true
$btnListDdomain.IsEnabled = $false
if (($txtBoxDomainConnect.Text -eq „rootDSE“) -or ($txtBoxDomainConnect.Text -eq „config“) -or ($txtBoxDomainConnect.Text -eq „schema“))
{
$txtBoxDomainConnect.Text = „“
}
}
else
{
$btnListDdomain.IsEnabled = $false
If($rdbDSdef.IsChecked -eq $true)
{
$txtBoxDomainConnect.Text = $global:strDomainSelect
$btnListDdomain.IsEnabled = $true
$txtBdoxDSServerPort.IsEnabled = $false
$txtBdoxDSServer.IsEnabled = $false

}
 If($rdbDSConf.IsChecked -eq $true)
{
    $txtBoxDomainConnect.Text = "config"
    $txtBdoxDSServerPort.IsEnabled = $false
    $txtBdoxDSServer.IsEnabled = $false


}
 If($rdbDSSchm.IsChecked -eq $true)
{
    $txtBoxDomainConnect.Text = "schema"
    $txtBdoxDSServerPort.IsEnabled = $false
    $txtBdoxDSServer.IsEnabled = $false

}
$txtBoxDomainConnect.IsEnabled = $false
}

})

$rdbDSConf.add_Click(
{
If($rdbCustomNC.IsChecked -eq $true)
{
$txtBoxDomainConnect.IsEnabled = $true
$btnListDdomain.IsEnabled = $false
if (($txtBoxDomainConnect.Text -eq „rootDSE“) -or ($txtBoxDomainConnect.Text -eq „config“) -or ($txtBoxDomainConnect.Text -eq „schema“))
{
$txtBoxDomainConnect.Text = „“
}
}
else
{
$btnListDdomain.IsEnabled = $false
If($rdbDSdef.IsChecked -eq $true)
{
$txtBoxDomainConnect.Text = $global:strDommainSelect
$btnListDdomain.IsEnabled = $true
$txtBdoxDSServerPort.IsEnabled = $false
$txtBdoxDSServer.IsEnabled = $false

}
 If($rdbDSConf.IsChecked -eq $true)
{
    $txtBoxDomainConnect.Text = "config"
    $txtBdoxDSServerPort.IsEnabled = $false
    $txtBdoxDSServer.IsEnabled = $false


}
 If($rdbDSSchm.IsChecked -eq $true)
{
    $txtBoxDomainConnect.Text = "schema"
    $txtBdoxDSServerPort.IsEnabled = $false
    $txtBdoxDSServer.IsEnabled = $false


}
$txtBoxDomainConnect.IsEnabled = $false
}

})

$rdbDSdef.add_Click(
{
If($rdbCustomNC.IsChecked -eq $true)
{
$txtBoxDomainConnect.IsEnabled = $true
$btnListDdomain.IsEnabled = $false
if (($txtBoxDomainConnect.Text -eq „rootDSE“) -or ($txtBoxDomainConnect.Text -eq „config“) -or ($txtBoxDomainConnect.Text -eq „schema“))
{
$txtBoxDomainConnect.Text = „“
}
}
else
{
$btnListDdomain.IsEnabled = $false
If($rdbDSdef.IsChecked -eq $true)
{
$txtBdoxDSServerPort.IsEnabled = $false
$txtBdoxDSServer.IsEnabled = $false
$txtBoxDomainConnect.Text = $global:strDomainSelect
$btnListDdomain.IsEnabled = $true

    }
     If($rdbDSConf.IsChecked -eq $true)
    {
        $txtBoxDomainConnect.Text = "config"


    }
     If($rdbDSSchm.IsChecked -eq $true)
    {
        $txtBoxDomainConnect.Text = "schema"


    }
    $txtBoxDomainConnect.IsEnabled = $false
}

})

$rdbCustomNC.add_Click(
{
If($rdbCustomNC.IsChecked -eq $true)
{
$txtBdoxDSServerPort.IsEnabled = $true
$txtBdoxDSServer.IsEnabled = $true
$txtBoxDomainConnect.IsEnabled = $true
$btnListDdomain.IsEnabled = $false
if (($txtBoxDomainConnect.Text -eq „rootDSE“) -or ($txtBoxDomainConnect.Text -eq „config“) -or ($txtBoxDomainConnect.Text -eq „schema“))
{
$txtBoxDomainConnect.Text = „“
}
}
else
{
$btnListDdomain.IsEnabled = $false
If($rdbDSdef.IsChecked -eq $true)
{
$txtBoxDomainConnect.Text = $global:strDommainSelect
$btnListDdomain.IsEnabled = $true

}
 If($rdbDSConf.IsChecked -eq $true)
{
    $txtBoxDomainConnect.Text = "config"


}
 If($rdbDSSchm.IsChecked -eq $true)
{
    $txtBoxDomainConnect.Text = "schema"


}
$txtBoxDomainConnect.IsEnabled = $false
}

})

$btnGetTemplateFolder.add_Click(
{

$strFolderPath = Select-Folder
$txtTempFolder.Text = $strFolderPath

})

$btnGetCompareDefSDInput.add_Click(
{

$strFilePath = Select-File

$txtCompareDefSDTemplate.Text = $strFilePath

})
$btnGetCompareInput.add_Click(
{

$strFilePath = Select-File
$txtCompareTemplate.Text = $strFilePath

})
$btnGetCSVFile.add_Click(
{

$strFilePath = Select-File

$txtCSVImport.Text = $strFilePath

})
$btnDSConnect.add_Click(
{
if($chkBoxCreds.IsChecked)
{

$script:CREDS = Get-Credential -Message „Type User Name and Password“
$Window.Activate()

}
$global:bolRoot = $true

$NCSelect = $false
$global:DSType = „“
$global:strDC = „“
$global:strDomainDNName = „“
$global:ConfigDN = „“
$global:SchemaDN = „“
$global:ForestRootDomainDN = „“
$global:IS_GC = „“
$txtDC.text = „“
$txtdefaultnamingcontext.text = „“
$txtconfigurationnamingcontext.text = „“
$txtschemanamingcontext.text = „“
$txtrootdomainnamingcontext.text = „“

If ($rdbDSdef.IsChecked)
{

   if (!($txtBoxDomainConnect.Text -eq "rootDSE"))
    {
        if ($null -eq $global:TempDC)
        {
            $strNamingContextDN = $txtBoxDomainConnect.Text
            If(CheckDNExist -sADobjectName $strNamingContextDN -strDC "" -CREDS $CREDS)
            {
            $root = New-Object system.directoryservices.directoryEntry("LDAP://"+$strNamingContextDN)
            $global:strDomainDNName = $root.distinguishedName.tostring()
            $global:strDomainPrinDNName = $global:strDomainDNName
            $global:strDomainLongName = $global:strDomainDNName.Replace("DC=","")
            $global:strDomainLongName = $global:strDomainLongName.Replace(",",".")
            $Context = New-Object DirectoryServices.ActiveDirectory.DirectoryContext("Domain",$global:strDomainLongName )
            $ojbDomain = [DirectoryServices.ActiveDirectory.Domain]::GetDomain($Context)
            $global:strDC = $($ojbDomain.FindDomainController()).name
            $LDAPConnection = New-Object System.DirectoryServices.Protocols.LDAPConnection($global:strDC, $CREDS)
            $LDAPConnection.SessionOptions.ReferralChasing = "None"
            $request = New-Object System.directoryServices.Protocols.SearchRequest($null, "(objectClass=*)", "base")
            [void]$request.Attributes.Add("dnshostname")
            [void]$request.Attributes.Add("supportedcapabilities")
            [void]$request.Attributes.Add("namingcontexts")
            [void]$request.Attributes.Add("defaultnamingcontext")
            [void]$request.Attributes.Add("schemanamingcontext")
            [void]$request.Attributes.Add("configurationnamingcontext")
            [void]$request.Attributes.Add("rootdomainnamingcontext")
            [void]$request.Attributes.Add("isGlobalCatalogReady")

            try
            {
                $response = $LDAPConnection.SendRequest($request)
                $global:bolLDAPConnection = $true
            }
            catch
            {
                $global:bolLDAPConnection = $false
                $global:observableCollection.Insert(0,(LogMessage -strMessage "Failed! Domain does not exist or can not be connected" -strType "Error" -DateStamp ))
            }
            if($global:bolLDAPConnection -eq $true)
            {
                $global:ForestRootDomainDN = $response.Entries[0].attributes.rootdomainnamingcontext[0]
                $global:SchemaDN = $response.Entries[0].attributes.schemanamingcontext[0]
                $global:ConfigDN = $response.Entries[0].attributes.configurationnamingcontext[0]
                $global:strDomainDNName = $response.Entries[0].attributes.defaultnamingcontext[0]
                $global:IS_GC = $response.Entries[0].Attributes.isglobalcatalogready[0]
            }

            $global:DirContext = Get-DirContext $global:strDC -CREDS $CREDS

            $global:strDomainShortName = GetDomainShortName -strDomain $global:strDomainDNName -strConfigDN $global:ConfigDN -CREDS $CREDS
            $global:strRootDomainShortName = GetDomainShortName -strDomain $global:ForestRootDomainDN -strConfigDN $global:ConfigDN -CREDS $CREDS
            $global:DSType = "AD DS"
            $global:bolADDSType = $true
            $lblSelectPrincipalDom.Content = $global:strDomainShortName+":"
            $NCSelect = $true
            $strNamingContextDN = $global:strDomainDNName
        }
           else
            {
               $global:observableCollection.Insert(0,(LogMessage -strMessage "Failed! Domain does not exist or can not be connected" -strType "Error" -DateStamp ))
               $global:bolConnected = $false
            }
        }
        else
        {
            $strNamingContextDN = $txtBoxDomainConnect.Text
            If(CheckDNExist -sADobjectName $strNamingContextDN -strDC "$global:TempDC" -CREDS $CREDS)
            {
            $Context = New-Object DirectoryServices.ActiveDirectory.DirectoryContext("Domain",$global:TempDC )
            $global:TempDC = $null
            $ojbDomain = [DirectoryServices.ActiveDirectory.Domain]::GetDomain($Context)
            $global:strDC = $($ojbDomain.FindDomainController()).name
            $LDAPConnection = New-Object System.DirectoryServices.Protocols.LDAPConnection($global:strDC, $CREDS)
            $LDAPConnection.SessionOptions.ReferralChasing = "None"
            $request = New-Object System.directoryServices.Protocols.SearchRequest($null, "(objectClass=*)", "base")
            [void]$request.Attributes.Add("dnshostname")
            [void]$request.Attributes.Add("supportedcapabilities")
            [void]$request.Attributes.Add("namingcontexts")
            [void]$request.Attributes.Add("defaultnamingcontext")
            [void]$request.Attributes.Add("schemanamingcontext")
            [void]$request.Attributes.Add("configurationnamingcontext")
            [void]$request.Attributes.Add("rootdomainnamingcontext")
            [void]$request.Attributes.Add("isGlobalCatalogReady")


            try
            {
                $response = $LDAPConnection.SendRequest($request)
                $global:bolLDAPConnection = $true
            }
            catch
            {
                $global:bolLDAPConnection = $false
                $global:observableCollection.Insert(0,(LogMessage -strMessage "Failed! Domain does not exist or can not be connected" -strType "Error" -DateStamp ))
            }
            if($global:bolLDAPConnection -eq $true)
            {
                $global:ForestRootDomainDN = $response.Entries[0].attributes.rootdomainnamingcontext[0]
                $global:SchemaDN = $response.Entries[0].attributes.schemanamingcontext[0]
                $global:ConfigDN = $response.Entries[0].attributes.configurationnamingcontext[0]
                $global:strDomainDNName = $response.Entries[0].attributes.defaultnamingcontext[0]
                $global:IS_GC = $response.Entries[0].Attributes.isglobalcatalogready[0]
            }

            $global:DirContext = Get-DirContext $global:strDC $CREDS

            $global:strDomainShortName = GetDomainShortName -strDomain $global:strDomainDNName -strConfigDN $global:ConfigDN -CREDS $CREDS
            $global:strRootDomainShortName = GetDomainShortName -strDomain $global:ForestRootDomainDN -strConfigDN $global:ConfigDN -CREDS $CREDS
            $global:DSType = "AD DS"
            $global:bolADDSType = $true
            $lblSelectPrincipalDom.Content = $global:strDomainShortName+":"
            $NCSelect = $true
            $strNamingContextDN = $global:strDomainDNName
            }
           else
            {
               $global:observableCollection.Insert(0,(LogMessage -strMessage "Failed! Domain does not exist or can not be connected" -strType "Error" -DateStamp ))
               $global:bolConnected = $false
            }
        }
    }
    else
    {

        if ($global:bolRoot -eq $true)
        {
            $LDAPConnection = $null
            $request = $null
            $response = $null
            $LDAPConnection = New-Object System.DirectoryServices.Protocols.LDAPConnection("")
            $LDAPConnection.SessionOptions.ReferralChasing = "None"
            $request = New-Object System.directoryServices.Protocols.SearchRequest($null, "(objectClass=*)", "base")
            [void]$request.Attributes.Add("defaultnamingcontext")
            try
            {
                $response = $LDAPConnection.SendRequest($request)
                $global:strDomainDNName = $response.Entries[0].Attributes.defaultnamingcontext[0]
                $global:bolLDAPConnection = $true
            }
            catch
            {
                $global:bolLDAPConnection = $false
                $global:observableCollection.Insert(0,(LogMessage -strMessage "Failed! Domain does not exist or can not be connected" -strType "Error" -DateStamp ))
            }

            if($global:bolLDAPConnection)
            {
                $global:strDomainPrinDNName = $global:strDomainDNName
                $global:strDomainLongName = $global:strDomainDNName.Replace("DC=","")
                $global:strDomainLongName = $global:strDomainLongName.Replace(",",".")
                $Context = New-Object DirectoryServices.ActiveDirectory.DirectoryContext("Domain",$global:strDomainLongName )
                $ojbDomain = [DirectoryServices.ActiveDirectory.Domain]::GetDomain($Context)
                $global:strDC = $($ojbDomain.FindDomainController()).name
                $LDAPConnection = New-Object System.DirectoryServices.Protocols.LDAPConnection($global:strDC, $CREDS)
                $LDAPConnection.SessionOptions.ReferralChasing = "None"
                $request = New-Object System.directoryServices.Protocols.SearchRequest($null, "(objectClass=*)", "base")
                [void]$request.Attributes.Add("dnshostname")
                [void]$request.Attributes.Add("supportedcapabilities")
                [void]$request.Attributes.Add("namingcontexts")
                [void]$request.Attributes.Add("defaultnamingcontext")
                [void]$request.Attributes.Add("schemanamingcontext")
                [void]$request.Attributes.Add("configurationnamingcontext")
                [void]$request.Attributes.Add("rootdomainnamingcontext")
                [void]$request.Attributes.Add("isGlobalCatalogReady")

                try
                {
                    $response = $LDAPConnection.SendRequest($request)
                    $global:bolLDAPConnection = $true
                }
                catch
                {
                    $global:bolLDAPConnection = $false
                    $global:observableCollection.Insert(0,(LogMessage -strMessage "Failed! Domain does not exist or can not be connected" -strType "Error" -DateStamp ))
                }
                if($global:bolLDAPConnection -eq $true)
                {
                    $global:ForestRootDomainDN = $response.Entries[0].attributes.rootdomainnamingcontext[0]
                    $global:SchemaDN = $response.Entries[0].attributes.schemanamingcontext[0]
                    $global:ConfigDN = $response.Entries[0].attributes.configurationnamingcontext[0]
                    $global:strDomainDNName = $response.Entries[0].attributes.defaultnamingcontext[0]
                    $global:IS_GC = $response.Entries[0].Attributes.isglobalcatalogready[0]
                }

                $global:DirContext = Get-DirContext $global:strDC $CREDS
                $global:strDomainShortName = GetDomainShortName -strDomain $global:strDomainDNName -strConfigDN $global:ConfigDN -CREDS $CREDS
                $global:strRootDomainShortName = GetDomainShortName -strDomain $global:ForestRootDomainDN -strConfigDN $global:ConfigDN -CREDS $CREDS
                $global:DSType = "AD DS"
                $global:bolADDSType = $true
                $lblSelectPrincipalDom.Content = $global:strDomainShortName+":"
                $NCSelect = $true
                $strNamingContextDN = $global:strDomainDNName
            }
        }
    }
}
#Connect to Config Naming Context
If ($rdbDSConf.IsChecked)
{
    if ($global:bolRoot -eq $true)
    {
        if($global:strDomainSelect.Contains("."))
        {
            $global:TempDC = $global:strDomainSelect
            $strSelectedDomain  = "DC=" + $global:strDomainSelect.Replace(".",",DC=")
        }
        if ($null -eq $global:TempDC)
        {
            $LDAPConnection = $null
            $request = $null
            $response = $null
            $LDAPConnection = New-Object System.DirectoryServices.Protocols.LDAPConnection("")
            $LDAPConnection.SessionOptions.ReferralChasing = "None"
            $request = New-Object System.directoryServices.Protocols.SearchRequest($null, "(objectClass=*)", "base")
            [void]$request.Attributes.Add("defaultnamingcontext")
            try
            {
                $response = $LDAPConnection.SendRequest($request)
                $global:strDomainDNName = $response.Entries[0].attributes.defaultnamingcontext[0]
                $global:bolLDAPConnection = $true
            }
            catch
            {
                $global:bolLDAPConnection = $false
                $global:observableCollection.Insert(0,(LogMessage -strMessage "Failed! Domain does not exist or can not be connected" -strType "Error" -DateStamp ))
            }

            if($global:bolLDAPConnection)
            {
                $global:strDomainPrinDNName = $global:strDomainDNName
                $global:strDomainLongName = $global:strDomainDNName.Replace("DC=","")
                $global:strDomainLongName = $global:strDomainLongName.Replace(",",".")
                $Context = New-Object DirectoryServices.ActiveDirectory.DirectoryContext("Domain",$global:strDomainLongName )
                $ojbDomain = [DirectoryServices.ActiveDirectory.Domain]::GetDomain($Context)
                $global:strDC = $($ojbDomain.FindDomainController()).name
                $LDAPConnection = New-Object System.DirectoryServices.Protocols.LDAPConnection($global:strDC, $CREDS)
                $LDAPConnection.SessionOptions.ReferralChasing = "None"
                $request = New-Object System.directoryServices.Protocols.SearchRequest($null, "(objectClass=*)", "base")
                [void]$request.Attributes.Add("dnshostname")
                [void]$request.Attributes.Add("supportedcapabilities")
                [void]$request.Attributes.Add("namingcontexts")
                [void]$request.Attributes.Add("defaultnamingcontext")
                [void]$request.Attributes.Add("schemanamingcontext")
                [void]$request.Attributes.Add("configurationnamingcontext")
                [void]$request.Attributes.Add("rootdomainnamingcontext")
                [void]$request.Attributes.Add("isGlobalCatalogReady")

                try
                {
                    $response = $LDAPConnection.SendRequest($request)
                    $global:bolLDAPConnection = $true
                }
                catch
                {
                    $global:bolLDAPConnection = $false
                    $global:observableCollection.Insert(0,(LogMessage -strMessage "Failed! Domain does not exist or can not be connected" -strType "Error" -DateStamp ))
                }
                if($global:bolLDAPConnection -eq $true)
                {
                    $global:ForestRootDomainDN = $response.Entries[0].attributes.rootdomainnamingcontext[0]
                    $global:SchemaDN = $response.Entries[0].attributes.schemanamingcontext[0]
                    $global:ConfigDN = $response.Entries[0].attributes.configurationnamingcontext[0]
                    $global:strDomainDNName = $response.Entries[0].attributes.defaultnamingcontext[0]
                    $global:IS_GC = $response.Entries[0].Attributes.isglobalcatalogready[0]
                }

                $global:DirContext = Get-DirContext $global:strDC -CREDS $CREDS
                $global:strDomainShortName = GetDomainShortName -strDomain $global:strDomainDNName -strConfigDN $global:ConfigDN -CREDS $CREDS
                $global:strRootDomainShortName = GetDomainShortName -strDomain $global:ForestRootDomainDN -strConfigDN $global:ConfigDN -CREDS $CREDS
                $global:DSType = "AD DS"
                $global:bolADDSType = $true
                $lblSelectPrincipalDom.Content = $global:strDomainShortName+":"
                $NCSelect = $true
                $strNamingContextDN = $global:ConfigDN
            }
        }
        else
         {
            $strNamingContextDN = $global:strDomainSelect
            If(CheckDNExist -sADobjectName $strNamingContextDN -strDC $global:TempDC -CREDS $CREDS)
            {
            $root = New-Object system.directoryservices.directoryEntry("LDAP://"+$strNamingContextDN)
            $global:strDomainDNName = $root.distinguishedName.tostring()
            $global:strDomainPrinDNName = $global:strDomainDNName
            $global:strDomainLongName = $global:strDomainDNName.Replace("DC=","")
            $global:strDomainLongName = $global:strDomainLongName.Replace(",",".")
            $Context = New-Object DirectoryServices.ActiveDirectory.DirectoryContext("Domain",$global:strDomainLongName )
            $ojbDomain = [DirectoryServices.ActiveDirectory.Domain]::GetDomain($Context)
            $global:strDC = $($ojbDomain.FindDomainController()).name
            $LDAPConnection = New-Object System.DirectoryServices.Protocols.LDAPConnection($global:strDC, $CREDS)
            $LDAPConnection.SessionOptions.ReferralChasing = "None"
            $request = New-Object System.directoryServices.Protocols.SearchRequest($null, "(objectClass=*)", "base")
            [void]$request.Attributes.Add("dnshostname")
            [void]$request.Attributes.Add("supportedcapabilities")
            [void]$request.Attributes.Add("namingcontexts")
            [void]$request.Attributes.Add("defaultnamingcontext")
            [void]$request.Attributes.Add("schemanamingcontext")
            [void]$request.Attributes.Add("configurationnamingcontext")
            [void]$request.Attributes.Add("rootdomainnamingcontext")
            [void]$request.Attributes.Add("isGlobalCatalogReady")

            try
            {
                $response = $LDAPConnection.SendRequest($request)
                $global:bolLDAPConnection = $true
            }
            catch
            {
                $global:bolLDAPConnection = $false
                $global:observableCollection.Insert(0,(LogMessage -strMessage "Failed! Domain does not exist or can not be connected" -strType "Error" -DateStamp ))
            }
            if($global:bolLDAPConnection -eq $true)
            {
                $global:ForestRootDomainDN = $response.Entries[0].attributes.rootdomainnamingcontext[0]
                $global:SchemaDN = $response.Entries[0].attributes.schemanamingcontext[0]
                $global:ConfigDN = $response.Entries[0].attributes.configurationnamingcontext[0]
                $global:strDomainDNName = $response.Entries[0].attributes.defaultnamingcontext[0]
                $global:IS_GC = $response.Entries[0].Attributes.isglobalcatalogready[0]
            }

            $global:DirContext = Get-DirContext $global:strDC -CREDS $CREDS
            $global:strDomainShortName = GetDomainShortName -strDomain $global:strDomainDNName -strConfigDN $global:ConfigDN -CREDS $CREDS
            $global:strRootDomainShortName = GetDomainShortName -strDomain $global:ForestRootDomainDN -strConfigDN $global:ConfigDN -CREDS $CREDS
            $global:DSType = "AD DS"
            $global:bolADDSType = $true
            $lblSelectPrincipalDom.Content = $global:strDomainShortName+":"
            $NCSelect = $true
            $strNamingContextDN = $global:ConfigDN
        }
           else
            {
               $global:observableCollection.Insert(0,(LogMessage -strMessage "Failed! Domain does not exist or can not be connected" -strType "Error" -DateStamp ))
               $global:bolConnected = $false
            }

        }
    }
}
#Connect to Schema Naming Context
If ($rdbDSSchm.IsChecked)
{

    if ($global:bolRoot -eq $true)
    {
        $LDAPConnection = $null
        $request = $null
        $response = $null
        $LDAPConnection = New-Object System.DirectoryServices.Protocols.LDAPConnection("")
        $LDAPConnection.SessionOptions.ReferralChasing = "None"
        $request = New-Object System.directoryServices.Protocols.SearchRequest($null, "(objectClass=*)", "base")
        [void]$request.Attributes.Add("defaultnamingcontext")
        try
        {
            $response = $LDAPConnection.SendRequest($request)
            $global:strDomainDNName = $response.Entries[0].Attributes.defaultnamingcontext[0]
            $global:bolLDAPConnection = $true
        }
        catch
        {
            $global:bolLDAPConnection = $false
            $global:observableCollection.Insert(0,(LogMessage -strMessage "Failed! Domain does not exist or can not be connected" -strType "Error" -DateStamp ))
        }

        if($global:bolLDAPConnection)
        {
            $global:strDomainPrinDNName = $global:strDomainDNName
            $global:strDomainLongName = $global:strDomainDNName.Replace("DC=","")
            $global:strDomainLongName = $global:strDomainLongName.Replace(",",".")
            $Context = New-Object DirectoryServices.ActiveDirectory.DirectoryContext("Domain",$global:strDomainLongName )
            $ojbDomain = [DirectoryServices.ActiveDirectory.Domain]::GetDomain($Context)
            $global:strDC = $($ojbDomain.FindDomainController()).name
            $LDAPConnection = New-Object System.DirectoryServices.Protocols.LDAPConnection($global:strDC, $CREDS)
            $LDAPConnection.SessionOptions.ReferralChasing = "None"
            $request = New-Object System.directoryServices.Protocols.SearchRequest($null, "(objectClass=*)", "base")
            [void]$request.Attributes.Add("dnshostname")
            [void]$request.Attributes.Add("supportedcapabilities")
            [void]$request.Attributes.Add("namingcontexts")
            [void]$request.Attributes.Add("defaultnamingcontext")
            [void]$request.Attributes.Add("schemanamingcontext")
            [void]$request.Attributes.Add("configurationnamingcontext")
            [void]$request.Attributes.Add("rootdomainnamingcontext")
            [void]$request.Attributes.Add("isGlobalCatalogReady")

            try
            {
                $response = $LDAPConnection.SendRequest($request)
                $global:bolLDAPConnection = $true
            }
            catch
            {
                $global:bolLDAPConnection = $false
                $global:observableCollection.Insert(0,(LogMessage -strMessage "Failed! Domain does not exist or can not be connected" -strType "Error" -DateStamp ))
            }
            if($global:bolLDAPConnection -eq $true)
            {
                $global:ForestRootDomainDN = $response.Entries[0].attributes.rootdomainnamingcontext[0]
                $global:SchemaDN = $response.Entries[0].attributes.schemanamingcontext[0]
                $global:ConfigDN = $response.Entries[0].attributes.configurationnamingcontext[0]
                $global:strDomainDNName = $response.Entries[0].attributes.defaultnamingcontext[0]
                $global:IS_GC = $response.Entries[0].Attributes.isglobalcatalogready[0]
            }

            $global:DirContext = Get-DirContext $global:strDC $CREDS
            $global:strDomainShortName = GetDomainShortName -strDomain $global:strDomainDNName -strConfigDN $global:ConfigDN -CREDS $CREDS
            $global:strRootDomainShortName = GetDomainShortName -strDomain $global:ForestRootDomainDN -strConfigDN $global:ConfigDN -CREDS $CREDS
            $global:DSType = "AD DS"
            $global:bolADDSType = $true
            $lblSelectPrincipalDom.Content = $global:strDomainShortName+":"
            $NCSelect = $true
            $strNamingContextDN = $global:SchemaDN
        }
    }
}
#Connect to Custom Naming Context    
If ($rdbCustomNC.IsChecked)
{   
    if (($txtBoxDomainConnect.Text.Length -gt 0) -or ($txtBdoxDSServer.Text.Length -gt 0) -or ($txtBdoxDSServerPort.Text.Length -gt 0))
    {
            $strNamingContextDN = $txtBoxDomainConnect.Text
            if($txtBdoxDSServer.Text -eq "")
            {
                if($txtBdoxDSServerPort.Text -eq "")
                {                    
                    $global:strDC = ""
                }
                else
                {
                    $global:strDC = "localhost:" +$txtBdoxDSServerPort.text
                }
            }
            else
            {
                $global:strDC = $txtBdoxDSServer.Text +":" +$txtBdoxDSServerPort.text
                if($txtBdoxDSServerPort.Text -eq "")
                {                    
                    $global:strDC = $txtBdoxDSServer.Text
                }
                else
                {
                    $global:strDC = $txtBdoxDSServer.Text +":" +$txtBdoxDSServerPort.text     
                }
            }
                $global:bolLDAPConnection = $false
                $LDAPConnection = New-Object System.DirectoryServices.Protocols.LDAPConnection($global:strDC, $CREDS)
                $LDAPConnection.SessionOptions.ReferralChasing = "None"
                $request = New-Object System.directoryServices.Protocols.SearchRequest("", "(objectClass=*)", "base")
                if($global:bolShowDeleted)
                {
                    [string] $LDAP_SERVER_SHOW_DELETED_OID = "1.2.840.113556.1.4.417"
                    [void]$request.Controls.Add((New-Object "System.DirectoryServices.Protocols.DirectoryControl" -ArgumentList "$LDAP_SERVER_SHOW_DELETED_OID",$null,$false,$true ))
                }
                [void]$request.Attributes.Add("dnshostname")
                [void]$request.Attributes.Add("supportedcapabilities")
                [void]$request.Attributes.Add("namingcontexts")
                [void]$request.Attributes.Add("defaultnamingcontext")
                [void]$request.Attributes.Add("schemanamingcontext")
                [void]$request.Attributes.Add("configurationnamingcontext")
                [void]$request.Attributes.Add("rootdomainnamingcontext")
                [void]$request.Attributes.Add("isGlobalCatalogReady")                        

                try
                {
                    $response = $LDAPConnection.SendRequest($request)
                    $global:bolLDAPConnection = $true

                }
                catch
                {
                    $global:bolLDAPConnection = $false
                    $global:observableCollection.Insert(0,(LogMessage -strMessage "Failed! Domain does not exist or can not be connected" -strType "Error" -DateStamp ))
                }
                if($global:bolLDAPConnection -eq $true)
                {
                    $strPrimaryCapability= $response.Entries[0].attributes.supportedcapabilities[0]
                    Switch ($strPrimaryCapability)
                    {
                        "1.2.840.113556.1.4.1851"
                        {
                            $global:DSType = "AD LDS"
                            $global:bolADDSType = $false
                            $global:strDomainDNName = $response.Entries[0].Attributes.namingcontexts[-1]
                            $global:SchemaDN = $response.Entries[0].Attributes.schemanamingcontext[0]
                            $global:ConfigDN = $response.Entries[0].Attributes.configurationnamingcontext[0]
                            if($txtBdoxDSServerPort.Text -eq "")
                            {                    
                                if(Test-ResolveDNS $response.Entries[0].Attributes.dnshostname[0])
                                {
                                    $global:strDC = $response.Entries[0].Attributes.dnshostname[0]
                                }
                            }
                            else
                            {
                                if(Test-ResolveDNS $response.Entries[0].Attributes.dnshostname[0])
                                {
                                    $global:strDC = $response.Entries[0].Attributes.dnshostname[0] +":" +$txtBdoxDSServerPort.text     
                                }
                            }

                        }
                        "1.2.840.113556.1.4.800"
                        {
                            $global:DSType = "AD DS"
                            $global:bolADDSType = $true
                            $global:ForestRootDomainDN = $response.Entries[0].Attributes.rootdomainnamingcontext[0]
                            $global:strDomainDNName = $response.Entries[0].Attributes.defaultnamingcontext[0]
                            $global:SchemaDN = $response.Entries[0].Attributes.schemanamingcontext[0]
                            $global:ConfigDN = $response.Entries[0].Attributes.configurationnamingcontext[0]
                            $global:IS_GC = $response.Entries[0].Attributes.isglobalcatalogready[0]

                            if($txtBdoxDSServerPort.Text -eq "")
                            {                    
                                if(Test-ResolveDNS $response.Entries[0].Attributes.dnshostname[0])
                                {
                                    $global:strDC = $response.Entries[0].Attributes.dnshostname[0]
                                }
                            }
                            else
                            {
                                if(Test-ResolveDNS $response.Entries[0].Attributes.dnshostname[0])
                                {
                                    $global:strDC = $response.Entries[0].Attributes.dnshostname[0] +":" +$txtBdoxDSServerPort.text     
                                }

                            }
                            $global:strDomainPrinDNName = $global:strDomainDNName
                            $global:strDomainShortName = GetDomainShortName -strDomain $global:strDomainDNName -strConfigDN $global:ConfigDN -CREDS $CREDS
                            $global:strRootDomainShortName = GetDomainShortName -strDomain $global:ForestRootDomainDN -strConfigDN $global:ConfigDN -CREDS $CREDS
                            $lblSelectPrincipalDom.Content = $global:strDomainShortName+":"
                        }
                        default
                        {
                            $global:ForestRootDomainDN = $response.Entries[0].Attributes.rootdomainnamingcontext[0]
                            $global:strDomainDNName = $response.Entries[0].Attributes.defaultnamingcontext[0]
                            $global:SchemaDN = $response.Entries[0].Attributes.schemanamingcontext[0]
                            $global:ConfigDN = $response.Entries[0].Attributes.configurationnamingcontext[0]
                            $global:IS_GC = $response.Entries[0].Attributes.isglobalcatalogready[0]

                             if($txtBdoxDSServerPort.Text -eq "")
                            {                    
                                $global:strDC = $response.Entries[0].Attributes.dnshostname[0]
                            }
                            else
                            {
                                $global:strDC = $response.Entries[0].Attributes.dnshostname[0] +":" +$txtBdoxDSServerPort.text     
                            }
                        }
                    }  
                    if($strNamingContextDN -eq "")
                    {
                        $strNamingContextDN = $global:strDomainDNName
                    }
                    If(CheckDNExist -sADobjectName $strNamingContextDN -strDC $global:strDC -CREDS $CREDS)
                    {
                        $NCSelect = $true
                    }
                    else
                    {
                        $global:observableCollection.Insert(0,(LogMessage -strMessage "Failed! Domain does not exist or can not be connected" -strType "Error" -DateStamp ))
                        $global:bolConnected = $false
                    }

                }#bolLDAPConnection




    }
    else
    {
        $global:observableCollection.Insert(0,(LogMessage -strMessage "Failed! No naming context or server specified!" -strType "Error" -DateStamp ))
        $global:bolConnected = $false  
    }
}  
If ($NCSelect -eq $true)  
{
    If (!($strLastCacheGuidsDom -eq $global:strDomainDNName))
    {
        $global:dicRightsGuids = @{"Seed" = "xxx"}
        CacheRightsGuids -CREDS $CREDS
        $strLastCacheGuidsDom = $global:strDomainDNName


    }
    #Check Directory Service type
    $global:DSType = ""
    $global:bolADDSType = $false
    $LDAPConnection = New-Object System.DirectoryServices.Protocols.LDAPConnection($global:strDC, $CREDS)
    $LDAPConnection.SessionOptions.ReferralChasing = "None"
    $request = New-Object System.directoryServices.Protocols.SearchRequest("", "(objectClass=*)", "base")
    $response = $LDAPConnection.SendRequest($request)
    $strPrimaryCapability= $response.Entries[0].attributes.supportedcapabilities[0]
    Switch ($strPrimaryCapability)
    {
        "1.2.840.113556.1.4.1851"
        {
            $global:DSType = "AD LDS"
        }
        "1.2.840.113556.1.4.800"
        {
            $global:DSType = "AD DS"
            $global:bolADDSType = $true
        }
        default
        {
            $global:DSType = "Unknown"
        }
    }    
    $global:observableCollection.Insert(0,(LogMessage -strMessage "Connected to directory service  $global:DSType" -strType "Info" -DateStamp ))
    #Plaing with AD LDS Locally
    $global:TreeViewRootPath = $strNamingContextDN

    $xml = Get-XMLDomainOUTree $global:TreeViewRootPath -CREDS $CREDS
        # Change XML Document, XPath and Refresh
    $xmlprov.Document = $xml
    $xmlProv.XPath = "/DomainRoot"
    $xmlProv.Refresh()

    $global:bolConnected = $true

    If (!(Test-Path ($env:temp + "\OU.png")))
    {

        $IconFilePath = $env:temp + "\OU.png"
        $bytes = [Convert]::FromBase64String($OUpng)
        [IO.File]::WriteAllBytes($IconFilePath, $bytes)        

    }
    If (!(Test-Path ($env:temp + "\Expand.png")))
    {
        $IconFilePath = $env:temp + "\Expand.png"
        $bytes = [Convert]::FromBase64String($Expandpng)
        [IO.File]::WriteAllBytes($IconFilePath, $bytes)         
    }
    If (!(Test-Path ($env:temp + "\User.png")))
    {
        $IconFilePath = $env:temp + "\User.png"
        $bytes = [Convert]::FromBase64String($Userpng)
        [IO.File]::WriteAllBytes($IconFilePath, $bytes) 
    }
    If (!(Test-Path ($env:temp + "\Group.png")))
    {
        $IconFilePath = $env:temp + "\Group.png"
        $bytes = [Convert]::FromBase64String($Grouppng)
        [IO.File]::WriteAllBytes($IconFilePath, $bytes) 
    }
    If (!(Test-Path ($env:temp + "\Computer.png")))
    {
        $IconFilePath = $env:temp + "\Computer.png"
        $bytes = [Convert]::FromBase64String($Computerpng)
        [IO.File]::WriteAllBytes($IconFilePath, $bytes) 
    }
    If (!(Test-Path ($env:temp + "\Container.png")))
    {
        $IconFilePath = $env:temp + "\Container.png"
        $bytes = [Convert]::FromBase64String($Containerpng)
        [IO.File]::WriteAllBytes($IconFilePath, $bytes) 
    }
    If (!(Test-Path ($env:temp + "\DomainDNS.png")))
    {
        $IconFilePath = $env:temp + "\DomainDNS.png"
        $bytes = [Convert]::FromBase64String($DomainDNSpng)
        [IO.File]::WriteAllBytes($IconFilePath, $bytes) 
    }
    If (!(Test-Path ($env:temp + "\Other.png")))
    {
        $IconFilePath = $env:temp + "\Other.png"
        $bytes = [Convert]::FromBase64String($Otherpng)
        [IO.File]::WriteAllBytes($IconFilePath, $bytes)   
    }
    If (!(Test-Path ($env:temp + "\refresh.png")))
    {
        $IconFilePath = $env:temp + "\refresh.png"
        $bytes = [Convert]::FromBase64String($refreshpng)
        [IO.File]::WriteAllBytes($IconFilePath, $bytes) 
    }
    If (!(Test-Path ($env:temp + "\exclude.png")))
    {
        $IconFilePath = $env:temp + "\exclude.png"
        $bytes = [Convert]::FromBase64String($excludepng)
        [IO.File]::WriteAllBytes($IconFilePath, $bytes) 
    }
    #Test PS Version DeleteCommand requries PS 3.0 and above
    if ($PSVersionTable.PSVersion -gt "2.0") 
    {

        $TreeView1.ContextMenu.Items[0].Command = New-Object DelegateCommand( { Add-RefreshChild } )
        $TreeView1.ContextMenu.Items[1].Command = New-Object DelegateCommand( { Add-ExcludeChild } )

    }
    else 
    {
        Write-Error "Requries PS 3.0 and above"
        break
    }
    #Update Connection Info
    $txtDC.text = $global:strDC
    $txtdefaultnamingcontext.text = $global:strDomainDNName
    $txtconfigurationnamingcontext.text = $global:ConfigDN
    $txtschemanamingcontext.text = $global:SchemaDN
    $txtrootdomainnamingcontext.text = $global:ForestRootDomainDN

}#End If NCSelect

Get Forest Root Domain ObjectSID

if ($global:DSType -eq „AD DS“)
{
$LDAPConnection = New-Object System.DirectoryServices.Protocols.LDAPConnection($global:strDC, $CREDS)
$LDAPConnection.SessionOptions.ReferralChasing = „None“
$request = New-Object System.directoryServices.Protocols.SearchRequest($global:strDomainDNName, „(objectClass=*)“, „base“)
[void]$request.Attributes.Add(„objectsid“)

try
{
    $response = $LDAPConnection.SendRequest($request)
    $global:bolLDAPConnection = $true
}
catch
{
    $global:bolLDAPConnection = $false
    $global:observableCollection.Insert(0,(LogMessage -strMessage "Failed! Domain does not exist or can not be connected" -strType "Error" -DateStamp ))
}
if($global:bolLDAPConnection -eq $true)
{
    $global:DomainSID = GetSidStringFromSidByte $response.Entries[0].attributes.objectsid.GetValues([byte[]])[0]

}

if($global:ForestRootDomainDN -ne $global:strDomainDNName)
{
    $global:strForestDomainLongName = $global:ForestRootDomainDN.Replace("DC=","")
    $global:strForestDomainLongName = $global:strForestDomainLongName.Replace(",",".")
    if($CREDS.UserName)
    {
        $Context = New-Object DirectoryServices.ActiveDirectory.DirectoryContext("Domain",$global:strForestDomainLongName,$CREDS.UserName,$CREDS.GetNetworkCredential().Password) 
    }
    else
    {
        $Context = New-Object DirectoryServices.ActiveDirectory.DirectoryContext("Domain",$global:strForestDomainLongName) 
    }
    $ojbDomain = [DirectoryServices.ActiveDirectory.Domain]::GetDomain($Context)
    $global:strForestDC = $($ojbDomain.FindDomainController()).name

    $LDAPConnection = New-Object System.DirectoryServices.Protocols.LDAPConnection($global:strForestDC, $CREDS)
    $LDAPConnection.SessionOptions.ReferralChasing = "None"
    $request = New-Object System.directoryServices.Protocols.SearchRequest($global:ForestRootDomainDN, "(objectClass=*)", "base")
    [void]$request.Attributes.Add("objectsid")

    try
    {
        $response = $LDAPConnection.SendRequest($request)
        $global:bolLDAPConnection = $true
    }
    catch
    {
        $global:bolLDAPConnection = $false
        $global:observableCollection.Insert(0,(LogMessage -strMessage "Failed! Domain does not exist or can not be connected" -strType "Error" -DateStamp ))
    }
    if($global:bolLDAPConnection -eq $true)
    {
        $global:ForestRootDomainSID = GetSidStringFromSidByte $response.Entries[0].attributes.objectsid.GetValues([byte[]])[0]

    }
}
else
{
    $global:strForestDC = $global:strDC
    $global:ForestRootDomainSID = $global:DomainSID
}

}

})

$chkBoxCreds.add_UnChecked({
$script:CREDS = $null
})

$btnScan.add_Click(
{

$UseCanonicalName = $chkBoxUseCanonicalName.IsChecked

$Protected  = $chkBoxGetOUProtected.IsChecked

If($chkBoxCompare.IsChecked)
{
    RunCompare -CREDS $script:CREDS
}
else
{
    RunScan -CREDS $script:CREDS
}

})

$btnCreateHTML.add_Click(
{
if ($txtCSVImport.Text -eq „“)
{
$global:observableCollection.Insert(0,(LogMessage -strMessage „No Template CSV file selected!“ -strType „Error“ -DateStamp ))
}
else
{
#if ($global:bolConnected -eq $true)
#{
ConvertCSVtoHTM $txtCSVImport.Text $chkBoxTranslateGUIDinCSV.isChecked -CREDS $CREDS
#}
#else
#{
#$global:observableCollection.Insert(0,(LogMessage -strMessage „You need to connect to a directory first!“ -strType „Error“ -DateStamp ))
#}
}

})

$btnSupport.add_Click(
{
GenerateSupportStatement
})

$btnExit.add_Click(
{

TODO: Place custom script here

$ErrorActionPreference = „SilentlyContinue“

$bolConnected= $null
$bolTempValue_InhertiedChkBox= $null
$dicDCSpecialSids= $null
$dicNameToSchemaIDGUIDs= $null
$dicRightsGuids= $null
$dicSchemaIDGUIDs= $null
$dicSidToName= $null
$dicWellKnownSids= $null
$myPID= $null
$observableCollection= $null
$strDomainPrinDNName= $null
$strDomainSelect= $null
$strEffectiveRightAccount= $null
$strEffectiveRightSP= $null
$strPinDomDC= $null
$strPrincipalDN= $null
$strPrinDomAttr= $null
$strPrinDomDir= $null
$strPrinDomFlat= $null
$strSPNobjectClass= $null
$tokens= $null
$strDC = $null
$strDomainDNName = $null
$strDomainLongName = $null
$strDomainShortName = $null
$strOwner = $null

$CREDS = $null

remove-variable -name „CREDS“

remove-variable -name „bolConnected“ -Scope Global
remove-variable -name „bolTempValue_InhertiedChkBox“ -Scope Global
remove-variable -name „dicDCSpecialSids“ -Scope Global
remove-variable -name „dicNameToSchemaIDGUIDs“ -Scope Global
remove-variable -name „dicRightsGuids“ -Scope Global
remove-variable -name „dicSchemaIDGUIDs“ -Scope Global
remove-variable -name „dicSidToName“ -Scope Global
remove-variable -name „dicWellKnownSids“ -Scope Global
remove-variable -name „myPID“ -Scope Global
remove-variable -name „observableCollection“ -Scope Global
remove-variable -name „strDomainPrinDNName“ -Scope Global
remove-variable -name „strDomainSelect“ -Scope Global
remove-variable -name „strEffectiveRightAccount“ -Scope Global
remove-variable -name „strEffectiveRightSP“ -Scope Global
remove-variable -name „strPinDomDC“ -Scope Global
remove-variable -name „strPrincipalDN“ -Scope Global
remove-variable -name „strPrinDomAttr“ -Scope Global
remove-variable -name „strPrinDomDir“ -Scope Global
remove-variable -name „strPrinDomFlat“ -Scope Global
remove-variable -name „strSPNobjectClass“ -Scope Global
remove-variable -name „tokens“ -Scope Global

$ErrorActionPreference = „SilentlyContinue“
&{#Try
$xmlDoc = $null
remove-variable -name „xmlDoc“ -Scope Global
}
Trap [SystemException]
{

 SilentlyContinue
}

$ErrorActionPreference = „Continue“

$Window.close()

})

$treeView1.add_SelectedItemChanged({

$txtBoxSelected.Text = (Get-XMLPath -xmlElement ($this.SelectedItem))

if ($this.SelectedItem.Tag -eq „NotEnumerated“)
{

$xmlNode = $global:xmlDoc

$NodeDNPath = $($this.SelectedItem.ParentNode.Text.toString())
[void]$this.SelectedItem.ParentNode.removeChild($this.SelectedItem);
$Mynodes = $xmlNode.SelectNodes("//OU[@Text='$NodeDNPath']")

$treeNodePath = $NodeDNPath

# Initialize and Build Domain OU Tree 
ProcessOUTree -node $($Mynodes) -ADSObject $treeNodePath -CREDS $CREDS
# Set tag to show this node is already enumerated 
$this.SelectedItem.Tag  = "Enumerated"

}

})

}#### End of if $base , check if UI should be loaded

<######################################################################

Functions to Build Domains OU Tree XML Document
################################################################>

region

function RunCompare
{
param(
[Parameter(Mandatory=$false)]
[pscredential]
$CREDS)

if($chkBoxSeverity.isChecked -or $chkBoxEffectiveRightsColor.isChecked)
{
$bolShowCriticalityColor = $true
}
else
{
$bolShowCriticalityColor = $false
}
If ($txtBoxSelected.Text -or $chkBoxTemplateNodes.IsChecked )
{
#If the DC string is changed during the compre ti will be restored to it’s orgi value
$global:ResetDCvalue = „“
$global:ResetDCvalue = $global:strDC

$allSubOU = New-Object System.Collections.ArrayList
$allSubOU.Clear()
if ($txtCompareTemplate.Text -eq "")
{
    $global:observableCollection.Insert(0,(LogMessage -strMessage "No Template CSV file selected!" -strType "Error" -DateStamp ))
}
else
{
        if ($(Test-Path $txtCompareTemplate.Text) -eq $true)
        {

        if (($chkBoxEffectiveRights.isChecked -eq $true) -or ($chkBoxFilter.isChecked -eq $true))
        {
            if ($chkBoxEffectiveRights.isChecked)
            {
                $global:observableCollection.Insert(0,(LogMessage -strMessage "Can't compare while Effective Rights enabled!" -strType "Error" -DateStamp ))
            }
            if ($chkBoxFilter.isChecked)
            {
                $global:observableCollection.Insert(0,(LogMessage -strMessage "Can't compare while Filter  enabled!" -strType "Error" -DateStamp ))
            }
        }
        else
        {
            $global:bolCSVLoaded = $false
            $strCompareFile = $txtCompareTemplate.Text

            &{#Try
                $global:bolCSVLoaded = $true
                $global:csvHistACLs = import-Csv $strCompareFile 
            }
            Trap [SystemException]
            {
                $strCSVErr = $_.Exception.Message
                $global:observableCollection.Insert(0,(LogMessage -strMessage "Failed to load CSV. $strCSVErr" -strType "Error" -DateStamp ))
                $global:bolCSVLoaded = $false
                continue
            }   
           #Verify that a successful CSV import is performed before continue            
           if($global:bolCSVLoaded)
           {
                #Test CSV file format
               if(TestCSVColumns $global:csvHistACLs)
                                                                                                                                                                                                                                                                                                   {

               $global:observableCollection.Insert(0,(LogMessage -strMessage "Scanning..." -strType "Info" -DateStamp ))
               $BolSkipDefPerm = $chkBoxDefaultPerm.IsChecked
               $BolSkipProtectedPerm =  $chkBoxSkipProtectedPerm.IsChecked
               $global:bolProgressBar = $chkBoxSkipProgressBar.IsChecked
               if(($rdbOnlyCSV.IsChecked) -or ($rdbOnlyCSVTEMPLATE.IsChecked))
               {
                    $bolCSV = $true
               }
               else
               {
                    $bolCSV = $false
               }
               if ($chkBoxTemplateNodes.IsChecked -eq $false)
                {
                    $sADobjectName = $txtBoxSelected.Text.ToString()
                    $LDAPConnection = New-Object System.DirectoryServices.Protocols.LDAPConnection($global:strDC,$CREDS)
                    $LDAPConnection.SessionOptions.ReferralChasing = "None"
                    $request = New-Object System.directoryServices.Protocols.SearchRequest
                    if($global:bolShowDeleted)
                    {
                        [string] $LDAP_SERVER_SHOW_DELETED_OID = "1.2.840.113556.1.4.417"
                        [void]$request.Controls.Add((New-Object "System.DirectoryServices.Protocols.DirectoryControl" -ArgumentList "$LDAP_SERVER_SHOW_DELETED_OID",$null,$false,$true ))
                    }
                    $request.DistinguishedName = $sADobjectName
                    $request.Filter = "(name=*)"
                    $request.Scope = "Base"
                    [void]$request.Attributes.Add("name")
                    $response = $LDAPConnection.SendRequest($request)
                    $ADobject = $response.Entries[0]
                    if($null -ne $ADobject.Attributes.name)
                    {
                        $strNode = fixfilename $ADobject.attributes.name[0]
                    }
                    else
                    {
                            $global:observableCollection.Insert(0,(LogMessage -strMessage "Could not read object $($txtBoxSelected.Text.ToString()). Enough permissions?" -strType "Error" -DateStamp ))
                    }

                }
                else
                {
                    #Set the bolean to true so connection will be performed unless an error occur
                    $bolContinue = $true
                    if($global:csvHistACLs[0].Object)
                    {
                        $strOUcol = $global:csvHistACLs[0].Object
                    }
                    else
                    {
                        $strOUcol = $global:csvHistACLs[0].OU
                    }

                    if($strOUcol.Contains("<DOMAIN-DN>") -gt 0)
                    {
                        $strOUcol = ($strOUcol -Replace "<DOMAIN-DN>",$global:strDomainDNName)

                    }

                    if($strOUcol.Contains("<ROOT-DN>") -gt 0)
                    {
                        $strOUcol = ($strOUcol -Replace "<ROOT-DN>",$global:ForestRootDomainDN)

                        if($global:strDomainDNName -ne $global:ForestRootDomainDN)
                        {
                            if($global:IS_GC -eq "TRUE")
                            {
                                $MsgBox = [System.Windows.Forms.MessageBox]::Show("You are not connected to the forest root domain: $global:ForestRootDomainDN.`n`nYour DC is a Global Catalog.`nDo you want to use Global Catalog and  continue?",”Information”,3,"Warning")
                                if($MsgBox -eq "Yes")
                                {
                                    if($global:strDC.contains(":"))
                                    {
                                        $global:strDC = $global:strDC.split(":")[0] + ":3268"
                                    }
                                    else
                                    {
                                        $global:strDC = $global:strDC + ":3268"
                                    }

                                }
                                else
                                {
                                    $bolContinue = $false
                                }

                            }
                            else
                            {
                                $MsgBox = [System.Windows.Forms.MessageBox]::Show("You are not connected to the forest root domain: $global:ForestRootDomainDN.",”Information”,0,"Warning")
                                $bolContinue = $false
                            }
                        }

                    }


                    if($txtReplaceDN.text.Length -gt 0)
                    {
                        $strOUcol = ($strOUcol -Replace $txtReplaceDN.text,$global:strDomainDNName)

                    }
                    $sADobjectName = $strOUcol
                    #Verify if the connection can be done
                    if($bolContinue)
                    {
                        $LDAPConnection = New-Object System.DirectoryServices.Protocols.LDAPConnection($global:strDC,$CREDS)
                        $LDAPConnection.SessionOptions.ReferralChasing = "None"
                        $request = New-Object System.directoryServices.Protocols.SearchRequest
                        if($global:bolShowDeleted)
                        {
                            [string] $LDAP_SERVER_SHOW_DELETED_OID = "1.2.840.113556.1.4.417"
                            [void]$request.Controls.Add((New-Object "System.DirectoryServices.Protocols.DirectoryControl" -ArgumentList "$LDAP_SERVER_SHOW_DELETED_OID",$null,$false,$true ))
                        }
                        $request.DistinguishedName = $sADobjectName
                        $request.Filter = "(name=*)"
                        $request.Scope = "Base"
                        [void]$request.Attributes.Add("name")

                        $response = $LDAPConnection.SendRequest($request)

                        $ADobject = $response.Entries[0]
                        $strNode = fixfilename $ADobject.attributes.name[0]
                    }
                    else
                    {
                        #Set the node to empty , no connection will be done
                        $strNode = ""
                    }
                }
                #if not is empty continue
                if($strNode -ne "")
                {
                    $bolTranslateGUIDStoObject = $false
                    $date= get-date -uformat %Y%m%d_%H%M%S
                    $strNode = fixfilename $strNode
                    $strFileCSV = $txtTempFolder.Text + "\" +$strNode + "_" + $global:strDomainShortName + "_adAclOutput" + $date +".csv" 
                    $strFileEXCEL = $txtTempFolder.Text + "\" +$strNode + "_" + $global:strDomainShortName + "_adAclOutput" + $date +".xlsx" 
                    $strFileHTA = $env:temp + "\"+$global:ACLHTMLFileName+".hta" 
                    $strFileHTM = $env:temp + "\"+"$global:strDomainShortName-$strNode-$global:SessionID"+".htm" 
                    if(!($bolCSV))
                    {        
                        if(!($rdbEXcel.IsChecked))
                        {                        
                            if ($chkBoxFilter.IsChecked)
                            {
                                CreateHTA "$global:strDomainShortName-$strNode Filtered" $strFileHTA  $strFileHTM $CurrentFSPath $global:strDomainDNName $global:strDC
                                CreateHTM "$global:strDomainShortName-$strNode Filtered" $strFileHTM 
                            }
                            else
                            {
                                CreateHTA "$global:strDomainShortName-$strNode" $strFileHTA $strFileHTM $CurrentFSPath $global:strDomainDNName $global:strDC
                                CreateHTM "$global:strDomainShortName-$strNode" $strFileHTM  
                            }

                            InitiateHTM $strFileHTA $strNode $txtBoxSelected.Text.ToString() $chkBoxReplMeta.IsChecked $chkBoxACLsize.IsChecked $Protected $bolShowCriticalityColor $true $BolSkipDefPerm $BolSkipProtectedPerm $strCompareFile $chkBoxFilter.isChecked $chkBoxEffectiveRights.isChecked $chkBoxObjType.isChecked -bolCanonical:$UseCanonicalName $GPO
                            InitiateHTM $strFileHTM $strNode $txtBoxSelected.Text.ToString() $chkBoxReplMeta.IsChecked $chkBoxACLsize.IsChecked $Protected $bolShowCriticalityColor $true $BolSkipDefPerm $BolSkipProtectedPerm $strCompareFile $chkBoxFilter.isChecked $chkBoxEffectiveRights.isChecked $chkBoxObjType.isChecked -bolCanonical:$UseCanonicalName $GPO

                            $Format = "HTML"
                            $Show = $true
                        }
                        else
                        {
                            $Format = "EXCEL"
                            $Show = $false
                        }
                    }
                    else
                    {
                        if($rdbOnlyCSV.IsChecked)
                        {
                            $Format = "CSV"
                        }
                        if($rdbOnlyCSVTEMPLATE.IsChecked)
                        {
                            $Format = "CSVTEMPLATE"
                        }
                        $Show = $false
                    }
                    If (($txtBoxSelected.Text.ToString().Length -gt 0) -or (($chkBoxTemplateNodes.IsChecked -eq $true)))
                    {
                        #Select type of scope
                        If ($rdbBase.IsChecked -eq $False)
                        {
                            If ($rdbSubtree.IsChecked -eq $true)
                            {
                                if($rdbScanFilter.IsChecked -eq $true)
                                {
                                    $allSubOU = GetAllChildNodes -firstnode $txtBoxSelected.Text -scope "subtree" -ExcludedDNs $txtBoxExcluded.text -CustomFilter $txtCustomFilter.Text -CREDS $CREDS
                                }
                                else
                                {
                                   $allSubOU = GetAllChildNodes -firstnode $txtBoxSelected.Text -scope "subtree" -ExcludedDNs $txtBoxExcluded.text -CREDS $CREDS
                                }
                            }
                            else
                            {
                                if($rdbScanFilter.IsChecked -eq $true)
                                {
                                    $allSubOU = GetAllChildNodes -firstnode $txtBoxSelected.Text -scope "onelevel" -ExcludedDNs $txtBoxExcluded.text -CustomFilter $txtCustomFilter.Text -CREDS $CREDS
                                }
                                else
                                {
                                   $allSubOU = GetAllChildNodes -firstnode $txtBoxSelected.Text -scope "onelevel" -ExcludedDNs $txtBoxExcluded.text -CREDS $CREDS
                                }
                            }        
                        }
                        else
                        {
                            $allSubOU =  @($txtBoxSelected.Text)
                        }
                        #if any objects found compare ACLs
                        if($allSubOU.count -gt 0)
                        {                    
                            $TemplateFilter = $combReturns.SelectedItem
                            $bolToFile = $true
                            #Used from comand line only
                            $FilterBuiltin = $false
                            Get-PermCompare $allSubOU $BolSkipDefPerm $BolSkipProtectedPerm $chkBoxReplMeta.IsChecked $chkBoxGetOwner.IsChecked $bolCSV $Protected $chkBoxACLsize.IsChecked $bolTranslateGUIDStoObject $Show $Format $TemplateFilter $bolToFile $bolShowCriticalityColor $chkBoxSeverity.IsChecked $combServerity.SelectedItem $chkBoxTranslateGUID.isChecked -CREDS $CREDS
                        }    
                        else
                        {
                            $global:observableCollection.Insert(0,(LogMessage -strMessage "No objects returned!" -strType "Error" -DateStamp ))
                        }
                        $global:observableCollection.Insert(0,(LogMessage -strMessage "Finished" -strType "Info" -DateStamp ))
                   }# End If txtBoxSelected or chkBoxTemplateNodes
                }
                else
                {
                    $global:observableCollection.Insert(0,(LogMessage -strMessage "Could not connect to $sADobjectName" -strType "Error" -DateStamp ))
                }#End if not is empty
            }#else if test column names exist
                else
                {
                    $global:observableCollection.Insert(0,(LogMessage -strMessage "CSV file got wrong format! File:  $strCompareFile" -strType "Error" -DateStamp ))
                } #End if test column names exist 
            } # End If Verify that a successful CSV import is performed before continue 
       }#End If $chkBoxEffectiveRights.isChecked  -or $chkBoxFilter.isChecked

    }#End If Test-Path
    else
    {
        $global:observableCollection.Insert(0,(LogMessage -strMessage "CSV file not found!" -strType "Error" -DateStamp ))
    }#End If Test-Path Else
}# End If          

#Restore the DC string to its original
$global:strDC = $global:ResetDCvalue

}
else
{
$global:observableCollection.Insert(0,(LogMessage -strMessage „No object selected!“ -strType „Error“ -DateStamp ))
}
$allSubOU = „“
$strFileCSV = „“
$strFileHTA = „“
$strFileHTM = „“
$sADobjectName = „“
$date= „“
}

function RunScan
{
param(
[Parameter(Mandatory=$false)]
[pscredential]
$CREDS)

if($rdbGPO.isChecked)
{
$GPO = $true
}

if($chkBoxSeverity.isChecked -or $chkBoxEffectiveRightsColor.isChecked)
{
$bolShowCriticalityColor = $true
}
else
{
$bolShowCriticalityColor = $false
}
$bolPreChecks = $true
If ($txtBoxSelected.Text)
{
If(($chkBoxFilter.IsChecked -eq $true) -and (($chkBoxType.IsChecked -eq $false) -and ($chkBoxObject.IsChecked -eq $false) -and ($chkBoxTrustee.IsChecked -eq $false) -and ($chkBoxFilterBuiltin.IsChecked -eq $false) -and ($chkBoxPermission.IsChecked -eq $false)))
{

               $global:observableCollection.Insert(0,(LogMessage -strMessage "Filter Enabled , but no filter is specified!" -strType "Error" -DateStamp ))
               $bolPreChecks = $false
}
else
{
    If(($chkBoxFilter.IsChecked -eq $true) -and  (($combAccessCtrl.SelectedIndex -eq -1) -and ($txtBoxObjectFilter.Text -eq  "") -and ($txtFilterTrustee.Text -eq  "") -and ($txtPermission.Text -eq  "") -and ($chkBoxFilterBuiltin.IsChecked -eq  $false)))
    {

                   $global:observableCollection.Insert(0,(LogMessage -strMessage "Filter Enabled , but no filter is specified!" -strType "Error" -DateStamp ))
                   $bolPreChecks = $false
    }
}

If(($chkBoxEffectiveRights.IsChecked -eq $true) -and  ($global:tokens.count -eq 0))
{

                $global:observableCollection.Insert(0,(LogMessage -strMessage "Effective rights enabled , but no service principal selected!" -strType "Error" -DateStamp ))
                $bolPreChecks = $false
}
$global:intShowCriticalityLevel = 0
if ($bolPreChecks -eq $true)
{
    $strCompareFile = ""
    $allSubOU = New-Object System.Collections.ArrayList
    $allSubOU.Clear()
    $global:observableCollection.Insert(0,(LogMessage -strMessage "Scanning..." -strType "Info" -DateStamp ))
    $BolSkipDefPerm = $chkBoxDefaultPerm.IsChecked
    $BolSkipProtectedPerm =  $chkBoxSkipProtectedPerm.IsChecked
    $global:bolProgressBar = $chkBoxSkipProgressBar.IsChecked
    $bolSDDL =  $chkBoxSDDLView.IsChecked
    if(($rdbOnlyCSV.IsChecked) -or ($rdbOnlyCSVTEMPLATE.IsChecked))
    {
    $bolCSV = $true
    }
    $LDAPConnection = New-Object System.DirectoryServices.Protocols.LDAPConnection($global:strDC,$CREDS)
    $LDAPConnection.SessionOptions.ReferralChasing = "None"
    $request = New-Object System.directoryServices.Protocols.SearchRequest
    if($global:bolShowDeleted)
    {
        [string] $LDAP_SERVER_SHOW_DELETED_OID = "1.2.840.113556.1.4.417"
        [void]$request.Controls.Add((New-Object "System.DirectoryServices.Protocols.DirectoryControl" -ArgumentList "$LDAP_SERVER_SHOW_DELETED_OID",$null,$false,$true ))
    }
    $request.DistinguishedName = $txtBoxSelected.Text.ToString()
    $request.Filter = "(name=*)"
    $request.Scope = "Base"
    [void]$request.Attributes.Add("name")

    $response = $LDAPConnection.SendRequest($request)
    $ADobject = $response.Entries[0]
    #Verify that attributes can be read
    if($null -ne $ADobject.distinguishedName)
    {

        if($null -ne $ADobject.Attributes.name)
        {
            $strNode = $ADobject.Attributes.name[0]
        }
        else
        {
            $strNode = $ADobject.distinguishedName
        }

        if($GPO)
        {
            $strNode = $strNode + "_GPOs"
        }


        $bolTranslateGUIDStoObject = $false
        $date= get-date -uformat %Y%m%d_%H%M%S
        $strNode = fixfilename $strNode
        $strFileCSV = $txtTempFolder.Text + "\" +$strNode + "_" + $global:strDomainShortName + "_adAclOutput" + $date +".csv" 
        $strFileEXCEL = $txtTempFolder.Text + "\" +$strNode + "_" + $global:strDomainShortName + "_adAclOutput" + $date +".xlsx" 
        $strFileHTA = $env:temp + "\"+$global:ACLHTMLFileName+".hta" 
        $strFileHTM = $env:temp + "\"+"$global:strDomainShortName-$strNode-$global:SessionID"+".htm"   
        if(!($bolCSV))
        {        
            if(!($rdbEXcel.IsChecked))
            {                        
                if ($chkBoxFilter.IsChecked)
                {
                    CreateHTA "$global:strDomainShortName-$strNode Filtered" $strFileHTA  $strFileHTM $CurrentFSPath $global:strDomainDNName $global:strDC
                    CreateHTM "$global:strDomainShortName-$strNode Filtered" $strFileHTM 
                }
                else
                {
                    CreateHTA "$global:strDomainShortName-$strNode" $strFileHTA $strFileHTM $CurrentFSPath $global:strDomainDNName $global:strDC
                    CreateHTM "$global:strDomainShortName-$strNode" $strFileHTM  
                }

                InitiateHTM $strFileHTA $strNode $txtBoxSelected.Text.ToString() $chkBoxReplMeta.IsChecked $chkBoxACLsize.IsChecked $Protected $bolShowCriticalityColor $false $BolSkipDefPerm $BolSkipProtectedPerm $strCompareFile $chkBoxFilter.isChecked $chkBoxEffectiveRights.isChecked $chkBoxObjType.isChecked -bolCanonical:$UseCanonicalName $GPO $chkBoxSDDLView.isChecked
                InitiateHTM $strFileHTM $strNode $txtBoxSelected.Text.ToString() $chkBoxReplMeta.IsChecked $chkBoxACLsize.IsChecked $Protected $bolShowCriticalityColor $false $BolSkipDefPerm $BolSkipProtectedPerm $strCompareFile $chkBoxFilter.isChecked $chkBoxEffectiveRights.isChecked $chkBoxObjType.isChecked -bolCanonical:$UseCanonicalName $GPO $chkBoxSDDLView.isChecked
                $Format = "HTML"
                $Show = $true
            }
            else
            {
                $Format = "EXCEL"
                $Show = $false
            }
        }
        else
        {
            if($rdbOnlyCSV.IsChecked)
            {
                $Format = "CSV"
            }
            if($rdbOnlyCSVTEMPLATE.IsChecked)
            {
                $Format = "CSVTEMPLATE"
            }
            $Show = $false
        }                   
        If ($txtBoxSelected.Text.ToString().Length -gt 0)
        {
            #Select type of scope
            If ($rdbBase.IsChecked -eq $true)
            {
                $Scope =  "base"
            }
            If ($rdbOneLevel.IsChecked -eq $true)
            {
                $Scope =  "onelevel"
            }
            If ($rdbSubtree.IsChecked -eq $true)
            {
                $Scope =  "subtree"
            }

            $IncludeInherited = $chkInheritedPerm.IsChecked

            if($rdbScanFilter.IsChecked -eq $true)
            {
                $allSubOU = @(GetAllChildNodes -firstnode $txtBoxSelected.Text -scope $Scope -ExcludedDNs $txtBoxExcluded.text -CustomFilter $txtCustomFilter.Text -CREDS $CREDS )
            }
            else
            {
                $allSubOU = @(GetAllChildNodes -firstnode $txtBoxSelected.Text -scope $Scope -ExcludedDNs $txtBoxExcluded.text -CREDS $CREDS)
            }

            #if any objects found read ACLs
            if($allSubOU.count -gt 0)
            {                    
                $bolToFile = $true
                #Used from comand line only
                $FilterBuiltin = $chkBoxFilterBuiltin.IsChecked

                Get-Perm -AllObjectDn $allSubOU -DomainNetbiosName $global:strDomainShortName -IncludeInherited $IncludeInherited -SkipDefaultPerm $BolSkipDefPerm -SkipProtectedPerm $BolSkipProtectedPerm -FilterEna $chkBoxFilter.IsChecked -bolGetOwnerEna $chkBoxGetOwner.IsChecked -bolReplMeta $chkBoxReplMeta.IsChecked -bolACLsize $chkBoxACLsize.IsChecked -bolEffectiveR $chkBoxEffectiveRights.IsChecked -bolGetOUProtected $Protected -bolGUIDtoText $bolTranslateGUIDStoObject -Show $Show -OutType $Format -bolToFile $bolToFile -bolAssess $chkBoxSeverity.IsChecked -AssessLevel $combServerity.SelectedItem -bolShowCriticalityColor $bolShowCriticalityColor -GPO $GPO -FilterBuiltin $FilterBuiltin -TranslateGUID $chkBoxTranslateGUID.isChecked -RecursiveFind $chkBoxRecursiveFind.isChecked -RecursiveObjectType $combRecursiveFind.SelectedValue -ApplyTo $txtBoxObjectFilter.Text -ACLObjectFilter $chkBoxObject.IsChecked -FilterTrustee $txtFilterTrustee.Text -FilterForTrustee $chkBoxTrustee.IsChecked -AccessType $combAccessCtrl.SelectedItem -AccessFilter $chkBoxType.IsChecked -BolACLPermissionFilter $chkBoxPermission.IsChecked  -ACLPermissionFilter $txtPermission.Text  -CREDS $CREDS -ReturnObjectType $combReturnObjectType.SelectedItem -SDDL $bolSDDL
            }
            else
            {
                $global:observableCollection.Insert(0,(LogMessage -strMessage "No objects returned! Does your filter relfect the objects you are searching for?" -strType "Error" -DateStamp ))
            }                                
        }
    }
    else
    {
            $global:observableCollection.Insert(0,(LogMessage -strMessage "Could not read object $($txtBoxSelected.Text.ToString()). Enough permissions?" -strType "Error" -DateStamp ))
    }
}

}
else
{
$global:observableCollection.Insert(0,(LogMessage -strMessage „No object selected!“ -strType „Error“ -DateStamp ))
}
$global:observableCollection.Insert(0,(LogMessage -strMessage „Finished“ -strType „Info“ -DateStamp ))

$allSubOU = „“
$strFileCSV = „“
$strFileHTA = „“
$strFileHTM = „“
$sADobjectName = „“
$date= „“

}
function Get-XMLPath
{
Param($xmlElement)
$Path = „“

$FQDN = $xmlElement.Text

return $FQDN

}

function AddXMLAttribute
{
Param([ref]$node, $szName, $value)
$attribute = $global:xmlDoc.createAttribute($szName);
[void]$node.value.setAttributeNode($attribute);
$node.value.setAttribute($szName, $value);

#return $node;

}

function Add-ExcludeChild
{

# Test if any node is selected
if($txtBoxSelected.Text.Length -gt 0)
{
    if($txtBoxExcluded.Text.Length -gt 0)
    {
        $txtBoxExcluded.Text = $txtBoxExcluded.Text + ";" + $txtBoxSelected.Text 
    }
    else
    {
        $txtBoxExcluded.Text =  $txtBoxSelected.Text
    }

}

}

function Add-RefreshChild
{

# Test if any node is selected
if($txtBoxSelected.Text.Length -gt 0)
{
    $xmlNode = $global:xmlDoc
    $NodeDNPath = $txtBoxSelected.Text

    if($global:TreeViewRootPath -eq $NodeDNPath)
    {
        $Mynodes = $xmlNode.SelectSingleNode("//DomainRoot[@Text='$NodeDNPath']")
        # Make sure a node was found
        if($Mynodes.Name.Length -gt 0)
        {
            $Mynodes.IsEmpty = $true
            $treeNodePath = $NodeDNPath

            # Initialize and Build Domain OU Tree 

            ProcessOUTree -node $($Mynodes) -ADSObject $treeNodePath -CREDS $CREDS 
            # Set tag to show this node is already enumerated 

        }
    }
    else
    {
        $Mynodes = $xmlNode.SelectSingleNode("//OU[@Text='$NodeDNPath']")
        # Make sure a node was found
        if($Mynodes.Name.Length -gt 0)
        {
            $Mynodes.IsEmpty = $true
            $treeNodePath = $NodeDNPath

            # Initialize and Build Domain OU Tree 
            ProcessOUTree -node $($Mynodes) -ADSObject $treeNodePath -CREDS $CREDS 
            # Set tag to show this node is already enumerated 

        }
    }
}

}

Processes an OU tree

function ProcessOUTree
{

Param(
$node,
$ADSObject,
[Parameter(Mandatory=$false)]

[pscredential]

$CREDS) # Increment the node count to indicate we are done with the domain level $strFilterOUCont = „(&(|(objectClass=organizationalUnit)(objectClass=container)(objectClass=domainDNS)))“ $strFilterAll = „(objectClass=*)“ $LDAPConnection = New-Object System.DirectoryServices.Protocols.LDAPConnection($global:strDC, $CREDS) $LDAPConnection.SessionOptions.ReferralChasing = „None“ $request = New-Object System.directoryServices.Protocols.SearchRequest [System.DirectoryServices.Protocols.PageResultRequestControl]$pagedRqc = new-object System.DirectoryServices.Protocols.PageResultRequestControl($global:PageSize) $request.Controls.Add($pagedRqc) | Out-Null if($global:bolShowDeleted) { [string] $LDAP_SERVER_SHOW_DELETED_OID = „1.2.840.113556.1.4.417“ [void]$request.Controls.Add((New-Object „System.DirectoryServices.Protocols.DirectoryControl“ -ArgumentList „$LDAP_SERVER_SHOW_DELETED_OID“,$null,$false,$true )) } $request.DistinguishedName = $ADSObject # Single line Directory searcher # set a filter If ($rdbBrowseAll.IsChecked -eq $true) { $request.Filter = $strFilterAll } else { $request.Filter = $strFilterOUCont } # set search scope $request.Scope = „OneLevel“ [void]$request.Attributes.Add(„name“) [void]$request.Attributes.Add(„objectclass“) # Now walk the list and recursively process each child while ($true) { $response = $LdapConnection.SendRequest($request, (new-object System.Timespan(0,0,$global:TimeoutSeconds))) -as [System.DirectoryServices.Protocols.SearchResponse]; #for paged search, the response for paged search result control – we will need a cookie from result later if($global:PageSize -gt 0) { [System.DirectoryServices.Protocols.PageResultResponseControl] $prrc=$null; if ($response.Controls.Length -gt 0) { foreach ($ctrl in $response.Controls) { if ($ctrl -is [System.DirectoryServices.Protocols.PageResultResponseControl]) { $prrc = $ctrl; break; } } } if($null -eq $prrc) { #server was unable to process paged search throw „Find-LdapObject: Server failed to return paged response for request $SearchFilter“ } } #now process the returned list of distinguishedNames and fetch required properties using ranged retrieval $colResults = $response.Entries foreach ($objResult in $colResults) { $NewOUNode = $global:xmlDoc.createElement(„OU“); if ($objResult.attributes.Count -ne 0) { # Add an Attribute for the Name if (($null -ne $($objResult.attributes.name[0]))) { # Add an Attribute for the Name $OUName = „$($objResult.attributes.name[0])“ AddXMLAttribute -node ([ref]$NewOUNode) -szName „Name“ -value $OUName $DNName = $objResult.distinguishedname AddXMLAttribute -node ([ref]$NewOUNode) -szName „Text“ -value $DNName Switch ($objResult.attributes.objectclass[$objResult.attributes.objectclass.count-1]) { „domainDNS“ { AddXMLAttribute -node ([ref]$NewOUNode) -szName „Img“ -value „$env:temp\DomainDNS.png“ } „OrganizationalUnit“ { AddXMLAttribute -node ([ref]$NewOUNode) -szName „Img“ -value „$env:temp\OU.png“ } „user“ { AddXMLAttribute -node ([ref]$NewOUNode) -szName „Img“ -value „$env:temp\User.png“ } „group“ { AddXMLAttribute -node ([ref]$NewOUNode) -szName „Img“ -value „$env:temp\Group.png“ } „computer“ { AddXMLAttribute -node ([ref]$NewOUNode) -szName „Img“ -value „$env:temp\Computer.png“ } „container“ { AddXMLAttribute -node ([ref]$NewOUNode) -szName „Img“ -value „$env:temp\Container.png“ } default { AddXMLAttribute -node ([ref]$NewOUNode) -szName „Img“ -value „$env:temp\Other.png“ } } AddXMLAttribute -node ([ref]$NewOUNode) -szName „Tag“ -value „Enumerated“ $child = $node.appendChild($NewOUNode); ProcessOUTreeStep2OnlyShow -node $NewOUNode -DNName $DNName -CREDS $CREDS } else { $global:observableCollection.Insert(0,(LogMessage -strMessage „Could not read object $($objResult.distinguishedname)“ -strType „Error“ -DateStamp )) } } else { if ($null -ne $objResult.distinguishedname) { # Add an Attribute for the Name $DNName = $objResult.distinguishedname $OUName = $DNName.toString().Split(„,“)[0] if($OUName -match „=“) { $OUName = $OUName.Split(„=“)[1] } AddXMLAttribute -node ([ref]$NewOUNode) -szName „Name“ -value $OUName AddXMLAttribute -node ([ref]$NewOUNode) -szName „Text“ -value $DNName AddXMLAttribute -node ([ref]$NewOUNode) -szName „Img“ -value „$env:temp\Container.png“ AddXMLAttribute -node ([ref]$NewOUNode) -szName „Tag“ -value „Enumerated“ $child = $node.appendChild($NewOUNode); ProcessOUTreeStep2OnlyShow -node $NewOUNode -DNName $DNName -CREDS $CREDS } $global:observableCollection.Insert(0,(LogMessage -strMessage „Could not read object $($objResult.distinguishedname). Enough permissions?“ -strType „Warning“ -DateStamp )) } } if($global:PageSize -gt 0) { if ($prrc.Cookie.Length -eq 0) { #last page –> we’re done break; } #pass the search cookie back to server in next paged request $pagedRqc.Cookie = $prrc.Cookie; } else { #exit the processing for non-paged search break; } }

}
function ProcessOUTreeStep2OnlyShow
{
Param(
$node,

[string]
$DNName,

[Parameter(Mandatory=$false)]

[pscredential]

$CREDS) # Increment the node count to indicate we are done with the domain level $strFilterOUCont = „(&(|(objectClass=organizationalUnit)(objectClass=container)(objectClass=domainDNS)))“ $strFilterAll = „(&(name=*))“ $LDAPConnection = New-Object System.DirectoryServices.Protocols.LDAPConnection($global:strDC, $CREDS) $LDAPConnection.SessionOptions.ReferralChasing = „None“ #$request = New-Object System.directoryServices.Protocols.SearchRequest(„$global:SchemaDN“, „(objectClass=classSchema)“, „Subtree“) $request = New-Object System.directoryServices.Protocols.SearchRequest $request.distinguishedName = $DNName [System.DirectoryServices.Protocols.PageResultRequestControl]$pagedRqc = new-object System.DirectoryServices.Protocols.PageResultRequestControl($global:PageSize) $request.Controls.Add($pagedRqc) | Out-Null if($global:bolShowDeleted) { [string] $LDAP_SERVER_SHOW_DELETED_OID = „1.2.840.113556.1.4.417“ [void]$request.Controls.Add((New-Object „System.DirectoryServices.Protocols.DirectoryControl“ -ArgumentList „$LDAP_SERVER_SHOW_DELETED_OID“,$null,$false,$true )) } # Single line Directory searcher # set a filter If ($rdbBrowseAll.IsChecked -eq $true) { $request.Filter = $strFilterAll } else { $request.Filter = $strFilterOUCont } # set search scope $request.Scope = „oneLevel“ [void]$request.Attributes.Add(„name“) $arrSchemaObjects = New-Object System.Collections.ArrayList $intStop = 0 while ($true) { $response = $LdapConnection.SendRequest($request, (new-object System.Timespan(0,0,$global:TimeoutSeconds))) -as [System.DirectoryServices.Protocols.SearchResponse]; #for paged search, the response for paged search result control – we will need a cookie from result later if($global:PageSize -gt 0) { [System.DirectoryServices.Protocols.PageResultResponseControl] $prrc=$null; if ($response.Controls.Length -gt 0) { foreach ($ctrl in $response.Controls) { if ($ctrl -is [System.DirectoryServices.Protocols.PageResultResponseControl]) { $prrc = $ctrl; break; } } } if($null -eq $prrc) { #server was unable to process paged search throw „Find-LdapObject: Server failed to return paged response for request $SearchFilter“ } } #now process the returned list of distinguishedNames and fetch required properties using ranged retrieval $colResults = $response.Entries foreach ($objResult in $colResults) { if($intStop -eq 0) { $global:DirSrchResults = $objResult if ($null -ne $global:DirSrchResults.attributes) { # Add an Attribute for the Name $NewOUNode = $global:xmlDoc.createElement(„OU“); # Add an Attribute for the Name AddXMLAttribute -node ([ref]$NewOUNode) -szName „Name“ -value „Click …“ AddXMLAttribute -node ([ref]$NewOUNode) -szName „Text“ -value „Click …“ AddXMLAttribute -node ([ref]$NewOUNode) -szName „Img“ -value „$env:temp\Expand.png“ AddXMLAttribute -node ([ref]$NewOUNode) -szName „Tag“ -value „NotEnumerated“ [void]$node.appendChild($NewOUNode); } else { $global:observableCollection.Insert(0,(LogMessage -strMessage „At least one child object could not be accessed: $DNName“ -strType „Warning“ -DateStamp )) # Add an Attribute for the Name $NewOUNode = $global:xmlDoc.createElement(„OU“); # Add an Attribute for the Name AddXMLAttribute -node ([ref]$NewOUNode) -szName „Name“ -value „Click …“ AddXMLAttribute -node ([ref]$NewOUNode) -szName „Text“ -value „Click …“ AddXMLAttribute -node ([ref]$NewOUNode) -szName „Img“ -value „$env:temp\Expand.png“ AddXMLAttribute -node ([ref]$NewOUNode) -szName „Tag“ -value „NotEnumerated“ [void]$node.appendChild($NewOUNode); } } $intStop++ } if($global:PageSize -gt 0) { if ($prrc.Cookie.Length -eq 0) { #last page –> we’re done break; } #pass the search cookie back to server in next paged request $pagedRqc.Cookie = $prrc.Cookie; } else { #exit the processing for non-paged search break; } }#End While

}
function Get-XMLDomainOUTree
{

param
(
    $szDomainRoot,

    [Parameter(Mandatory=$false)]

[pscredential]

$CREDS ) $treeNodePath = $szDomainRoot # Initialize and Build Domain OU Tree $LDAPConnection = New-Object System.DirectoryServices.Protocols.LDAPConnection($global:strDC, $CREDS) $LDAPConnection.SessionOptions.ReferralChasing = „None“ $request = New-Object System.directoryServices.Protocols.SearchRequest if($global:bolShowDeleted) { [string] $LDAP_SERVER_SHOW_DELETED_OID = „1.2.840.113556.1.4.417“ [void]$request.Controls.Add((New-Object „System.DirectoryServices.Protocols.DirectoryControl“ -ArgumentList „$LDAP_SERVER_SHOW_DELETED_OID“,$null,$false,$true )) } $request.distinguishedName = $treeNodePath $request.filter = „(name=*)“ $request.Scope = „base“ [void]$request.Attributes.Add(„name“) [void]$request.Attributes.Add(„objectclass“) $response = $LDAPConnection.SendRequest($request) $DomainRoot = $response.Entries[0] if($DomainRoot.attributes.count -ne 0) { $DNName = $DomainRoot.distinguishedname if($null -ne $DomainRoot.Attributes.objectclass) { $strObClass = $DomainRoot.Attributes.objectclass[$DomainRoot.Attributes.objectclass.count-1] } else { $strObClass = „unknown“ } } else { $DNName = $DomainRoot.distinguishedname $strObClass = „container“ $global:observableCollection.Insert(0,(LogMessage -strMessage „Could not read object $DNName . Enough permissions?“ -strType „Error“ -DateStamp )) } $global:xmlDoc = New-Object -TypeName System.Xml.XmlDocument $global:xmlDoc.PreserveWhitespace = $false $RootNode = $global:xmlDoc.createElement(„DomainRoot“) AddXMLAttribute -Node ([ref]$RootNode) -szName „Name“ -value $szDomainRoot AddXMLAttribute -node ([ref]$RootNode) -szName „Text“ -value $DNName AddXMLAttribute -node ([ref]$RootNode) -szName „Icon“ -value „$env:temp\refresh.png“ AddXMLAttribute -node ([ref]$RootNode) -szName „Icon2“ -value „$env:temp\exclude.png“ Switch ($strObClass) { „domainDNS“ { AddXMLAttribute -node ([ref]$RootNode) -szName „Img“ -value „$env:temp\DomainDNS.png“ } „OrganizationalUnit“ { AddXMLAttribute -node ([ref]$RootNode) -szName „Img“ -value „$env:temp\OU.png“ } „user“ { AddXMLAttribute -node ([ref]$RootNode) -szName „Img“ -value „$env:temp\User.png“ } „group“ { AddXMLAttribute -node ([ref]$RootNode) -szName „Img“ -value „$env:temp\Group.png“ } „computer“ { AddXMLAttribute -node ([ref]$RootNode) -szName „Img“ -value „$env:temp\Computer.png“ } „container“ { AddXMLAttribute -node ([ref]$RootNode) -szName „Img“ -value „$env:temp\Container.png“ } default { AddXMLAttribute -node ([ref]$RootNode) -szName „Img“ -value „$env:temp\Other.png“ } } [void]$global:xmlDoc.appendChild($RootNode) $node = $global:xmlDoc.documentElement; #Process the OU tree ProcessOUTree -node $node -ADSObject $treeNodePath -CREDS $CREDS return $global:xmlDoc

}

$global:dicRightsGuids = @{„Seed“ = „xxx“}
$global:dicSidToName = @{„Seed“ = „xxx“}
$global:dicSidToObject = @{„Seed“ = „xxx“}
$global:dicDCSpecialSids =@{„BUILTIN\Incoming Forest Trust Builders“=“S-1-5-32-557“; "BUILTIN\Account Operators"="S-1-5-32-548";
„BUILTIN\Server Operators“=“S-1-5-32-549“; "BUILTIN\Pre-Windows 2000 Compatible Access"="S-1-5-32-554";
„BUILTIN\Terminal Server License Servers“=“S-1-5-32-561“; "BUILTIN\Windows Authorization Access Group"="S-1-5-32-560"} $global:dicWellKnownSids = @{"S-1-0"="Null Authority";
„S-1-0-0″=“Nobody“; "S-1-1"="World Authority";
„S-1-1-0″=“Everyone“; "S-1-2"="Local Authority";
„S-1-2-0″=“Local „; "S-1-2-1"="Console Logon ";
„S-1-3″=“Creator Authority“; "S-1-3-0"="Creator Owner";
„S-1-3-1″=“Creator Group“; "S-1-3-2"="Creator Owner Server";
„S-1-3-3″=“Creator Group Server“; "S-1-3-4"="Owner Rights";
„S-1-4″=“Non-unique Authority“; "S-1-5"="NT Authority";
„S-1-5-1″=“Dialup“; "S-1-5-2"="Network";
„S-1-5-3″=“Batch“; "S-1-5-4"="Interactive";
„S-1-5-6″=“Service“; "S-1-5-7"="Anonymous";
„S-1-5-8″=“Proxy“; "S-1-5-9"="Enterprise Domain Controllers";
„S-1-5-10″=“Principal Self“; "S-1-5-11"="Authenticated Users";
„S-1-5-12″=“Restricted Code“; "S-1-5-13"="Terminal Server Users";
„S-1-5-14″=“Remote Interactive Logon“; "S-1-5-15"="This Organization";
„S-1-5-17″=“IUSR“; "S-1-5-18"="Local System";
„S-1-5-19″=“NT Authority“; "S-1-5-20"="NT Authority";
„S-1-5-22″=“ENTERPRISE READ-ONLY DOMAIN CONTROLLERS BETA“; "S-1-5-32-544"="Administrators";
„S-1-5-32-545″=“Users“; "S-1-5-32-546"="Guests";
„S-1-5-32-547″=“Power Users“; "S-1-5-32-548"="BUILTIN\Account Operators";
„S-1-5-32-549″=“Server Operators“; "S-1-5-32-550"="Print Operators";
„S-1-5-32-551″=“Backup Operators“; "S-1-5-32-552"="Replicator";
„S-1-5-32-554″=“BUILTIN\Pre-Windows 2000 Compatible Access“; "S-1-5-32-555"="BUILTIN\Remote Desktop Users";
„S-1-5-32-556″=“BUILTIN\Network Configuration Operators“; "S-1-5-32-557"="BUILTIN\Incoming Forest Trust Builders";
„S-1-5-32-558″=“BUILTIN\Performance Monitor Users“; "S-1-5-32-559"="BUILTIN\Performance Log Users";
„S-1-5-32-560″=“BUILTIN\Windows Authorization Access Group“; "S-1-5-32-561"="BUILTIN\Terminal Server License Servers";
„S-1-5-32-562″=“BUILTIN\Distributed COM Users“; "S-1-5-32-568"="BUILTIN\IIS_IUSRS";
„S-1-5-32-569″=“BUILTIN\Cryptographic Operators“; "S-1-5-32-573"="BUILTIN\Event Log Readers ";
„S-1-5-32-574″=“BUILTIN\Certificate Service DCOM Access“; "S-1-5-32-575"="BUILTIN\RDS Remote Access Servers";
„S-1-5-32-576″=“BUILTIN\RDS Endpoint Servers“; "S-1-5-32-577"="BUILTIN\RDS Management Servers";
„S-1-5-32-578″=“BUILTIN\Hyper-V Administrators“; "S-1-5-32-579"="BUILTIN\Access Control Assistance Operators";
„S-1-5-32-580″=“BUILTIN\Remote Management Users“; "S-1-5-33"="Write Restricted Code";
„S-1-5-64-10″=“NTLM Authentication“; "S-1-5-64-14"="SChannel Authentication";
„S-1-5-64-21″=“Digest Authentication“; "S-1-5-65-1"="This Organization Certificate";
„S-1-5-80″=“NT Service“; "S-1-5-84-0-0-0-0-0"="User Mode Drivers";
„S-1-5-113″=“Local Account“; "S-1-5-114"="Local Account And Member Of Administrators Group";
„S-1-5-1000″=“Other Organization“; "S-1-15-2-1"="All App Packages";
„S-1-16-0″=“Untrusted Mandatory Level“; "S-1-16-4096"="Low Mandatory Level";
„S-1-16-8192″=“Medium Mandatory Level“; "S-1-16-8448"="Medium Plus Mandatory Level";
„S-1-16-12288″=“High Mandatory Level“; "S-1-16-16384"="System Mandatory Level";
„S-1-16-20480″=“Protected Process Mandatory Level“; "S-1-16-28672"="Secure Process Mandatory Level";
„S-1-18-1″=“Authentication Authority Asserted Identityl“;`
„S-1-18-2″=“Service Asserted Identity“}

Function : Create-CanonicalName

Arguments : [string] distinguishedName

Returns : [string] CanonicalName

Description : This function will create a canonical name of a distinguishedName string

==========================================================================

Function Create-CanonicalName
{
param (
[Parameter(Mandatory=$True)]
[System.Array]$distinguishedname
)

$stringlistReversed = @()

$stringSplitted = $distinguishedname.Split(‚,‘)
$Counter = $stringSplitted.Count

$domainstring = “
$intC = 0
for($i = 0; $i -le $stringSplitted.count; $i++)
{
if($stringSplitted[$i] -match „dc=“)
{
if($intC -gt 0)
{
$domainstring += „.“ + $stringSplitted[$i].tostring().remove(0,3)
}
else
{
$domainstring += $stringSplitted[$i].tostring().remove(0,3)

    }
    $intC++
}

}

$stringReversed = “
while ($Counter -gt 0) {
if($stringSplitted[$Counter-1] -match „dc=“)
{
$Counter = $Counter-1
}
else
{
$stringReversed += $stringSplitted[$Counter-1].tostring().remove(0,3)
$Counter = $Counter-1
if ($Counter -gt 0) {
$stringReversed += ‚/‘
}
}
}
$stringlistReversed = $domainstring + „/“ + $stringReversed

return $stringlistReversed
}

==========================================================================

Function : Get-LargeNestedADGroup

Arguments : DC name, DN of Group, Object type, Array of Members

Returns : Array of Members

Description : This function will enumerate large groups and returns direct and recusive members

==========================================================================

Function Get-LargeNestedADGroup
{
Param (
# Domain Controller
[Parameter(Mandatory=$false)]
[ValidateNotNull()]
[ValidateNotNullOrEmpty()]
[string]$strDC,

# DistinguishedName of the group
[Parameter(Mandatory=$false)]
[ValidateNotNull()]
[ValidateNotNullOrEmpty()]
[string]$GroupDN,

# Returns members of type 
[Parameter(Mandatory=$false)]
[ValidateSet("*", "User", "Group", "Computer")]
[ValidateNotNull()]
[ValidateNotNullOrEmpty()]
[String] 
$Output = "*",
[System.Collections.ArrayList]
$MembersExpanded,

[Parameter(Mandatory=$false)]

[pscredential]

$CREDS

)

begin
{
$null = Add-Type -AssemblyName System.DirectoryServices.Protocols
if(-not($MembersExpanded))
{
$MembersExpanded = New-Object System.Collections.ArrayList
}

}
Process
{

Use ADO to search entire domain.

if($CREDS)
{
$Root = New-Object System.DirectoryServices.DirectoryEntry(„LDAP://$strDC/$GroupDN“,$($CREDS.UserName),
$($CREDS.GetNetworkCredential().password ),
[System.DirectoryServices.AuthenticationTypes]::Secure )
}
else
{
$Root = New-Object System.DirectoryServices.DirectoryEntry(„LDAP://$strDC/$GroupDN“)
}
$ADS_SECURE_AUTHENTICATION = 1
$ADS_USE_SIGNING = 64
$ADS_SERVER_BIND = 512

$adoConnection = New-Object -comObject „ADODB.Connection“
$adoConnection.Provider = „ADsDSOObject“
if($CREDS)
{
$adoConnection.Properties(„User ID“) = $($CREDS.UserName)
$adoConnection.Properties(„Password“) = $($CREDS.GetNetworkCredential().password )
$adoConnection.Properties(„Encrypt Password“) = „True“
}
$adoConnection.Properties(„ADSI Flag“) = $ADS_SERVER_BIND -bor $ADS_SECURE_AUTHENTICATION -bor $ADS_USE_SIGNING
$adoCommand = New-Object -comObject „ADODB.Command“

$adoConnection.Open(„Provider=ADsDSOObject;“)

$adoConnection.Open(„Active Directory Provider“)
$adoCommand.ActiveConnection = $adoConnection
$adoCommand.Properties.Item(„Page Size“) = 200
$adoCommand.Properties.Item(„Timeout“) = 30
$adoCommand.Properties.Item(„Cache Results“) = $False

$Base = $Root.distinguishedName
$Scope = „base“
$Filter = „(objectCategory=group)“

Setup range limits.

$Last = $False
$RangeStep = 1499
$LowRange = 0
$HighRange = $LowRange + $RangeStep
$Total = 0
$ExitFlag = $False

Do
{
If ($Last -eq $True)
{
# Retrieve remaining members (less than 1000).
$Attributes = „member;range=$LowRange-*“
}
Else
{
# Retrieve 1000 members.
$Attributes = „member;range=$LowRange-$HighRange“
}

$Query = "<LDAP://$strDC/$Base>;$Filter;$Attributes;$Scope"

$adoCommand.CommandText = $Query
$adoRecordset = $adoCommand.Execute()
$Count = 0

$Members = $adoRecordset.Fields.Item("$Attributes").Value
If ($Members -eq $Null)
{
    $Last = $True
}
Else
{
    # If $Members is not an array, no members were retrieved.
    If ($Members.GetType().Name -eq "Object[]")
    {
        ForEach ($Member In $Members)
        {

            $LDAPConnection = New-Object System.DirectoryServices.Protocols.LDAPConnection($strDC, $CREDS)
            $LDAPConnection.SessionOptions.ReferralChasing = "None"
            $request = New-Object System.directoryServices.Protocols.SearchRequest
            $request.DistinguishedName = $Member
            $request.Filter = "(name=*)"
            $request.Scope = "Base"
            [void]$request.Attributes.Add("objectclass")
            [void]$request.Attributes.Add("member")

            Try{
                $response = $LDAPConnection.SendRequest($request)
            }
            catch
            {
                Write-Verbose "Error - Could not read objectClass $Member";
                continue;
            }
            $ADObject = $response.Entries[0]

            Try{
                $ObjectClass =$ADObject.attributes.objectclass[$ADObject.attributes.objectclass.count-1]
            }
            catch
            {
                Write-Verbose "Error - Could not read objectClass $Member";
                continue;
            }

            if ($ObjectClass -eq "Group")
            {
                if(($ADObject.Attributes.AttributeNames -contains "member;range=0-1499") -or ($ADObject.Attributes.AttributeNames -contains "member"))
                {
                    if (($global:colOfGroupMembersExpanded -notcontains $Member) -and ($GroupDN -ne $Member))
                    {
                        $MembersExpanded = @(Get-LargeNestedADGroup $strDC $Member $Output $MembersExpanded -CREDS $CREDS)
                        [void]$global:GroupMembersExpanded.insert(0, $Member)
                    }
                }
            }

            # Output the distinguished name of each direct member of the group.
            if (($Output -eq "*") -or ($ObjectClass -eq $Output))
            {
                if ($MembersExpanded -notcontains $Member) 
                {
                    [void]$MembersExpanded.add($Member)
                }
            }

            $Count = $Count + 1
        }
    }
}
$adoRecordset.Close()
$Total = $Total + $Count

# If this is the last query, exit the Do loop.
If ($Last -eq $True) {$ExitFlag = $True}
Else
{
    # If the previous query returned no members, the query failed.
    # Perform one more query to retrieve remaining members (less than 1000).
    If ($Count -eq 0) {$Last = $True}
    Else
    {
        # Retrieve the next 1000 members.
        $LowRange = $HighRange + 1
        $HighRange = $LowRange + $RangeStep
    }
}

} Until ($ExitFlag -eq $True)
}
End
{
$adoConnection.Close()
return $MembersExpanded
}
}

==========================================================================

Function : Test-ResolveDNS

Arguments : DNS Name, DNS Server

Returns : boolean

Description : This function try to resolve a dns record and retruns true or false

==========================================================================

Function Test-ResolveDNS
{
param
(
$strDNS,
$strDNSServer = „“
)
$bolResolved = $false
$global:bolDNSSuccess = $true
$global:DNSrslt = $null
try
{
if($strDNSServer-eq „“)
{
$global:DNSrslt = Resolve-DnsName -Type ALL -Name $strDNS -ErrorAction Stop
}
else
{
$global:DNSrslt = Resolve-DnsName -Type ALL -Name $strDNS -ErrorAction Stop -Server $strDNSServer
}
}
catch
{
$global:bolDNSSuccess = $false
}
if($global:bolDNSSuccess)
{
if(($global:DNSrslt)[0].IPAddress -ne $null)
{
$bolResolved = $true
}

}
Remove-Variable bolDNSSuccess -Scope global
Remove-Variable DNSrslt -Scope global
return $bolResolved

}

==========================================================================

Function : LogMessage

Arguments : Type of message, message, date stamping

Returns : Custom psObject with two properties, type and message

Description : This function creates a custom object that is used as input to an ListBox for logging purposes

==========================================================================

function LogMessage
{
param (
[Parameter(
Mandatory = $true
)][String[]] $strType ,

    [Parameter(  
         Mandatory = $true 
      )][String[]]  $strMessage ,

   [Parameter(  
         Mandatory = $false
     )][switch]$DateStamp
 )

 process {

            if ($DateStamp)
            {

                $newMessageObject = New-Object PSObject -Property @{Type="$strType";Message="[$(get-date)] $strMessage"}
            }
            else
            {

                $newMessageObject = New-Object PSObject -Property @{Type="$strType";Message="$strMessage"}
            }


            return $newMessageObject
        }

}

==========================================================================

Function : ConvertTo-ObjectArrayListFromPsCustomObject

Arguments : Defined Object

Returns : Custom Object List

Description : Convert a defined object to a custom, this will help you if you got a read-only object

==========================================================================

function ConvertTo-ObjectArrayListFromPsCustomObject
{
param (
[Parameter(
Position = 0,
Mandatory = $true,
ValueFromPipeline = $true,
ValueFromPipelineByPropertyName = $true
)] $psCustomObject
);

 process {

    $myCustomArray = New-Object System.Collections.ArrayList

     foreach ($myPsObject in $psCustomObject) { 
         $hashTable = @{}; 
         $myPsObject | Get-Member -MemberType *Property | ForEach-Object { 
             $hashTable.($_.name) = $myPsObject.($_.name); 
         } 
         $Newobject = new-object psobject -Property  $hashTable
         [void]$myCustomArray.add($Newobject)
     } 
     return $myCustomArray
 }

}
#==========================================================================

Function : DisplayLegend

Arguments : –

Returns : –

Description : Show color legend

==========================================================================

Function DisplayLegend
{
$xamlLegend =@“

    <Style TargetType="{x:Type Button}" x:Key="AButtonStyle">
        <Setter Property="VerticalAlignment" Value="Center"/>
        <Setter Property="HorizontalAlignment" Value="Center"/>
        <Setter Property="Cursor" Value="Hand"/>
        <Setter Property="Foreground" Value="Pink"/>
        <Setter Property="Background" Value="Transparent"/>
        <Setter Property="Template">
            <Setter.Value>
                <ControlTemplate TargetType="Button">
                    <TextBlock TextDecorations="Underline" 
                        Text="{TemplateBinding Content}"
                        Background="{TemplateBinding Background}"/>
                    <ControlTemplate.Triggers>
                        <Trigger Property="IsPressed" Value="True">
                            <Setter Property="Foreground" Value="Red"/>
                        </Trigger>
                    </ControlTemplate.Triggers>
                </ControlTemplate>
            </Setter.Value>
        </Setter>
    </Style>
</Window.Resources>
<ScrollViewer HorizontalScrollBarVisibility="Auto" VerticalScrollBarVisibility="Auto">
    <Grid>
        <StackPanel Orientation="Vertical">
            <Label x:Name="lblText" Content="Use colors in report to identify criticality level of permissions.&#10;This might help you in implementing Least-Privilege Administrative Models." Margin="10,05,00,00" Foreground="White" />
                <StackPanel Orientation="Vertical" Margin="10,0">
                <DataGrid x:Name="dgLegend" HorizontalAlignment="Left" Margin="0,0,0,0" Height="235" Width="290" GridLinesVisibility="All"  IsReadOnly="True" FontSize="12" VerticalScrollBarVisibility="Disabled" >
                    <DataGrid.Columns>
                        <DataGridTextColumn Header='Permissions' Binding='{Binding Permissions}' Width='100'  />
                        <DataGridTextColumn Header='Criticality' Width='182' SortMemberPath='Criticality' SortDirection='Ascending'>
                                <DataGridTextColumn.CellStyle>
                                    <Style TargetType="DataGridCell">
                                        <Style.Triggers>
                                            <DataTrigger Binding="{Binding Path=Criticality}" Value="Critical">
                                                <Setter Property="Template">
                                                    <Setter.Value>
                                                        <ControlTemplate TargetType="DataGridCell">
                                                            <TextBox Text="Critical" BorderBrush='{x:Null}' Background="Red"/>
                                                        </ControlTemplate>
                                                    </Setter.Value>
                                                </Setter>
                                            </DataTrigger>
                                            <DataTrigger Binding="{Binding Path=Criticality}" Value="Warning">
                                                <Setter Property="Template">
                                                    <Setter.Value>
                                                        <ControlTemplate TargetType="DataGridCell">
                                                            <TextBox Text="Warning" BorderBrush='{x:Null}' Background="#FFD700"/>
                                                        </ControlTemplate>
                                                    </Setter.Value>
                                                </Setter>
                                            </DataTrigger>
                                            <DataTrigger Binding="{Binding Path=Criticality}" Value="Medium">
                                                <Setter Property="Template">
                                                    <Setter.Value>
                                                        <ControlTemplate TargetType="DataGridCell">
                                                            <TextBox Text="Medium" BorderBrush='{x:Null}' Background="Yellow"/>
                                                        </ControlTemplate>
                                                    </Setter.Value>
                                                </Setter>
                                            </DataTrigger>
                                            <DataTrigger Binding="{Binding Path=Criticality}" Value="Low">
                                                <Setter Property="Template">
                                                    <Setter.Value>
                                                        <ControlTemplate TargetType="DataGridCell">
                                                            <TextBox Text="Low" BorderBrush='{x:Null}' Background="#0099FF"/>
                                                        </ControlTemplate>
                                                    </Setter.Value>
                                                </Setter>
                                            </DataTrigger>
                                            <DataTrigger Binding="{Binding Path=Criticality}" Value="Info">
                                                <Setter Property="Template">
                                                    <Setter.Value>
                                                        <ControlTemplate TargetType="DataGridCell">
                                                            <TextBox Text="Info" BorderBrush='{x:Null}' Background="Gray"/>
                                                        </ControlTemplate>
                                                    </Setter.Value>
                                                </Setter>
                                            </DataTrigger>
                                        </Style.Triggers>
                                    </Style>
                                </DataGridTextColumn.CellStyle>
                            </DataGridTextColumn>
                    </DataGrid.Columns>
                </DataGrid>
                </StackPanel>
            <StackPanel Orientation="Horizontal" HorizontalAlignment="Center">
                <Button x:Name="btnOK" Content="OK" Margin="00,05,00,00" Width="50" Height="20"/>
            </StackPanel>
        </StackPanel>
    </Grid>
</ScrollViewer>

„@

[XML] $XAML = $xamlLegend
$xaml.Window.RemoveAttribute(„x:Class“)

$reader=(New-Object System.Xml.XmlNodeReader $XAML)

$WindowLegend=[Windows.Markup.XamlReader]::Load( $reader )

Replace x:Name to XML variable Name

$xamlLegend = $xamlLegend.Replace(„x:Name“,“Name“)
[XML] $XAML = $xamlLegend

Search the XML data for object and create variables

$XAML.SelectNodes(„//*[@Name]“)| %{set-variable -Name ($_.Name) -Value $WindowLegend.FindName($_.Name)}

$Icon = @“
iVBORw0KGgoAAAANSUhEUgAAAGQAAABkCAMAAABHPGVmAAAABGdBTUEAALGPC/xhBQAAAwBQTFRFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAszD0iAAAAQB0Uk5T////////////////////////////////////////////////////////////////////////
//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
//////////////////////////////////////////////////////////////////////AFP3ByUAAAAJcEhZcwAADsIAAA7CARUoSoAAAAAYdEVYdFNvZnR3YXJlAHBhaW50Lm5ldCA0LjEuNWRHWFIAAAI3SURBVGhD7ZLRluQgCETn/3+6t4WrYoIKmfTM7p7c
hwhFQb3k6/UDPCEpnpAUT0iKJyRFLuSrgRAj4eZ8AzlA1MrhAwx3xHzcdMCwJuLi3gRMKwIejilTacXWwqUCCiAWUKasDRwpoAwwKqD4LKasK2gHGCpoDqcRGyPMHDCMMGtEQphMwGRh0tiHoC/A2EFvbEIQt2AHxMYqBCUISwWUxiSEJo2/7YdQX8Bd/8WQyyn+9n
8coj7qPO7yzSH+8r8YItuUnV8MobxANqQUgnRH7EBcfUkKi6NYvyCdBb1g+lrKO+BJdrMgbQdVMQqlPCOOtglBBCNRyjPiaKeQwYNUMZqW8j3giGaxPQ3pDUaU0sUZmcX2VKR9QwueZpmO2JOnm7Q9LrmiYTaqe/VVtDvt+GpnF6KFap8JaUV1aXNXSF/rVWs+G6L1
x0LURn1TiN0617eGWAZdm46vdqIh6rO1wVc77kiXRoaBNB1XNORCTilajNqZcIg9Z/BU0SxeyME7tDQNTxTNkg1xD1JXRLPMQ2jeaO+nOFIo5GQ9CvTCSXgjmuVKSGEQZNxB7Tgh9/OEpPgLQiZ/y0DA8+0Le0cwZGHaGgqb8e7IZgy7+frMctjZGlaHFqOBvWN+aj
o4ErDMjk1kh4jHP+eKPiFTPWjMCMF13g2cbG7a6DbvDo7qWcpoRjjEXO4w2RIPOaUgB0hYDymIETJeG4MQI+euMTRRsv4SQxEnv3GBJyTFE5LiCUnxhCR4vf4AzHXw0b9akGYAAAAASUVORK5CYII=
„@

$IconImage = New-Object System.Windows.Media.Imaging.BitmapImage
$IconImage.BeginInit()
$IconImage.StreamSource = [System.IO.MemoryStream][System.Convert]::FromBase64String($Icon)
$IconImage.EndInit()

Freeze() prevents memory leaks.

$IconImage.Freeze()

$WindowLegend.Icon = $IconImage

$btnOK.add_Click(
{

TODO: Place custom script here

$WindowLegend.close()

})

$Legend = @{
„Deny Permissions“=“Info“;
„List“=“Info“;
„Read Properties“=“Low“;
„Read Object“=“Low“;
„Read Permissions“=“Low“;
„Write Propeties“=“Medium“;
„Create Object“=“Warning“;
„Delete Object“=“Warning“;
„ExtendedRight“=“Warning“;
„Modify Permisions“=“Critical“;
„Full Control“=“Critical“
}

foreach ($LegendRow in $Legend.keys)
{

## Legend Object to put in DataGrid
$objCriticality = New-Object PSObject
Add-Member -inputObject $objCriticality -memberType NoteProperty -name "Permissions" -value $LegendRow
Add-Member -inputObject $objCriticality -memberType NoteProperty -name "Criticality" -value $Legend."$LegendRow"

$dgLegend.AddChild($objCriticality)

}

[void]$WindowLegend.ShowDialog()

}

==========================================================================

Function : GenerateTemplateDownloaderSchemaDefSD

Arguments : –

Returns : –

Description : Generates a form for download links

==========================================================================

Function GenerateTemplateDownloaderSchemaDefSD
{
[xml]$xamlTemplateDownloaderSchemaDefSD =@“

    <Style TargetType="{x:Type Button}" x:Key="AButtonStyle">
        <Setter Property="VerticalAlignment" Value="Center"/>
        <Setter Property="HorizontalAlignment" Value="Center"/>
        <Setter Property="Cursor" Value="Hand"/>
        <Setter Property="Foreground" Value="Pink"/>
        <Setter Property="Background" Value="Transparent"/>
        <Setter Property="Template">
            <Setter.Value>
                <ControlTemplate TargetType="Button">
                    <TextBlock TextDecorations="Underline" 
                        Text="{TemplateBinding Content}"
                        Background="{TemplateBinding Background}"/>
                    <ControlTemplate.Triggers>
                        <Trigger Property="IsPressed" Value="True">
                            <Setter Property="Foreground" Value="Red"/>
                        </Trigger>
                    </ControlTemplate.Triggers>
                </ControlTemplate>
            </Setter.Value>
        </Setter>
     </Style>
</Window.Resources>


„@ $xamlTemplateDownloaderSchemaDefSD.Window.RemoveAttribute(„x:Class“) $reader=(New-Object System.Xml.XmlNodeReader $xamlTemplateDownloaderSchemaDefSD)
$TemplateDownloaderSchemaDefSDGui=[Windows.Markup.XamlReader]::Load( $reader ) $Icon = @“
iVBORw0KGgoAAAANSUhEUgAAAGQAAABkCAMAAABHPGVmAAAABGdBTUEAALGPC/xhBQAAAwBQTFRFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAszD0iAAAAQB0Uk5T////////////////////////////////////////////////////////////////////////
//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
//////////////////////////////////////////////////////////////////////AFP3ByUAAAAJcEhZcwAADsIAAA7CARUoSoAAAAAYdEVYdFNvZnR3YXJlAHBhaW50Lm5ldCA0LjEuNWRHWFIAAAI3SURBVGhD7ZLRluQgCETn/3+6t4WrYoIKmfTM7p7c
hwhFQb3k6/UDPCEpnpAUT0iKJyRFLuSrgRAj4eZ8AzlA1MrhAwx3xHzcdMCwJuLi3gRMKwIejilTacXWwqUCCiAWUKasDRwpoAwwKqD4LKasK2gHGCpoDqcRGyPMHDCMMGtEQphMwGRh0tiHoC/A2EFvbEIQt2AHxMYqBCUISwWUxiSEJo2/7YdQX8Bd/8WQyyn+9n
8coj7qPO7yzSH+8r8YItuUnV8MobxANqQUgnRH7EBcfUkKi6NYvyCdBb1g+lrKO+BJdrMgbQdVMQqlPCOOtglBBCNRyjPiaKeQwYNUMZqW8j3giGaxPQ3pDUaU0sUZmcX2VKR9QwueZpmO2JOnm7Q9LrmiYTaqe/VVtDvt+GpnF6KFap8JaUV1aXNXSF/rVWs+G6L1
x0LURn1TiN0617eGWAZdm46vdqIh6rO1wVc77kiXRoaBNB1XNORCTilajNqZcIg9Z/BU0SxeyME7tDQNTxTNkg1xD1JXRLPMQ2jeaO+nOFIo5GQ9CvTCSXgjmuVKSGEQZNxB7Tgh9/OEpPgLQiZ/y0DA8+0Le0cwZGHaGgqb8e7IZgy7+frMctjZGlaHFqOBvWN+aj
o4ErDMjk1kh4jHP+eKPiFTPWjMCMF13g2cbG7a6DbvDo7qWcpoRjjEXO4w2RIPOaUgB0hYDymIETJeG4MQI+euMTRRsv4SQxEnv3GBJyTFE5LiCUnxhCR4vf4AzHXw0b9akGYAAAAASUVORK5CYII=
„@ $IconImage = New-Object System.Windows.Media.Imaging.BitmapImage
$IconImage.BeginInit()
$IconImage.StreamSource = [System.IO.MemoryStream][System.Convert]::FromBase64String($Icon)
$IconImage.EndInit() Freeze() prevents memory leaks. $IconImage.Freeze() $TemplateDownloaderSchemaDefSDGui.Icon = $IconImage $btnOK = $TemplateDownloaderSchemaDefSDGui.FindName(„btnOK“) $btnDownloadCSVFileSchema2019_1809 = $TemplateDownloaderSchemaDefSDGui.FindName(„btnDownloadCSVFileSchema2019_1809“)
$btnDownloadCSVFileSchema2016 = $TemplateDownloaderSchemaDefSDGui.FindName(„btnDownloadCSVFileSchema2016“)
$btnDownloadCSVFileSchema2012R2 = $TemplateDownloaderSchemaDefSDGui.FindName(„btnDownloadCSVFileSchema2012R2“)
$btnDownloadCSVFileSchema2012 = $TemplateDownloaderSchemaDefSDGui.FindName(„btnDownloadCSVFileSchema2012“)
$btnDownloadCSVFileSchema2008R2 = $TemplateDownloaderSchemaDefSDGui.FindName(„btnDownloadCSVFileSchema2008R2“)
$btnDownloadCSVFileSchema2003SP1 = $TemplateDownloaderSchemaDefSDGui.FindName(„btnDownloadCSVFileSchema2003SP1“)
$btnDownloadCSVFileSchema2003 = $TemplateDownloaderSchemaDefSDGui.FindName(„btnDownloadCSVFileSchema2003“)
$btnDownloadCSVFileSchema2000SP4 = $TemplateDownloaderSchemaDefSDGui.FindName(„btnDownloadCSVFileSchema2000SP4“) $btnOK.add_Click({
$TemplateDownloaderSchemaDefSDGui.Close()
})
$btnDownloadCSVFileSchema2019_1809.add_Click({
$URL = „https://onedrive.live.com/download?resid=3FC56366F033BAA9!252&authkey=!AA9I-EWBR7zZ2hs&ithint=file%2ccsv“
DownloadFile $URL
})
$btnDownloadCSVFileSchema2016.add_Click({
$URL = „https://onedrive.live.com/download?resid=3FC56366F033BAA9%21173&authkey=!ANmZFP4r67-yvGs&ithint=file%2ccsv“
DownloadFile $URL
})
$btnDownloadCSVFileSchema2012R2.add_Click({
$URL = „https://onedrive.live.com/download?resid=3FC56366F033BAA9!108&authkey=!AH2bxltG5s-l3YY&ithint=file%2ccsv“
DownloadFile $URL
})
$btnDownloadCSVFileSchema2012.add_Click({
$URL = „https://onedrive.live.com/download?resid=3FC56366F033BAA9!111&authkey=!APeksydtWJ9B1Fc&ithint=file%2ccsv“
DownloadFile $URL
})
$btnDownloadCSVFileSchema2008R2.add_Click({
$URL = „https://onedrive.live.com/download?resid=3FC56366F033BAA9!110&authkey=!AKYYkARRfsC7IyM&ithint=file%2ccsv“
DownloadFile $URL
})
$btnDownloadCSVFileSchema2003SP1.add_Click({
$URL = „https://onedrive.live.com/download?resid=3FC56366F033BAA9%21164&authkey=AI5D2Q7kmGI_17Q&ithint=file%2ccsv“
DownloadFile $URL
})
$btnDownloadCSVFileSchema2003.add_Click({
$URL = „https://onedrive.live.com/download?resid=3FC56366F033BAA9!109&authkey=!AKZcScjykAZr9sw&ithint=file%2ccsv“
DownloadFile $URL
})
$btnDownloadCSVFileSchema2000SP4.add_Click({
$URL = „https://onedrive.live.com/download?resid=3FC56366F033BAA9!112&authkey=!ACo2xB2BHPYSkOE&ithint=file%2ccsv“
DownloadFile $URL
}) $TemplateDownloaderSchemaDefSDGui.ShowDialog() } ========================================================================== Function : DownloadFile Arguments : – Returns : – Description : download file ========================================================================== Function DownloadFile
{
param([string]$URL)
(65..90) + (97..122) | Get-Random -Count 8 | % {$TempFileName+=[char]$_}
$TemporaryDestination = $(join-path -Path $CurrentFSPath -ChildPath $TempFileName)
try
{
$WebReq = Invoke-WebRequest -Uri $URL -OutFile $TemporaryDestination -PassThru
}
catch
{
$MsgBox = System.Windows.Forms.MessageBox::Show(„Download failed“, „Error“ ,0,“Error“)
} if(($WebReq.Headers.’Content-Type‘ -eq „application/octet-stream“) -or ($WebReq.Headers.’Content-Type‘ -eq „application/zip“))
{
if((Test-Path -Path $TemporaryDestination))
{
$FileName = $WebReq.Headers.’Content-Disposition‘.split(„;“) | ForEach-Object{if($_ -match „filename“){$_.split(„=“)[-1].Replace(‚“‚,““)}}
$Destination = $(join-path -Path $CurrentFSPath -ChildPath $FileName)
Move-Item -Path $TemporaryDestination -Destination $Destination -Force
$MsgBox = System.Windows.Forms.MessageBox::Show(„File downloaded: `n$Destination“, „Downloads“ ,0,“Information“)
}
else
{
$MsgBox = System.Windows.Forms.MessageBox::Show(„Download failed“, „Error“ ,0,“Error“)
}
}
else
{
$MsgBox = System.Windows.Forms.MessageBox::Show(„Download failed! Wrong URI or file type!“, „Error“ ,0,“Error“)
} } ========================================================================== Function : GenerateTemplateDownloader Arguments : – Returns : – Description : Generates a form for download links ========================================================================== Function GenerateTemplateDownloader
{
[xml]$xamlTemplateDownloader =@“

<Style TargetType="{x:Type Button}" x:Key="AButtonStyle"> <Setter Property="VerticalAlignment" Value="Center"/> <Setter Property="HorizontalAlignment" Value="Center"/> <Setter Property="Cursor" Value="Hand"/> <Setter Property="Foreground" Value="Pink"/> <Setter Property="Background" Value="Transparent"/> <Setter Property="Template"> <Setter.Value> <ControlTemplate TargetType="Button"> <TextBlock TextDecorations="Underline" Text="{TemplateBinding Content}" Background="{TemplateBinding Background}"/> <ControlTemplate.Triggers> <Trigger Property="IsPressed" Value="True"> <Setter Property="Foreground" Value="Red"/> </Trigger> </ControlTemplate.Triggers> </ControlTemplate> </Setter.Value> </Setter> </Style> </Window.Resources> <ScrollViewer HorizontalScrollBarVisibility="Auto" VerticalScrollBarVisibility="Auto"> <Grid> <StackPanel Orientation="Vertical" Margin="0,0,0,0"> <Label x:Name="lblDownloadLinks" Content="Download links for operating system default DACL templates:" Margin="5,05,00,00" Foreground="White" /> <StackPanel Orientation="Horizontal"> <Label x:Name="lblDownloadSelect" Content="Select OS:" Margin="5,00,00,00" Foreground="White" /> <ComboBox x:Name="SelectOS" Width="190" Margin="0,0,0,0" HorizontalAlignment="Left" /> </StackPanel> <StackPanel Orientation="Vertical" Margin="0,10"> <GroupBox x:Name="gBox2019_1809" Header="Windows Server 2019 1809" HorizontalAlignment="Left" Margin="2,1,0,0" VerticalAlignment="Top" Width="210" Visibility="Visible" Foreground="White" > <StackPanel Orientation="Vertical" Margin="0,0"> <Button x:Name="btnDownloadCSVFile2019_1809" Content="Each NC root combined" HorizontalAlignment="Left" VerticalAlignment="Top" Width="200" Style="{StaticResource AButtonStyle}" /> <Button x:Name="btnDownloadCSVFile2019_1809Domain" Content="Domain NC" HorizontalAlignment="Left" VerticalAlignment="Top" Width="200" Style="{StaticResource AButtonStyle}"/> <Button x:Name="btnDownloadCSVFile2019_1809Config" Content="Configuration NC" HorizontalAlignment="Left" VerticalAlignment="Top" Width="200" Style="{StaticResource AButtonStyle}"/> <Button x:Name="btnDownloadCSVFile2019_1809Schema" Content="Schema NC" HorizontalAlignment="Left" VerticalAlignment="Top" Width="200" Style="{StaticResource AButtonStyle}"/> <Button x:Name="btnDownloadCSVFile2019_1809DomainDNS" Content="Domain DNS Zone NC" HorizontalAlignment="Left" VerticalAlignment="Top" Width="200" Style="{StaticResource AButtonStyle}"/> <Button x:Name="btnDownloadCSVFile2019_1809ForestDNS" Content="Forest DNS Zone NC" HorizontalAlignment="Left" VerticalAlignment="Top" Width="200" Style="{StaticResource AButtonStyle}"/> <Button x:Name="btnDownloadCSVFile2019_1809AllFiles" Content="All Files Compressed" HorizontalAlignment="Left" VerticalAlignment="Top" Width="200" Style="{StaticResource AButtonStyle}"/> </StackPanel> </GroupBox> <GroupBox x:Name="gBox2016" Header="Windows Server 2016" HorizontalAlignment="Left" Margin="2,1,0,0" VerticalAlignment="Top" Width="210" Visibility="Collapsed" Foreground="White" > <StackPanel Orientation="Vertical" Margin="0,0"> <Button x:Name="btnDownloadCSVFile2016" Content="Each NC root combined" HorizontalAlignment="Left" VerticalAlignment="Top" Width="200" Style="{StaticResource AButtonStyle}"/> <Button x:Name="btnDownloadCSVFile2016Domain" Content="Domain NC" HorizontalAlignment="Left" VerticalAlignment="Top" Width="200" Style="{StaticResource AButtonStyle}"/> <Button x:Name="btnDownloadCSVFile2016Config" Content="Configuration NC" HorizontalAlignment="Left" VerticalAlignment="Top" Width="200" Style="{StaticResource AButtonStyle}"/> <Button x:Name="btnDownloadCSVFile2016Schema" Content="Schema NC" HorizontalAlignment="Left" VerticalAlignment="Top" Width="200" Style="{StaticResource AButtonStyle}"/> <Button x:Name="btnDownloadCSVFile2016DomainDNS" Content="Domain DNS Zone NC" HorizontalAlignment="Left" VerticalAlignment="Top" Width="200" Style="{StaticResource AButtonStyle}"/> <Button x:Name="btnDownloadCSVFile2016ForestDNS" Content="Forest DNS Zone NC" HorizontalAlignment="Left" VerticalAlignment="Top" Width="200" Style="{StaticResource AButtonStyle}"/> <Button x:Name="btnDownloadCSVFile2016AllFiles" Content="All Files Compressed" HorizontalAlignment="Left" VerticalAlignment="Top" Width="200" Style="{StaticResource AButtonStyle}"/> </StackPanel> </GroupBox> <GroupBox x:Name="gBox2012R2" Header="Windows Server 2012 R2" HorizontalAlignment="Left" Margin="2,1,0,0" VerticalAlignment="Top" Width="210" Visibility="Collapsed" Foreground="White" > <StackPanel Orientation="Vertical" Margin="0,0" > <Button x:Name="btnDownloadCSVFile2012R2" Content="Each NC root combined" HorizontalAlignment="Left" VerticalAlignment="Top" Width="200" Style="{StaticResource AButtonStyle}"/> <Button x:Name="btnDownloadCSVFile2012R2Domain" Content="Domain NC" HorizontalAlignment="Left" VerticalAlignment="Top" Width="200" Style="{StaticResource AButtonStyle}"/> <Button x:Name="btnDownloadCSVFile2012R2Config" Content="Configuration NC" HorizontalAlignment="Left" VerticalAlignment="Top" Width="200" Style="{StaticResource AButtonStyle}"/> <Button x:Name="btnDownloadCSVFile2012R2Schema" Content="Schema NC" HorizontalAlignment="Left" VerticalAlignment="Top" Width="200" Style="{StaticResource AButtonStyle}"/> <Button x:Name="btnDownloadCSVFile2012R2DomainDNS" Content="Domain DNS Zone NC" HorizontalAlignment="Left" VerticalAlignment="Top" Width="200" Style="{StaticResource AButtonStyle}"/> <Button x:Name="btnDownloadCSVFile2012R2ForestDNS" Content="Forest DNS Zone NC" HorizontalAlignment="Left" VerticalAlignment="Top" Width="200" Style="{StaticResource AButtonStyle}"/> <Button x:Name="btnDownloadCSVFile2012R2AllFiles" Content="All Files Compressed" HorizontalAlignment="Left" VerticalAlignment="Top" Width="200" Style="{StaticResource AButtonStyle}"/> </StackPanel> </GroupBox> <GroupBox x:Name="gBox2012" Header="Windows Server 2012" HorizontalAlignment="Left" Margin="2,1,0,0" VerticalAlignment="Top" Width="210" Visibility="Collapsed" Foreground="White" > <StackPanel Orientation="Vertical" Margin="0,0"> <Button x:Name="btnDownloadCSVFile2012" Content="Each NC root combined" HorizontalAlignment="Left" VerticalAlignment="Top" Width="200" Style="{StaticResource AButtonStyle}"/> <Button x:Name="btnDownloadCSVFile2012Domain" Content="Domain NC" HorizontalAlignment="Left" VerticalAlignment="Top" Width="200" Style="{StaticResource AButtonStyle}"/> <Button x:Name="btnDownloadCSVFile2012Config" Content="Configuration NC" HorizontalAlignment="Left" VerticalAlignment="Top" Width="200" Style="{StaticResource AButtonStyle}"/> <Button x:Name="btnDownloadCSVFile2012Schema" Content="Schema NC" HorizontalAlignment="Left" VerticalAlignment="Top" Width="200" Style="{StaticResource AButtonStyle}"/> <Button x:Name="btnDownloadCSVFile2012DomainDNS" Content="Domain DNS Zone NC" HorizontalAlignment="Left" VerticalAlignment="Top" Width="200" Style="{StaticResource AButtonStyle}"/> <Button x:Name="btnDownloadCSVFile2012ForestDNS" Content="Forest DNS Zone NC" HorizontalAlignment="Left" VerticalAlignment="Top" Width="200" Style="{StaticResource AButtonStyle}"/> <Button x:Name="btnDownloadCSVFile2012AllFiles" Content="All Files Compressed" HorizontalAlignment="Left" VerticalAlignment="Top" Width="200" Style="{StaticResource AButtonStyle}"/> </StackPanel> </GroupBox> <GroupBox x:Name="gBox2008R2" Header="Windows Server 2008 R2" HorizontalAlignment="Left" Margin="2,0,0,0" VerticalAlignment="Top" Width="210" Visibility="Collapsed" Foreground="White" > <StackPanel Orientation="Vertical" Margin="0,0"> <Button x:Name="btnDownloadCSVFile2008R2" Content="Each NC root combined" HorizontalAlignment="Left" VerticalAlignment="Top" Width="200" Style="{StaticResource AButtonStyle}"/> <Button x:Name="btnDownloadCSVFile2008R2Domain" Content="Domain NC" HorizontalAlignment="Left" VerticalAlignment="Top" Width="200" Style="{StaticResource AButtonStyle}"/> <Button x:Name="btnDownloadCSVFile2008R2Config" Content="Configuration NC" HorizontalAlignment="Left" VerticalAlignment="Top" Width="200" Style="{StaticResource AButtonStyle}"/> <Button x:Name="btnDownloadCSVFile2008R2Schema" Content="Schema NC" HorizontalAlignment="Left" VerticalAlignment="Top" Width="200" Style="{StaticResource AButtonStyle}"/> <Button x:Name="btnDownloadCSVFile2008R2DomainDNS" Content="Domain DNS Zone NC" HorizontalAlignment="Left" VerticalAlignment="Top" Width="200" Style="{StaticResource AButtonStyle}"/> <Button x:Name="btnDownloadCSVFile2008R2ForestDNS" Content="Forest DNS Zone NC" HorizontalAlignment="Left" VerticalAlignment="Top" Width="200" Style="{StaticResource AButtonStyle}"/> <Button x:Name="btnDownloadCSVFile2008R2AllFiles" Content="All Files Compressed" HorizontalAlignment="Left" VerticalAlignment="Top" Width="200" Style="{StaticResource AButtonStyle}"/> </StackPanel> </GroupBox> <GroupBox x:Name="gBox2003" Header="Windows Server 2003" HorizontalAlignment="Left" Margin="2,0,0,0" VerticalAlignment="Top" Width="210" Visibility="Collapsed" Foreground="White" > <StackPanel Orientation="Vertical" Margin="0,0"> <Button x:Name="btnDownloadCSVFile2003" Content="Each NC root combined" HorizontalAlignment="Left" VerticalAlignment="Top" Width="200" Style="{StaticResource AButtonStyle}"/> <Button x:Name="btnDownloadCSVFile2003Domain" Content="Domain NC" HorizontalAlignment="Left" VerticalAlignment="Top" Width="200" Style="{StaticResource AButtonStyle}"/> <Button x:Name="btnDownloadCSVFile2003Config" Content="Configuration NC" HorizontalAlignment="Left" VerticalAlignment="Top" Width="200" Style="{StaticResource AButtonStyle}"/> <Button x:Name="btnDownloadCSVFile2003Schema" Content="Schema NC" HorizontalAlignment="Left" VerticalAlignment="Top" Width="200" Style="{StaticResource AButtonStyle}"/> <Button x:Name="btnDownloadCSVFile2003DomainDNS" Content="Domain DNS Zone NC" HorizontalAlignment="Left" VerticalAlignment="Top" Width="200" Style="{StaticResource AButtonStyle}"/> <Button x:Name="btnDownloadCSVFile2003ForestDNS" Content="Forest DNS Zone NC" HorizontalAlignment="Left" VerticalAlignment="Top" Width="200" Style="{StaticResource AButtonStyle}"/> <Button x:Name="btnDownloadCSVFile2003AllFiles" Content="All Files Compressed" HorizontalAlignment="Left" VerticalAlignment="Top" Width="200" Style="{StaticResource AButtonStyle}"/> </StackPanel> </GroupBox> <GroupBox x:Name="gBox2000SP4" Header="Windows 2000 Server SP4" HorizontalAlignment="Left" Margin="2,0,0,0" VerticalAlignment="Top" Width="210" Visibility="Collapsed" Foreground="White" > <StackPanel Orientation="Vertical" Margin="0,0"> <Button x:Name="btnDownloadCSVFile2000SP4" Content="Each NC root combined" HorizontalAlignment="Left" VerticalAlignment="Top" Width="200" Style="{StaticResource AButtonStyle}"/> <Button x:Name="btnDownloadCSVFile2000SP4Domain" Content="Domain NC" HorizontalAlignment="Left" VerticalAlignment="Top" Width="200" Style="{StaticResource AButtonStyle}"/> <Button x:Name="btnDownloadCSVFile2000SP4Config" Content="Configuration NC" HorizontalAlignment="Left" VerticalAlignment="Top" Width="200" Style="{StaticResource AButtonStyle}"/> <Button x:Name="btnDownloadCSVFile2000SP4Schema" Content="Schema NC" HorizontalAlignment="Left" VerticalAlignment="Top" Width="200" Style="{StaticResource AButtonStyle}"/> <Button x:Name="btnDownloadCSVFile2000SP4AllFiles" Content="All Files Compressed" HorizontalAlignment="Left" VerticalAlignment="Top" Width="200" Style="{StaticResource AButtonStyle}"/> </StackPanel> </GroupBox> </StackPanel> <StackPanel Orientation="Horizontal" HorizontalAlignment="Center"> <Button x:Name="btnOK" Content="OK" Margin="00,05,00,00" Width="50" Height="20"/> </StackPanel> </StackPanel> </Grid> </ScrollViewer> „@ $xamlTemplateDownloader.Window.RemoveAttribute(„x:Class“) $reader=(New-Object System.Xml.XmlNodeReader $xamlTemplateDownloader)
$TemplateDownloaderGui=[Windows.Markup.XamlReader]::Load( $reader ) $Icon = @“
iVBORw0KGgoAAAANSUhEUgAAAGQAAABkCAMAAABHPGVmAAAABGdBTUEAALGPC/xhBQAAAwBQTFRFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAszD0iAAAAQB0Uk5T////////////////////////////////////////////////////////////////////////
//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
//////////////////////////////////////////////////////////////////////AFP3ByUAAAAJcEhZcwAADsIAAA7CARUoSoAAAAAYdEVYdFNvZnR3YXJlAHBhaW50Lm5ldCA0LjEuNWRHWFIAAAI3SURBVGhD7ZLRluQgCETn/3+6t4WrYoIKmfTM7p7c
hwhFQb3k6/UDPCEpnpAUT0iKJyRFLuSrgRAj4eZ8AzlA1MrhAwx3xHzcdMCwJuLi3gRMKwIejilTacXWwqUCCiAWUKasDRwpoAwwKqD4LKasK2gHGCpoDqcRGyPMHDCMMGtEQphMwGRh0tiHoC/A2EFvbEIQt2AHxMYqBCUISwWUxiSEJo2/7YdQX8Bd/8WQyyn+9n
8coj7qPO7yzSH+8r8YItuUnV8MobxANqQUgnRH7EBcfUkKi6NYvyCdBb1g+lrKO+BJdrMgbQdVMQqlPCOOtglBBCNRyjPiaKeQwYNUMZqW8j3giGaxPQ3pDUaU0sUZmcX2VKR9QwueZpmO2JOnm7Q9LrmiYTaqe/VVtDvt+GpnF6KFap8JaUV1aXNXSF/rVWs+G6L1
x0LURn1TiN0617eGWAZdm46vdqIh6rO1wVc77kiXRoaBNB1XNORCTilajNqZcIg9Z/BU0SxeyME7tDQNTxTNkg1xD1JXRLPMQ2jeaO+nOFIo5GQ9CvTCSXgjmuVKSGEQZNxB7Tgh9/OEpPgLQiZ/y0DA8+0Le0cwZGHaGgqb8e7IZgy7+frMctjZGlaHFqOBvWN+aj
o4ErDMjk1kh4jHP+eKPiFTPWjMCMF13g2cbG7a6DbvDo7qWcpoRjjEXO4w2RIPOaUgB0hYDymIETJeG4MQI+euMTRRsv4SQxEnv3GBJyTFE5LiCUnxhCR4vf4AzHXw0b9akGYAAAAASUVORK5CYII=
„@ $IconImage = New-Object System.Windows.Media.Imaging.BitmapImage
$IconImage.BeginInit()
$IconImage.StreamSource = [System.IO.MemoryStream][System.Convert]::FromBase64String($Icon)
$IconImage.EndInit() Freeze() prevents memory leaks. $IconImage.Freeze() $TemplateDownloaderGui.Icon = $IconImage $btnOK = $TemplateDownloaderGui.FindName(„btnOK“) $btnDownloadCSVFile2019_1809 = $TemplateDownloaderGui.FindName(„btnDownloadCSVFile2019_1809“)
$btnDownloadCSVFile2019_1809Domain = $TemplateDownloaderGui.FindName(„btnDownloadCSVFile2019_1809Domain“)
$btnDownloadCSVFile2019_1809Config = $TemplateDownloaderGui.FindName(„btnDownloadCSVFile2019_1809Config“)
$btnDownloadCSVFile2019_1809Schema = $TemplateDownloaderGui.FindName(„btnDownloadCSVFile2019_1809Schema“)
$btnDownloadCSVFile2019_1809DomainDNS = $TemplateDownloaderGui.FindName(„btnDownloadCSVFile2019_1809DomainDNS“)
$btnDownloadCSVFile2019_1809ForestDNS = $TemplateDownloaderGui.FindName(„btnDownloadCSVFile2019_1809ForestDNS“)
$btnDownloadCSVFile2019_1809AllFiles = $TemplateDownloaderGui.FindName(„btnDownloadCSVFile2019_1809AllFiles“) $btnDownloadCSVFile2016 = $TemplateDownloaderGui.FindName(„btnDownloadCSVFile2016“)
$btnDownloadCSVFile2016Domain = $TemplateDownloaderGui.FindName(„btnDownloadCSVFile2016Domain“)
$btnDownloadCSVFile2016Config = $TemplateDownloaderGui.FindName(„btnDownloadCSVFile2016Config“)
$btnDownloadCSVFile2016Schema = $TemplateDownloaderGui.FindName(„btnDownloadCSVFile2016Schema“)
$btnDownloadCSVFile2016DomainDNS = $TemplateDownloaderGui.FindName(„btnDownloadCSVFile2016DomainDNS“)
$btnDownloadCSVFile2016ForestDNS = $TemplateDownloaderGui.FindName(„btnDownloadCSVFile2016ForestDNS“)
$btnDownloadCSVFile2016AllFiles = $TemplateDownloaderGui.FindName(„btnDownloadCSVFile2016AllFiles“) $btnDownloadCSVFile2012R2 = $TemplateDownloaderGui.FindName(„btnDownloadCSVFile2012R2“)
$btnDownloadCSVFile2012R2Domain = $TemplateDownloaderGui.FindName(„btnDownloadCSVFile2012R2Domain“)
$btnDownloadCSVFile2012R2Config = $TemplateDownloaderGui.FindName(„btnDownloadCSVFile2012R2Config“)
$btnDownloadCSVFile2012R2Schema = $TemplateDownloaderGui.FindName(„btnDownloadCSVFile2012R2Schema“)
$btnDownloadCSVFile2012R2DomainDNS = $TemplateDownloaderGui.FindName(„btnDownloadCSVFile2012R2DomainDNS“)
$btnDownloadCSVFile2012R2ForestDNS = $TemplateDownloaderGui.FindName(„btnDownloadCSVFile2012R2ForestDNS“)
$btnDownloadCSVFile2012R2AllFiles = $TemplateDownloaderGui.FindName(„btnDownloadCSVFile2012R2AllFiles“)
$btnDownloadCSVFile2012 = $TemplateDownloaderGui.FindName(„btnDownloadCSVFile2012“)
$btnDownloadCSVFile2012Domain = $TemplateDownloaderGui.FindName(„btnDownloadCSVFile2012Domain“)
$btnDownloadCSVFile2012Config = $TemplateDownloaderGui.FindName(„btnDownloadCSVFile2012Config“)
$btnDownloadCSVFile2012Schema = $TemplateDownloaderGui.FindName(„btnDownloadCSVFile2012Schema“)
$btnDownloadCSVFile2012DomainDNS = $TemplateDownloaderGui.FindName(„btnDownloadCSVFile2012DomainDNS“)
$btnDownloadCSVFile2012ForestDNS = $TemplateDownloaderGui.FindName(„btnDownloadCSVFile2012ForestDNS“)
$btnDownloadCSVFile2012AllFiles = $TemplateDownloaderGui.FindName(„btnDownloadCSVFile2012AllFiles“)
$btnDownloadCSVFile2008R2 = $TemplateDownloaderGui.FindName(„btnDownloadCSVFile2008R2“)
$btnDownloadCSVFile2008R2Domain = $TemplateDownloaderGui.FindName(„btnDownloadCSVFile2008R2Domain“)
$btnDownloadCSVFile2008R2Config = $TemplateDownloaderGui.FindName(„btnDownloadCSVFile2008R2Config“)
$btnDownloadCSVFile2008R2Schema = $TemplateDownloaderGui.FindName(„btnDownloadCSVFile2008R2Schema“)
$btnDownloadCSVFile2008R2DomainDNS = $TemplateDownloaderGui.FindName(„btnDownloadCSVFile2008R2DomainDNS“)
$btnDownloadCSVFile2008R2ForestDNS = $TemplateDownloaderGui.FindName(„btnDownloadCSVFile2008R2ForestDNS“)
$btnDownloadCSVFile2008R2AllFiles = $TemplateDownloaderGui.FindName(„btnDownloadCSVFile2008R2AllFiles“)
$btnDownloadCSVFile2003 = $TemplateDownloaderGui.FindName(„btnDownloadCSVFile2003“)
$btnDownloadCSVFile2003Domain = $TemplateDownloaderGui.FindName(„btnDownloadCSVFile2003Domain“)
$btnDownloadCSVFile2003Config = $TemplateDownloaderGui.FindName(„btnDownloadCSVFile2003Config“)
$btnDownloadCSVFile2003Schema = $TemplateDownloaderGui.FindName(„btnDownloadCSVFile2003Schema“)
$btnDownloadCSVFile2003DomainDNS = $TemplateDownloaderGui.FindName(„btnDownloadCSVFile2003DomainDNS“)
$btnDownloadCSVFile2003ForestDNS = $TemplateDownloaderGui.FindName(„btnDownloadCSVFile2003ForestDNS“)
$btnDownloadCSVFile2003AllFiles = $TemplateDownloaderGui.FindName(„btnDownloadCSVFile2003AllFiles“)
$btnDownloadCSVFile2000SP4 = $TemplateDownloaderGui.FindName(„btnDownloadCSVFile2000SP4“)
$btnDownloadCSVFile2000SP4Domain = $TemplateDownloaderGui.FindName(„btnDownloadCSVFile2000SP4Domain“)
$btnDownloadCSVFile2000SP4Config = $TemplateDownloaderGui.FindName(„btnDownloadCSVFile2000SP4Config“)
$btnDownloadCSVFile2000SP4Schema = $TemplateDownloaderGui.FindName(„btnDownloadCSVFile2000SP4Schema“)
$btnDownloadCSVFile2000SP4AllFiles = $TemplateDownloaderGui.FindName(„btnDownloadCSVFile2000SP4AllFiles“)
$SelectOS = $TemplateDownloaderGui.FindName(„SelectOS“)
$gBox2019_1809 = $TemplateDownloaderGui.FindName(„gBox2019_1809“)
$gBox2016 = $TemplateDownloaderGui.FindName(„gBox2016“)
$gBox2012R2 = $TemplateDownloaderGui.FindName(„gBox2012R2“)
$gBox2012 = $TemplateDownloaderGui.FindName(„gBox2012“)
$gBox2008R2 = $TemplateDownloaderGui.FindName(„gBox2008R2“)
$gBox2003 = $TemplateDownloaderGui.FindName(„gBox2003“)
$gBox2000SP4 = $TemplateDownloaderGui.FindName(„gBox2000SP4“) [void]$SelectOS.Items.Add(„Windows Server 2019 1809“)
[void]$SelectOS.Items.Add(„Windows Server 2016“)
[void]$SelectOS.Items.Add(„Windows Server 2012 R2“)
[void]$SelectOS.Items.Add(„Windows Server 2008 R2“)
[void]$SelectOS.Items.Add(„Windows Server 2003“)
[void]$SelectOS.Items.Add(„Windows 2000 Server SP4″) $SelectOS.SelectedValue=“Windows Server 2019 1809“ $SelectOS.add_SelectionChanged({ Switch ($SelectOS.SelectedValue)
{
„Windows Server 2019 1809“
{
$gBox2019_1809.Visibility = „Visible“
$gBox2016.Visibility = „Collapsed“
$gBox2012R2.Visibility = „Collapsed“
$gBox2012.Visibility = „Collapsed“
$gBox2008R2.Visibility = „Collapsed“
$gBox2003.Visibility = „Collapsed“
$gBox2000SP4.Visibility = „Collapsed“
}
„Windows Server 2016“
{
$gBox2019_1809.Visibility = „Collapsed“
$gBox2016.Visibility = „Visible“
$gBox2012R2.Visibility = „Collapsed“
$gBox2012.Visibility = „Collapsed“
$gBox2008R2.Visibility = „Collapsed“
$gBox2003.Visibility = „Collapsed“
$gBox2000SP4.Visibility = „Collapsed“
}
„Windows Server 2012 R2“
{
$gBox2019_1809.Visibility = „Collapsed“
$gBox2016.Visibility = „Collapsed“
$gBox2012R2.Visibility = „Visible“
$gBox2012.Visibility = „Collapsed“
$gBox2008R2.Visibility = „Collapsed“
$gBox2003.Visibility = „Collapsed“
$gBox2000SP4.Visibility = „Collapsed“
}
„Windows Server 2012“
{
$gBox2019_1809.Visibility = „Collapsed“
$gBox2016.Visibility = „Collapsed“
$gBox2012R2.Visibility = „Collapsed“
$gBox2012.Visibility = „Visible“
$gBox2008R2.Visibility = „Collapsed“
$gBox2003.Visibility = „Collapsed“
$gBox2000SP4.Visibility = „Collapsed“
}
„Windows Server 2008 R2“
{
$gBox2019_1809.Visibility = „Collapsed“
$gBox2016.Visibility = „Collapsed“
$gBox2012R2.Visibility = „Collapsed“
$gBox2012.Visibility = „Collapsed“
$gBox2008R2.Visibility = „Visible“
$gBox2003.Visibility = „Collapsed“
$gBox2000SP4.Visibility = „Collapsed“
}
„Windows Server 2003“
{
$gBox2019_1809.Visibility = „Collapsed“
$gBox2016.Visibility = „Collapsed“
$gBox2012R2.Visibility = „Collapsed“
$gBox2012.Visibility = „Collapsed“
$gBox2008R2.Visibility = „Collapsed“
$gBox2003.Visibility = „Visible“
$gBox2000SP4.Visibility = „Collapsed“
}
„Windows 2000 Server SP4“
{
$gBox2019_1809.Visibility = „Collapsed“
$gBox2016.Visibility = „Collapsed“
$gBox2012R2.Visibility = „Collapsed“
$gBox2012.Visibility = „Collapsed“
$gBox2008R2.Visibility = „Collapsed“
$gBox2003.Visibility = „Collapsed“
$gBox2000SP4.Visibility = „Visible“
}
default
{}
} }) $btnOK.add_Click({
$TemplateDownloaderGui.Close()
}) START 2019 1809 $btnDownloadCSVFile2019_1809.add_Click({
$URL = „https://onedrive.live.com/download?resid=3FC56366F033BAA9!230&authkey=!AA9I-EWBR7zZ2hs&ithint=file%2ccsv“
DownloadFile $URL })
$btnDownloadCSVFile2019_1809Domain.add_Click({
$URL = „https://onedrive.live.com/download?resid=3FC56366F033BAA9!227&authkey=!AA9I-EWBR7zZ2hs&ithint=file%2ccsv“
DownloadFile $URL
})
$btnDownloadCSVFile2019_1809Config.add_Click({
$URL = „https://onedrive.live.com/download?resid=3FC56366F033BAA9!226&authkey=!AA9I-EWBR7zZ2hs&ithint=file%2ccsv“
DownloadFile $URL
})
$btnDownloadCSVFile2019_1809Schema.add_Click({
$URL = „https://onedrive.live.com/download?resid=3FC56366F033BAA9!231&authkey=!AA9I-EWBR7zZ2hs&ithint=file%2ccsv“
DownloadFile $URL
})
$btnDownloadCSVFile2019_1809DomainDNS.add_Click({
$URL = „https://onedrive.live.com/download?resid=3FC56366F033BAA9!229&authkey=!AA9I-EWBR7zZ2hs&ithint=file%2ccsv“
DownloadFile $URL
})
$btnDownloadCSVFile2019_1809ForestDNS.add_Click({
$URL = „https://onedrive.live.com/download?resid=3FC56366F033BAA9!228&authkey=!AA9I-EWBR7zZ2hs&ithint=file%2ccsv“
DownloadFile $URL
})
$btnDownloadCSVFile2019_1809AllFiles.add_Click({
$URL = „https://onedrive.live.com/download?resid=3FC56366F033BAA9!225&authkey=!AA9I-EWBR7zZ2hs&ithint=file%2czip“
DownloadFile $URL
}) END 2019 1809 START 2016 $btnDownloadCSVFile2016.add_Click({
$URL = „https://onedrive.live.com/download?resid=3FC56366F033BAA9!247&authkey=!AA9I-EWBR7zZ2hs&ithint=file%2ccsv“
DownloadFile $URL
})
$btnDownloadCSVFile2016Domain.add_Click({
$URL = „https://onedrive.live.com/download?resid=3FC56366F033BAA9!243&authkey=!AA9I-EWBR7zZ2hs&ithint=file%2ccsv“
DownloadFile $URL
})
$btnDownloadCSVFile2016Config.add_Click({
$URL = „https://onedrive.live.com/download?resid=3FC56366F033BAA9!244&authkey=!AA9I-EWBR7zZ2hs&ithint=file%2ccsv“
DownloadFile $URL
})
$btnDownloadCSVFile2016Schema.add_Click({
$URL = „https://onedrive.live.com/download?resid=3FC56366F033BAA9!248&authkey=!AA9I-EWBR7zZ2hs&ithint=file%2ccsv“
DownloadFile $URL
})
$btnDownloadCSVFile2016DomainDNS.add_Click({
$URL = „https://onedrive.live.com/download?resid=3FC56366F033BAA9!246&authkey=!AA9I-EWBR7zZ2hs&ithint=file%2ccsv“
DownloadFile $URL
})
$btnDownloadCSVFile2016ForestDNS.add_Click({
$URL = „https://onedrive.live.com/download?resid=3FC56366F033BAA9!245&authkey=!AA9I-EWBR7zZ2hs&ithint=file%2ccsv“
DownloadFile $URL
})
$btnDownloadCSVFile2016AllFiles.add_Click({
$URL = „https://onedrive.live.com/download?resid=3FC56366F033BAA9!242&authkey=!AA9I-EWBR7zZ2hs&ithint=file%2czip“
DownloadFile $URL
}) END 2016 START 2012 R2 $btnDownloadCSVFile2012R2.add_Click({
$URL = „https://onedrive.live.com/download?resid=3FC56366F033BAA9!209&authkey=!AA9I-EWBR7zZ2hs&ithint=file%2ccsv“
DownloadFile $URL
})
$btnDownloadCSVFile2012R2Domain.add_Click({
$URL = „https://onedrive.live.com/download?resid=3FC56366F033BAA9!206&authkey=!AA9I-EWBR7zZ2hs&ithint=file%2ccsv“
DownloadFile $URL
})
$btnDownloadCSVFile2012R2Config.add_Click({
$URL = „https://onedrive.live.com/download?resid=3FC56366F033BAA9!205&authkey=!AA9I-EWBR7zZ2hs&ithint=file%2ccsv“
DownloadFile $URL
})
$btnDownloadCSVFile2012R2Schema.add_Click({
$URL = „https://onedrive.live.com/download?resid=3FC56366F033BAA9!210&authkey=!AA9I-EWBR7zZ2hs&ithint=file%2ccsv“
DownloadFile $URL
})
$btnDownloadCSVFile2012R2DomainDNS.add_Click({
$URL = „https://onedrive.live.com/download?resid=3FC56366F033BAA9!207&authkey=!AA9I-EWBR7zZ2hs&ithint=file%2ccsv“
DownloadFile $URL
})
$btnDownloadCSVFile2012R2ForestDNS.add_Click({
$URL = „https://onedrive.live.com/download?resid=3FC56366F033BAA9!208&authkey=!AA9I-EWBR7zZ2hs&ithint=file%2ccsv“
DownloadFile $URL
})
$btnDownloadCSVFile2012R2AllFiles.add_Click({
$URL = „https://onedrive.live.com/download?resid=3FC56366F033BAA9!204&authkey=!AA9I-EWBR7zZ2hs&ithint=file%2czip“
DownloadFile $URL
}) END 2012 R2 START 2012 $btnDownloadCSVFile2012.add_Click({
$URL = „https://onedrive.live.com/download?resid=3FC56366F033BAA9!216&authkey=!AA9I-EWBR7zZ2hs&ithint=file%2ccsv“
DownloadFile $URL
})
$btnDownloadCSVFile2012Domain.add_Click({
$URL = „https://onedrive.live.com/download?resid=3FC56366F033BAA9!213&authkey=!AA9I-EWBR7zZ2hs&ithint=file%2ccsv“
DownloadFile $URL
})
$btnDownloadCSVFile2012Config.add_Click({
$URL = „https://onedrive.live.com/download?resid=3FC56366F033BAA9!212&authkey=!AA9I-EWBR7zZ2hs&ithint=file%2ccsv“
DownloadFile $URL
})
$btnDownloadCSVFile2012Schema.add_Click({
$URL = „https://onedrive.live.com/download?resid=3FC56366F033BAA9!217&authkey=!AA9I-EWBR7zZ2hs&ithint=file%2ccsv“
DownloadFile $URL
})
$btnDownloadCSVFile2012DomainDNS.add_Click({
$URL = „https://onedrive.live.com/download?resid=3FC56366F033BAA9!214&authkey=!AA9I-EWBR7zZ2hs&ithint=file%2ccsv“
DownloadFile $URL
})
$btnDownloadCSVFile2012ForestDNS.add_Click({
$URL = „https://onedrive.live.com/download?resid=3FC56366F033BAA9!215&authkey=!AA9I-EWBR7zZ2hs&ithint=file%2ccsv“
DownloadFile $URL
})
$btnDownloadCSVFile2012AllFiles.add_Click({
$URL = „https://onedrive.live.com/download?resid=3FC56366F033BAA9!211&authkey=!AA9I-EWBR7zZ2hs&ithint=file%2czip“
DownloadFile $URL
}) END 2012 START 2008 R2 $btnDownloadCSVFile2008R2.add_Click({
$URL = „https://onedrive.live.com/download?resid=3FC56366F033BAA9!201&authkey=!AA9I-EWBR7zZ2hs&ithint=file%2ccsv“
DownloadFile $URL
})
$btnDownloadCSVFile2008R2Domain.add_Click({
$URL = „https://onedrive.live.com/download?resid=3FC56366F033BAA9!198&authkey=!AA9I-EWBR7zZ2hs&ithint=file%2ccsv“
DownloadFile $URL
})
$btnDownloadCSVFile2008R2Config.add_Click({
$URL = „https://onedrive.live.com/download?resid=3FC56366F033BAA9!197&authkey=!AA9I-EWBR7zZ2hs&ithint=file%2ccsv“
DownloadFile $URL
})
$btnDownloadCSVFile2008R2Schema.add_Click({
$URL = „https://onedrive.live.com/download?resid=3FC56366F033BAA9!237&authkey=!AA9I-EWBR7zZ2hs&ithint=file%2ccsv“
DownloadFile $URL
})
$btnDownloadCSVFile2008R2DomainDNS.add_Click({
$URL = „https://onedrive.live.com/download?resid=3FC56366F033BAA9!199&authkey=!AA9I-EWBR7zZ2hs&ithint=file%2ccsv“
DownloadFile $URL
})
$btnDownloadCSVFile2008R2ForestDNS.add_Click({
$URL = „https://onedrive.live.com/download?resid=3FC56366F033BAA9!200&authkey=!AA9I-EWBR7zZ2hs&ithint=file%2ccsv“
DownloadFile $URL
})
$btnDownloadCSVFile2008R2AllFiles.add_Click({
$URL = „https://onedrive.live.com/download?resid=3FC56366F033BAA9!236&authkey=!AA9I-EWBR7zZ2hs&ithint=file%2czip“
DownloadFile $URL
}) END 2008 R2 START 2003 $btnDownloadCSVFile2003.add_Click({
$URL = „https://onedrive.live.com/download?resid=3FC56366F033BAA9!194&authkey=!AA9I-EWBR7zZ2hs&ithint=file%2ccsv“
DownloadFile $URL
})
$btnDownloadCSVFile2003Domain.add_Click({
$URL = „https://onedrive.live.com/download?resid=3FC56366F033BAA9!191&authkey=!AA9I-EWBR7zZ2hs&ithint=file%2ccsv“
DownloadFile $URL
})
$btnDownloadCSVFile2003Config.add_Click({
$URL = „https://onedrive.live.com/download?resid=3FC56366F033BAA9!190&authkey=!AA9I-EWBR7zZ2hs&ithint=file%2ccsv“
DownloadFile $URL
})
$btnDownloadCSVFile2003Schema.add_Click({
$URL = „https://onedrive.live.com/download?resid=3FC56366F033BAA9!195&authkey=!AA9I-EWBR7zZ2hs&ithint=file%2ccsv“
DownloadFile $URL
})
$btnDownloadCSVFile2003DomainDNS.add_Click({
$URL = „https://onedrive.live.com/download?resid=3FC56366F033BAA9!192&authkey=!AA9I-EWBR7zZ2hs&ithint=file%2ccsv“
DownloadFile $URL
})
$btnDownloadCSVFile2003ForestDNS.add_Click({
$URL = „https://onedrive.live.com/download?resid=3FC56366F033BAA9!193&authkey=!AA9I-EWBR7zZ2hs&ithint=file%2ccsv“
DownloadFile $URL
})
$btnDownloadCSVFile2003AllFiles.add_Click({
$URL = „https://onedrive.live.com/download?resid=3FC56366F033BAA9!189&authkey=!AA9I-EWBR7zZ2hs&ithint=file%2czip“
DownloadFile $URL
}) END 2003 START 2000 SP4 $btnDownloadCSVFile2000SP4.add_Click({
$URL = „https://onedrive.live.com/download?resid=3FC56366F033BAA9!187&authkey=!AA9I-EWBR7zZ2hs&ithint=file%2ccsv“
DownloadFile $URL
})
$btnDownloadCSVFile2000SP4Domain.add_Click({
$URL = „https://onedrive.live.com/download?resid=3FC56366F033BAA9!183&authkey=!AA9I-EWBR7zZ2hs&ithint=file%2ccsv“
DownloadFile $URL
})
$btnDownloadCSVFile2000SP4Config.add_Click({
$URL = „https://onedrive.live.com/download?resid=3FC56366F033BAA9!186&authkey=!AA9I-EWBR7zZ2hs&ithint=file%2ccsv“
DownloadFile $URL
})
$btnDownloadCSVFile2000SP4Schema.add_Click({
$URL = „https://onedrive.live.com/download?resid=3FC56366F033BAA9!188&authkey=!AA9I-EWBR7zZ2hs&ithint=file%2ccsv“
DownloadFile $URL
})
$btnDownloadCSVFile2000SP4AllFiles.add_Click({
$URL = „https://onedrive.live.com/download?resid=3FC56366F033BAA9!182&authkey=!AA9I-EWBR7zZ2hs&ithint=file%2czip“
DownloadFile $URL
}) END 2000 $TemplateDownloaderGui.ShowDialog() } ========================================================================== Function : GenerateTrustedDomainPicker Arguments : – Returns : Domain DistinguishedName Description : Windows Form List AD Domains in Forest ========================================================================== Function GenerateTrustedDomainPicker
{
param(
[Parameter(Mandatory=$false)]
[pscredential]
$CREDS)
[xml]$TrustedDomainPickerXAML =@“
„@ $TrustedDomainPickerXAML.Window.RemoveAttribute(„x:Class“) $reader=(New-Object System.Xml.XmlNodeReader $TrustedDomainPickerXAML)
$TrustedDomainPickerGui=[Windows.Markup.XamlReader]::Load( $reader )
$btnOK = $TrustedDomainPickerGui.FindName(„btnOK“)
$btnCancel = $TrustedDomainPickerGui.FindName(„btnCancel“)
$objListBoxDomainList = $TrustedDomainPickerGui.FindName(„objListBoxDomainList“) $btnCancel.add_Click(
{
$TrustedDomainPickerGui.Close()
}) $btnOK.add_Click({
$global:strDomainPrinDNName=$objListBoxDomainList.SelectedItem if ( $global:strDomainPrinDNName -eq $global:strDomainLongName )
{
$lblSelectPrincipalDom.Content = $global:strDomainShortName+“:“
}
else
{
$LDAPConnection = New-Object System.DirectoryServices.Protocols.LDAPConnection($global:strDC, $CREDS)
$LDAPConnection.SessionOptions.ReferralChasing = „None“
$request = New-Object System.directoryServices.Protocols.SearchRequest(„CN=System,$global:strDomainDNName“, „(&(trustPartner=$global:strDomainPrinDNName))“, „Onelevel“)
[void]$request.Attributes.Add(„trustdirection“)
[void]$request.Attributes.Add(„trustattributes“)
[void]$request.Attributes.Add(„flatname“)
$response = $LDAPConnection.SendRequest($request)
$colResults = $response.Entries[0] if($null -ne $colResults) { $global:strPrinDomDir = $colResults.attributes.trustdirection[0] $global:strPrinDomAttr = "{0:X2}" -f [int] $colResults.attributes.trustattributes[0] $global:strPrinDomFlat = $colResults.attributes.flatname[0].ToString() $lblSelectPrincipalDom.Content = $global:strPrinDomFlat+":" } }
$TrustedDomainPickerGui.Close()
}) $LDAPConnection = New-Object System.DirectoryServices.Protocols.LDAPConnection($global:strDC, $CREDS)
$LDAPConnection.SessionOptions.ReferralChasing = „None“
$request = New-Object System.directoryServices.Protocols.SearchRequest(„CN=System,$global:strDomainDNName“, „(&(cn=*)(objectClass=trustedDomain))“, „Onelevel“)
[void]$request.Attributes.Add(„trustpartner“)
$response = $LDAPConnection.SendRequest($request)
$colResults = $response.Entries foreach ($objResult in $colResults)
{
[void] $objListBoxDomainList.Items.Add($objResult.attributes.trustpartner[0])
} [void] $objListBoxDomainList.Items.Add($global:strDomainLongName) $TrustedDomainPickerGui.ShowDialog() } ========================================================================== Function : GenerateSupportStatement Arguments : – Returns : Support Description : Generate Support Statement ========================================================================== Function GenerateSupportStatement
{
[xml]$SupportStatementXAML =@“

<Style TargetType="{x:Type Button}" x:Key="AButtonStyle"> <Setter Property="VerticalAlignment" Value="Center"/> <Setter Property="HorizontalAlignment" Value="Center"/> <Setter Property="Cursor" Value="Hand"/> <Setter Property="Foreground" Value="Pink"/> <Setter Property="Background" Value="Transparent"/> <Setter Property="Template"> <Setter.Value> <ControlTemplate TargetType="Button"> <TextBlock TextDecorations="Underline" Text="{TemplateBinding Content}" Background="{TemplateBinding Background}"/> <ControlTemplate.Triggers> <Trigger Property="IsPressed" Value="True"> <Setter Property="Foreground" Value="Red"/> </Trigger> </ControlTemplate.Triggers> </ControlTemplate> </Setter.Value> </Setter> </Style> </Window.Resources> <Grid HorizontalAlignment="Center"> <StackPanel Orientation="Vertical" Margin="0,0,00,0" HorizontalAlignment="Center"> <Label x:Name="lblSupportHeader" Content="Carefully read and understand the support statement." Height="25" Width="350" FontSize="12" Foreground="White"/> <Label x:Name="lblSupportStatement" Content="" Height="380" Width="370" FontSize="12" Background="White" BorderBrush="#FFC9C9CA" BorderThickness="1,1,1,1" FontWeight="Bold"/> <StackPanel Orientation="Horizontal" HorizontalAlignment="Center"> <Button x:Name="btnOK" Content="OK" Margin="00,10,00,00" Width="50" Height="20"/> </StackPanel> </StackPanel> </Grid> „@ $SupportStatementXAML.Window.RemoveAttribute(„x:Class“)
$reader=(New-Object System.Xml.XmlNodeReader $SupportStatementXAML)
$SuportGui=[Windows.Markup.XamlReader]::Load( $reader ) $Icon = @“
iVBORw0KGgoAAAANSUhEUgAAAGQAAABkCAMAAABHPGVmAAAABGdBTUEAALGPC/xhBQAAAwBQTFRFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAszD0iAAAAQB0Uk5T////////////////////////////////////////////////////////////////////////
//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
//////////////////////////////////////////////////////////////////////AFP3ByUAAAAJcEhZcwAADsIAAA7CARUoSoAAAAAYdEVYdFNvZnR3YXJlAHBhaW50Lm5ldCA0LjEuNWRHWFIAAAI3SURBVGhD7ZLRluQgCETn/3+6t4WrYoIKmfTM7p7c
hwhFQb3k6/UDPCEpnpAUT0iKJyRFLuSrgRAj4eZ8AzlA1MrhAwx3xHzcdMCwJuLi3gRMKwIejilTacXWwqUCCiAWUKasDRwpoAwwKqD4LKasK2gHGCpoDqcRGyPMHDCMMGtEQphMwGRh0tiHoC/A2EFvbEIQt2AHxMYqBCUISwWUxiSEJo2/7YdQX8Bd/8WQyyn+9n
8coj7qPO7yzSH+8r8YItuUnV8MobxANqQUgnRH7EBcfUkKi6NYvyCdBb1g+lrKO+BJdrMgbQdVMQqlPCOOtglBBCNRyjPiaKeQwYNUMZqW8j3giGaxPQ3pDUaU0sUZmcX2VKR9QwueZpmO2JOnm7Q9LrmiYTaqe/VVtDvt+GpnF6KFap8JaUV1aXNXSF/rVWs+G6L1
x0LURn1TiN0617eGWAZdm46vdqIh6rO1wVc77kiXRoaBNB1XNORCTilajNqZcIg9Z/BU0SxeyME7tDQNTxTNkg1xD1JXRLPMQ2jeaO+nOFIo5GQ9CvTCSXgjmuVKSGEQZNxB7Tgh9/OEpPgLQiZ/y0DA8+0Le0cwZGHaGgqb8e7IZgy7+frMctjZGlaHFqOBvWN+aj
o4ErDMjk1kh4jHP+eKPiFTPWjMCMF13g2cbG7a6DbvDo7qWcpoRjjEXO4w2RIPOaUgB0hYDymIETJeG4MQI+euMTRRsv4SQxEnv3GBJyTFE5LiCUnxhCR4vf4AzHXw0b9akGYAAAAASUVORK5CYII=
„@ $IconImage = New-Object System.Windows.Media.Imaging.BitmapImage
$IconImage.BeginInit()
$IconImage.StreamSource = [System.IO.MemoryStream][System.Convert]::FromBase64String($Icon)
$IconImage.EndInit() Freeze() prevents memory leaks. $IconImage.Freeze() $SuportGui.Icon = $IconImage $btnOK = $SuportGui.FindName(„btnOK“)
$lblSupportStatement = $SuportGui.FindName(„lblSupportStatement“)
$txtSupoprt = @“
THIS CODE-SAMPLE IS PROVIDED „AS IS“ WITHOUT
WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED,
INCLUDING BUT NOT LIMITED TO THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR
A PARTICULAR PURPOSE. „@
$lblSupportStatement.Content = $txtSupoprt $btnOK.add_Click(
{
$SuportGui.Close()
}) $SuportGui.ShowDialog() } ========================================================================== Function : GenerateDomainPicker Arguments : – Returns : Domain DistinguishedName Description : Windows Form List AD Domains in Forest ========================================================================== Function GenerateDomainPicker
{
[xml]$DomainPickerXAML =@“

<Style TargetType="{x:Type Button}" x:Key="AButtonStyle"> <Setter Property="VerticalAlignment" Value="Center"/> <Setter Property="HorizontalAlignment" Value="Center"/> <Setter Property="Cursor" Value="Hand"/> <Setter Property="Foreground" Value="Pink"/> <Setter Property="Background" Value="Transparent"/> <Setter Property="Template"> <Setter.Value> <ControlTemplate TargetType="Button"> <TextBlock TextDecorations="Underline" Text="{TemplateBinding Content}" Background="{TemplateBinding Background}"/> <ControlTemplate.Triggers> <Trigger Property="IsPressed" Value="True"> <Setter Property="Foreground" Value="Red"/> </Trigger> </ControlTemplate.Triggers> </ControlTemplate> </Setter.Value> </Setter> </Style> </Window.Resources> <Grid> <StackPanel Orientation="Vertical"> <Label x:Name="lblDomainPciker" Content="Please select a domain:" Margin="10,05,00,00" Foreground="White"/> <ListBox x:Name="objListBoxDomainList" HorizontalAlignment="Left" Height="78" Margin="10,05,0,0" VerticalAlignment="Top" Width="320"/> <StackPanel Orientation="Horizontal" HorizontalAlignment="Center"> <Button x:Name="btnOK" Content="OK" Margin="00,05,00,00" Width="50" Height="20"/> <Button x:Name="btnCancel" Content="Cancel" Margin="10,05,00,00" Width="50" Height="20"/> </StackPanel> </StackPanel> </Grid>
„@ $DomainPickerXAML.Window.RemoveAttribute(„x:Class“) $reader=(New-Object System.Xml.XmlNodeReader $DomainPickerXAML)
$DomainPickerGui=[Windows.Markup.XamlReader]::Load( $reader ) $Icon = @“
iVBORw0KGgoAAAANSUhEUgAAAGQAAABkCAMAAABHPGVmAAAABGdBTUEAALGPC/xhBQAAAwBQTFRFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAszD0iAAAAQB0Uk5T////////////////////////////////////////////////////////////////////////
//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
//////////////////////////////////////////////////////////////////////AFP3ByUAAAAJcEhZcwAADsIAAA7CARUoSoAAAAAYdEVYdFNvZnR3YXJlAHBhaW50Lm5ldCA0LjEuNWRHWFIAAAI3SURBVGhD7ZLRluQgCETn/3+6t4WrYoIKmfTM7p7c
hwhFQb3k6/UDPCEpnpAUT0iKJyRFLuSrgRAj4eZ8AzlA1MrhAwx3xHzcdMCwJuLi3gRMKwIejilTacXWwqUCCiAWUKasDRwpoAwwKqD4LKasK2gHGCpoDqcRGyPMHDCMMGtEQphMwGRh0tiHoC/A2EFvbEIQt2AHxMYqBCUISwWUxiSEJo2/7YdQX8Bd/8WQyyn+9n
8coj7qPO7yzSH+8r8YItuUnV8MobxANqQUgnRH7EBcfUkKi6NYvyCdBb1g+lrKO+BJdrMgbQdVMQqlPCOOtglBBCNRyjPiaKeQwYNUMZqW8j3giGaxPQ3pDUaU0sUZmcX2VKR9QwueZpmO2JOnm7Q9LrmiYTaqe/VVtDvt+GpnF6KFap8JaUV1aXNXSF/rVWs+G6L1
x0LURn1TiN0617eGWAZdm46vdqIh6rO1wVc77kiXRoaBNB1XNORCTilajNqZcIg9Z/BU0SxeyME7tDQNTxTNkg1xD1JXRLPMQ2jeaO+nOFIo5GQ9CvTCSXgjmuVKSGEQZNxB7Tgh9/OEpPgLQiZ/y0DA8+0Le0cwZGHaGgqb8e7IZgy7+frMctjZGlaHFqOBvWN+aj
o4ErDMjk1kh4jHP+eKPiFTPWjMCMF13g2cbG7a6DbvDo7qWcpoRjjEXO4w2RIPOaUgB0hYDymIETJeG4MQI+euMTRRsv4SQxEnv3GBJyTFE5LiCUnxhCR4vf4AzHXw0b9akGYAAAAASUVORK5CYII=
„@ $IconImage = New-Object System.Windows.Media.Imaging.BitmapImage
$IconImage.BeginInit()
$IconImage.StreamSource = [System.IO.MemoryStream][System.Convert]::FromBase64String($Icon)
$IconImage.EndInit() Freeze() prevents memory leaks. $IconImage.Freeze() $DomainPickerGui.Icon = $IconImage $btnOK = $DomainPickerGui.FindName(„btnOK“)
$btnCancel = $DomainPickerGui.FindName(„btnCancel“)
$objListBoxDomainList = $DomainPickerGui.FindName(„objListBoxDomainList“) $btnCancel.add_Click(
{
$DomainPickerGui.Close()
}) $btnOK.add_Click(
{
$strSelectedDomain = $objListBoxDomainList.SelectedItem
if ($strSelectedDomain)
{
$global:TempDC = $null
if($strSelectedDomain.Contains(„.“))
{
$global:TempDC = $strSelectedDomain
$strSelectedDomain = „DC=“ + $strSelectedDomain.Replace(„.“,“,DC=“)
}
$global:strDomainSelect = $strSelectedDomain
}
$DomainPickerGui.Close()
})
$arrPartitions = New-Object System.Collections.ArrayList
$arrPartitions.Clear() $LDAPConnection = New-Object System.DirectoryServices.Protocols.LDAPConnection(„“)
$LDAPConnection.SessionOptions.ReferralChasing = „None“
$request = New-Object System.directoryServices.Protocols.SearchRequest($null, „(objectClass=*)“, „base“)
[void]$request.Attributes.Add(„dnshostname“)
[void]$request.Attributes.Add(„supportedcapabilities“)
[void]$request.Attributes.Add(„namingcontexts“)
[void]$request.Attributes.Add(„defaultnamingcontext“)
[void]$request.Attributes.Add(„schemanamingcontext“)
[void]$request.Attributes.Add(„configurationnamingcontext“)
[void]$request.Attributes.Add(„rootdomainnamingcontext“)
[void]$request.Attributes.Add(„isGlobalCatalogReady“)
try
{
$response = $LDAPConnection.SendRequest($request)
$global:bolLDAPConnection = $true
}
catch
{
$global:bolLDAPConnection = $false
#$global:observableCollection.Insert(0,(LogMessage -strMessage „Failed! Domain does not exist or can not be connected“ -strType „Error“ -DateStamp ))
}
if($global:bolLDAPConnection -eq $true)
{
$global:ForestRootDomainDN = $response.Entries[0].attributes.rootdomainnamingcontext[0]
$global:SchemaDN = $response.Entries[0].attributes.schemanamingcontext[0]
$global:ConfigDN = $response.Entries[0].attributes.configurationnamingcontext[0]
$global:strDomainDNName = $response.Entries[0].attributes.defaultnamingcontext[0]
$global:IS_GC = $response.Entries[0].Attributes.isglobalcatalogready[0]
} Get all NC and Domain partititons $request = New-Object System.directoryServices.Protocols.SearchRequest(„CN=Partitions,$global:ConfigDN „, „(&(cn=*)(systemFlags:1.2.840.113556.1.4.803:=3))“, „Onelevel“)
[void]$request.Attributes.Add(„ncname“)
[void]$request.Attributes.Add(„dnsroot“) try
{
$response = $LDAPConnection.SendRequest($request) }
catch
{
$global:observableCollection.Insert(0,(LogMessage -strMessage „Failed! Domain does not exist or can not be connected“ -strType „Error“ -DateStamp ))
} If connection established list partitions if($response)
{
$colResults = $response.Entries
foreach ($objResult in $colResults)
{
[void] $arrPartitions.add($objResult.attributes.dnsroot[0])
[void] $objListBoxDomainList.Items.Add($objResult.attributes.ncname[0])
}
} Get all incoming and bidirectional trusts $request = New-Object System.directoryServices.Protocols.SearchRequest(„CN=System,$global:strDomainDNName“, „(&(cn=*)(objectClass=trustedDomain)(|(trustDirection:1.2.840.113556.1.4.803:=1)(trustDirection:1.2.840.113556.1.4.803:=3)))“, „Onelevel“)
[void]$request.Attributes.Add(„trustpartner“)
try
{
$response = $LDAPConnection.SendRequest($request) }
catch
{
$global:observableCollection.Insert(0,(LogMessage -strMessage „Failed! Domain does not exist or can not be connected“ -strType „Error“ -DateStamp ))
} If connection established list partitions if($response)
{ $colResults = $response.Entries foreach ($objResult in $colResults) { $bolPartitionMatch = $false foreach ($strPartition in $arrPartitions) { if($strPartition -eq $objResult.attributes.trustpartner[0]) { $bolPartitionMatch = $true } } if(!($bolPartitionMatch)) { [void] $objListBoxDomainList.Items.Add($objResult.attributes.trustpartner[0]) } } } if($objListBoxDomainList.Items.count -gt 0)
{
$DomainPickerGui.ShowDialog()
} } ========================================================================== Function : Get-SchemaData Arguments : Returns : string Description : Returns Schema Version ========================================================================== function Get-SchemaData
{
Param([System.Management.Automation.PSCredential] $CREDS) # Retrieve schema $LDAPConnection = New-Object System.DirectoryServices.Protocols.LDAPConnection($global:strDC, $CREDS)
$LDAPConnection.SessionOptions.ReferralChasing = „None“
$request = New-Object System.directoryServices.Protocols.SearchRequest(„$global:SchemaDN“, „(CN=ms-Exch-Schema-Version-Pt)“, „onelevel“)
[void]$request.Attributes.Add(„rangeupper“)
$response = $LDAPConnection.SendRequest($request)
$adObject = $response.Entries if(($null -ne $adObject) -and ($adobject.Count -ne 0 ))
{
foreach ($entry in $response.Entries)
{ try { [int] $ExchangeVersion = $entry.Attributes.rangeupper[0] if ( $global:SchemaHashExchange.ContainsKey($ExchangeVersion) ) { $txtBoxExSchema.Text = $global:SchemaHashExchange[$ExchangeVersion] } else { $txtBoxExSchema.Text = "Unknown" } } catch { $txtBoxExSchema.Text = "Not Found" } }
}
else
{
$txtBoxExSchema.Text = „Not Found“
}
$request = New-Object System.directoryServices.Protocols.SearchRequest(„$global:SchemaDN“, „(CN=ms-RTC-SIP-SchemaVersion)“, „onelevel“)
[void]$request.Attributes.Add(„rangeupper“)
$response = $LDAPConnection.SendRequest($request)
$adObject = $response.Entries if(($null -ne $adObject) -and ($adobject.Count -ne 0 ))
{
foreach ($entry in $response.Entries)
{ try { [int] $LyncVersion = $entry.Attributes.rangeupper[0] if ( $global:SchemaHashLync.ContainsKey($LyncVersion) ) { $txtBoxLyncSchema.Text = $global:SchemaHashLync[$LyncVersion] } else { $txtBoxLyncSchema.Text = "Unknown" } } catch { $txtBoxLyncSchema.Text = "Not Found" } }
}
else
{
$txtBoxLyncSchema.Text = „Not Found“
}
$request = New-Object System.directoryServices.Protocols.SearchRequest(„$global:SchemaDN“, „(CN=*)“, „Base“)
[void]$request.Attributes.Add(„objectversion“)
$response = $LDAPConnection.SendRequest($request)
$adObject = $response.Entries if(($null -ne $adObject) -and ($adobject.Count -ne 0 ))
{
foreach ($entry in $response.Entries)
{ try { $ADSchemaVersion = $entry.Attributes.objectversion[0] if ( $global:SchemaHashAD.ContainsKey([int]$ADSchemaVersion) ) { $txtBoxADSchema.Text = $global:SchemaHashAD[[int]$ADSchemaVersion] } else { $txtBoxADSchema.Text = $ADSchemaVersion } } catch { $txtBoxADSchema.Text = "Not Found" } }
}
else
{
$txtBoxADSchema.Text = „Not Found“
} $request = New-Object System.directoryServices.Protocols.SearchRequest(„$global:strDomainDNName“, „(name=*)“, „Base“)
[void]$request.Attributes.Add(„msds-behavior-version“)
$response = $LDAPConnection.SendRequest($request)
$adObject = $response.Entries if(($null -ne $adObject) -and ($adobject.Count -ne 0 ))
{
foreach ($entry in $response.Entries)
{ try { $ADDFL = $entry.Attributes.'msds-behavior-version'[0] if ( $global:DomainFLHashAD.ContainsKey([int]$ADDFL) ) { $txtBoxDFL.Text = $global:DomainFLHashAD[[int]$ADDFL] } else { $txtBoxDFL.Text = "Unknown" } } catch { $txtBoxDFL.Text = "Not Found" } }
}
else
{
$txtBoxDFL.Text = „Not Found“
}
$request = New-Object System.directoryServices.Protocols.SearchRequest(„CN=Partitions,CN=Configuration,$global:ForestRootDomainDN“, „(name=*)“, „Base“)
[void]$request.Attributes.Add(„msds-behavior-version“)
$response = $LDAPConnection.SendRequest($request)
$adObject = $response.Entries if(($null -ne $adObject) -and ($adobject.Count -ne 0 ))
{
foreach ($entry in $response.Entries)
{ try { $ADFFL = $entry.Attributes.'msds-behavior-version'[0] if ( $global:ForestFLHashAD.ContainsKey([int]$ADFFL) ) { $txtBoxFFL.Text = $global:ForestFLHashAD[[int]$ADFFL] } else { $txtBoxFFL.Text = "Unknown" } } catch { $txtBoxFFL.Text = "Not Found" } }
}
else
{
$txtBoxFFL.Text = „Not Found“
}
$request = New-Object System.directoryServices.Protocols.SearchRequest(„CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,$global:ForestRootDomainDN“, „(dSHeuristics=*)“, „Base“)
[void]$request.Attributes.Add(„dsheuristics“)
$response = $LDAPConnection.SendRequest($request)
$adObject = $response.Entries if(($null -ne $adObject) -and ($adobject.Count -ne 0 ))
{
foreach ($entry in $response.Entries)
{ try { $DSHeuristics = $entry.Attributes.dsheuristics[0] if ($DSHeuristics.Substring(2,1) -eq "1") { $txtListObjectMode.Text = "Enabled" } else { $txtListObjectMode.Text = "Disabled" } } catch { $txtListObjectMode.Text = "Not Found" } }
}
else
{
$txtListObjectMode.Text = „Disabled“
}
} ========================================================================== Function : Get-HighestNetFrameWorkVer Arguments : Returns : string Description : Returns Highest .Net Framework Version ========================================================================== Function Get-HighestNetFrameWorkVer
{
$arrDotNetFrameWorkVersions = Get-ChildItem ‚HKLM:\SOFTWARE\Microsoft\NET Framework Setup\NDP‘ -recurse |
Get-ItemProperty -name Version,Release -EA 0 |
Where-Object { $_.PSChildName -match ‚^(?!S)\p{L}‘} |
Select-Object Version
$DotNetVer = $arrDotNetFrameWorkVersions | where-object{$_.version -ge 4.6} | Select-Object -Last 1
if($DotNetVer){$HighestDotNetFrmVer = $DotNetVer.Version}
else{
$DotNetVer = $arrDotNetFrameWorkVersions | where-object{$_.version -ge 4.5} | Select-Object -Last 1
if($DotNetVer){$HighestDotNetFrmVer = $DotNetVer.Version}
else{
$DotNetVer = $arrDotNetFrameWorkVersions | where-object{$_.version -ge 4.0} | Select-Object -Last 1
if($DotNetVer){$HighestDotNetFrmVer = $DotNetVer.Version}
else{
$DotNetVer = $arrDotNetFrameWorkVersions | where-object{$_.version -ge 3.5} | Select-Object -Last 1
if($DotNetVer){$HighestDotNetFrmVer = $DotNetVer.Version}
else{
$DotNetVer = $arrDotNetFrameWorkVersions | where-object{$_.version -ge 3.0} | Select-Object -Last 1
if($DotNetVer){$HighestDotNetFrmVer = $DotNetVer.Version}
else{
$DotNetVer = $arrDotNetFrameWorkVersions | where-object{$_.version -ge 2.0} | Select-Object -Last 1
if($DotNetVer){$HighestDotNetFrmVer = $DotNetVer.Version}
else{
$DotNetVer = $arrDotNetFrameWorkVersions | where-object{$_.version -ge 1.1} | Select-Object -Last 1
if($DotNetVer){$HighestDotNetFrmVer = $DotNetVer.Version}
else{
$DotNetVer = $arrDotNetFrameWorkVersions | where-object{$_.version -ge 1.0} | Select-Object -Last 1
if($DotNetVer){$HighestDotNetFrmVer = $DotNetVer.Version}
}}}}}}} Remove-variable DotNetVer,arrDotNetFrameWorkVersions return $HighestDotNetFrmVer } ========================================================================== Function : GetDomainController Arguments : Domain FQDN,bol using creds, PSCredential Returns : Domain Controller Description : Locate a domain controller in a specified domain ========================================================================== Function GetDomainController
{
Param([string] $strDomainFQDN,
[bool] $bolCreds,
[parameter(Mandatory=$false)]
[System.Management.Automation.PSCredential] $DCCREDS) $strDomainController = „“ if ($bolCreds -eq $true)
{ $Context = New-Object DirectoryServices.ActiveDirectory.DirectoryContext("Domain",$strDomainFQDN,$DCCREDS.UserName,$DCCREDS.GetNetworkCredential().Password) $ojbDomain = [DirectoryServices.ActiveDirectory.Domain]::GetDomain($Context) $strDomainController = $($ojbDomain.FindDomainController()).name }
else
{ $Context = New-Object DirectoryServices.ActiveDirectory.DirectoryContext("Domain",$strDomainFQDN ) $ojbDomain = [DirectoryServices.ActiveDirectory.Domain]::GetDomain($Context) $strDomainController = $($ojbDomain.FindDomainController()).name } return $strDomainController } ========================================================================== Function : Get-DirContext Arguments : string domain controller,credentials Returns : Directory context Description : Get Directory Context ========================================================================== function Get-DirContext
{
Param($DomainController,
[System.Management.Automation.PSCredential] $CREDS) if($CREDS) { $Context = new-object DirectoryServices.ActiveDirectory.DirectoryContext("DirectoryServer",$DomainController,$CREDS.UserName,$CREDS.GetNetworkCredential().Password) } else { $Context = New-Object DirectoryServices.ActiveDirectory.DirectoryContext("DirectoryServer",$DomainController) } return $Context } ========================================================================== Function : TestCreds Arguments : System.Management.Automation.PSCredential Returns : Boolean Description : Check If username and password is valid ========================================================================== Function TestCreds
{
Param([System.Management.Automation.PSCredential] $psCred) Add-Type -AssemblyName System.DirectoryServices.AccountManagement if ($psCred.UserName -match „\“)
{
If ($psCred.UserName.split(„\“)[0] -eq „“)
{
[directoryservices.directoryEntry]$root = (New-Object system.directoryservices.directoryEntry) $ctx = New-Object System.DirectoryServices.AccountManagement.PrincipalContext([System.DirectoryServices.AccountManagement.ContextType]::Domain, $root.name) } else { $ctx = New-Object System.DirectoryServices.AccountManagement.PrincipalContext([System.DirectoryServices.AccountManagement.ContextType]::Domain, $psCred.UserName.split("\")[0]) } $bolValid = $ctx.ValidateCredentials($psCred.UserName.split("\")[1],$psCred.GetNetworkCredential().Password) }
else
{
[directoryservices.directoryEntry]$root = (New-Object system.directoryservices.directoryEntry) $ctx = New-Object System.DirectoryServices.AccountManagement.PrincipalContext([System.DirectoryServices.AccountManagement.ContextType]::Domain, $root.name) $bolValid = $ctx.ValidateCredentials($psCred.UserName,$psCred.GetNetworkCredential().Password) } return $bolValid
} ========================================================================== Function : GetTokenGroups Arguments : Principal DistinguishedName string Returns : ArrayList of groups names Description : Group names of all sids in tokenGroups ========================================================================== Function GetTokenGroups
{
Param(
$PrincipalDomDC, $PrincipalDN,

[bool]

$bolCreds,

[parameter(Mandatory=$false)]

[System.Management.Automation.PSCredential] $GetTokenCreds, [Parameter(Mandatory=$false)]

[pscredential]

$CREDS )

$script:bolErr = $false
$tokenGroups = New-Object System.Collections.ArrayList

$tokenGroups.Clear()
$LDAPConnection = New-Object System.DirectoryServices.Protocols.LDAPConnection($PrincipalDomDC,$CREDS)
$LDAPConnection.SessionOptions.ReferralChasing = „None“
$request = New-Object System.directoryServices.Protocols.SearchRequest
$request.DistinguishedName = $PrincipalDN
$request.Filter = „(name=*)“
$request.Scope = „Base“
[void]$request.Attributes.Add(„tokengroups“)
[void]$request.Attributes.Add(„tokengroupsglobalanduniversal“)
[void]$request.Attributes.Add(„objectsid“)
$response = $LDAPConnection.SendRequest($request)
$ADobject = $response.Entries[0]

if ( $global:strDomainPrinDNName -eq $global:strDomainDNName )
{
$SIDs = $ADobject.Attributes.tokengroups
}
else
{
$SIDs = $ADobject.Attributes.tokengroupsglobalanduniversal
}

Get selected principal SID

$ownerSIDs = (New-Object System.Security.Principal.SecurityIdentifier $ADobject.Attributes.objectsid[0], 0).Value

Add selected principal SID to tokenGroups

[void]$tokenGroups.Add($ownerSIDs)

$arrForeignSecGroups = FindForeignSecPrinMemberships $(GenerateSearchAbleSID $ownerSIDs) $CREDS

foreach ($ForeignMemb in $arrForeignSecGroups)
{
if($null -ne $ForeignMemb)
{
if($ForeignMemb.tostring().length -gt 0 )
{
[void]$tokenGroups.add($ForeignMemb)
}
}
}

Populate hash table with security group memberships.

$LDAPConnection = New-Object System.DirectoryServices.Protocols.LDAPConnection($PrincipalDomDC,$CREDS)
$LDAPConnection.SessionOptions.ReferralChasing = „None“
$request = New-Object System.directoryServices.Protocols.SearchRequest
$request.DistinguishedName = „CN=ForeignSecurityPrincipals,$global:strDomainDNName“
$request.Filter = „(CN=S-1-5-11)“
$request.Scope = „onelevel“
[void]$request.Attributes.Add(„objectsid“)
$response = $LDAPConnection.SendRequest($request)
$colResults = $response.Entries
foreach ($objResult in $colResults)
{

[byte[]] $byte = $objResult.Attributes.objectsid.GetValues([byte[]])[0]
$ForeignDefaultWellKnownSIDs = (New-Object System.Security.Principal.SecurityIdentifier($byte, 0)).value

$arrForeignSecGroups = FindForeignSecPrinMemberships $(GenerateSearchAbleSID $ForeignDefaultWellKnownSIDs) $CREDS

foreach ($ForeignMemb in $arrForeignSecGroups)
{
       if($null -ne  $ForeignMemb)
        {
            if($ForeignMemb.tostring().length -gt 0 )
            {
            [void]$tokenGroups.add($ForeignMemb)
            }
        }
}

}

Add SID string to tokenGroups

ForEach ($Value In $SIDs)
{
$SID = New-Object System.Security.Principal.SecurityIdentifier $Value, 0

[void]$tokenGroups.Add($SID.Value)

}

Add Everyone

[void]$tokenGroups.Add(„S-1-1-0“)

Add Authenticated Users

[void]$tokenGroups.Add(„S-1-5-11“)
if(($global:strPrinDomAttr -eq 14) -or ($global:strPrinDomAttr -eq 18) -or ($global:strPrinDomAttr -eq „5C“) -or ($global:strPrinDomAttr -eq „1C“) -or ($global:strPrinDomAttr -eq „44“) -or ($global:strPrinDomAttr -eq „54“) -or ($global:strPrinDomAttr -eq „50“))
{
#Add Other Organization
[void]$tokenGroups.Add(„S-1-5-1000“)
}
else
{
#Add This Organization
[void]$tokenGroups.Add(„S-1-5-15“)
}

Remove duplicate

$tokenGroups = $tokenGroups | Select-Object -Unique
Return $tokenGroups

}

==========================================================================

Function : GenerateSearchAbleSID

Arguments : SID Decimal form Value as string

Returns : SID in String format for LDAP searcheds

Description : Convert SID from decimal to hex with „\“ for searching with LDAP

==========================================================================

Function GenerateSearchAbleSID
{
Param([String] $SidValue)

Create SID .NET object using SID string provided

$sid = New-Object system.Security.Principal.SecurityIdentifier $SidValue

Create a byte array of the proper length

$sidBytes = New-Object byte[] $sid.BinaryLength
$SidDec = $sid.GetBinaryForm( $sidBytes, 0 )

$SidDec =$sidBytes.tostring().split(„“)

Foreach ($intSID in $sidBytes)
{
[string] $SIDHex = „{0:X2}“ -f [int] $intSID
$strSIDHextString = $strSIDHextString + „\“ + $SIDHex

}

return $strSIDHextString
}

==========================================================================

Function : FindForeignSecPrinMemberships

Arguments : SID Decimal form Value as string

Returns : Group names

Description : Searching for ForeignSecurityPrinicpals and return memberhsip

==========================================================================

Function FindForeignSecPrinMemberships
{
Param([string] $strSearchAbleSID,
[System.Management.Automation.PSCredential] $ForeignCREDS)

$arrForeignMembership = New-Object System.Collections.ArrayList
[void]$arrForeignMembership.clear()

$LDAPConnection = New-Object System.DirectoryServices.Protocols.LDAPConnection($global:strDC, $ForeignCREDS)
$LDAPConnection.SessionOptions.ReferralChasing = „None“
$request = New-Object System.directoryServices.Protocols.SearchRequest
$request.DistinguishedName = „CN=ForeignSecurityPrincipals,$global:strDomainDNName“
$request.Filter = „(&(objectSID=$strSearchAbleSID))“
$request.Scope = „Subtree“
[void]$request.Attributes.Add(„memberof“)
$response = $LDAPConnection.SendRequest($request)

Foreach ( $obj in $response.Entries)
{

$index = 0
while($index -le $obj.Attributes.memberof.count -1)
{
$member = $obj.Attributes.memberof[$index]
$LDAPConnection = New-Object System.DirectoryServices.Protocols.LDAPConnection($global:strDC,$ForeignCREDS)
$LDAPConnection.SessionOptions.ReferralChasing = „None“
$request = New-Object System.directoryServices.Protocols.SearchRequest

    $request.DistinguishedName = $member
    $request.Filter = "(name=*)"
    $request.Scope = "Base"
    [void]$request.Attributes.Add("objectsid")
    $response = $LDAPConnection.SendRequest($request)
    $ADobject = $response.Entries[0]
    $strPrinName = New-Object System.Security.Principal.SecurityIdentifier $($ADobject.Attributes.objectsid), 0
    [void]$arrForeignMembership.add($strPrinName.Value)
    $index++
}

}

return $arrForeignMembership
}

==========================================================================

Function : GetSidStringFromSidByte

Arguments : SID Value in Byte[]

Returns : SID in String format

Description : Convert SID from Byte[] to String

==========================================================================

Function GetSidStringFromSidByte
{
Param([byte[]] $SidByte)

$objectSid = [byte[]]$SidByte
$sid = New-Object System.Security.Principal.SecurityIdentifier($objectSid,0)  
$sidString = ($sid.value).ToString() 
return $sidString

}

==========================================================================

Function : GetSecPrinDN

Arguments : samAccountName

Returns : DistinguishedName

Description : Search Security Principal and Return DistinguishedName

==========================================================================

Function GetSecPrinDN
{
Param([string] $samAccountName,
[string] $strDomainDC,
[bool] $bolCreds,
[parameter(Mandatory=$false)]
[System.Management.Automation.PSCredential] $CREDS)

$LDAPConnection = New-Object System.DirectoryServices.Protocols.LDAPConnection($strDomainDC,$CREDS)
$LDAPConnection.SessionOptions.ReferralChasing = „None“
$request = New-Object System.directoryServices.Protocols.SearchRequest
$request.Filter = „(name=*)“
$request.Scope = „Base“
$response = $LDAPConnection.SendRequest($request)
$strPrinDomDefNC = $response.Entries[0].Attributes.defaultnamingcontext[0]

$LDAPConnection = New-Object System.DirectoryServices.Protocols.LDAPConnection($strDomainDC,$CREDS)
$LDAPConnection.SessionOptions.ReferralChasing = „None“
$request = New-Object System.directoryServices.Protocols.SearchRequest
$request.DistinguishedName = $strPrinDomDefNC
$request.Filter = „(&(samAccountName=$samAccountName))“
$request.Scope = „Subtree“
[void]$request.Attributes.Add(„name“)

$response = $LDAPConnection.SendRequest($request)
$ADobject = $response.Entries[0]

if($ADobject.Attributes.Count -gt 0)
{

$global:strPrincipalDN = $ADobject.distinguishedname

}
else
{
$global:strPrincipalDN = „“
}

return $global:strPrincipalDN

}

==========================================================================

Function : GetSchemaObjectGUID

Arguments : Object Guid or Rights Guid

Returns : LDAPDisplayName or DisplayName

Description : Searches in the dictionaries(Hash) dicRightsGuids and $global:dicSchemaIDGUIDs and in Schema

for the name of the object or Extended Right, if found in Schema the dicRightsGuids is updated.

Then the functions return the name(LDAPDisplayName or DisplayName).

==========================================================================

Function GetSchemaObjectGUID
{
Param(
[string]
$Domain,

[Parameter(Mandatory=$false)]

[pscredential]

$CREDS) [string] $strOut =““ [string] $strLDAPname = „“ BuildSchemaDic $LDAPConnection = New-Object System.DirectoryServices.Protocols.LDAPConnection($global:strDC, $CREDS) $LDAPConnection.SessionOptions.ReferralChasing = „None“ $request = New-Object System.directoryServices.Protocols.SearchRequest(„$global:SchemaDN“, „(&(schemaIDGUID=*))“, „Subtree“) [System.DirectoryServices.Protocols.PageResultRequestControl]$pagedRqc = new-object System.DirectoryServices.Protocols.PageResultRequestControl($global:PageSize) $request.Controls.Add($pagedRqc) | Out-Null [void]$request.Attributes.Add(„ldapdisplayname“) [void]$request.Attributes.Add(„schemaidguid“) while ($true) { $response = $LdapConnection.SendRequest($request, (new-object System.Timespan(0,0,$global:TimeoutSeconds))) -as [System.DirectoryServices.Protocols.SearchResponse]; #for paged search, the response for paged search result control – we will need a cookie from result later if($global:PageSize -gt 0) { [System.DirectoryServices.Protocols.PageResultResponseControl] $prrc=$null; if ($response.Controls.Length -gt 0) { foreach ($ctrl in $response.Controls) { if ($ctrl -is [System.DirectoryServices.Protocols.PageResultResponseControl]) { $prrc = $ctrl; break; } } } if($null -eq $prrc) { #server was unable to process paged search throw „Find-LdapObject: Server failed to return paged response for request $SearchFilter“ } } #now process the returned list of distinguishedNames and fetch required properties using ranged retrieval $colResults = $response.Entries foreach ($objResult in $colResults) { $strLDAPname = $objResult.attributes.ldapdisplayname[0] $guidGUID = [System.GUID] $objResult.attributes.schemaidguid[0] $strGUID = $guidGUID.toString().toUpper() If (!($global:dicSchemaIDGUIDs.ContainsKey($strGUID))) { $global:dicSchemaIDGUIDs.Add($strGUID,$strLDAPname) $global:dicNameToSchemaIDGUIDs.Add($strLDAPname,$strGUID) } } if($global:PageSize -gt 0) { if ($prrc.Cookie.Length -eq 0) { #last page –> we’re done break; } #pass the search cookie back to server in next paged request $pagedRqc.Cookie = $prrc.Cookie; } else { #exit the processing for non-paged search break; } } return $strOut

}

==========================================================================

Function : CheckDNExist

Arguments : string distinguishedName, string directory server

Returns : Boolean

Description : Check If distinguishedName exist

==========================================================================

function CheckDNExist
{
Param (
$sADobjectName,

[string]
$strDC,

[Parameter(Mandatory=$false)]
[pscredential]
$CREDS
)

$LDAPConnection = New-Object System.DirectoryServices.Protocols.LDAPConnection($strDC, $CREDS)
#$LDAPConnection.SessionOptions.ReferralChasing = "None"
$request = New-Object System.directoryServices.Protocols.SearchRequest
if($global:bolShowDeleted)
{
    [string] $LDAP_SERVER_SHOW_DELETED_OID = "1.2.840.113556.1.4.417"
    [void]$request.Controls.Add((New-Object "System.DirectoryServices.Protocols.DirectoryControl" -ArgumentList "$LDAP_SERVER_SHOW_DELETED_OID",$null,$false,$true ))
}
$request.DistinguishedName = $sADobjectName
$request.Filter = "(name=*)"
$request.Scope = "Base"
try
{
    $response = $LDAPConnection.SendRequest($request)
}
catch
{
    return $false
}
if($response.Entries.count -gt 0)
{
    $ADobject = $response.Entries[0]
    If($null -eq $ADobject.distinguishedname)
    {return $false}
    else
    {return $true}
}

}

==========================================================================

Function : TestCSVColumnsDefaultSD

Arguments : CSV import for Default Security descriptor

Returns : Boolean

Description : Search for all requried column names in CSV and return true or false

==========================================================================

function TestCSVColumnsDefaultSD
{
param($CSVImport)
$bolColumExist = $false
$colHeaders = ( $CSVImport | Get-member -MemberType ‚NoteProperty‘ | Select-Object -ExpandProperty ‚Name‘)
$bolName = $false
$boldistinguishedName = $false
$bolVersion = $false
$bolModifiedDate = $false
$bolSDDL = $false

Foreach ($ColumnName in $colHeaders )
{

if($ColumnName.Trim() -eq "Name")
{
    $bolName = $true
}
if($ColumnName.Trim() -eq "distinguishedName")
{
    $boldistinguishedName = $true
}
if($ColumnName.Trim() -eq "Version")
{
    $bolVersion = $true
}
if($ColumnName.Trim() -eq "ModifiedDate")
{
    $bolModifiedDate = $true
}
if($ColumnName.Trim() -eq "SDDL")
{
    $bolSDDL = $true
}

}

if test column names exist

if($bolName -and $boldistinguishedName -and $bolVersion -and $bolModifiedDate -and $bolSDDL)
{
$bolColumExist = $true
}
return $bolColumExist
}

==========================================================================

Function : TestCSVColumns

Arguments : CSV import

Returns : Boolean

Description : Search for all requried column names in CSV and return true or false

==========================================================================

function TestCSVColumns
{
param($CSVImport)
$bolColumExist = $false
$colHeaders = ( $CSVImport | Get-member -MemberType ‚NoteProperty‘ | Select-Object -ExpandProperty ‚Name‘)
$bolAccessControlType = $false
$bolActiveDirectoryRights = $false
$bolIdentityReference = $false
$bolInheritanceFlags = $false
$bolInheritanceType = $false
$bolInheritedObjectType = $false
$bolInvocationID = $false
$bolIsInherited = $false
$bolObjectFlags= $false
$bolObjectType = $false
$bolOrgUSN= $false
$bolOU = $false
$bolPropagationFlags = $false
$bolSDDate = $false
Foreach ($ColumnName in $colHeaders )
{

if($ColumnName.Trim() -eq "AccessControlType")
{
    $bolAccessControlType = $true
}
if($ColumnName.Trim() -eq "ActiveDirectoryRights")
{
    $bolActiveDirectoryRights = $true
}
if($ColumnName.Trim() -eq "IdentityReference")
{
    $bolIdentityReference = $true
}
if($ColumnName.Trim() -eq "InheritanceFlags")
{
    $bolInheritanceFlags = $true
}
if($ColumnName.Trim() -eq "InheritanceType")
{
    $bolInheritanceType = $true
}
if($ColumnName.Trim() -eq "InheritedObjectType")
{
    $bolInheritedObjectType = $true
}
if($ColumnName.Trim() -eq "InvocationID")
{
    $bolInvocationID = $true
}
if($ColumnName.Trim() -eq "IsInherited")
{
    $bolIsInherited = $true
}        

if($ColumnName.Trim() -eq "ObjectFlags")
{
    $bolObjectFlags= $true
}    
if($ColumnName.Trim() -eq "ObjectType")
{
    $bolObjectType = $true
}   
if($ColumnName.Trim() -eq "OrgUSN")
{
    $bolOrgUSN= $true
}   
if(($ColumnName.Trim() -eq "Object") -or ($ColumnName.Trim() -eq "OU"))
{
    $bolOU = $true
}   
if($ColumnName.Trim() -eq "PropagationFlags")
{
    $bolPropagationFlags = $true
}        
if($ColumnName.Trim() -eq "SDDate")
{
    $bolSDDate = $true
}

}

if test column names exist

if($bolAccessControlType -and $bolActiveDirectoryRights -and $bolIdentityReference -and $bolInheritanceFlags -and $bolInheritanceType -and $bolInheritedObjectType -and $bolInvocationID -and $bolIsInherited -and $bolObjectFlags -and $bolObjectType -and $bolOrgUSN -and $bolOU -and $bolPropagationFlags
-and $bolSDDate)
{
$bolColumExist = $true
}
return $bolColumExist
}

==========================================================================

Function : ReverseDNList

Arguments : array of distinguishedname

Returns : List of reversed distinguishedname

Description : List of reversed distinguishedname

==========================================================================

function ReverseDNList {
param (
[Parameter(Mandatory=$True)]
[System.Array]$stringlist
)

$stringlistReversed = @()

foreach ($string in $stringlist) {
    $stringSplitted = $string.Split(',')
    $Counter = $stringSplitted.Count
    $stringReversed = ''
    while ($Counter -gt 0) {
        $stringReversed += $stringSplitted[$Counter-1]
        $Counter = $Counter-1
        if ($Counter -gt 0) {
            $stringReversed += ','
        }
    }
    $stringlistReversed += $stringReversed
}

return $stringlistReversed

}

==========================================================================

Function : GetAllChildNodes

Arguments : Node distinguishedName

Returns : List of Nodes

Description : Search for a Node and returns distinguishedName

==========================================================================

function GetAllChildNodes
{
param (

Search base

[Parameter(Mandatory=$true,
ValueFromPipeline=$true,
ValueFromPipelineByPropertyName=$true,
ValueFromRemainingArguments=$false,
Position=0,
ParameterSetName=’Default‘)]
[ValidateNotNull()]
[ValidateNotNullOrEmpty()]
[String]
$firstnode,

Scope

[Parameter(Mandatory=$false,
ValueFromPipeline=$true,
ValueFromPipelineByPropertyName=$true,
ValueFromRemainingArguments=$false,
Position=1,
ParameterSetName=’Default‘)]
[ValidateSet(„base“, „onelevel“, „subtree“)]
[ValidateNotNull()]
[ValidateNotNullOrEmpty()]
[String]
$Scope,

Search filter (Optional)

[Parameter(Mandatory=$false,
ValueFromPipeline=$true,
ValueFromPipelineByPropertyName=$true,
ValueFromRemainingArguments=$false,
Position=2,
ParameterSetName=’Default‘)]
[string]
$CustomFilter=““,

Distinguishednames to exlude in result

[Parameter(Mandatory=$false,
ValueFromPipeline=$true,
ValueFromPipelineByPropertyName=$true,
ValueFromRemainingArguments=$false,
Position=3,
ParameterSetName=’Default‘)]
[string]
$ExcludedDNs=““,

[Parameter(Mandatory=$false)]
[pscredential]
$CREDS
)

$nodelist = New-Object System.Collections.ArrayList
$nodelist.Clear()

[boolean]$global:SearchFailed = $false

Add all Children found as Sub Nodes to the selected TreeNode

$strFilterAll = „(objectClass=)“ $strFilterContainer = „(&(|(objectClass=organizationalUnit)(objectClass=container)(objectClass=DomainDNS)(objectClass=dMD)))“ $strFilterOU = „(|(objectClass=organizationalUnit)(objectClass=domainDNS))“ $strFilterGPO=“(&(|(objectClass=organizationalUnit)(objectClass=domainDNS))(gplink=LDAP*))“
$ReqFilter = „“

$LDAPConnection = New-Object System.DirectoryServices.Protocols.LDAPConnection($global:strDC, $CREDS)
$LDAPConnection.SessionOptions.ReferralChasing = „None“
$request = New-Object System.directoryServices.Protocols.SearchRequest
[System.DirectoryServices.Protocols.PageResultRequestControl]$pagedRqc = new-object System.DirectoryServices.Protocols.PageResultRequestControl($global:PageSize)
$request.Controls.Add($pagedRqc) | Out-Null

if($global:bolShowDeleted)
{
[string] $LDAP_SERVER_SHOW_DELETED_OID = „1.2.840.113556.1.4.417“
[void]$request.Controls.Add((New-Object „System.DirectoryServices.Protocols.DirectoryControl“ -ArgumentList „$LDAP_SERVER_SHOW_DELETED_OID“,$null,$false,$true ))
}

$request.DistinguishedName = $firstnode
If ($rdbScanAll.IsChecked -eq $true)
{
$ReqFilter = $strFilterAll

}
If ($rdbScanOU.IsChecked -eq $true)
{
$ReqFilter = $strFilterOU
}
If ($rdbScanContainer.IsChecked -eq $true)
{
$ReqFilter = $strFilterContainer
}
If ($rdbScanFilter.IsChecked -eq $true)
{
if($CustomFilter -gt 0)
{
$ReqFilter = $CustomFilter
}
}
if($CustomFilter -ne „“)
{
$ReqFilter = $CustomFilter
}

if($Scope -eq „base“)
{
If ($rdbScanFilter.IsChecked -eq $true)
{
if($CustomFilter -gt 0)
{
$ReqFilter = $CustomFilter
}
else
{
$ReqFilter = $strFilterAll
}
}
else {
if($CustomFilter -ne „“)
{
$ReqFilter = $CustomFilter
}
else
{
$ReqFilter = $strFilterAll
}
}
}

if($rdbGPO.IsChecked -eq $true)
{
$ReqFilter = $strFilterGPO
}

Set search scope

$request.Scope = $Scope

if the seaching using a scope of onelevel we add the base node to the results

if ($Scope -eq „onelevel“)
{
# Test the filter against the first node
$LDAPConnection = New-Object System.DirectoryServices.Protocols.LDAPConnection($global:strDC, $CREDS)
$LDAPConnection.SessionOptions.ReferralChasing = „None“
$request2 = New-Object System.directoryServices.Protocols.Searchrequest($firstnode, $ReqFilter, „base“)
if($GPO)
{
[void]$request2.Attributes.Add(„gplink“)
}
else
{
[void]$request2.Attributes.Add(„name“)
}

try
{
    $response2 = $LDAPConnection.Sendrequest($request2)
}
catch
{
    if($_.Exception.Message.tostring() -match "The search filter is invalid")
    {
        $global:SearchFailed = $true
        if($global:bolCMD)
        {
            Write-host "The search filter is invalid"
        }
        else
        {
            $global:observableCollection.Insert(0,(LogMessage -strMessage "The search filter is invalid" -strType "Error" -DateStamp ))
        }
        break
    }
}   
#if the filter catch the first node add it to list
If ($response2.Entries.Count -gt 0) 
{
    if($ExcludedDNs)
    {
        $arrExcludedDN = $ExcludedDNs.split(";")
        $bolInclude = $true
        Foreach( $strExcludeDN in $arrExcludedDN)
        {
            if(!($objResult.distinguishedName -notmatch $strExcludeDN ))
            {
                $bolInclude = $false
                break
            }
        }
        if($bolInclude)
        {
            #Reverse string to be able to sort output    
            try
            {   
                $nodelist += $firstnode     
            }
            catch
            {}
            $intNomatch++

        }
    }
    else
    {   
        $nodelist += $firstnode    
    }
}

}#End if Scope = onelevel
$request.filter = $ReqFilter
if($ExcludedDNs)
{
$arrExcludedDN = $ExcludedDNs.split(„;“)
while ($true)
{
try
{
$response = $LdapConnection.SendRequest($request, (new-object System.Timespan(0,0,$global:TimeoutSeconds))) -as [System.DirectoryServices.Protocols.SearchResponse];
}
catch
{
if($_.Exception.Message.tostring() -match „The search filter is invalid“)
{
$global:SearchFailed = $true
if($global:bolCMD)
{
Write-host „The search filter is invalid“
}
else
{
$global:observableCollection.Insert(0,(LogMessage -strMessage „The search filter is invalid“ -strType „Error“ -DateStamp ))
}
break
}
}
#for paged search, the response for paged search result control – we will need a cookie from result later
if($global:PageSize -gt 0) {
[System.DirectoryServices.Protocols.PageResultResponseControl] $prrc=$null;
if ($response.Controls.Length -gt 0)
{
foreach ($ctrl in $response.Controls)
{
if ($ctrl -is [System.DirectoryServices.Protocols.PageResultResponseControl])
{
$prrc = $ctrl;
break;
}
}
}
if($null -eq $prrc) {
#server was unable to process paged search
throw „Find-LdapObject: Server failed to return paged response for request $SearchFilter“
}
}
#now process the returned list of distinguishedNames and fetch required properties using ranged retrieval
$colResults = $response.Entries
$intTotalSearch = $colResults.Count
$intNomatch = 0
foreach ($objResult in $colResults)
{
$bolInclude = $true
Foreach( $strExcludeDN in $arrExcludedDN)
{
if(!($objResult.distinguishedName -notmatch $strExcludeDN ))
{
$bolInclude = $false
break
}
}
#Add objects with distinguihsedname not matching string
if($bolInclude)
{
#Reverse string to be able to sort output
$nodelist += $objResult.distinguishedName
$intNomatch++
}

}
    if($global:PageSize -gt 0) {
        if ($prrc.Cookie.Length -eq 0) {
            #last page --> we're done
            break;
        }
        #pass the search cookie back to server in next paged request
        $pagedRqc.Cookie = $prrc.Cookie;
    } else {
        #exit the processing for non-paged search
        break;
    }
} #End While

#Caclulate number of objects exluded in search
$global:intObjExluced = $intTotalSearch - $intNomatch
# Log information about skipped objects
if($global:bolCMD)
{
    Write-host "Number of objects excluded: $global:intObjExluced"
}
else
{
    $global:observableCollection.Insert(0,(LogMessage -strMessage "Number of objects excluded: $global:intObjExluced" -strType "Info" -DateStamp ))
}

}

If no string in Excluded String box

else
{

$colResults = @()
while ($true)
{
    try
    {
    $response = $LdapConnection.SendRequest($request, (new-object System.Timespan(0,0,$global:TimeoutSeconds))) -as [System.DirectoryServices.Protocols.SearchResponse];
    }
    catch
    {
        if($_.Exception.Message.tostring() -match "The search filter is invalid")
        {
            $global:SearchFailed = $true
            if($global:bolCMD)
            {
                Write-host "The search filter is invalid" 
            }
            else
            {
                $global:observableCollection.Insert(0,(LogMessage -strMessage "The search filter is invalid" -strType "Error" -DateStamp ))
            }
            break
        }
    } 
    #for paged search, the response for paged search result control - we will need a cookie from result later
    if($global:PageSize -gt 0) {
        [System.DirectoryServices.Protocols.PageResultResponseControl] $prrc=$null;
        if ($response.Controls.Length -gt 0)
        {
            foreach ($ctrl in $response.Controls)
            {
                if ($ctrl -is [System.DirectoryServices.Protocols.PageResultResponseControl])
                {
                    $prrc = $ctrl;
                    break;
                }
            }
        }
        if($null -eq $prrc) {
            #server was unable to process paged search
            throw "Find-LdapObject: Server failed to return paged response for request $SearchFilter"
        }
    }
    #now process the returned list of distinguishedNames and fetch required properties using ranged retrieval
    if($GPO)
    {
        $colResults = $response.Entries
        foreach ($objResult in $colResults)
        {             
            $gplink = $objResult.attributes.gplink[0]
            $arrLinks = @($gplink.split("["))


            foreach ($link in $arrLinks)
            {
                $nodelist +=$link.split(";")[0].replace("LDAP://","")+";"+$objResult.DistinguishedName
            }

        }


    }
    else
    {
        $colResults += $response.Entries
    }


    if($global:PageSize -gt 0) {
        if ($prrc.Cookie.Length -eq 0) {
            #last page --> we're done
            break;
        }
        #pass the search cookie back to server in next paged request
        $pagedRqc.Cookie = $prrc.Cookie;
    } else {
        #exit the processing for non-paged search
        break;
    }
}
if(-not($GPO))
{
    if($colResults.count -gt 0)
    {
        $nodelist += $colResults.DistinguishedName
    }
}

}
if(-not($GPO))
{
if($nodelist.count -gt 0)
{
$nodelist = ReverseDNList $nodelist
$nodelist = $nodelist | sort
$nodelist = ReverseDNList $nodelist
}
}
return $nodelist

}

==========================================================================

Function : GetDomainShortName

Arguments : domain name

Returns : N/A

Description : Search for short domain name

==========================================================================

function GetDomainShortName
{

param(
[Parameter(Mandatory=$false)]

[pscredential]

$CREDS,

[string]

$strDomain,

[string]

$strConfigDN) $LDAPConnection = New-Object System.DirectoryServices.Protocols.LDAPConnection($global:strDC, $CREDS) $LDAPConnection.SessionOptions.ReferralChasing = „None“ $request = New-Object System.directoryServices.Protocols.SearchRequest(„CN=Partitions,$strConfigDN“, „(&(objectClass=crossRef)(nCName=$strDomain))“, „Subtree“) [void]$request.Attributes.Add(„netbiosname“) try { $response = $LDAPConnection.SendRequest($request) $adObject = $response.Entries[0] } catch { } if($null -ne $adObject) { $ReturnShortName = $adObject.Attributes.netbiosname[0] } else { $ReturnShortName = „“ }

return $ReturnShortName
}

==========================================================================

Function : Get-ProtectedPerm

Arguments :

Returns : ArrayList

Description : Creates the Security Descriptor with the Protect object from accidental deleations ACE

==========================================================================

Function Get-ProtectedPerm
{

$sdProtectedDeletion = New-Object System.Collections.ArrayList
$sdProtectedDeletion.clear()

$protectedDeletionsACE1 = New-Object PSObject -Property @{ActiveDirectoryRights=“DeleteChild“;InheritanceType=“None“;ObjectType =“00000000-0000-0000-0000-000000000000″; InheritedObjectType="00000000-0000-0000-0000-000000000000";ObjectFlags="None";AccessControlType="Deny";IdentityReference="S-1-1-0";IsInherited="False";
InheritanceFlags=“None“;PropagationFlags=“None“}

[void]$sdProtectedDeletion.insert(0,$protectedDeletionsACE)

$protectedDeletionsACE2 = New-Object PSObject -Property @{ActiveDirectoryRights=“DeleteChild, DeleteTree, Delete“;InheritanceType=“None“;ObjectType =“00000000-0000-0000-0000-000000000000″; InheritedObjectType="00000000-0000-0000-0000-000000000000";ObjectFlags="ObjectAceTypePresent";AccessControlType="Deny";IdentityReference="S-1-1-0";IsInherited="False";
InheritanceFlags=“None“;PropagationFlags=“None“}

$protectedDeletionsACE3 = New-Object PSObject -Property @{ActiveDirectoryRights=“DeleteTree, Delete“;InheritanceType=“None“;ObjectType =“00000000-0000-0000-0000-000000000000″; InheritedObjectType="00000000-0000-0000-0000-000000000000";ObjectFlags="None";AccessControlType="Deny";IdentityReference="S-1-1-0";IsInherited="False";
InheritanceFlags=“None“;PropagationFlags=“None“}

[void]$sdProtectedDeletion.insert(0,@($protectedDeletionsACE1,$protectedDeletionsACE2,$protectedDeletionsACE3))

return $sdProtectedDeletion

}

==========================================================================

Function : Get-DefaultPermissions

Arguments : Object Class, Trustee Name

Returns : ArrayList

Description : Fetch the Default Security Descriptor with the Default

==========================================================================

Function Get-DefaultPermissions
{
Param(
$strObjectClass,

[Parameter(Mandatory=$false)]
[pscredential]
$CREDS)

$sdOUDef = New-Object System.Collections.ArrayList
$sdOUDef.clear()

$LDAPConnection = New-Object System.DirectoryServices.Protocols.LDAPConnection($global:strDC, $CREDS)
$LDAPConnection.SessionOptions.ReferralChasing = „None“
$request = New-Object System.directoryServices.Protocols.SearchRequest(„$global:SchemaDN“, „(ldapdisplayname=$strObjectClass)“, „Subtree“)
[void]$request.Attributes.Add(„defaultsecuritydescriptor“)
$response = $LDAPConnection.SendRequest($request)
$colResults = $response.Entries

foreach ($entry in $response.Entries)
{
$sec = New-Object System.DirectoryServices.ActiveDirectorySecurity
$defSD = „“
if($null -ne $entry.Attributes.defaultsecuritydescriptor)
{
Try{
$sec.SetSecurityDescriptorSddlForm($entry.Attributes.defaultsecuritydescriptor[0])
}
catch
{
if($bolCMD)
{
Write-host „The SDDL string contains an invalid sid or a sid that cannot be translated.“ -ForegroundColor Red
Write-host „Only domain-joined computers can translate some sids.“ -ForegroundColor Red
}
else
{
$global:observableCollection.Insert(0,(LogMessage -strMessage „The SDDL string contains an invalid sid or a sid that cannot be translated.“ -strType „Error“ -DateStamp ))
$global:observableCollection.Insert(0,(LogMessage -strMessage „Only domain-joined computers can translate some sids.“ -strType „Error“ -DateStamp ))
}
}
}
$defSD = $sec.GetAccessRules($true, $false, [System.Security.Principal.SecurityIdentifier])
$sec = $null
}

if($null -ne $defSD){

$(ConvertTo-ObjectArrayListFromPsCustomObject $defSD)| ForEach-Object{[void]$sdOUDef.add($_)}
$defSD = $null
if ($strObjectClass -eq „computer“)
{
if($global:intObjeComputer -eq 0)
{

    $global:additionalComputerACE1 = New-Object PSObject -Property @{ActiveDirectoryRights="DeleteTree, ExtendedRight, Delete, GenericRead";InheritanceType="None";ObjectType ="00000000-0000-0000-0000-000000000000";`
    InheritedObjectType="00000000-0000-0000-0000-000000000000";ObjectFlags="None";AccessControlType="Allow";IdentityReference=$global:strOwner;IsInherited="False";`
    InheritanceFlags="None";PropagationFlags="None"}

    #[void]$sdOUDef.insert(0,$global:additionalComputerACE)


    $global:additionalComputerACE2 = New-Object PSObject -Property @{ActiveDirectoryRights="WriteProperty";InheritanceType="None";ObjectType ="4c164200-20c0-11d0-a768-00aa006e0529";`
    InheritedObjectType="00000000-0000-0000-0000-000000000000";ObjectFlags="ObjectAceTypePresent";AccessControlType="Allow";IdentityReference=$global:strOwner;IsInherited="False";`
    InheritanceFlags="None";PropagationFlags="None"}

    #[void]$sdOUDef.insert(0,$global:additionalComputerACE)


    $global:additionalComputerACE3 = New-Object PSObject -Property @{ActiveDirectoryRights="WriteProperty";InheritanceType="None";ObjectType ="3e0abfd0-126a-11d0-a060-00aa006c33ed";`
    InheritedObjectType="00000000-0000-0000-0000-000000000000";ObjectFlags="ObjectAceTypePresent";AccessControlType="Allow";IdentityReference=$global:strOwner;IsInherited="False";`
    InheritanceFlags="None";PropagationFlags="None"}

    #[void]$sdOUDef.insert(0,$global:additionalComputerACE)


    $global:additionalComputerACE4 = New-Object PSObject -Property @{ActiveDirectoryRights="WriteProperty";InheritanceType="None";ObjectType ="bf967953-0de6-11d0-a285-00aa003049e2";`
    InheritedObjectType="00000000-0000-0000-0000-000000000000";ObjectFlags="ObjectAceTypePresent";AccessControlType="Allow";IdentityReference=$global:strOwner;IsInherited="False";`
    InheritanceFlags="None";PropagationFlags="None"}

    #[void]$sdOUDef.insert(0,$global:additionalComputerACE)

    $global:additionalComputerACE5 = New-Object PSObject -Property @{ActiveDirectoryRights="WriteProperty";InheritanceType="None";ObjectType ="bf967950-0de6-11d0-a285-00aa003049e2";`
    InheritedObjectType="00000000-0000-0000-0000-000000000000";ObjectFlags="ObjectAceTypePresent";AccessControlType="Allow";IdentityReference=$global:strOwner;IsInherited="False";`
    InheritanceFlags="None";PropagationFlags="None"}

    #[void]$sdOUDef.insert(0,$global:additionalComputerACE)

    $global:additionalComputerACE6 = New-Object PSObject -Property @{ActiveDirectoryRights="WriteProperty";InheritanceType="None";ObjectType ="5f202010-79a5-11d0-9020-00c04fc2d4cf";`
    InheritedObjectType="00000000-0000-0000-0000-000000000000";ObjectFlags="ObjectAceTypePresent";AccessControlType="Allow";IdentityReference=$global:strOwner;IsInherited="False";`
    InheritanceFlags="None";PropagationFlags="None"}

    #[void]$sdOUDef.insert(0,$global:additionalComputerACE)


    $global:additionalComputerACE7 = New-Object PSObject -Property @{ActiveDirectoryRights="Self";InheritanceType="None";ObjectType ="f3a64788-5306-11d1-a9c5-0000f80367c1";`
    InheritedObjectType="00000000-0000-0000-0000-000000000000";ObjectFlags="ObjectAceTypePresent";AccessControlType="Allow";IdentityReference=$global:strOwner;IsInherited="False";`
    InheritanceFlags="None";PropagationFlags="None"}

    #[void]$sdOUDef.insert(0,$global:additionalComputerACE)    

    $global:additionalComputerACE8 = New-Object PSObject -Property @{ActiveDirectoryRights="Self";InheritanceType="None";ObjectType ="72e39547-7b18-11d1-adef-00c04fd8d5cd";`
    InheritedObjectType="00000000-0000-0000-0000-000000000000";ObjectFlags="ObjectAceTypePresent";AccessControlType="Allow";IdentityReference=$global:strOwner;IsInherited="False";`
    InheritanceFlags="None";PropagationFlags="None"}

    [void]$sdOUDef.insert(0,@($global:additionalComputerACE1,$global:additionalComputerACE2,$global:additionalComputerACE3,$global:additionalComputerACE4,$global:additionalComputerACE5,$global:additionalComputerACE6,$global:additionalComputerACE7,$global:additionalComputerACE8))
}
else
{
    [void]$sdOUDef.insert(0,@($global:additionalComputerACE1,$global:additionalComputerACE2,$global:additionalComputerACE3,$global:additionalComputerACE4,$global:additionalComputerACE5,$global:additionalComputerACE6,$global:additionalComputerACE7,$global:additionalComputerACE8))
}
$global:intObjeComputer++

}# End if Computer
}

return $sdOUDef

}

==========================================================================

Function : CacheRightsGuids

Arguments : none

Returns : nothing

Description : Enumerates all Extended Rights and put them in a Hash dicRightsGuids

==========================================================================

Function CacheRightsGuids
{
param(
[Parameter(Mandatory=$false)]
[pscredential]
$CREDS)

    $LDAPConnection = New-Object System.DirectoryServices.Protocols.LDAPConnection($global:strDC, $CREDS)
    $LDAPConnection.SessionOptions.ReferralChasing = "None"
    $searcher = New-Object System.directoryServices.Protocols.SearchRequest
    $searcher.DistinguishedName = $global:ConfigDN

    [void]$searcher.Attributes.Add("cn")
    [void]$searcher.Attributes.Add("name")                        
    [void]$searcher.Attributes.Add("rightsguid")
    [void]$searcher.Attributes.Add("validaccesses")
    [void]$searcher.Attributes.Add("displayname")
    $searcher.filter = "(&(objectClass=controlAccessRight))"

    try
    {
        $searcherSent = $LDAPConnection.SendRequest($searcher)
        $colResults = $searcherSent.Entries   
    }
    catch
    {
    }        
     $intCounter = 0

foreach ($objResult in $colResults)
{

        $strRightDisplayName = $objResult.Attributes.displayname[0]
        $strRightGuid = $objResult.Attributes.rightsguid[0]
        $strRightGuid = $($strRightGuid).toString()

        #Expecting to fail at lest once since two objects have the same rightsguid
        &{#Try

            $global:dicRightsGuids.Add($strRightGuid,$strRightDisplayName)   
        }
        Trap [SystemException]
        {
            continue
        }

    $intCounter++
}

}

==========================================================================

Function : MapGUIDToMatchingName

Arguments : Object Guid or Rights Guid

Returns : LDAPDisplayName or DisplayName

Description : Searches in the dictionaries(Hash) dicRightsGuids and $global:dicSchemaIDGUIDs and in Schema

for the name of the object or Extended Right, if found in Schema the dicRightsGuids is updated.

Then the functions return the name(LDAPDisplayName or DisplayName).

==========================================================================

Function MapGUIDToMatchingName
{
Param(
[string]
$strGUIDAsString,

[string]
$Domain,

[Parameter(Mandatory=$false)]

[pscredential]

$CREDS) [string] $strOut = $strGUIDAsString [string] $strLDAPname = „“ If ($strGUIDAsString -eq „“) { Break } $strGUIDAsString = $strGUIDAsString.toUpper() if ($global:dicRightsGuids.ContainsKey($strGUIDAsString)) { $strOut =$global:dicRightsGuids.Item($strGUIDAsString) } If ($strOut -eq $strGUIDAsString) { #Didn’t find a match in extended rights If ($global:dicSchemaIDGUIDs.ContainsKey($strGUIDAsString)) { $strOut =$global:dicSchemaIDGUIDs.Item($strGUIDAsString) } else { if ($strGUIDAsString -match(„^(\{){0,1}[0-9a-fA-F]{8}\-[0-9a-fA-F]{4}\-[0-9a-fA-F]{4}\-[0-9a-fA-F]{4}\-[0-9a-fA-F]{12}(\}){0,1}$“)) { $ConvertGUID = ConvertGUID($strGUIDAsString) $LDAPConnection = New-Object System.DirectoryServices.Protocols.LDAPConnection($global:strDC, $CREDS) $LDAPConnection.SessionOptions.ReferralChasing = „None“ $searcher = New-Object System.directoryServices.Protocols.SearchRequest $searcher.DistinguishedName = $global:SchemaDN [void]$searcher.Attributes.Add(„cn“) [void]$searcher.Attributes.Add(„name“) [void]$searcher.Attributes.Add(„ldapdisplayname“) $searcher.filter = „(&(schemaIDGUID=$ConvertGUID))“ $searcherSent = $LDAPConnection.SendRequest($searcher) $objSchemaObject = $searcherSent.Entries[0] if ($objSchemaObject) { $strLDAPname =$objSchemaObject.attributes.ldapdisplayname[0] $global:dicSchemaIDGUIDs.Add($strGUIDAsString.toUpper(),$strLDAPname) $strOut=$strLDAPname } } } } return $strOut

}

==========================================================================

Function : ConvertGUID

Arguments : Object Guid or Rights Guid

Returns : AD Searchable GUID String

Description : Convert a GUID to a string

==========================================================================

Function ConvertGUID
{
Param($guid)

 $test = "(.{2})(.{2})(.{2})(.{2})(.{2})(.{2})(.{2})(.{2})(.{2})(.{2})(.{2})(.{2})(.{2})(.{2})(.{2})(.{2})"
 $pattern = '"\$4\$3\$2\$1\$6\$5\$8\$7\$9\$10\$11\$12\$13\$14\$15\$16"'
 $ConvertGUID = [regex]::Replace($guid.replace("-",""), $test, $pattern).Replace("`"","")
 return $ConvertGUID

}

==========================================================================

Function : fixfilename

Arguments : Text for naming text file

Returns : Text with replace special characters

Description : Replace characters that be contained in a file name.

==========================================================================

function fixfilename
{
Param([string] $strFileName)
$strFileName = $strFileName.Replace(„*“,“#“)
$strFileName = $strFileName.Replace(„/“,“#“)
$strFileName = $strFileName.Replace(„\“,“#“)
$strFileName = $strFileName.Replace(„:“,“#“)
$strFileName = $strFileName.Replace(„<„,“#“) $strFileName = $strFileName.Replace(„>“,“#“)
$strFileName = $strFileName.Replace(„|“,“#“)
$strFileName = $strFileName.Replace(‚“‚,“#“)
$strFileName = $strFileName.Replace(‚?‘,“#“)

return $strFileName

}

==========================================================================

Function : WritePermCSV

Arguments : Security Descriptor, OU distinguishedName, Ou put text file

Returns : n/a

Description : Writes the SD to a text file.

==========================================================================

function WritePermCSV
{
Param($sd,[string]$object,[string]$canonical,[string]$objType,[string] $fileout, [bool] $ACLMeta,[string] $strACLDate,[string] $strInvocationID,[string] $strOrgUSN,[bool] $GetOUProtected,[bool] $OUProtected,[bool] $compare,[bool]$Outfile,[bool]$GPO,[string]$GPOdisplayname,[bool]$TranslateGUID,
[Parameter(Mandatory=$false)]
[pscredential]
$CREDS)

$sd | foreach {
#Convert SID to Names for lookups
$strPrincipalName = $_.IdentityReference.toString()
If ($strPrincipalName -match „S-1-„)
{
$strPrincipalName = ConvertSidToName -server $global:strDomainLongName -Sid $strPrincipalName -CREDS $CREDS

    }
    # Add Translated object GUID information to output
    if($TranslateGUID -eq $True)
    {
        if($($_.InheritedObjectType.toString()) -ne "00000000-0000-0000-0000-000000000000" )
        {

            $strTranslatedInheritObjType = $(MapGUIDToMatchingName -strGUIDAsString $_.InheritedObjectType.toString() -Domain $global:strDomainDNName -CREDS $CREDS) 
        }
        else
        {
            $strTranslatedInheritObjType = "None" #$($_.InheritedObjectType.toString())
        }
        if($($_.ObjectType.toString()) -ne "00000000-0000-0000-0000-000000000000" )
        {

            $strTranslatedObjType = $(MapGUIDToMatchingName -strGUIDAsString $_.ObjectType.toString() -Domain $global:strDomainDNName -CREDS $CREDS) 
        }
        else
        {
            $strTranslatedObjType = "None" #$($_.ObjectType.toString())
        }
    }
    else
    {
        $strTranslatedInheritObjType = $($_.InheritedObjectType.toString())
        $strTranslatedObjType = $($_.ObjectType.toString())
    }


    if($bolShowCriticalityColor -eq $true)
    {
        $intCriticalityValue = Get-Criticality -Returns "Color" $_.IdentityReference.toString() $_.ActiveDirectoryRights.toString() $_.AccessControlType.toString() $_.ObjectFlags.toString() $_.InheritanceType.toString() $_.ObjectType.toString() $_.InheritedObjectType.toString() 0
        Switch ($intCriticalityValue)
        {
            0 {$strLegendText = "Info"}
            1 {$strLegendText = "Low"}
            2 {$strLegendText = "Medium"}
            3 {$strLegendText = "Warning"}
            4 {$strLegendText = "Critical"}
        }
    }
    else
    {
        $strLegendText = ""
    }

    $objCSVLine = new-object PSObject
    if($GPO)
    {
        Add-Member -InputObject $objCSVLine -MemberType NoteProperty -Name "GPO"  -value $GPOdisplayname 
    }
    Add-Member -InputObject $objCSVLine -MemberType NoteProperty -Name "Object" -value $object
    Add-Member -InputObject $objCSVLine -MemberType NoteProperty -Name "ObjectClass"  -value $objType    
    Add-Member -InputObject $objCSVLine -MemberType NoteProperty -Name "IdentityReference"  -value $_.IdentityReference.toString()   
    Add-Member -InputObject $objCSVLine -MemberType NoteProperty -Name "PrincipalName"  -value $strPrincipalName    
    Add-Member -InputObject $objCSVLine -MemberType NoteProperty -Name "ActiveDirectoryRights"  -value $_.ActiveDirectoryRights.toString() 
    Add-Member -InputObject $objCSVLine -MemberType NoteProperty -Name "InheritanceType"  -value $_.InheritanceType.toString()      
    Add-Member -InputObject $objCSVLine -MemberType NoteProperty -Name "ObjectType"  -value $strTranslatedObjType
    Add-Member -InputObject $objCSVLine -MemberType NoteProperty -Name "InheritedObjectType"  -value $strTranslatedInheritObjType
    Add-Member -InputObject $objCSVLine -MemberType NoteProperty -Name "ObjectFlags"  -value $_.ObjectFlags.toString()
    if($null -ne $_.AccessControlType)
    {
        Add-Member -InputObject $objCSVLine -MemberType NoteProperty -Name "AccessControlType"  -value $_.AccessControlType.toString()
    }
    else
    {
        Add-Member -InputObject $objCSVLine -MemberType NoteProperty -Name "AccessControlType"  -value $_.AuditFlags.toString()
    }
    Add-Member -InputObject $objCSVLine -MemberType NoteProperty -Name "IsInherited"  -value $_.IsInherited.toString()
    Add-Member -InputObject $objCSVLine -MemberType NoteProperty -Name "InheritanceFlags"  -value $_.InheritanceFlags.toString()
    Add-Member -InputObject $objCSVLine -MemberType NoteProperty -Name "PropagationFlags"  -value $_.PropagationFlags.toString()

    # Add Meta data info to output
    If ($ACLMeta -eq $true)
    {
        Add-Member -InputObject $objCSVLine -MemberType NoteProperty -Name "SDDate"  -value $strACLDate.toString()
        Add-Member -InputObject $objCSVLine -MemberType NoteProperty -Name "InvocationID"  -value $strInvocationID.toString()
        Add-Member -InputObject $objCSVLine -MemberType NoteProperty -Name "OrgUSN"  -value $strOrgUSN.toString()

    }
    else
    {
        Add-Member -InputObject $objCSVLine -MemberType NoteProperty -Name "SDDate"  -value ""
        Add-Member -InputObject $objCSVLine -MemberType NoteProperty -Name "InvocationID"  -value ""
        Add-Member -InputObject $objCSVLine -MemberType NoteProperty -Name "OrgUSN"  -value ""
    }

    Add-Member -InputObject $objCSVLine -MemberType NoteProperty -Name "Criticality"  -value $strLegendText

    Add-Member -InputObject $objCSVLine -MemberType NoteProperty -Name "CanonicalName"  -value $canonical

    if($GetOUProtected)
    {
        Add-Member -InputObject $objCSVLine -MemberType NoteProperty -Name "Inheritance Disabled"  -value $OUProtected.toString()
    }
    else
    {
        Add-Member -InputObject $objCSVLine -MemberType NoteProperty -Name "Inheritance Disabled"  -value ""
    }

    if($compare)
    {
        Add-Member -InputObject $objCSVLine -MemberType NoteProperty -Name "State"  -value $_.State.toString()
    }

    if($Outfile)
    {
        export-csv -InputObject $objCSVLine -Path $fileout -Encoding UTF8 -NoClobber -NoTypeInformation -Append
    }
    else
    {
        return $objCSVLine
    }
}

}

==========================================================================

Function : WritePermCSV

Arguments : Security Descriptor, OU distinguishedName, Ou put text file

Returns : n/a

Description : Writes the SD to a text file.

==========================================================================

function WriteDefSDPermCSV
{
Param($sd,[string]$object,[string]$objType,[string] $fileout, [bool] $ACLMeta,[string] $strVersion,[string] $strACLDate,[bool]$Outfile,[bool]$bolShowCriticalityColor,[bool]$TranslateGUID,[Parameter(Mandatory=$false)]
[pscredential]
$CREDS)

$sd | foreach {
#Convert SID to Names for lookups
$strPrincipalName = $_.IdentityReference.toString()
If ($strPrincipalName -match „S-1-„)
{
$strPrincipalName = ConvertSidToName -server $global:strDomainLongName -Sid $strPrincipalName -CREDS $CREDS

    }
    # Add Translated object GUID information to output
    if($TranslateGUID -eq $True)
    {
        if($($_.InheritedObjectType.toString()) -ne "00000000-0000-0000-0000-000000000000" )
        {

            $strTranslatedInheritObjType = $(MapGUIDToMatchingName -strGUIDAsString $_.InheritedObjectType.toString() -Domain $global:strDomainDNName -CREDS $CREDS) 
        }
        else
        {
            $strTranslatedInheritObjType = "None" #$($_.InheritedObjectType.toString())
        }
        if($($_.ObjectType.toString()) -ne "00000000-0000-0000-0000-000000000000" )
        {

            $strTranslatedObjType = $(MapGUIDToMatchingName -strGUIDAsString $_.ObjectType.toString() -Domain $global:strDomainDNName -CREDS $CREDS) 
        }
        else
        {
            $strTranslatedObjType = "None" #$($_.ObjectType.toString())
        }
    }
    else
    {
        $strTranslatedInheritObjType = $($_.InheritedObjectType.toString())
        $strTranslatedObjType = $($_.ObjectType.toString())
    }


    if($bolShowCriticalityColor -eq $true)
    {
        $intCriticalityValue = Get-Criticality -Returns "Color" $_.IdentityReference.toString() $_.ActiveDirectoryRights.toString() $_.AccessControlType.toString() $_.ObjectFlags.toString() $_.InheritanceType.toString() $_.ObjectType.toString() $_.InheritedObjectType.toString() 0
        Switch ($intCriticalityValue)
        {
            0 {$strLegendText = "Info"}
            1 {$strLegendText = "Low"}
            2 {$strLegendText = "Medium"}
            3 {$strLegendText = "Warning"}
            4 {$strLegendText = "Critical"}
        }
    }
    else
    {
        $strLegendText = ""
    }

    $objCSVLine = new-object PSObject
    if($GPO)
    {
        Add-Member -InputObject $objCSVLine -MemberType NoteProperty -Name "GPO"  -value $GPOdisplayname 
    }
    Add-Member -InputObject $objCSVLine -MemberType NoteProperty -Name "Object" -value $object
    Add-Member -InputObject $objCSVLine -MemberType NoteProperty -Name "ObjectClass"  -value $objType    
    Add-Member -InputObject $objCSVLine -MemberType NoteProperty -Name "IdentityReference"  -value $_.IdentityReference.toString()   
    Add-Member -InputObject $objCSVLine -MemberType NoteProperty -Name "PrincipalName"  -value $strPrincipalName    
    Add-Member -InputObject $objCSVLine -MemberType NoteProperty -Name "ActiveDirectoryRights"  -value $_.ActiveDirectoryRights.toString() 
    Add-Member -InputObject $objCSVLine -MemberType NoteProperty -Name "InheritanceType"  -value $_.InheritanceType.toString()      
    Add-Member -InputObject $objCSVLine -MemberType NoteProperty -Name "ObjectType"  -value $strTranslatedObjType
    Add-Member -InputObject $objCSVLine -MemberType NoteProperty -Name "InheritedObjectType"  -value $strTranslatedInheritObjType
    Add-Member -InputObject $objCSVLine -MemberType NoteProperty -Name "ObjectFlags"  -value $_.ObjectFlags.toString()
    if($null -ne $_.AccessControlType)
    {
        Add-Member -InputObject $objCSVLine -MemberType NoteProperty -Name "AccessControlType"  -value $_.AccessControlType.toString()
    }
    else
    {
        Add-Member -InputObject $objCSVLine -MemberType NoteProperty -Name "AccessControlType"  -value $_.AuditFlags.toString()
    }
    Add-Member -InputObject $objCSVLine -MemberType NoteProperty -Name "IsInherited"  -value $_.IsInherited.toString()
    Add-Member -InputObject $objCSVLine -MemberType NoteProperty -Name "InheritanceFlags"  -value $_.InheritanceFlags.toString()
    Add-Member -InputObject $objCSVLine -MemberType NoteProperty -Name "PropagationFlags"  -value $_.PropagationFlags.toString()

    # Add Meta data info to output
    If ($ACLMeta -eq $true)
    {
        Add-Member -InputObject $objCSVLine -MemberType NoteProperty -Name "SDDate"  -value $strACLDate.toString()
        Add-Member -InputObject $objCSVLine -MemberType NoteProperty -Name "Version"  -value $strVersion.toString()
        #Add-Member -InputObject $objCSVLine -MemberType NoteProperty -Name "OrgUSN"  -value $strOrgUSN.toString()

    }
    else
    {
        Add-Member -InputObject $objCSVLine -MemberType NoteProperty -Name "SDDate"  -value ""
        Add-Member -InputObject $objCSVLine -MemberType NoteProperty -Name "Version"  -value ""
        #Add-Member -InputObject $objCSVLine -MemberType NoteProperty -Name "OrgUSN"  -value ""
    }

    Add-Member -InputObject $objCSVLine -MemberType NoteProperty -Name "Criticality"  -value $strLegendText

    if($compare)
    {
        Add-Member -InputObject $objCSVLine -MemberType NoteProperty -Name "State"  -value $_.State.toString()
    }

    if($Outfile)
    {
        export-csv -InputObject $objCSVLine -Path $fileout -Encoding UTF8 -NoClobber -NoTypeInformation -Append
    }
    else
    {
        return $objCSVLine
    }
}

}

==========================================================================

Function : GetObjectTypeFromSid

Arguments : SID string

Returns : Object type of Security Object

Description : Try to get the object of a SID

==========================================================================

function GetObjectTypeFromSid
{
Param($server,$sid,
[Parameter(Mandatory=$false)]
[pscredential]
$CREDS)

$strObjectType = $null
$ID = New-Object System.Security.Principal.SecurityIdentifier($sid)

If ($global:dicSidToObject.ContainsKey($sid))
{
$strObjectType =$global:dicSidToObject.Item($sid)
}
else
{

$LDAPConnection = New-Object System.DirectoryServices.Protocols.LDAPConnection($global:strDC,$CREDS)

$LDAPConnection.SessionOptions.ReferralChasing = "None"
$request = New-Object System.directoryServices.Protocols.SearchRequest
if($global:bolShowDeleted)
{
    [string] $LDAP_SERVER_SHOW_DELETED_OID = "1.2.840.113556.1.4.417"
    [void]$request.Controls.Add((New-Object "System.DirectoryServices.Protocols.DirectoryControl" -ArgumentList "$LDAP_SERVER_SHOW_DELETED_OID",$null,$false,$true ))
}
$request.DistinguishedName = "<SID=$sid>"
$request.Filter = "(name=*)"
$request.Scope = "Base"
[void]$request.Attributes.Add("objectclass")
try
{        
    $response = $LDAPConnection.SendRequest($request)
    $result = $response.Entries[0]
    $strObjectType =  $result.attributes.objectclass[-1]

}
catch
{

}
if($null -ne $strObjectType )
{
    $global:dicSidToObject.Add($sid,$strObjectType)
}

}

return $strObjectType
}

==========================================================================

Function : ConvertSidToName

Arguments : SID string

Returns : Friendly Name of Security Object

Description : Try to translate the SID if it fails it try to match a Well-Known.

==========================================================================

function ConvertSidToName
{
Param($server,$sid,
[Parameter(Mandatory=$false)]
[pscredential]
$CREDS)

$global:strAccNameTranslation = „“
$ID = New-Object System.Security.Principal.SecurityIdentifier($sid)

&{#Try
$User = $ID.Translate( [System.Security.Principal.NTAccount])
$global:strAccNameTranslation = $User.Value
}
Trap [SystemException]
{
If ($global:dicWellKnownSids.ContainsKey($sid))
{
$global:strAccNameTranslation = $global:dicWellKnownSids.Item($sid)
return $global:strAccNameTranslation
}
;Continue
}

if ($global:strAccNameTranslation -eq „“)
{

If ($global:dicSidToName.ContainsKey($sid))
{
    $global:strAccNameTranslation =$global:dicSidToName.Item($sid)
}
else
{

    $LDAPConnection = New-Object System.DirectoryServices.Protocols.LDAPConnection($global:strDC,$CREDS)

    $LDAPConnection.SessionOptions.ReferralChasing = "None"
    $request = New-Object System.directoryServices.Protocols.SearchRequest
    if($global:bolShowDeleted)
    {
        [string] $LDAP_SERVER_SHOW_DELETED_OID = "1.2.840.113556.1.4.417"
        [void]$request.Controls.Add((New-Object "System.DirectoryServices.Protocols.DirectoryControl" -ArgumentList "$LDAP_SERVER_SHOW_DELETED_OID",$null,$false,$true ))
    }
    $request.DistinguishedName = "<SID=$sid>"
    $request.Filter = "(name=*)"
    $request.Scope = "Base"
    [void]$request.Attributes.Add("samaccountname")

    $response = $LDAPConnection.SendRequest($request)
    $result = $response.Entries[0]

    try
    {
        $global:strAccNameTranslation =  $global:strDomainShortName + "\" + $result.attributes.samaccountname[0]

    }
    catch
    {

    }

    if(!($global:strAccNameTranslation))
    {
        $global:strAccNameTranslation =  $result.distinguishedname
    }
    $global:dicSidToName.Add($sid,$global:strAccNameTranslation)
}

}

If (($global:strAccNameTranslation -eq $nul) -or ($global:strAccNameTranslation -eq „“))
{
$global:strAccNameTranslation =$sid
}

return $global:strAccNameTranslation
}

==========================================================================

Function : Get-Criticality

Arguments : $objRights,$objAccess,$objFlags,$objInheritanceType

Returns : Integer

Description : Check criticality and returns number for rating

==========================================================================

Function Get-Criticality
{
Param($Returns=“Filter“,$objIdentity,$objRights,$objAccess,$objFlags,$objInheritanceType,$objObjectType,$objInheritedObjectType,[int]$CriticalityFilter=0)

$intCriticalityLevel = 0

Switch ($objRights)
{
„ListChildren“
{
If ($objAccess -eq „Allow“)
{
$intCriticalityLevel = 0
}
}
„Read permissions, Modify permissions“
{
$intCriticalityLevel = 4
}
„Modify permissions“
{
$intCriticalityLevel = 4
}
{($_ -match „WriteDacl“) -or ($_ -match „WriteOwner“)}
{
$intCriticalityLevel = 4
}
„DeleteChild, DeleteTree, Delete“
{
If ($objAccess -eq „Allow“)
{
$intCriticalityLevel = 3
}
}
„Delete“
{
If ($objAccess -eq „Allow“)
{
$intCriticalityLevel = 3
}
}
„GenericRead“
{
If ($objAccess -eq „Allow“)
{
$intCriticalityLevel = 1
}
}
„CreateChild“
{
If ($objAccess -eq „Allow“)
{
$intCriticalityLevel = 3
}
}
„DeleteChild“
{
If ($objAccess -eq „Allow“)
{
$intCriticalityLevel = 3
}
}
„ExtendedRight“
{
If ($objAccess -eq „Allow“)
{
Switch ($objObjectType)
{

            # Domain Administer Server =
            "ab721a52-1e2f-11d0-9819-00aa0040529b"
            {
            $intCriticalityLevel = 4
            }
            # Change Password =
            "ab721a53-1e2f-11d0-9819-00aa0040529b"
            {
            $intCriticalityLevel = 1
            }
            # Reset Password =
            "00299570-246d-11d0-a768-00aa006e0529"
            {
            $intCriticalityLevel = 4
            }
            # Send As =
            "ab721a54-1e2f-11d0-9819-00aa0040529b"
            {
            $intCriticalityLevel = 4
            }
            # Receive As =
            "ab721a56-1e2f-11d0-9819-00aa0040529b"
            {
            $intCriticalityLevel = 4
            }
            # Send To =
            "ab721a55-1e2f-11d0-9819-00aa0040529b"
            {
            $intCriticalityLevel = 4
            }
            # Open Address List =
            "a1990816-4298-11d1-ade2-00c04fd8d5cd"
            {
            $intCriticalityLevel = 1
            }
            # Replicating Directory Changes =
            "1131f6aa-9c07-11d1-f79f-00c04fc2dcd2"
            {
            $intCriticalityLevel = 4
            }
            # Replication Synchronization =
            "1131f6ab-9c07-11d1-f79f-00c04fc2dcd2"
            {
            $intCriticalityLevel = 4
            }
            # Manage Replication Topology =
            "1131f6ac-9c07-11d1-f79f-00c04fc2dcd2"
            {
            $intCriticalityLevel = 4
            }
            # Change Schema Master =
            "e12b56b6-0a95-11d1-adbb-00c04fd8d5cd"
            {
            $intCriticalityLevel = 4
            }
            # Change Rid Master =
            "d58d5f36-0a98-11d1-adbb-00c04fd8d5cd"
            {
            $intCriticalityLevel = 4
            }
            # Do Garbage Collection =
            "fec364e0-0a98-11d1-adbb-00c04fd8d5cd"
            {
            $intCriticalityLevel = 4
            }
            # Recalculate Hierarchy =
            "0bc1554e-0a99-11d1-adbb-00c04fd8d5cd"
            {
            $intCriticalityLevel = 4
            }
            # Allocate Rids =
            "1abd7cf8-0a99-11d1-adbb-00c04fd8d5cd"
            {
            $intCriticalityLevel = 4
            }
            # Change PDC =
            "bae50096-4752-11d1-9052-00c04fc2d4cf"
            {
            $intCriticalityLevel = 4
            }
            # Add GUID =
            "440820ad-65b4-11d1-a3da-0000f875ae0d"
            {
            $intCriticalityLevel = 4
            }
            # Change Domain Master =
            "014bf69c-7b3b-11d1-85f6-08002be74fab"
            {
            $intCriticalityLevel = 4
            }
            # Receive Dead Letter =
            "4b6e08c0-df3c-11d1-9c86-006008764d0e"
            {
            $intCriticalityLevel = 1
            }
            # Peek Dead Letter =
            "4b6e08c1-df3c-11d1-9c86-006008764d0e"
            {
            $intCriticalityLevel = 1
            }
            # Receive Computer Journal =
            "4b6e08c2-df3c-11d1-9c86-006008764d0e"
            {
            $intCriticalityLevel = 1
            }
            # Peek Computer Journal =
            "4b6e08c3-df3c-11d1-9c86-006008764d0e"
            {
            $intCriticalityLevel = 1
            }
            # Receive Message =
            "06bd3200-df3e-11d1-9c86-006008764d0e"
            {
            $intCriticalityLevel = 1
            }
            # Peek Message =
            "06bd3201-df3e-11d1-9c86-006008764d0e"
            {
            $intCriticalityLevel = 1
            }
            # Send Message =
            "06bd3202-df3e-11d1-9c86-006008764d0e"
            {
            $intCriticalityLevel = 1
            }
            # Receive Journal =
            "06bd3203-df3e-11d1-9c86-006008764d0e"
            {
            $intCriticalityLevel = 1
            }
            # Open Connector Queue =
            "b4e60130-df3f-11d1-9c86-006008764d0e"
            {
            $intCriticalityLevel = 1
            }
            # Apply Group Policy =
            "edacfd8f-ffb3-11d1-b41d-00a0c968f939"
            {
            $intCriticalityLevel = 1
            }
            # Add/Remove Replica In Domain =
            "9923a32a-3607-11d2-b9be-0000f87a36b2"
            {
            $intCriticalityLevel = 4
            }
            # Change Infrastructure Master =
            "cc17b1fb-33d9-11d2-97d4-00c04fd8d5cd"
            {
            $intCriticalityLevel = 4
            }
            # Update Schema Cache =
            "be2bb760-7f46-11d2-b9ad-00c04f79f805"
            {
            $intCriticalityLevel = 4
            }
            # Recalculate Security Inheritance =
            "62dd28a8-7f46-11d2-b9ad-00c04f79f805"
            {
            $intCriticalityLevel = 4
            }
            # Check Stale Phantoms =
            "69ae6200-7f46-11d2-b9ad-00c04f79f805"
            {
            $intCriticalityLevel = 4
            }
            # Enroll =
            "0e10c968-78fb-11d2-90d4-00c04f79dc55"
            {
            $intCriticalityLevel = 1
            }
            # Generate Resultant Set of Policy (Planning) =
            "b7b1b3dd-ab09-4242-9e30-9980e5d322f7"
            {
            $intCriticalityLevel = 1
            }
            # Refresh Group Cache for Logons =
            "9432c620-033c-4db7-8b58-14ef6d0bf477"
            {
            $intCriticalityLevel = 4
            }
            # Enumerate Entire SAM Domain =
            "91d67418-0135-4acc-8d79-c08e857cfbec"
            {
            $intCriticalityLevel = 4
            }
            # Generate Resultant Set of Policy (Logging) =
            "b7b1b3de-ab09-4242-9e30-9980e5d322f7"
            {
            $intCriticalityLevel = 1
            }
            # Create Inbound Forest Trust =
            "e2a36dc9-ae17-47c3-b58b-be34c55ba633"
            {
            $intCriticalityLevel = 4
            }
            # Replicating Directory Changes All =
            "1131f6ad-9c07-11d1-f79f-00c04fc2dcd2"
            {
            $intCriticalityLevel = 4
            }
            # Migrate SID History =
            "BA33815A-4F93-4c76-87F3-57574BFF8109"
            {
            $intCriticalityLevel = 4
            }
            # Reanimate Tombstones =
            "45EC5156-DB7E-47bb-B53F-DBEB2D03C40F"
            {
            $intCriticalityLevel = 4
            }
            # Allowed to Authenticate =
            "68B1D179-0D15-4d4f-AB71-46152E79A7BC"
            {
            $intCriticalityLevel = 1
            }
            # Execute Forest Update Script =
            "2f16c4a5-b98e-432c-952a-cb388ba33f2e"
            {
            $intCriticalityLevel = 4
            }
            # Monitor Active Directory Replication =
            "f98340fb-7c5b-4cdb-a00b-2ebdfa115a96"
            {
            $intCriticalityLevel = 3
            }
            # Update Password Not Required Bit =
            "280f369c-67c7-438e-ae98-1d46f3c6f541"
            {
            $intCriticalityLevel = 1
            }
            # Unexpire Password =
            "ccc2dc7d-a6ad-4a7a-8846-c04e3cc53501"
            {
            $intCriticalityLevel = 1
            }
            # Enable Per User Reversibly Encrypted Password =
            "05c74c5e-4deb-43b4-bd9f-86664c2a7fd5"
            {
            $intCriticalityLevel = 1
            }
            # Query Self Quota =
            "4ecc03fe-ffc0-4947-b630-eb672a8a9dbc"
            {
            $intCriticalityLevel = 1
            }
            # Read Only Replication Secret Synchronization =
            "1131f6ae-9c07-11d1-f79f-00c04fc2dcd2"
            {
            $intCriticalityLevel = 4
            }
            # Reload SSL/TLS Certificate =
            "1a60ea8d-58a6-4b20-bcdc-fb71eb8a9ff8"
            {
            $intCriticalityLevel = 4
            }
            # Replicating Directory Changes In Filtered Set =
            "89e95b76-444d-4c62-991a-0facbeda640c"
            {
            $intCriticalityLevel = 4
            }
            # Run Protect Admin Groups Task =
            "7726b9d5-a4b4-4288-a6b2-dce952e80a7f"
            {
            $intCriticalityLevel = 4
            }
            # Manage Optional Features for Active Directory =
            "7c0e2a7c-a419-48e4-a995-10180aad54dd"
            {
            $intCriticalityLevel = 4
            }
            # Allow a DC to create a clone of itself =
            "3e0f7e18-2c7a-4c10-ba82-4d926db99a3e"
            {
            $intCriticalityLevel = 4
            }
            # AutoEnrollment =
            "a05b8cc2-17bc-4802-a710-e7c15ab866a2"
            {
            $intCriticalityLevel = 1
            }
            # Set Owner of an object during creation. =
            "4125c71f-7fac-4ff0-bcb7-f09a41325286"
            {
            $intCriticalityLevel = 1
            }
            # Bypass the quota restrictions during creation. =
            "88a9933e-e5c8-4f2a-9dd7-2527416b8092"
            {
            $intCriticalityLevel = 4
            }
            # Read secret attributes of objects in a Partition. =
            "084c93a2-620d-4879-a836-f0ae47de0e89"
            {
            $intCriticalityLevel = 4
            }
            # Write secret attributes of objects in a Partition. =
            "94825A8D-B171-4116-8146-1E34D8F54401"
            {
            $intCriticalityLevel = 4
            }   
            default
            {
                $intCriticalityLevel = 1
            }
        }

    }
}
"GenericAll"
{
    If ($objAccess -eq "Allow")
    {
        Switch ($objInheritanceType) 
        {
            "All"
            {
                Switch ($objObjectType)
                {
                    # Any =  4
                    "00000000-0000-0000-0000-000000000000"
                    {
                        $intCriticalityLevel = 4
                    }
                    # Privat-Information = 3
                    "91e647de-d96f-4b70-9557-d63ff4f3ccd8"
                    {
                        $intCriticalityLevel = 3
                    }
                    # Password Reset = 4
                    "00299570-246d-11d0-a768-00aa006e0529"
                    {
                        $intCriticalityLevel = 4
                    }
                    # Membership = 4
                    "bc0ac240-79a9-11d0-9020-00c04fc2d4cf"
                    {
                        $intCriticalityLevel = 4
                    }
                    default
                    {
                       $intCriticalityLevel = 3
                    }
                }
            }
            "None"
            {
                $intCriticalityLevel = 4
            }
            "Children"
            {

            }
            "Descendents"
            {
                Switch ($objInheritedObjectType)
                {
                    # Any =  4
                    "00000000-0000-0000-0000-000000000000"
                    {
                        $intCriticalityLevel = 4
                    }
                    # User = 4
                    "bf967aba-0de6-11d0-a285-00aa003049e2"
                    {
                        $intCriticalityLevel = 4

                    }
                    # Group = 4
                    "bf967a9c-0de6-11d0-a285-00aa003049e2"
                    {
                        $intCriticalityLevel = 4

                    }
                    # Computer = 4
                    "bf967a86-0de6-11d0-a285-00aa003049e2"
                    {
                        $intCriticalityLevel = 4

                    }
                    # ms-DS-Managed-Service-Account = 4
                    "ce206244-5827-4a86-ba1c-1c0c386c1b64"
                    {
                        $intCriticalityLevel = 4

                    }
                    # msDS-Group-Managed-Service-Account = 4
                    "7b8b558a-93a5-4af7-adca-c017e67f1057"
                    {
                        $intCriticalityLevel = 4

                    }
                    default
                    {
                        $intCriticalityLevel = 3
                    }
                }

            }
            default
            {
                $intCriticalityLevel = 3
            }
        }#End switch


    }
}
"CreateChild, DeleteChild"
{
    If ($objAccess -eq "Allow")
    {
        $intCriticalityLevel = 3
    }
}
"ReadProperty"
{
    If ($objAccess -eq "Allow")
    {
        $intCriticalityLevel = 1

        Switch ($objInheritanceType) 
        {
            "None"
            {

            }
            "Children"
            {

            }
            "Descendents"
            {

            }
            default
            {

            }
        }#End switch
    }
}
{$_ -match "WriteProperty"}
{
    If ($objAccess -eq "Allow")
    {
        Switch ($objInheritanceType) 
        {
            {($_ -match "All") -or ($_ -match "None")}
            {
                Switch ($objFlags)
                { 
                    "ObjectAceTypePresent"
                    {
                        Switch ($objObjectType)
                        {

                            # msDS-KeyCredentialLink = 4
                            "5b47d60f-6090-40b2-9f37-2a4de88f3063"
                            {
                                $intCriticalityLevel = 4
                            }
                            # Domain Password & Lockout Policies = 4
                            "c7407360-20bf-11d0-a768-00aa006e0529"
                            {
                                $intCriticalityLevel = 4
                            }
                            # Account Restrictions = 4
                            "4c164200-20c0-11d0-a768-00aa006e0529"
                            {
                                $intCriticalityLevel = 4
                            }
                            # Group Membership = 4
                            "bc0ac240-79a9-11d0-9020-00c04fc2d4cf"
                            {
                                $intCriticalityLevel = 4
                            }
                            # Public Information = 4
                            "e48d0154-bcf8-11d1-8702-00c04fb96050"
                            {
                                $intCriticalityLevel = 4
                            }
                            # Email-Information = 0
                            "E45795B2-9455-11d1-AEBD-0000F80367C1"
                            {
                                $intCriticalityLevel = 0
                            }
                            # Web-Information = 2
                            "E45795B3-9455-11d1-AEBD-0000F80367C1"
                            {
                                #If it SELF then = 1
                                if($objIdentity -eq "NT AUTHORITY\SELF")
                                {
                                    $intCriticalityLevel = 1
                                }
                                else
                                {
                                    $intCriticalityLevel = 1
                                }
                            }
                            # Personal-Information = 2
                            "77B5B886-944A-11d1-AEBD-0000F80367C1"
                            {
                                #If it SELF then = 1
                                if($objIdentity -eq "NT AUTHORITY\SELF")
                                {
                                    $intCriticalityLevel = 1
                                }
                                else
                                {
                                    $intCriticalityLevel = 2
                                }
                            }
                            # User-Account-Control = 4
                            "bf967a68-0de6-11d0-a285-00aa003049e2"
                            {
                                $intCriticalityLevel = 4
                            }
                            # Service-Principal-Name = 4
                            "f3a64788-5306-11d1-a9c5-0000f80367c1"
                            {
                                $intCriticalityLevel = 4
                            }
                            #  Is-Member-Of-DL = 4
                            "bf967991-0de6-11d0-a285-00aa003049e2"
                            {
                                $intCriticalityLevel = 4
                            }
                            default
                            {
                                $intCriticalityLevel = 2
                            }
                        }
                    }
                    "ObjectAceTypePresent, InheritedObjectAceTypePresent"
                    {

                    }
                    default
                    {
                        $intCriticalityLevel = 3
                    }
                }#End switch
            }
            "Children"
            {
                    Switch ($objFlags)
                { 
                    "ObjectAceTypePresent"
                    {
                        Switch ($objObjectType)
                        {
                            # Domain Password & Lockout Policies = 4
                            "c7407360-20bf-11d0-a768-00aa006e0529"
                            {
                                $intCriticalityLevel = 4
                            }
                            # Account Restrictions = 4
                            "4c164200-20c0-11d0-a768-00aa006e0529"
                            {
                                $intCriticalityLevel = 4
                            }
                            # Group Membership = 4
                            "bc0ac240-79a9-11d0-9020-00c04fc2d4cf"
                            {
                                $intCriticalityLevel = 4
                            }
                            # Email-Information = 0
                            "E45795B2-9455-11d1-AEBD-0000F80367C1"
                            {
                                $intCriticalityLevel = 0
                            }
                            # Web-Information = 2
                            "E45795B3-9455-11d1-AEBD-0000F80367C1"
                            {
                                #If it SELF then = 1
                                if($objIdentity -eq "NT AUTHORITY\SELF")
                                {
                                    $intCriticalityLevel = 1
                                }
                                else
                                {
                                    $intCriticalityLevel = 2
                                }
                            }
                            # Personal-Information = 2
                            "77B5B886-944A-11d1-AEBD-0000F80367C1"
                            {
                                #If it SELF then = 1
                                if($objIdentity -eq "NT AUTHORITY\SELF")
                                {
                                    $intCriticalityLevel = 1
                                }
                                else
                                {
                                    $intCriticalityLevel = 2
                                }
                            }
                            # User-Account-Control = 4
                            "bf967a68-0de6-11d0-a285-00aa003049e2"
                            {
                                $intCriticalityLevel = 4
                            }
                            # Service-Principal-Name = 4
                            "f3a64788-5306-11d1-a9c5-0000f80367c1"
                            {
                                $intCriticalityLevel = 4
                            }
                            #  Is-Member-Of-DL = 4
                            "bf967991-0de6-11d0-a285-00aa003049e2"
                            {
                                $intCriticalityLevel = 4
                            }
                            default
                            {
                                $intCriticalityLevel = 2
                            }
                        }
                    }
                    "ObjectAceTypePresent, InheritedObjectAceTypePresent"
                    {
                        Switch ($objInheritedObjectType)
                        {
                            # User = 4 ,Group = 4,Computer = 4
                            {($_ -eq "bf967aba-0de6-11d0-a285-00aa003049e2") -or ($_ -eq "bf967a9c-0de6-11d0-a285-00aa003049e2") -or ($_ -eq "bf967a86-0de6-11d0-a285-00aa003049e2") -or ($_ -eq "ce206244-5827-4a86-ba1c-1c0c386c1b64") -or ($_ -eq "7b8b558a-93a5-4af7-adca-c017e67f1057")}
                            {

                                Switch ($objObjectType)
                                {
                                    # Account Restrictions = 4
                                    "4c164200-20c0-11d0-a768-00aa006e0529"
                                    {
                                        $intCriticalityLevel = 4
                                    }
                                    # Group Membership = 4
                                    "bc0ac240-79a9-11d0-9020-00c04fc2d4cf"
                                    {
                                        $intCriticalityLevel = 4
                                    }
                                    # Email-Information = 0
                                    "E45795B2-9455-11d1-AEBD-0000F80367C1"
                                    {
                                        $intCriticalityLevel = 0
                                    }
                                    # Web-Information = 2
                                    "E45795B3-9455-11d1-AEBD-0000F80367C1"
                                    {
                                        #If it SELF then = 1
                                        if($objIdentity -eq "NT AUTHORITY\SELF")
                                        {
                                            $intCriticalityLevel = 1
                                        }
                                        else
                                        {
                                            $intCriticalityLevel = 2
                                        }
                                    }
                                    # Personal-Information = 2
                                    "77B5B886-944A-11d1-AEBD-0000F80367C1"
                                    {
                                        #If it SELF then = 1
                                        if($objIdentity -eq "NT AUTHORITY\SELF")
                                        {
                                            $intCriticalityLevel = 1
                                        }
                                        else
                                        {
                                            $intCriticalityLevel = 2
                                        }
                                    }
                                    # User-Account-Control = 4
                                    "bf967a68-0de6-11d0-a285-00aa003049e2"
                                    {
                                        $intCriticalityLevel = 4
                                    }
                                    # Service-Principal-Name = 4
                                    "f3a64788-5306-11d1-a9c5-0000f80367c1"
                                    {
                                        $intCriticalityLevel = 4
                                    }
                                    #  Is-Member-Of-DL = 4
                                    "bf967991-0de6-11d0-a285-00aa003049e2"
                                    {
                                        $intCriticalityLevel = 4
                                    }
                                    default
                                    {
                                        $intCriticalityLevel = 2
                                    }
                                }
                            }
                            default
                            {
                                $intCriticalityLevel = 3
                            }
                        }

                    }
                    "InheritedObjectAceTypePresent"
                    {
                        Switch ($objInheritedObjectType)
                        {
                            # User = 4 ,Group = 4,Computer = 4
                            {($_ -eq "bf967aba-0de6-11d0-a285-00aa003049e2") -or ($_ -eq "bf967a9c-0de6-11d0-a285-00aa003049e2") -or ($_ -eq "bf967a86-0de6-11d0-a285-00aa003049e2") -or ($_ -eq "ce206244-5827-4a86-ba1c-1c0c386c1b64") -or ($_ -eq "7b8b558a-93a5-4af7-adca-c017e67f1057")}
                            {

                                Switch ($objObjectType)
                                {
                                    # All
                                    "00000000-0000-0000-0000-000000000000"
                                    {
                                        $intCriticalityLevel = 4
                                    }
                                    # Account Restrictions = 4
                                    "4c164200-20c0-11d0-a768-00aa006e0529"
                                    {
                                        $intCriticalityLevel = 4
                                    }
                                    # Group Membership = 4
                                    "bc0ac240-79a9-11d0-9020-00c04fc2d4cf"
                                    {
                                        $intCriticalityLevel = 4
                                    }
                                    # Email-Information = 0
                                    "E45795B2-9455-11d1-AEBD-0000F80367C1"
                                    {
                                        $intCriticalityLevel = 0
                                    }
                                    # Web-Information = 2
                                    "E45795B3-9455-11d1-AEBD-0000F80367C1"
                                    {
                                        #If it SELF then = 1
                                        if($objIdentity -eq "NT AUTHORITY\SELF")
                                        {
                                            $intCriticalityLevel = 1
                                        }
                                        else
                                        {
                                            $intCriticalityLevel = 2
                                        }
                                    }
                                    # Personal-Information = 2
                                    "77B5B886-944A-11d1-AEBD-0000F80367C1"
                                    {
                                        #If it SELF then = 1
                                        if($objIdentity -eq "NT AUTHORITY\SELF")
                                        {
                                            $intCriticalityLevel = 1
                                        }
                                        else
                                        {
                                            $intCriticalityLevel = 2
                                        }
                                    }
                                    # User-Account-Control = 4
                                    "bf967a68-0de6-11d0-a285-00aa003049e2"
                                    {
                                        $intCriticalityLevel = 4
                                    }
                                    # Service-Principal-Name = 4
                                    "f3a64788-5306-11d1-a9c5-0000f80367c1"
                                    {
                                        $intCriticalityLevel = 4
                                    }
                                    #  Is-Member-Of-DL = 4
                                    "bf967991-0de6-11d0-a285-00aa003049e2"
                                    {
                                        $intCriticalityLevel = 4
                                    }
                                    default
                                    {
                                        $intCriticalityLevel = 2
                                    }
                                }
                            }
                            default
                            {
                                $intCriticalityLevel = 3
                            }
                        }

                    }
                    "None"
                    {

                                Switch ($objObjectType)
                                {
                                    # All
                                    "00000000-0000-0000-0000-000000000000"
                                    {
                                        $intCriticalityLevel = 4
                                    }
                                    # Account Restrictions = 4
                                    "4c164200-20c0-11d0-a768-00aa006e0529"
                                    {
                                        $intCriticalityLevel = 4
                                    }
                                    # Group Membership = 4
                                    "bc0ac240-79a9-11d0-9020-00c04fc2d4cf"
                                    {
                                        $intCriticalityLevel = 4
                                    }
                                    # Email-Information = 0
                                    "E45795B2-9455-11d1-AEBD-0000F80367C1"
                                    {
                                        $intCriticalityLevel = 0
                                    }
                                    # Web-Information = 2
                                    "E45795B3-9455-11d1-AEBD-0000F80367C1"
                                    {
                                        #If it SELF then = 1
                                        if($objIdentity -eq "NT AUTHORITY\SELF")
                                        {
                                            $intCriticalityLevel = 1
                                        }
                                        else
                                        {
                                            $intCriticalityLevel = 2
                                        }
                                    }
                                    # Personal-Information = 2
                                    "77B5B886-944A-11d1-AEBD-0000F80367C1"
                                    {
                                        #If it SELF then = 1
                                        if($objIdentity -eq "NT AUTHORITY\SELF")
                                        {
                                            $intCriticalityLevel = 1
                                        }
                                        else
                                        {
                                            $intCriticalityLevel = 2
                                        }
                                    }
                                    # User-Account-Control = 4
                                    "bf967a68-0de6-11d0-a285-00aa003049e2"
                                    {
                                        $intCriticalityLevel = 4
                                    }
                                    # Service-Principal-Name = 4
                                    "f3a64788-5306-11d1-a9c5-0000f80367c1"
                                    {
                                        $intCriticalityLevel = 4
                                    }
                                    #  Is-Member-Of-DL = 4
                                    "bf967991-0de6-11d0-a285-00aa003049e2"
                                    {
                                        $intCriticalityLevel = 4
                                    }
                                    default
                                    {
                                        $intCriticalityLevel = 2
                                    }
                                }
                    }
                    default
                    {

                    }
                }#End switch

            }
            "Descendents"
            {
                Switch ($objFlags)
                { 
                    "ObjectAceTypePresent"
                    {
                        Switch ($objObjectType)
                        {
                            # Domain Password & Lockout Policies = 4
                            "c7407360-20bf-11d0-a768-00aa006e0529"
                            {
                                $intCriticalityLevel = 4
                            }
                            # Account Restrictions = 4
                            "4c164200-20c0-11d0-a768-00aa006e0529"
                            {
                                $intCriticalityLevel = 4
                            }
                            # Group Membership = 4
                            "bc0ac240-79a9-11d0-9020-00c04fc2d4cf"
                            {
                                $intCriticalityLevel = 4
                            }
                            # Email-Information = 0
                            "E45795B2-9455-11d1-AEBD-0000F80367C1"
                            {
                                $intCriticalityLevel = 0
                            }
                            # Web-Information = 2
                            "E45795B3-9455-11d1-AEBD-0000F80367C1"
                            {
                                #If it SELF then = 1
                                if($objIdentity -eq "NT AUTHORITY\SELF")
                                {
                                    $intCriticalityLevel = 1
                                }
                                else
                                {
                                    $intCriticalityLevel = 2
                                }
                            }
                            # Personal-Information = 2
                            "77B5B886-944A-11d1-AEBD-0000F80367C1"
                            {
                                #If it SELF then = 1
                                if($objIdentity -eq "NT AUTHORITY\SELF")
                                {
                                    $intCriticalityLevel = 1
                                }
                                else
                                {
                                    $intCriticalityLevel = 2
                                }
                            }
                            # User-Account-Control = 4
                            "bf967a68-0de6-11d0-a285-00aa003049e2"
                            {
                                $intCriticalityLevel = 4
                            }
                            # Service-Principal-Name = 4
                            "f3a64788-5306-11d1-a9c5-0000f80367c1"
                            {
                                $intCriticalityLevel = 4
                            }
                            #  Is-Member-Of-DL = 4
                            "bf967991-0de6-11d0-a285-00aa003049e2"
                            {
                                $intCriticalityLevel = 4
                            }
                            default
                            {
                                $intCriticalityLevel = 2
                            }
                        }
                    }
                    "ObjectAceTypePresent, InheritedObjectAceTypePresent"
                    {
                        Switch ($objInheritedObjectType)
                        {
                            # User = 4 ,Group = 4,Computer = 4
                            {($_ -eq "bf967aba-0de6-11d0-a285-00aa003049e2") -or ($_ -eq "bf967a9c-0de6-11d0-a285-00aa003049e2") -or ($_ -eq "bf967a86-0de6-11d0-a285-00aa003049e2") -or ($_ -eq "ce206244-5827-4a86-ba1c-1c0c386c1b64") -or ($_ -eq "7b8b558a-93a5-4af7-adca-c017e67f1057")}
                            {

                                Switch ($objObjectType)
                                {
                                    # Account Restrictions = 4
                                    "4c164200-20c0-11d0-a768-00aa006e0529"
                                    {
                                        $intCriticalityLevel = 4
                                    }
                                    # Group Membership = 4
                                    "bc0ac240-79a9-11d0-9020-00c04fc2d4cf"
                                    {
                                        $intCriticalityLevel = 4
                                    }
                                    # Email-Information = 0
                                    "E45795B2-9455-11d1-AEBD-0000F80367C1"
                                    {
                                        $intCriticalityLevel = 0
                                    }
                                    # Web-Information = 2
                                    "E45795B3-9455-11d1-AEBD-0000F80367C1"
                                    {
                                        #If it SELF then = 1
                                        if($objIdentity -eq "NT AUTHORITY\SELF")
                                        {
                                            $intCriticalityLevel = 1
                                        }
                                        else
                                        {
                                            $intCriticalityLevel = 2
                                        }
                                    }
                                    # Personal-Information = 2
                                    "77B5B886-944A-11d1-AEBD-0000F80367C1"
                                    {
                                        #If it SELF then = 1
                                        if($objIdentity -eq "NT AUTHORITY\SELF")
                                        {
                                            $intCriticalityLevel = 1
                                        }
                                        else
                                        {
                                            $intCriticalityLevel = 2
                                        }
                                    }
                                    # User-Account-Control = 4
                                    "bf967a68-0de6-11d0-a285-00aa003049e2"
                                    {
                                        $intCriticalityLevel = 4
                                    }
                                    # Service-Principal-Name = 4
                                    "f3a64788-5306-11d1-a9c5-0000f80367c1"
                                    {
                                        $intCriticalityLevel = 4
                                    }
                                    #  Is-Member-Of-DL = 4
                                    "bf967991-0de6-11d0-a285-00aa003049e2"
                                    {
                                        $intCriticalityLevel = 4
                                    }
                                    default
                                    {
                                        $intCriticalityLevel = 2
                                    }
                                }
                            }
                            default
                            {
                                $intCriticalityLevel = 3
                            }
                        }

                    }
                    "InheritedObjectAceTypePresent"
                    {
                        Switch ($objInheritedObjectType)
                        {
                            # User = 4 ,Group = 4,Computer = 4
                            {($_ -eq "bf967aba-0de6-11d0-a285-00aa003049e2") -or ($_ -eq "bf967a9c-0de6-11d0-a285-00aa003049e2") -or ($_ -eq "bf967a86-0de6-11d0-a285-00aa003049e2") -or ($_ -eq "ce206244-5827-4a86-ba1c-1c0c386c1b64") -or ($_ -eq "7b8b558a-93a5-4af7-adca-c017e67f1057")}
                            {

                                Switch ($objObjectType)
                                {
                                    # All
                                    "00000000-0000-0000-0000-000000000000"
                                    {
                                        $intCriticalityLevel = 4
                                    }
                                    # Account Restrictions = 4
                                    "4c164200-20c0-11d0-a768-00aa006e0529"
                                    {
                                        $intCriticalityLevel = 4
                                    }
                                    # Group Membership = 4
                                    "bc0ac240-79a9-11d0-9020-00c04fc2d4cf"
                                    {
                                        $intCriticalityLevel = 4
                                    }
                                    # Email-Information = 0
                                    "E45795B2-9455-11d1-AEBD-0000F80367C1"
                                    {
                                        $intCriticalityLevel = 0
                                    }
                                    # Web-Information = 2
                                    "E45795B3-9455-11d1-AEBD-0000F80367C1"
                                    {
                                        #If it SELF then = 1
                                        if($objIdentity -eq "NT AUTHORITY\SELF")
                                        {
                                            $intCriticalityLevel = 1
                                        }
                                        else
                                        {
                                            $intCriticalityLevel = 2
                                        }
                                    }
                                    # Personal-Information = 2
                                    "77B5B886-944A-11d1-AEBD-0000F80367C1"
                                    {
                                        #If it SELF then = 1
                                        if($objIdentity -eq "NT AUTHORITY\SELF")
                                        {
                                            $intCriticalityLevel = 1
                                        }
                                        else
                                        {
                                            $intCriticalityLevel = 2
                                        }
                                    }
                                    # User-Account-Control = 4
                                    "bf967a68-0de6-11d0-a285-00aa003049e2"
                                    {
                                        $intCriticalityLevel = 4
                                    }
                                    # Service-Principal-Name = 4
                                    "f3a64788-5306-11d1-a9c5-0000f80367c1"
                                    {
                                        $intCriticalityLevel = 4
                                    }
                                    #  Is-Member-Of-DL = 4
                                    "bf967991-0de6-11d0-a285-00aa003049e2"
                                    {
                                        $intCriticalityLevel = 4
                                    }
                                    default
                                    {
                                        $intCriticalityLevel = 2
                                    }
                                }
                            }
                            default
                            {
                                $intCriticalityLevel = 3
                            }
                        }

                    }
                    default
                    {

                    }
                }#End switch

            }
            default
            {
                $intCriticalityLevel = 3
            }
        }#End switch
    }#End if Allow
}
{($_ -match "WriteDacl") -or ($_ -match "WriteOwner")}
{
    $intCriticalityLevel = 4
}
default
{
    If ($objAccess -eq "Allow")
    {
        if($objRights -match "Write")
        {
            $intCriticalityLevel = 2
        }         
        if($objRights -match "Create")
        {
            $intCriticalityLevel = 3
        }        
        if($objRights -match "Delete")
        {
            $intCriticalityLevel = 3
        }
        if($objRights -match "ExtendedRight")
        {
            $intCriticalityLevel = 3
        }             
        if($objRights -match "WriteDacl")
        {
            $intCriticalityLevel = 4
        }
        if($objRights -match "WriteOwner")
        {
            $intCriticalityLevel = 4
        }       
    }     
}

}# End Switch

if($Returns -eq „Filter“)
{
if ($intCriticalityLevel -ge $CriticalityFilter)
{
Return $True
}
else
{
Return $false
}

}
else
{
Return $intCriticalityLevel
}

}

==========================================================================

==========================================================================

Function : WriteOUT

Arguments : Security Descriptor, OU dn string, Output htm file or other format

Returns : n/a

Description : Wites the SD info to a HTM table or other format, it appends info if the file exist

==========================================================================

function WriteOUT
{
Param([bool] $bolACLExist,$sd,[string]$DSObject,[string]$Canonical,[bool] $OUHeader,[string] $strColorTemp,[string] $htmfileout,[bool] $CompareMode,[bool] $FilterMode,[bool]$boolReplMetaDate,[string]$strReplMetaDate,[bool]$boolACLSize,[string]$strACLSize,[bool]$boolOUProtected,[bool]$bolOUPRotected,[bool]$bolCriticalityLevel,[bool]$bolTranslateGUID,[string]$strObjClass,[bool]$bolObjClass,[string]$Type,[bool]$GPO,[string]$GPODisplayname,[bool]$bolShowCriticalityColor,
[string]$strSDDL,
[Parameter(Mandatory=$false)]
[pscredential]
$CREDS)

if($Type -eq „HTML“)
{
$htm = $true
$fileout = $htmfileout
}
if($HTM)
{
$strTHOUColor = „E5CF00“
$strTHColor = „EFAC00“
if ($bolCriticalityLevel -eq $true)
{
$strLegendColor =@“
bgcolor=“#A4A4A4″
„@
}
else
{
$strLegendColor = „“
}
$strLegendColorInfo=@“
bgcolor=“#A4A4A4″
„@
$strLegendColorLow =@“
bgcolor=“#0099FF“
„@
$strLegendColorMedium=@“
bgcolor=“#FFFF00″
„@
$strLegendColorWarning=@“
bgcolor=“#FFD700″
„@
$strLegendColorCritical=@“
bgcolor=“#DF0101″
„@
$strFont =@“

„@
$strFontRights =@“

„@
$strFontOU =@“

„@
$strFontTH =@“

„@
If ($OUHeader -eq $true)
{

if ($GPO)
{
$strHTMLText =@“
$strHTMLText
$strFontOU $GPOdisplayname
„@
}
else
{
$strHTMLText =@“
$strHTMLText

„@
}

$strHTMLText =@“
$strHTMLText
$strFontOU $DSObject
„@

if ($Canonical)
{
$strHTMLText =@“
$strHTMLText
$strFontOU $Canonical
„@
}

if ($bolObjClass -eq $true)
{
$strHTMLText =@“
$strHTMLText
$strFontOU $strObjClass
„@
}
if ($boolReplMetaDate -eq $true)
{
$strHTMLText =@“
$strHTMLText
$strFontOU $strReplMetaDate
„@
}
if ($boolACLSize -eq $true)
{
$strHTMLText =@“
$strHTMLText
$strFontOU $strACLSize bytes
„@
}
if ($boolOUProtected -eq $true)
{
if ($bolOUProtected -eq $true)
{
$strHTMLText =@“
$strHTMLText
$strFontOU $bolOUProtected
„@
}
else
{
$strHTMLText =@“
$strHTMLText
$strFontOU $bolOUProtected
„@
}
}

$strHTMLText =@“
$strHTMLText

„@
}

Switch ($strColorTemp)
{

„1“
{
$strColor = „DDDDDD“
$strColorTemp = „2“
}
„2“
{
$strColor = „AAAAAA“
$strColorTemp = „1“
}
„3“
{
$strColor = „FF1111“
}
„4“
{
$strColor = „00FFAA“
}
„5“
{
$strColor = „FFFF00“
}
}# End Switch
}#End if HTM
if ($bolACLExist)
{
$sd | foreach{

if($null  -ne  $_.AccessControlType)
{
    $objAccess = $($_.AccessControlType.toString())
}
else
{
    $objAccess = $($_.AuditFlags.toString())
}
$objFlags = $($_.ObjectFlags.toString())
$objType = $($_.ObjectType.toString())
$objIsInheried = $($_.IsInherited.toString())
$objInheritedType = $($_.InheritedObjectType.toString())
$objRights = $($_.ActiveDirectoryRights.toString())
$objInheritanceType = $($_.InheritanceType.toString())


Switch ($objRights)
{
    "Self"
    {
        #Self right are never express in gui it's a validated write ( 0x00000008 ACTRL_DS_SELF)

            $objRights = ""
    }
    "GenericRead"
    {
            $objRights = "Read Permissions,List Contents,Read All Properties,List"
    }
    "CreateChild"
    {
            $objRights = "Create"    
    }
    "DeleteChild"
    {
        $objRights = "Delete Child"        
    }
    "GenericAll"
    {
        $objRights = "Full Control"        
    }
    "CreateChild, DeleteChild"
    {
        $objRights = "Create/Delete"        
    }
    "ReadProperty"
    {
        Switch ($objInheritanceType) 
        {
            "None"
            {

                Switch ($objFlags)
                { 
                    "ObjectAceTypePresent"
                    {
                        $objRights = "Read"    
                    }
                    "ObjectAceTypePresent, InheritedObjectAceTypePresent"
                    {
                        $objRights = "Read"    
                    }
                    default
                    {$objRights = "Read All Properties"    }
                }#End switch
            }
                "Children"
            {

                Switch ($objFlags)
                { 
                    "ObjectAceTypePresent"
                    {
                        $objRights = "Read"    
                    }
                    "ObjectAceTypePresent, InheritedObjectAceTypePresent"
                    {
                        $objRights = "Read"    
                    }
                    default
                    {$objRights = "Read All Properties"    }
                }#End switch
            }
            "Descendents"
            {
                Switch ($objFlags)
                { 
                    "ObjectAceTypePresent"
                    {
                    $objRights = "Read"    
                    }

                    "ObjectAceTypePresent, InheritedObjectAceTypePresent"
                    {
                    $objRights = "Read"    
                    }
                    default
                    {$objRights = "Read All Properties"    }
                }#End switch
            }
            default
            {$objRights = "Read All Properties"    }
        }#End switch
    }
    "ReadProperty, WriteProperty" 
    {
        $objRights = "Read All Properties;Write All Properties"            
    }
    "WriteProperty" 
    {
        Switch ($objInheritanceType) 
        {
            "None"
            {
                Switch ($objFlags)
                { 
                    "ObjectAceTypePresent"
                    {
                        $objRights = "Write"    
                    }
                    "ObjectAceTypePresent, InheritedObjectAceTypePresent"
                    {
                        $objRights = "Write"    
                    }
                    default
                    {
                        $objRights = "Write All Properties"    
                    }
                }#End switch
            }
            "Children"
            {
                Switch ($objFlags)
                { 
                    "ObjectAceTypePresent"
                    {
                        $objRights = "Write"    
                    }
                    "ObjectAceTypePresent, InheritedObjectAceTypePresent"
                    {
                        $objRights = "Write"    
                    }
                    default
                    {
                        $objRights = "Write All Properties"    
                    }
                }#End switch
            }
            "Descendents"
            {
                Switch ($objFlags)
                { 
                    "ObjectAceTypePresent"
                    {
                        $objRights = "Write"    
                    }
                    "ObjectAceTypePresent, InheritedObjectAceTypePresent"
                    {
                        $objRights = "Write"    
                    }
                    default
                    {
                        $objRights = "Write All Properties"    
                    }
                }#End switch
            }
            default
            {
                $objRights = "Write All Properties"
            }
        }#End switch        
    }
    default
    {

    }
}# End Switch  
if($bolShowCriticalityColor)
{
    $intCriticalityValue = Get-Criticality -Returns "Color" $_.IdentityReference.toString() $_.ActiveDirectoryRights.toString() $_.AccessControlType.toString() $_.ObjectFlags.toString() $_.InheritanceType.toString() $_.ObjectType.toString() $_.InheritedObjectType.toString() 0

    Switch ($intCriticalityValue)
    {
        0 {$strLegendText = "Info";$strLegendColor = $strLegendColorInfo}
        1 {$strLegendText = "Low";$strLegendColor = $strLegendColorLow}
        2 {$strLegendText = "Medium";$strLegendColor = $strLegendColorMedium}
        3 {$strLegendText = "Warning";$strLegendColor = $strLegendColorWarning}
        4 {$strLegendText = "Critical";$strLegendColor = $strLegendColorCritical}
    }
    $strLegendTextVal = $strLegendText
    if($intCriticalityValue -gt $global:intShowCriticalityLevel)
    {
        $global:intShowCriticalityLevel = $intCriticalityValue
    }
}



$IdentityReference = $($_.IdentityReference.toString())

If ($IdentityReference.contains("S-1-"))
{
    $strNTAccount = ConvertSidToName -server $global:strDomainLongName -Sid $IdentityReference -CREDS $CREDS

}
else
{
    $strNTAccount = $IdentityReference 
}

Switch ($strColorTemp) 
{

"1"
{
$strColor = "DDDDDD"
$strColorTemp = "2"
}
"2"
{
$strColor = "AAAAAA"
$strColorTemp = "1"
}       
"3"
{
$strColor = "FF1111"
}
"4"
{
$strColor = "00FFAA"
}     
"5"
{
$strColor = "FFFF00"
}          
}# End Switch

 Switch ($objInheritanceType) 
 {
    "All"
    {
        Switch ($objFlags) 
        { 
            "InheritedObjectAceTypePresent"
            {
                $strApplyTo =  "This object and all child objects"
                $strPerm =  "$objRights $(if($bolTranslateGUID){$objInheritedType}else{MapGUIDToMatchingName -strGUIDAsString $objInheritedType -Domain $global:strDomainDNName -CREDS $CREDS})"
            }       
            "ObjectAceTypePresent"
            {
                $strApplyTo =  "This object and all child objects"
                $strPerm =  "$objRights $(if($bolTranslateGUID){$objType}else{MapGUIDToMatchingName -strGUIDAsString $objType -Domain $global:strDomainDNName -CREDS $CREDS})"
            } 
            "ObjectAceTypePresent, InheritedObjectAceTypePresent"
            {
                $strApplyTo =  "$(if($bolTranslateGUID){$objInheritedType}else{MapGUIDToMatchingName -strGUIDAsString $objInheritedType -Domain $global:strDomainDNName -CREDS $CREDS})"
                $strPerm =  "$objRights $(if($bolTranslateGUID){$objType}else{MapGUIDToMatchingName -strGUIDAsString $objType -Domain $global:strDomainDNName -CREDS $CREDS})"
            }           
            "None"
            {
                $strApplyTo ="This object and all child objects"
                $strPerm = "$objRights"
            } 
                default
            {
                $strApplyTo = "Error"
                $strPerm = "Error: Failed to display permissions 1K"
            }    

        }# End Switch

    }
    "Descendents"
    {

        Switch ($objFlags)
        { 
            "InheritedObjectAceTypePresent"
            {
                $strApplyTo = "Descendant $(if($bolTranslateGUID){$objInheritedType}else{MapGUIDToMatchingName -strGUIDAsString $objInheritedType -Domain $global:strDomainDNName -CREDS $CREDS}) objects"
                $strPerm = "$objRights"
            }
            "None"
            {
                $strApplyTo = "Child Objects Only"
                $strPerm = "$objRights"
            }           
            "ObjectAceTypePresent"
            {
                $strApplyTo = "Child Objects Only"
                $strPerm = "$objRights $(if($bolTranslateGUID){$objType}else{MapGUIDToMatchingName -strGUIDAsString $objType -Domain $global:strDomainDNName -CREDS $CREDS})"
            } 
            "ObjectAceTypePresent, InheritedObjectAceTypePresent"
            {
                $strApplyTo =  "$(if($bolTranslateGUID){$objInheritedType}else{MapGUIDToMatchingName -strGUIDAsString $objInheritedType -Domain $global:strDomainDNName -CREDS $CREDS})"
                $strPerm =    "$objRights $(if($bolTranslateGUID){$objType}else{MapGUIDToMatchingName -strGUIDAsString $objType -Domain $global:strDomainDNName -CREDS $CREDS})"
            }
            default
            {
                $strApplyTo = "Error"
                $strPerm = "Error: Failed to display permissions 2K"
            }    

        }       
    }
    "None"
    {
        Switch ($objFlags)
        { 
            "ObjectAceTypePresent"
            {
                $strApplyTo = "This Object Only"
                $strPerm = "$objRights $(if($bolTranslateGUID){$objType}else{MapGUIDToMatchingName -strGUIDAsString $objType -Domain $global:strDomainDNName -CREDS $CREDS})"
            } 
            "None"
            {
                $strApplyTo = "This Object Only"
                $strPerm = "$objRights"
            } 
                default
            {
                $strApplyTo = "Error"
                $strPerm = "Error: Failed to display permissions 4K"
            }    

        }
    }
    "SelfAndChildren"
    {
            Switch ($objFlags)
        { 
            "ObjectAceTypePresent"
            {
                $strApplyTo = "This object and all child objects within this container only"
                $strPerm = "$objRights $(if($bolTranslateGUID){$objType}else{MapGUIDToMatchingName -strGUIDAsString $objType -Domain $global:strDomainDNName -CREDS $CREDS})"
            }
            "InheritedObjectAceTypePresent"
            {
                $strApplyTo = "This object and all child objects within this container only"
                $strPerm = "$objRights $(if($bolTranslateGUID){$objInheritedType}else{MapGUIDToMatchingName -strGUIDAsString $objInheritedType -Domain $global:strDomainDNName -CREDS $CREDS})"
            } 

            "ObjectAceTypePresent, InheritedObjectAceTypePresent"
            {
                $strApplyTo =  "$(if($bolTranslateGUID){$objInheritedType}else{MapGUIDToMatchingName -strGUIDAsString $objInheritedType -Domain $global:strDomainDNName -CREDS $CREDS})"
                $strPerm =  "$objRights $(if($bolTranslateGUID){$objType}else{MapGUIDToMatchingName -strGUIDAsString $objType -Domain $global:strDomainDNName -CREDS $CREDS})"
            }           
            "None"
            {
                $strApplyTo = "This object and all child objects"
                $strPerm = "$objRights"
            }                                      
            default
            {
                $strApplyTo = "Error"
                $strPerm = "Error: Failed to display permissions 5K"
            }    

        }       
    }   
    "Children"
    {
            Switch ($objFlags)
        { 
            "InheritedObjectAceTypePresent"
            {
                $strApplyTo = "Descendant $(if($bolTranslateGUID){$objInheritedType}else{MapGUIDToMatchingName -strGUIDAsString $objInheritedType -Domain $global:strDomainDNName -CREDS $CREDS}) objects within this container only"
                $strPerm = "$objRights"
            } 
            "None"
            {
                $strApplyTo = "Children  within this container only"
                $strPerm = "$objRights"
            }           
            "ObjectAceTypePresent, InheritedObjectAceTypePresent"
            {
                $strApplyTo = "$(if($bolTranslateGUID){$objInheritedType}else{MapGUIDToMatchingName -strGUIDAsString $objInheritedType -Domain $global:strDomainDNName -CREDS $CREDS})"
                $strPerm = "$(if($bolTranslateGUID){$objType}else{MapGUIDToMatchingName -strGUIDAsString $objType -Domain $global:strDomainDNName -CREDS $CREDS}) $objRights"
            }   
            "ObjectAceTypePresent"
            {
                $strApplyTo = "Children within this container only"
                $strPerm = "$objRights $(if($bolTranslateGUID){$objType}else{MapGUIDToMatchingName -strGUIDAsString $objType -Domain $global:strDomainDNName -CREDS $CREDS})"
            }               
            default
            {
                $strApplyTo = "Error"
                $strPerm = "Error: Failed to display permissions 6K"
            }    

        }
    }
    default
    {
        $strApplyTo = "Error"
        $strPerm = "Error: Failed to display permissions 7K"
    }    
}# End Switch

#

if($Type -eq „Object“)
{
$objhashtableACE = [pscustomobject][ordered]@{
Object = $DSObject ;`
ObjectClass = $strObjClass}

if($strSDDL)
{
    add-member -InputObject $objhashtableACE -MemberType NoteProperty -Name "SDDL" -Value $strSDDL
}
else
{
    add-member -InputObject $objhashtableACE -MemberType NoteProperty -Name "IdentityReference" -Value $IdentityReference
    add-member -InputObject $objhashtableACE -MemberType NoteProperty -Name "Trustee" -Value $strNTAccount
    add-member -InputObject $objhashtableACE -MemberType NoteProperty -Name "Access" -Value $objAccess
    add-member -InputObject $objhashtableACE -MemberType NoteProperty -Name "Inherited" -Value $objIsInheried
    add-member -InputObject $objhashtableACE -MemberType NoteProperty -Name "Apply To" -Value $strApplyTo
    add-member -InputObject $objhashtableACE -MemberType NoteProperty -Name "Permission" -Value $strPerm
}

if($Canonical)
{
    add-member -InputObject $objhashtableACE -MemberType NoteProperty -Name "CanonicalName" -Value $Canonical
    $objhashtableACE  = $objhashtableACE | Select-Object -Property Object,CanonicalName,* -ErrorAction SilentlyContinue
}

if($GPO)
{
    add-member -InputObject $objhashtableACE -MemberType NoteProperty -Name "GPO" -Value $GPOdisplayname
    $objhashtableACE  = $objhashtableACE | Select-Object -Property GPO,* -ErrorAction SilentlyContinue

}


if($boolOUProtected)
{
    $objhashtableACE | Add-Member NoteProperty "Inheritance Disabled" $bolOUProtected.toString()
}

if($boolReplMetaDate)
{
    $objhashtableACE | Add-Member NoteProperty "Security Descriptor Modified" $strReplMetaDate
}

if($CompareMode)
{
    $objhashtableACE | Add-Member NoteProperty State $($_.State.toString())
}

if ($bolCriticalityLevel -or $bolShowCriticalityColor)
{

    $objhashtableACE | Add-Member NoteProperty 'Criticality Level' $strLegendTextVal
}   

[VOID]$global:ArrayAllACE.Add($objhashtableACE)

}

If($HTM)
{
if ($GPO)
{
$strACLHTMLText =@“
$strACLHTMLText
$strFont $GPOdisplayname
„@
}
else
{
$strACLHTMLText =@“
$strACLHTMLText

„@
}
$strACLHTMLText =@“
$strACLHTMLText
$strFont $DSObject
„@

if ($Canonical)
{
$strACLHTMLText =@“
$strACLHTMLText
$strFont $Canonical
„@
}

if ($bolObjClass -eq $true)
{
$strACLHTMLText =@“
$strACLHTMLText
$strFont $strObjClass
„@
}

if ($boolReplMetaDate -eq $true)
{
$strACLHTMLText =@“
$strACLHTMLText
$strFont $strReplMetaDate
„@
}

if ($boolACLSize -eq $true)
{
$strACLHTMLText =@“
$strACLHTMLText
$strFont $strACLSize bytes
„@
}

if ($boolOUProtected -eq $true)
{
$strACLHTMLText =@“
$strACLHTMLText
$strFont $bolOUPRotected
„@
}
if($strSDDL)
{
$strACLHTMLText =@“
$strACLHTMLText
$strFont $strSDDL
„@
}
else
{
$strACLHTMLText =@“
$strACLHTMLText
$strFont $strNTAccount
$strFont $objAccess
$strFont $objIsInheried
$strFont $strApplyTo
$strFontRights $strPerm
„@
}

if($CompareMode)
{

$strACLHTMLText =@“
$strACLHTMLText
$strFont $($_.State.toString())
„@
}
if ($bolCriticalityLevel -eq $true)
{
$strACLHTMLText =@“
$strACLHTMLText
$strFont $strLegendTextVal
„@

}
}#End If HTM
}# End Foreach

}
else
{
if($HTM)
{
if ($OUHeader -eq $false)
{
if ($FilterMode)
{

if ($boolReplMetaDate -eq $true)
{
$strACLHTMLText =@“
$strACLHTMLText
$strFont $strReplMetaDate
„@
}

if ($boolACLSize -eq $true)
{
$strACLHTMLText =@“
$strACLHTMLText
$strFont $strACLSize bytes
„@
}

if ($boolOUProtected -eq $true)
{
$strACLHTMLText =@“
$strACLHTMLText
$strFont $bolOUPRotected
„@
}
$strACLHTMLText =@“
$strACLHTMLText
$strFont N/A
$strFont N/A
$strFont N/A
$strFont N/A
$strFont No Matching Permissions Set
„@

if ($bolCriticalityLevel -eq $true)
{
$strACLHTMLText =@“
$strACLHTMLText
$strFont $strLegendTextVal
„@
}
}
else
{

if ($boolReplMetaDate -eq $true)
{
$strACLHTMLText =@“
$strACLHTMLText
$strFont $strReplMetaDate
„@
}

if ($boolACLSize -eq $true)
{
$strACLHTMLText =@“
$strACLHTMLText
$strFont $strACLSize bytes
„@
}

if ($boolOUProtected -eq $true)
{
$strACLHTMLText =@“
$strACLHTMLText
$strFont $bolOUPRotected
„@
}

$strACLHTMLText =@“
$strACLHTMLText
$strFont N/A
$strFont N/A
$strFont N/A
$strFont N/A
$strFont No Permissions Set
„@

if ($bolCriticalityLevel -eq $true)
{
$strACLHTMLText =@“
$strACLHTMLText
$strFont $strLegendTextVal
„@
}

}# End If
}#end If OUHeader false
}#End if HTM
} #End if bolACLExist
if($HTM)
{
$strACLHTMLText =@“
$strACLHTMLText

„@

#end ifelse OUHEader
$strHTMLText = $strHTMLText + $strACLHTMLText

Out-File -InputObject $strHTMLText -Append -FilePath $fileout 
Out-File -InputObject $strHTMLText -Append -FilePath $strFileHTM

$strHTMLText = $null
$strACLHTMLText = $null
Remove-Variable -Name "strHTMLText"
Remove-Variable -Name "strACLHTMLText"

}#End if HTM

}

==========================================================================

Function : WriteDefSDAccessHTM

Arguments : Security Descriptor, OU dn string, Output htm file

Returns : n/a

Description : Wites the SD info to a HTM table, it appends info if the file exist

==========================================================================

function WriteDefSDAccessHTM
{
Param([bool]$bolACLExist, $sd, [bool]$bolObjClass,[string]$strObjectClass, [string]$strColorTemp,[string]$htmfileout, [string]$strFileHTM, [bool]$OUHeader, [bool]$boolReplMetaDate, [string]$strReplMetaVer, [string]$strReplMetaDate, [bool]$bolCriticalityLevel,[boolean]$CompareMode,[string]$xlsxout,[string]$Type)

if($Type -eq „HTML“)
{
$htm = $true
$fileout = $htmfileout
}
if($Type -eq „EXCEL“)
{
$EXCEL = $true
$fileout = $xlsxout
}
if($HTM)
{
$strTHOUColor = „E5CF00“
$strTHColor = „EFAC00“
if ($bolCriticalityLevel -eq $true)
{
$strLegendColor =@“
bgcolor=“#A4A4A4″
„@
}
else
{
$strLegendColor = „“
}
$strLegendColorInfo=@“
bgcolor=“#A4A4A4″
„@
$strLegendColorLow =@“
bgcolor=“#0099FF“
„@
$strLegendColorMedium=@“
bgcolor=“#FFFF00″
„@
$strLegendColorWarning=@“
bgcolor=“#FFD700″
„@
$strLegendColorCritical=@“
bgcolor=“#DF0101″
„@
$strFont =@“

„@
$strFontRights =@“

„@
$strFontOU =@“

„@
$strFontTH =@“

„@
If ($OUHeader -eq $true)
{

$strHTMLText =@“
$strHTMLText

„@

$strHTMLText =@“
$strHTMLText
$strFontOU $strObjectClass
„@

if ($boolReplMetaDate -eq $true)
{
$strHTMLText =@“
$strHTMLText
$strFontOU $strReplMetaDate
$strFontOU $strReplMetaVer
„@
}

$strHTMLText =@“
$strHTMLText

„@
}

Switch ($strColorTemp)
{

„1“
{
$strColor = „DDDDDD“
$strColorTemp = „2“
}
„2“
{
$strColor = „AAAAAA“
$strColorTemp = „1“
}
„3“
{
$strColor = „FF1111“
}
„4“
{
$strColor = „00FFAA“
}
„5“
{
$strColor = „FFFF00“
}
}# End Switch
}#End if HTM
if ($bolACLExist)
{
$sd | foreach{

if($null  -ne  $_.AccessControlType)
{
    $objAccess = $($_.AccessControlType.toString())
}
else
{
    $objAccess = $($_.AuditFlags.toString())
}
$objFlags = $($_.ObjectFlags.toString())
$objType = $($_.ObjectType.toString())
$objIsInheried = $($_.IsInherited.toString())
$objInheritedType = $($_.InheritedObjectType.toString())
$objRights = $($_.ActiveDirectoryRights.toString())
$objInheritanceType = $($_.InheritanceType.toString())


Switch ($objRights)
{
    "Self"
    {
        #Self right are never express in gui it's a validated write ( 0x00000008 ACTRL_DS_SELF)

            $objRights = ""
    }
    "GenericRead"
    {
            $objRights = "Read Permissions,List Contents,Read All Properties,List"
    }
    "CreateChild"
    {
            $objRights = "Create"    
    }
    "DeleteChild"
    {
        $objRights = "Delete Child"        
    }
    "GenericAll"
    {
        $objRights = "Full Control"        
    }
    "CreateChild, DeleteChild"
    {
        $objRights = "Create/Delete"        
    }
    "ReadProperty"
    {
        Switch ($objInheritanceType) 
        {
            "None"
            {

                Switch ($objFlags)
                { 
                    "ObjectAceTypePresent"
                    {
                        $objRights = "Read"    
                    }
                    "ObjectAceTypePresent, InheritedObjectAceTypePresent"
                    {
                        $objRights = "Read"    
                    }
                    default
                    {$objRights = "Read All Properties"    }
                }#End switch
            }
                "Children"
            {

                Switch ($objFlags)
                { 
                    "ObjectAceTypePresent"
                    {
                        $objRights = "Read"    
                    }
                    "ObjectAceTypePresent, InheritedObjectAceTypePresent"
                    {
                        $objRights = "Read"    
                    }
                    default
                    {$objRights = "Read All Properties"    }
                }#End switch
            }
            "Descendents"
            {
                Switch ($objFlags)
                { 
                    "ObjectAceTypePresent"
                    {
                    $objRights = "Read"    
                    }

                    "ObjectAceTypePresent, InheritedObjectAceTypePresent"
                    {
                    $objRights = "Read"    
                    }
                    default
                    {$objRights = "Read All Properties"    }
                }#End switch
            }
            default
            {$objRights = "Read All Properties"    }
        }#End switch
    }
    "ReadProperty, WriteProperty" 
    {
        $objRights = "Read All Properties;Write All Properties"            
    }
    "WriteProperty" 
    {
        Switch ($objInheritanceType) 
        {
            "None"
            {
                Switch ($objFlags)
                { 
                    "ObjectAceTypePresent"
                    {
                        $objRights = "Write"    
                    }
                    "ObjectAceTypePresent, InheritedObjectAceTypePresent"
                    {
                        $objRights = "Write"    
                    }
                    default
                    {
                        $objRights = "Write All Properties"    
                    }
                }#End switch
            }
            "Children"
            {
                Switch ($objFlags)
                { 
                    "ObjectAceTypePresent"
                    {
                        $objRights = "Write"    
                    }
                    "ObjectAceTypePresent, InheritedObjectAceTypePresent"
                    {
                        $objRights = "Write"    
                    }
                    default
                    {
                        $objRights = "Write All Properties"    
                    }
                }#End switch
            }
            "Descendents"
            {
                Switch ($objFlags)
                { 
                    "ObjectAceTypePresent"
                    {
                        $objRights = "Write"    
                    }
                    "ObjectAceTypePresent, InheritedObjectAceTypePresent"
                    {
                        $objRights = "Write"    
                    }
                    default
                    {
                        $objRights = "Write All Properties"    
                    }
                }#End switch
            }
            default
            {
                $objRights = "Write All Properties"
            }
        }#End switch        
    }
    default
    {

    }
}# End Switch  
if($bolShowCriticalityColor)
{
    $intCriticalityValue = Get-Criticality -Returns "Color" $_.IdentityReference.toString() $_.ActiveDirectoryRights.toString() $_.AccessControlType.toString() $_.ObjectFlags.toString() $_.InheritanceType.toString() $_.ObjectType.toString() $_.InheritedObjectType.toString() 0

    Switch ($intCriticalityValue)
    {
        0 {$strLegendText = "Info";$strLegendColor = $strLegendColorInfo}
        1 {$strLegendText = "Low";$strLegendColor = $strLegendColorLow}
        2 {$strLegendText = "Medium";$strLegendColor = $strLegendColorMedium}
        3 {$strLegendText = "Warning";$strLegendColor = $strLegendColorWarning}
        4 {$strLegendText = "Critical";$strLegendColor = $strLegendColorCritical}
    }
    $strLegendTextVal = $strLegendText
    if($intCriticalityValue -gt $global:intShowCriticalityLevel)
    {
        $global:intShowCriticalityLevel = $intCriticalityValue
    }
}



$IdentityReference = $($_.IdentityReference.toString())

If ($IdentityReference.contains("S-1-"))
{
 $strNTAccount = ConvertSidToName -server $global:strDomainLongName -Sid $IdentityReference -CREDS $CREDS

}
else
{
    $strNTAccount = $IdentityReference 
}

Switch ($strColorTemp) 
{

"1"
{
$strColor = "DDDDDD"
$strColorTemp = "2"
}
"2"
{
$strColor = "AAAAAA"
$strColorTemp = "1"
}       
"3"
{
$strColor = "FF1111"
}
"4"
{
$strColor = "00FFAA"
}     
"5"
{
$strColor = "FFFF00"
}          
}# End Switch

 Switch ($objInheritanceType) 
 {
    "All"
    {
        Switch ($objFlags) 
        { 
            "InheritedObjectAceTypePresent"
            {
                $strApplyTo =  "This object and all child objects"
                $strPerm =  "$objRights $(if($bolTranslateGUID){$objInheritedType}else{MapGUIDToMatchingName -strGUIDAsString $objInheritedType -Domain $global:strDomainDNName -CREDS $CREDS})"
            }       
            "ObjectAceTypePresent"
            {
                $strApplyTo =  "This object and all child objects"
                $strPerm =  "$objRights $(if($bolTranslateGUID){$objType}else{MapGUIDToMatchingName -strGUIDAsString $objType -Domain $global:strDomainDNName -CREDS $CREDS})"
            } 
            "ObjectAceTypePresent, InheritedObjectAceTypePresent"
            {
                $strApplyTo =  "$(if($bolTranslateGUID){$objInheritedType}else{MapGUIDToMatchingName -strGUIDAsString $objInheritedType -Domain $global:strDomainDNName -CREDS $CREDS})"
                $strPerm =  "$objRights $(if($bolTranslateGUID){$objType}else{MapGUIDToMatchingName -strGUIDAsString $objType -Domain $global:strDomainDNName -CREDS $CREDS})"
            }           
            "None"
            {
                $strApplyTo ="This object and all child objects"
                $strPerm = "$objRights"
            } 
                default
            {
                $strApplyTo = "Error"
                $strPerm = "Error: Failed to display permissions 1K"
            }    

        }# End Switch

    }
    "Descendents"
    {

        Switch ($objFlags)
        { 
            "InheritedObjectAceTypePresent"
            {
                $strApplyTo = "$(if($bolTranslateGUID){$objInheritedType}else{MapGUIDToMatchingName -strGUIDAsString $objInheritedType -Domain $global:strDomainDNName -CREDS $CREDS})"
                $strPerm = "$objRights"
            }
            "None"
            {
                $strApplyTo = "Child Objects Only"
                $strPerm = "$objRights"
            }           
            "ObjectAceTypePresent"
            {
                $strApplyTo = "Child Objects Only"
                $strPerm = "$objRights $(if($bolTranslateGUID){$objType}else{MapGUIDToMatchingName -strGUIDAsString $objType -Domain $global:strDomainDNName -CREDS $CREDS})"
            } 
            "ObjectAceTypePresent, InheritedObjectAceTypePresent"
            {
                $strApplyTo =  "$(if($bolTranslateGUID){$objInheritedType}else{MapGUIDToMatchingName -strGUIDAsString $objInheritedType -Domain $global:strDomainDNName -CREDS $CREDS})"
                $strPerm =    "$objRights $(if($bolTranslateGUID){$objType}else{MapGUIDToMatchingName -strGUIDAsString $objType -Domain $global:strDomainDNName -CREDS $CREDS})"
            }
            default
            {
                $strApplyTo = "Error"
                $strPerm = "Error: Failed to display permissions 2K"
            }    

        }       
    }
    "None"
    {
        Switch ($objFlags)
        { 
            "ObjectAceTypePresent"
            {
                $strApplyTo = "This Object Only"
                $strPerm = "$objRights $(if($bolTranslateGUID){$objType}else{MapGUIDToMatchingName -strGUIDAsString $objType -Domain $global:strDomainDNName -CREDS $CREDS})"
            } 
            "None"
            {
                $strApplyTo = "This Object Only"
                $strPerm = "$objRights"
            } 
                default
            {
                $strApplyTo = "Error"
                $strPerm = "Error: Failed to display permissions 4K"
            }    

        }
    }
    "SelfAndChildren"
    {
            Switch ($objFlags)
        { 
            "ObjectAceTypePresent"
            {
                $strApplyTo = "This object and all child objects within this container only"
                $strPerm = "$objRights $(if($bolTranslateGUID){$objType}else{MapGUIDToMatchingName -strGUIDAsString $objType -Domain $global:strDomainDNName -CREDS $CREDS})"
            }
            "InheritedObjectAceTypePresent"
            {
                $strApplyTo = "Children within this container only"
                $strPerm = "$objRights $(if($bolTranslateGUID){$objInheritedType}else{MapGUIDToMatchingName -strGUIDAsString $objInheritedType -Domain $global:strDomainDNName -CREDS $CREDS})"
            } 

            "ObjectAceTypePresent, InheritedObjectAceTypePresent"
            {
                $strApplyTo =  "$(if($bolTranslateGUID){$objInheritedType}else{MapGUIDToMatchingName -strGUIDAsString $objInheritedType -Domain $global:strDomainDNName -CREDS $CREDS})"
                $strPerm =  "$objRights $(if($bolTranslateGUID){$objType}else{MapGUIDToMatchingName -strGUIDAsString $objType -Domain $global:strDomainDNName -CREDS $CREDS})"
            }           
            "None"
            {
                $strApplyTo = "This object and all child objects"
                $strPerm = "$objRights"
            }                                      
            default
            {
                $strApplyTo = "Error"
                $strPerm = "Error: Failed to display permissions 5K"
            }    

        }       
    }   
    "Children"
    {
            Switch ($objFlags)
        { 
            "InheritedObjectAceTypePresent"
            {
                $strApplyTo = "Children within this container only"
                $strPerm = "$objRights $(if($bolTranslateGUID){$objInheritedType}else{MapGUIDToMatchingName -strGUIDAsString $objInheritedType -Domain $global:strDomainDNName -CREDS $CREDS})"
            } 
            "None"
            {
                $strApplyTo = "Children  within this container only"
                $strPerm = "$objRights"
            }           
            "ObjectAceTypePresent, InheritedObjectAceTypePresent"
            {
                $strApplyTo = "$(if($bolTranslateGUID){$objInheritedType}else{MapGUIDToMatchingName -strGUIDAsString $objInheritedType -Domain $global:strDomainDNName -CREDS $CREDS})"
                $strPerm = "$(if($bolTranslateGUID){$objType}else{MapGUIDToMatchingName -strGUIDAsString $objType -Domain $global:strDomainDNName -CREDS $CREDS}) $objRights"
            }   
            "ObjectAceTypePresent"
            {
                $strApplyTo = "Children within this container only"
                $strPerm = "$objRights $(if($bolTranslateGUID){$objType}else{MapGUIDToMatchingName -strGUIDAsString $objType -Domain $global:strDomainDNName -CREDS $CREDS})"
            }               
            default
            {
                $strApplyTo = "Error"
                $strPerm = "Error: Failed to display permissions 6K"
            }    

        }
    }
    default
    {
        $strApplyTo = "Error"
        $strPerm = "Error: Failed to display permissions 7K"
    }    
}# End Switch

If($Excel)
{

$objhashtableACE = [pscustomobject][ordered]@{
ObjectClass = $strObjectClass}

if($boolReplMetaDate)
{
    $objhashtableACE | Add-Member NoteProperty "Security Descriptor Modified" $strReplMetaDate 
    $objhashtableACE | Add-Member NoteProperty "Version" $strReplMetaVer 
}
$objhashtableACE | Add-Member NoteProperty "IdentityReference" $IdentityReference.toString() 
$objhashtableACE | Add-Member NoteProperty "Trustee" $strNTAccount.toString() 
$objhashtableACE | Add-Member NoteProperty "Access" $objAccess.toString() 
$objhashtableACE | Add-Member NoteProperty "Inherited" $objIsInheried.toString() 
$objhashtableACE | Add-Member NoteProperty "Apply To" $strApplyTo.toString() 
$objhashtableACE | Add-Member NoteProperty "Permission" $strPerm.toString() 



if($boolOUProtected)
{
    $objhashtableACE | Add-Member NoteProperty "Inheritance Disabled" $bolOUProtected.toString() 
}

if ($bolCriticalityLevel -eq $true)
{
    $objhashtableACE | Add-Member NoteProperty "Criticality Level" $strLegendTextVal.toString() 
}

if($CompareMode)
{
    $objhashtableACE | Add-Member NoteProperty State $($_.State.toString()) 
}

[VOID]$global:ArrayAllACE.Add($objhashtableACE)

}

If($HTM)
{

$strACLHTMLText =@“
$strACLHTMLText

„@

$strACLHTMLText =@“
$strACLHTMLText
$strFont $strObjectClass
„@

if ($boolReplMetaDate -eq $true)
{
$strACLHTMLText =@“
$strACLHTMLText
$strFont $strReplMetaDate
$strFont $strReplMetaVer
„@
}

$strACLHTMLText =@“
$strACLHTMLText
$strFont $strNTAccount
$strFont $objAccess
$strFont $objIsInheried
$strFont $strApplyTo
$strFontRights $strPerm
„@

if($CompareMode)
{

$strACLHTMLText =@“
$strACLHTMLText
$strFont $($_.State.toString())
„@
}
if ($bolCriticalityLevel -eq $true)
{
$strACLHTMLText =@“
$strACLHTMLText
$strFont $strLegendTextVal
„@

}
}#End If HTM
}# End Foreach

}
else
{
if($HTM)
{
if ($OUHeader -eq $false)
{
if ($FilterMode)
{

if ($boolReplMetaDate -eq $true)
{
$strACLHTMLText =@“
$strACLHTMLText
$strFont $strReplMetaDate
„@
}

if ($boolACLSize -eq $true)
{
$strACLHTMLText =@“
$strACLHTMLText
$strFont $strACLSize bytes
„@
}

if ($boolOUProtected -eq $true)
{
$strACLHTMLText =@“
$strACLHTMLText
$strFont $bolOUPRotected
„@
}
$strACLHTMLText =@“
$strACLHTMLText
$strFont N/A
$strFont N/A
$strFont N/A
$strFont N/A
$strFont No Matching Permissions Set
„@

if ($bolCriticalityLevel -eq $true)
{
$strACLHTMLText =@“
$strACLHTMLText
$strFont $strLegendTextVal
„@
}
}
else
{

if ($boolReplMetaDate -eq $true)
{
$strACLHTMLText =@“
$strACLHTMLText
$strFont $strReplMetaDate
„@
}

if ($boolACLSize -eq $true)
{
$strACLHTMLText =@“
$strACLHTMLText
$strFont $strACLSize bytes
„@
}

if ($boolOUProtected -eq $true)
{
$strACLHTMLText =@“
$strACLHTMLText
$strFont $bolOUPRotected
„@
}

$strACLHTMLText =@“
$strACLHTMLText
$strFont N/A
$strFont N/A
$strFont N/A
$strFont N/A
$strFont No Permissions Set
„@

if ($bolCriticalityLevel -eq $true)
{
$strACLHTMLText =@“
$strACLHTMLText
$strFont $strLegendTextVal
„@
}

}# End If
}#end If OUHeader false
}#End if HTM
} #End if bolACLExist
if($HTM)
{
$strACLHTMLText =@“
$strACLHTMLText

„@

#end ifelse OUHEader
$strHTMLText = $strHTMLText + $strACLHTMLText

Out-File -InputObject $strHTMLText -Append -FilePath $fileout 
Out-File -InputObject $strHTMLText -Append -FilePath $strFileHTM

$strHTMLText = $null
$strACLHTMLText = $null
Remove-Variable -Name "strHTMLText"
Remove-Variable -Name "strACLHTMLText"

}#End if HTM

}

==========================================================================

Function : InitiateDefSDAccessHTM

Arguments : Output htm file

Returns : n/a

Description : Wites base HTM table syntax, it appends info if the file exist

==========================================================================

Function InitiateDefSDAccessHTM
{
Param([string] $htmfileout,
[string]$strStartingPoint,
$RepMetaDate,
[bool]$bolCompare,
[string] $strComparefile,
[bool]$bolCriticaltiy)

$strACLTypeHeader = „Access“
If($bolCompare)
{
$strHTMLText =@“

Default Security Descriptor COMPARE REPORT – $($strStartingPoint.ToUpper())

Template: $strComparefile

„@
}
else
{
$strHTMLText =@“

Default Security Descriptor REPORT – $($strStartingPoint.ToUpper())

„@
}

$strHTMLText =@“
$strHTMLText

„@
$strTHOUColor = „E5CF00“
$strTHColor = „EFAC00“
$strFont =@“

„@
$strFontOU =@“

„@
$strFontTH =@“

„@
$strHTMLText =@“
$strHTMLText

„@
if ($RepMetaDate -eq $true)
{
$strHTMLText =@“
$strHTMLText

„@

if ($bolCompare -eq $true)
{
$strHTMLText =@“
$strHTMLText

„@
}

if ($bolCriticaltiy -eq $true)
{
$strHTMLText =@“
$strHTMLText

„@
}

Out-File -InputObject $strHTMLText -Append -FilePath $htmfileout
$strHTMLText = $null
$strTHOUColor = $null
$strTHColor = $null
Remove-Variable -Name „strHTMLText“
Remove-Variable -Name „strTHOUColor“
Remove-Variable -Name „strTHColor“

}

==========================================================================

Function : InitiateHTM

Arguments : Output htm file

Returns : n/a

Description : Wites base HTM table syntax, it appends info if the file exist

==========================================================================

Function InitiateHTM
{
Param([string] $htmfileout,[string]$strStartingPoint,[string]$strDN,[bool]$RepMetaDate ,[bool]$ACLSize,[bool]$bolACEOUProtected,[bool]$bolCriticaltiy,[bool]$bolCompare,[bool]$SkipDefACE,[bool]$SkipProtectDelACE,[string]$strComparefile,[bool]$bolFilter,[bool]$bolEffectiveRights,[bool]$bolObjType,[bool]$bolCanonical,[bool]$GPO,[bool]$SDDL)
If($rdbSACL.IsChecked)
{
$strACLTypeHeader = „Audit“
}
else
{
$strACLTypeHeader = „Access“
}
If($bolCompare)
{
$strHTMLText =@“

COMPARE REPORT – $($strStartingPoint.ToUpper())

Template: $strComparefile

„@
}
else
{
If($bolFilter)
{
$strHTMLText =@“

FILTERED REPORT – $($strStartingPoint.ToUpper())

„@
}
else
{
If($bolEffectiveRights)
{

$strHTMLText =@“

EFFECTIVE RIGHTS REPORT
Service Principal: $($global:strEffectiveRightAccount.ToUpper())

„@
}
else
{
$strHTMLText =@“

ACL REPORT – $($strStartingPoint.ToUpper())

„@
}
}
}
If($bolCriticaltiy)
{
$strHTMLText =@“
$strHTMLText Highest Criticality Level: 20141220T021111056594002014122000

„@
}
$strHTMLText =@“
$strHTMLText

$strDN
Report Created: $(get-date -uformat „%Y-%m-%d %H:%M:%S“)

„@
If($SkipDefACE)
{
$strHTMLText =@“
$strHTMLText

Default permissions excluded

„@
}
If($SkipProtectDelACE)
{
$strHTMLText =@“
$strHTMLText

Protected against accidental deletions permissions excluded

„@
}
$strHTMLText =@“
$strHTMLText

$strFontTH ObjectClass$strFontTH Security Descriptor Modified$strFontTH Version „@ } $strHTMLText =@“ $strHTMLText$strFontTH Trustee$strFontTH $strACLTypeHeader$strFontTH Inherited$strFontTH Apply To$strFontTH Permission$strFontTH State$strFontTH Criticality Level

„@
$strTHOUColor = „E5CF00“
$strTHColor = „EFAC00“
$strFont =@“

„@
$strFontOU =@“

„@
$strFontTH =@“

„@

if ($GPO)
{
$strHTMLText =@“
$strHTMLText

„@

if ($bolCanonical -eq $true)
{
$strHTMLText =@“
$strHTMLText

„@
}
else
{
$strHTMLText =@“
$strHTMLText

„@
}
if ($bolCompare -eq $true)
{
$strHTMLText =@“
$strHTMLText

„@
}

if ($bolCriticaltiy -eq $true)
{
$strHTMLText =@“
$strHTMLText

„@
}

Out-File -InputObject $strHTMLText -Append -FilePath $htmfileout
$strHTMLText = $null
$strTHOUColor = $null
$strTHColor = $null
Remove-Variable -Name „strHTMLText“
Remove-Variable -Name „strTHOUColor“
Remove-Variable -Name „strTHColor“

}

==========================================================================

Function : CreateHTA

Arguments : OU Name, Ou put HTA file

Returns : n/a

Description : Initiates a base HTA file with Export(Save As),Print and Exit buttons.

==========================================================================

function CreateHTA
{
Param([string]$NodeName,[string]$htafileout,[string]$htmfileout,[string] $folder,[string] $strDomainDN,[string] $strDC)
$strHTAText =@“



Report on $NodeName






„@
Out-File -InputObject $strHTAText -Force -FilePath $htafileout
}

==========================================================================

Function : WriteSPNHTM

Arguments : Security Principal Name, Output htm file

Returns : n/a

Description : Wites the account membership info to a HTM table, it appends info if the file exist

==========================================================================

function WriteSPNHTM
{
Param([string] $strSPN,$tokens,[string]$objType,[int]$intMemberOf,[string] $strColorTemp,[string] $htafileout,[string] $htmfileout)

$strHTMLText =“

$strFontTH GPO
„@
} $strHTMLText =@“
$strHTMLText
$strFontTH Object$strFontTH CanonicalName
„@
} if ($bolObjType -eq $true)
{
$strHTMLText =@“
$strHTMLText
$strFontTH ObjectClass „@ } if ($RepMetaDate -eq $true) { $strHTMLText =@“ $strHTMLText$strFontTH Security Descriptor Modified „@ } if ($ACLSize -eq $true) { $strHTMLText =@“ $strHTMLText$strFontTH DACL Size „@ } if ($bolACEOUProtected -eq $true) { $strHTMLText =@“ $strHTMLText$strFontTH Inheritance Disabled „@ } if($SDDL) { $strHTMLText =@“ $strHTMLText$strFontTH SDDL$strFontTH Trustee$strFontTH $strACLTypeHeader$strFontTH Inherited$strFontTH Apply To$strFontTH Permission$strFontTH State$strFontTH Criticality Level

$strTHOUColor = „E5CF00“
$strTHColor = „EFAC00“
$strFont =@“

„@
$strFontOU =@“

„@
$strFontTH =@“

„@

$strHTMLText =@“
$strHTMLText
„@ $strHTMLText =@“ $strHTMLText
„@

$tokens | foreach{
If ($_.contains(„S-1-„))
{
$strNTAccount = ConvertSidToName -server $global:strDomainLongName -Sid $_ -CREDS $CREDS

}
if ($($strNTAccount.toString()) -ne $strSPN)
{
Switch ($strColorTemp)
{

„1“
{
$strColor = „DDDDDD“
$strColorTemp = „2“
}
„2“
{
$strColor = „AAAAAA“
$strColorTemp = „1“
}
„3“
{
$strColor = „FF1111“
}
„4“
{
$strColor = „00FFAA“
}
„5“
{
$strColor = „FFFF00“
}
}# End Switch
$strGroupText=$strGroupText+@“

„@
}
}
$strHTMLText = $strHTMLText + $strGroupText

Out-File -InputObject $strHTMLText -Append -FilePath $htafileout
Out-File -InputObject $strHTMLText -Append -FilePath $htmfileout

$strHTMLText = „“

}

==========================================================================

Function : WriteDefSDSDDLHTM

Arguments : Security Principal Name, Output htm file

Returns : n/a

Description : Wites the account membership info to a HTM table, it appends info if the file exist

==========================================================================

function WriteDefSDSDDLHTM
{
Param([string] $strColorTemp,[string] $htafileout,[string] $htmfileout,[string]$strObjectClass,[string]$strDefSDVer,[string]$strDefSDDate,[string]$strSDDL)
$strTHOUColor = „E5CF00“
$strTHColor = „EFAC00“
$strFont =@“

„@
$strFontOU =@“

„@
$strFontTH =@“

„@

$strHTMLText =@“
$strHTMLText

„@

Switch ($strColorTemp)
{

"1"
    {
    $strColor = "DDDDDD"
    $strColorTemp = "2"
    }
"2"
    {
    $strColor = "AAAAAA"
    $strColorTemp = "1"
    }       
"3"
    {
    $strColor = "FF1111"
}
"4"
    {
    $strColor = "00FFAA"
}     
"5"
    {
    $strColor = "FFFF00"
}

}# End Switch

$strGroupText=$strGroupText+@“

„@

$strHTMLText = $strHTMLText + $strGroupText

Out-File -InputObject $strHTMLText -Append -FilePath $htafileout
Out-File -InputObject $strHTMLText -Append -FilePath $htmfileout

$strHTMLText = „“

}

==========================================================================

Function : CreateDefaultSDReportHTA

Arguments : Forest Name, Output HTA file

Returns : n/a

Description : Initiates a base HTA file with Export(Save As),Print and Exit buttons.

==========================================================================

function CreateDefaultSDReportHTA
{
Param([string]$Forest,[string]$htafileout,[string]$htmfileout,[string] $folder)
$strHTAText =@“



defaultSecurityDescriptor Report on $Forest






„@
Out-File -InputObject $strHTAText -Force -FilePath $htafileout
}

==========================================================================

Function : CreateSPNHTM

Arguments : OU Name, Ou put HTM file

Returns : n/a

Description : Initiates a base HTM file with Export(Save As),Print and Exit buttons.

==========================================================================

function CreateDefSDHTM
{
Param([string]$SPN,[string]$htmfileout)
$strHTAText =@“

<head[string]$SPN
Default Security Descritor Report on $SPN
„@
Out-File -InputObject $strHTAText -Force -FilePath $htmfileout

}

==========================================================================

Function : InitiateSPNHTM

Arguments : Output htm file

Returns : n/a

Description : Wites base HTM table syntax, it appends info if the file exist

==========================================================================

Function InitiateDefSDHTM
{
Param([string] $htmfileout,[string] $strStartingPoint)
$strHTMLText =@“

Default Security Descriptor REPORT – $($strStartingPoint.ToUpper())

„@
$strHTMLText =$strHTMLText +“

$strFontOU $strSPN$strFontOU $objType$strFontOU $intMemberOf
$strFontTH Groups
$strFont $($strNTAccount.toString())
$strFontOU $strObjectClass
$strFontOU $strDefSDVer
$strFontOU $strDefSDDate
„@ $strHTMLText =@“
$strHTMLText
$strFont $strObjectClass$strFont $strDefSDVer$strFont $strDefSDDate$strFont $strSDDL


$strTHOUColor = „E5CF00“
$strTHColor = „EFAC00“
$strFont =@“

„@
$strFontOU =@“

„@
$strFontTH =@“

„@

$strHTMLText =@“
$strHTMLText

„@

Out-File -InputObject $strHTMLText -Append -FilePath $htmfileout
}

==========================================================================

Function : CreateServicePrincipalReportHTA

Arguments : OU Name, Ou put HTA file

Returns : n/a

Description : Initiates a base HTA file with Export(Save As),Print and Exit buttons.

==========================================================================

function CreateServicePrincipalReportHTA
{
Param([string]$SPN,[string]$htafileout,[string]$htmfileout,[string] $folder)
$strHTAText =@“



Membership Report on $SPN






„@
Out-File -InputObject $strHTAText -Force -FilePath $htafileout
}

==========================================================================

Function : CreateSPNHTM

Arguments : OU Name, Ou put HTM file

Returns : n/a

Description : Initiates a base HTM file with Export(Save As),Print and Exit buttons.

==========================================================================

function CreateSPNHTM
{
Param([string]$SPN,[string]$htmfileout)
$strHTAText =@“

<head[string]$SPN
Membership Report on $SPN
„@
Out-File -InputObject $strHTAText -Force -FilePath $htmfileout

}

==========================================================================

Function : InitiateSPNHTM

Arguments : Output htm file

Returns : n/a

Description : Wites base HTM table syntax, it appends info if the file exist

==========================================================================

Function InitiateSPNHTM
{
Param([string] $htmfileout)
$strHTMLText =“

$strFontTH Object$strFontTH Version$strFontTH Modified Date$strFontTH SDDL


$strTHOUColor = „E5CF00“
$strTHColor = „EFAC00“
$strFont =@“

„@
$strFontOU =@“

„@
$strFontTH =@“

„@

$strHTMLText =@“
$strHTMLText

„@

Out-File -InputObject $strHTMLText -Append -FilePath $htmfileout
}

==========================================================================

Function : CreateHTM

Arguments : OU Name, Ou put HTM file

Returns : n/a

Description : Initiates a base HTM file with Export(Save As),Print and Exit buttons.

==========================================================================

function CreateHTM
{
Param([string]$NodeName,[string]$htmfileout)
$strHTAText =@“


Report on $NodeName
„@

Out-File -InputObject $strHTAText -Force -FilePath $htmfileout
}

==========================================================================

Function : Select-File

Arguments : n/a

Returns : folder path

Description : Dialogbox for selecting a file

==========================================================================

function Select-File
{
param (
[System.String]$Title = „Select Template File“,
[System.String]$InitialDirectory = $CurrentFSPath,
[System.String]$Filter = „All Files(.csv)|.csv“
)

$dialog = New-Object System.Windows.Forms.OpenFileDialog
$dialog.Filter = $filter
$dialog.InitialDirectory = $initialDirectory
$dialog.ShowHelp = $true
$dialog.Title = $title
$result = $dialog.ShowDialog()

if ($result -eq "OK")
{
    return $dialog.FileName
}
else
{
    return ""

}

}

==========================================================================

Function : Select-Folder

Arguments : n/a

Returns : folder path

Description : Dialogbox for selecting a folder

==========================================================================

function Select-Folder
{
Param($message=’Select a folder‘, $path = 0)
$object = New-Object -comObject Shell.Application

$folder = $object.BrowseForFolder(0, $message, 0, $path)  
if ($null -ne $folder) {  
    $folder.self.Path  
}

}

==========================================================================

Function : Get-Perm

Arguments : List of OU Path

Returns : All Permissions on a speficied object

Description : Enumerates all access control entries on a speficied object

==========================================================================

Function Get-Perm
{
Param(
#Array of distinguishedNames
[System.Collections.ArrayList]
$AllObjectDn,
#Domain NetBiosName
[string]
$DomainNetbiosName,
#If inherited permissions should be included
$IncludeInherited,
[boolean]
#If default permissions should be ignored
$SkipDefaultPerm,
[boolean]
#If protected object permissions should be ignored
$SkipProtectedPerm,
[boolean]
#if any filter is used
$FilterEna,
[boolean]
#Retrieve the Owner
$bolGetOwnerEna,
[boolean]
#Get replication meta data
[boolean]
$bolReplMeta,
#Get the size of the DACL
[boolean]
$bolACLsize,
#Perform a effictive permissions check
[boolean]
$bolEffectiveR,
#Show if the OU is protected from inheritance
[boolean]
$bolGetOUProtected,
#Convert GUIDs to names
[boolean]
$bolGUIDtoText,
#Show the result
[boolean]
$Show,
#The ouput type of the result
[string]
$OutType,
#If the result should be written to a file
[boolean]
$bolToFile,
#if criticality level have been selected
[boolean]
$bolAssess,
#the criticality level selected
[string]
$AssessLevel,
#Display the colors of the criticality level
[boolean]
$bolShowCriticalityColor,
#Scan GPO
[boolean]
$GPO,
#Skipt built-in groups
[boolean]
$FilterBuiltin,
#Translate the GUID
[boolean]
$TranslateGUID,
#Search every nested group
[boolean]
$RecursiveFind,
#Return this type of objects when searching nested groups
[string]
$RecursiveObjectType,
#Permissiosn that apply to this type of object
[string]
$ApplyTo,
#If a object type have been selected
[boolean]
$ACLObjectFilter,
#Filter a trustee string
[string]
$FilterTrustee,
#If filtering of trustee is selected
[boolean]
$FilterForTrustee,
#Filter for Allow of Deny
[string]
$AccessType,
#If filter for allow or deny is selected
[boolean]
$AccessFilter,
#Filter using permissions
[boolean]
$BolACLPermissionFilter,
#Permissions to filter
[string]
$ACLPermissionFilter,
#Added credentials
[Parameter(Mandatory=$false)]
[pscredential]
$CREDS,
#Retrun only objects of a this type
[string]
$ReturnObjectType,
#If a object type have been selected
[boolean]
$SDDL

)

$bolCompare = $false
$bolACLExist = $true
$global:strOwner = „“
$strACLSize = „“
$bolOUProtected = $false
$aclcount = 0
$sdOUProtect = „“
$global:ArrayAllACE = New-Object System.Collections.ArrayList

if(($OutType -eq „EXCEL“) -or ($OutType -eq „CSV“))
{
$WriteOut = „Object“
}
else
{
$WriteOut = „HTML“
}
if(($OutType -eq „CSVTEMPLATE“) -or ($OutType -eq „CSV“))
{
$bolCSV = $true
If ((Test-Path $strFileCSV) -eq $true)
{
Remove-Item $strFileCSV
}
}
else
{
$bolCSV = $false
}

$count = 0
$i = 0
$intCSV = 0
if($global:bolCMD)
{
$intTot = 0
#calculate percentage
$intTot = $AllObjectDn.count
}
else
{
if (($PSVersionTable.PSVersion -ne „2.0“) -and ($global:bolProgressBar))
{
$intTot = 0
#calculate percentage
$intTot = $AllObjectDn.count
if ($intTot -gt 0)
{
LoadProgressBar

    }
}

}

while($count -le $AllObjectDn.count -1)
{
if($GPO)
{
$ADObjDN = $AllObjectDn[$count].Split(„;“)[0]
$GPOTarget = $AllObjectDn[$count].Split(„;“)[1]
if($GPO)
{
$LDAPConnection = New-Object System.DirectoryServices.Protocols.LDAPConnection($global:strDC, $CREDS)
$LDAPConnection.SessionOptions.ReferralChasing = „None“
$request = New-Object System.directoryServices.Protocols.SearchRequest
$request.DistinguishedName = $ADObjDN
$request.Filter = „(objectClass=*)“
$request.Scope = „Base“
[void]$request.Attributes.Add(„displayname“)
$response = $LDAPConnection.SendRequest($request)
$result = $response.Entries[0]
try
{
$GPOdisplayname = $result.attributes.displayname[0]
}
catch
{
}
}
}
else
{
$ADObjDN = $($AllObjectDn[$count])
}
$global:secd = „“
$bolACLExist = $true
$global:GetSecErr = $false
if(($global:bolCMD) -and ($global:bolProgressBar))
{

$i++
[int]$pct = ($i/$intTot)*100
Write-Progress -Activity "Collecting objects" -Status "Currently scanning $i of $intTot objects" -Id 0 -CurrentOperation "Reading ACL on: $ADObjDN" -PercentComplete $pct

}
else
{
if (($PSVersionTable.PSVersion -ne „2.0“) -and ($global:bolProgressBar))
{
$i++
[int]$pct = ($i/$intTot)*100
#Update the progress bar

    while(($null -eq $global:ProgressBarWindow.Window.IsInitialized) -and ($intLoop -lt 20))
    {
                Start-Sleep -Milliseconds 1
                $cc++
    }
    if ($global:ProgressBarWindow.Window.IsInitialized -eq $true)
    {
        Update-ProgressBar "Currently scanning $i of $intTot objects" $pct 
    }    

}

}

$sd = New-Object System.Collections.ArrayList
$GetOwnerEna = $bolGetOwnerEna

$LDAPConnection = New-Object System.DirectoryServices.Protocols.LDAPConnection($global:strDC, $CREDS)
$LDAPConnection.SessionOptions.ReferralChasing = „None“
$request = New-Object System.directoryServices.Protocols.SearchRequest(„$ADObjDN“, „(name=*)“, „base“)
if($global:bolShowDeleted)
{
[string] $LDAP_SERVER_SHOW_DELETED_OID = „1.2.840.113556.1.4.417“
[void]$request.Controls.Add((New-Object „System.DirectoryServices.Protocols.DirectoryControl“ -ArgumentList „$LDAP_SERVER_SHOW_DELETED_OID“,$null,$false,$true ))
}
[void]$request.Attributes.Add(„objectclass“)
if($UseCanonicalName)
{
[void]$request.Attributes.Add(„canonicalname“)
}
[void]$request.Attributes.Add(„ntsecuritydescriptor“)

if ($rdbDACL.IsChecked)
{
$SecurityMasks = [System.DirectoryServices.Protocols.SecurityMasks]’Owner‘ -bor [System.DirectoryServices.Protocols.SecurityMasks]’Group‘-bor [System.DirectoryServices.Protocols.SecurityMasks]’Dacl‘ #-bor [System.DirectoryServices.Protocols.SecurityMasks]’Sacl‘
$control = New-Object System.DirectoryServices.Protocols.SecurityDescriptorFlagControl($SecurityMasks)
[void]$request.Controls.Add($control)
$response = $LDAPConnection.SendRequest($request)
$DSobject = $response.Entries[0]
#Check if any NTsecuritydescr
if($null -ne $DSobject.Attributes.ntsecuritydescriptor)
{
if($null -ne $DSobject.Attributes.objectclass)
{
$strObjectClass = $DSobject.Attributes.objectclass[$DSobject.Attributes.objectclass.count-1]
}
else
{
$strObjectClass = „unknown“
}
if($SDDL)
{
[string]$strSDDL = „“
$objSd = $DSobject.Attributes.ntsecuritydescriptor[0]
if ($objSD -is [Byte[]]) {
$SDDLSec = New-Object System.Security.AccessControl.RawSecurityDescriptor @($objSd, 0)
} elseif ($objSD -is [string]) {
$SDDLSec = New-Object System.Security.AccessControl.RawSecurityDescriptor @($objSd)
}

        if(!($IncludeInherited))
        {
            $arrSDDL = @(($SDDLSec.GetSddlForm('Access,Owner')).split(")") | ?{$_ -notmatch "ID;"})
            if($arrSDDL.count -gt 0)
            {
                for($IntCount=0;$IntCount -lt $($arrSDDL.count -1);$IntCount++)
                {
                    $strSDDL +="$($arrSDDL[$IntCount]))"
                }
            }
        }
        else
        {
            $strSDDL = $SDDLSec.GetSddlForm('Access,Owner')
        }

    }
    $sec = New-Object System.DirectoryServices.ActiveDirectorySecurity
    if($chkBoxRAWSDDL.IsChecked)
    {
        $secSDDL = New-Object System.DirectoryServices.ActiveDirectorySecurity
        $objSd =  $DSobject.Attributes.ntsecuritydescriptor[0]
        if ($objSD -is [Byte[]]) {
                $SDDLSec = New-Object System.Security.AccessControl.RawSecurityDescriptor @($objSd, 0)
            } elseif ($objSD -is [string]) {
                $SDDLSec = New-Object System.Security.AccessControl.RawSecurityDescriptor @($objSd)
            }
        $strSDDLForm = $SDDLSec.GetSddlForm('Access,Owner')

        $arrSplitedSDDL = $strSDDLForm.Split("(")
        $intI = 0
        Foreach ($strSDDLPart in $arrSplitedSDDL)
        {
            if($intI -gt 0)
            {
                if($sec.Owner -eq $null)
                {
                    $sec.SetSecurityDescriptorSDDLForm("$($arrSplitedSDDL[0])($strSDDLPart")
                }
                else
                {
                    if(!($IncludeInherited))
                    {
                        if(($strSDDLPart.split(";")[1] -ne "CIID") -and ($strSDDLPart.split(";")[1] -ne "CIIOID"))
                        {
                            $secSDDL.SetSecurityDescriptorSDDLForm("$($arrSplitedSDDL[0])($strSDDLPart")
                            $sec.AddAccessRule($secSDDL.Access[0]) 
                        }
                    }
                    else
                    {
                        $secSDDL.SetSecurityDescriptorSDDLForm("$($arrSplitedSDDL[0])($strSDDLPart")
                        $sec.AddAccessRule($secSDDL.Access[0])
                    }
                }
            }
            $intI++
        }
    }
    else
    {
        $sec.SetSecurityDescriptorBinaryForm($DSobject.Attributes.ntsecuritydescriptor[0])
    }

    &{#Try
        $global:secd = $sec.GetAccessRules($true, $IncludeInherited, [System.Security.Principal.SecurityIdentifier])

    }
    Trap [SystemException]
    { 
        if($bolCMD)
        {
            Write-host "Failed to translate identity:$ADObjDN" -ForegroundColor red
        }
        else
        {
            $global:observableCollection.Insert(0,(LogMessage -strMessage "Failed to translate identity:$ADObjDN" -strType "Warning" -DateStamp ))
        }
        $global:GetSecErr = $true
        Continue
    }              

}
else
{
    #Fail futher scan when NTsecurityDescriptor is null
    $global:GetSecErr = $true
}

}
else
{
$SecurityMasks = [System.DirectoryServices.Protocols.SecurityMasks]’Owner‘ -bor [System.DirectoryServices.Protocols.SecurityMasks]’Group‘-bor [System.DirectoryServices.Protocols.SecurityMasks]’Dacl‘ -bor [System.DirectoryServices.Protocols.SecurityMasks]’Sacl‘
$control = New-Object System.DirectoryServices.Protocols.SecurityDescriptorFlagControl($SecurityMasks)
[void]$request.Controls.Add($control)
$response = $LDAPConnection.SendRequest($request)
$DSobject = $response.Entries[0]
if($null -ne $DSobject.Attributes.objectclass)
{
$strObjectClass = $DSobject.Attributes.objectclass[$DSobject.Attributes.objectclass.count-1]
}
else
{
$strObjectClass = „unknown“
}
$sec = New-Object System.DirectoryServices.ActiveDirectorySecurity
$sec.SetSecurityDescriptorBinaryForm($DSobject.Attributes.ntsecuritydescriptor[0])
&{#Try
$global:secd = $sec.GetAuditRules($true, $IncludeInherited, [System.Security.Principal.SecurityIdentifier])
}
Trap [SystemException]
{
if($bolCMD)
{
Write-host „Failed to translate identity:$ADObjDN“ -ForegroundColor red
}
else
{
$global:observableCollection.Insert(0,(LogMessage -strMessage „Failed to translate identity:$ADObjDN“ -strType „Warning“ -DateStamp ))
}
$global:GetSecErr = $true
Continue
}
}

if(($global:GetSecErr -ne $true) -or ($global:secd -ne „“))
{
$sd.clear()
if($null -ne $global:secd){
$(ConvertTo-ObjectArrayListFromPsCustomObject $global:secd)| ForEach-Object{[void]$sd.add($_)}
}
If ($GetOwnerEna -eq $true)
{

    &{#Try
        $global:strOwner = $sec.GetOwner([System.Security.Principal.SecurityIdentifier]).value
    }

    Trap [SystemException]
    { 
        if($global:bolADDSType)
        {
            if($bolCMD)
            {
                Write-host "Failed to translate owner identity:$ADObjDN" -ForegroundColor red
            }
            else
            {
                $global:observableCollection.Insert(0,(LogMessage -strMessage "Failed to translate owner identity:$ADObjDN" -strType "Warning" -DateStamp ))
            }
        }
        Continue
    }

    $newSdOwnerObject = New-Object PSObject -Property @{ActiveDirectoryRights="Read permissions, Modify permissions";InheritanceType="None";ObjectType ="None";`
    InheritedObjectType="None";ObjectFlags="None";AccessControlType="Owner";IdentityReference=$global:strOwner;IsInherited="False";`
    InheritanceFlags="None";PropagationFlags="None"}

    [void]$sd.insert(0,$newSdOwnerObject)

}
 If ($SkipDefaultPerm)
{
    If ($GetOwnerEna -eq $false)
        {

        &{#Try
            $global:strOwner = $sec.GetOwner([System.Security.Principal.SecurityIdentifier]).value
        }

        Trap [SystemException]
        { 
            if($bolCMD)
            {
                Write-host "Failed to translate owner identity:$ADObjDN" -ForegroundColor red
            }
            else
            {
                $global:observableCollection.Insert(0,(LogMessage -strMessage "Failed to translate owner identity:$ADObjDN" -strType "Error" -DateStamp ))
            }
            Continue
        }
    } 

}

if ($bolACLsize -eq $true) 
{
    $strACLSize = $sec.GetSecurityDescriptorBinaryForm().length
}
if ($bolGetOUProtected -eq $true)
{
    $bolOUProtected = $sec.AreAccessRulesProtected
}

if ($bolReplMeta -eq $true)
{

    $AclChange = $(GetACLMeta  $global:strDC $ADObjDN -CREDS $CREDS)
    $objLastChange = $AclChange.split(";")[0]
    $strOrigInvocationID = $AclChange.split(";")[1]
    $strOrigUSN = $AclChange.split(";")[2]
}


If (($FilterEna -eq $true) -and ($bolEffectiveR -eq $false))
{
    If ($AccessFilter)
    {
        if ($AccessType.Length -gt 0)
        {
        $sd = @($sd | Where-Object{$_.AccessControlType -eq $AccessType})
        }
    }    

    If ($ACLObjectFilter)
    {
        if ($ApplyTo.Length -gt 0)
        {
            if($ApplyTo.Split("|").Count -gt 1 )
            {
                [System.Collections.ArrayList]$arryApplyTo = $ApplyTo.Split("|")  
                if($arryApplyTo -contains "*") 
                {
                    $arryApplyTo.Remove("*")
                }
                $ApplyToString = ""
                $ApplyToAllString = ""
                For($i = 0 ; $i -lt $arryApplyTo.count ; $i++)
                {
                        if($i -eq $arryApplyTo.count -1)
                        {
                            $ApplyToString += $global:dicNameToSchemaIDGUIDs.Item($arryApplyTo[$i]) 
                        }
                        else
                        {
                            $ApplyToString += $global:dicNameToSchemaIDGUIDs.Item($arryApplyTo[$i]) + "|"
                        }

                }
                if($ApplyTo.Split("|") -contains "*")
                {
                    $sd = @($sd | Where-Object{(($_.ObjectType -match $ApplyToString) -or ($_.InheritedObjectType -match $ApplyToString)) -or (($_.ObjectType -eq "00000000-0000-0000-0000-000000000000") -and ($_.InheritedObjectType -eq "00000000-0000-0000-0000-000000000000"))})
                }
                else
                {
                    $sd = @($sd | Where-Object{($_.ObjectType -match $ApplyToString) -or ($_.InheritedObjectType -match $ApplyToString)})
                }

            }
            else
            {
                if($ApplyTo -contains "*")
                {
                    $sd = @($sd | Where-Object{(($_.ObjectType -eq "00000000-0000-0000-0000-000000000000") -and ($_.InheritedObjectType -eq "00000000-0000-0000-0000-000000000000"))})
                }
                else
                {
                    $sd = @($sd | Where-Object{($_.ObjectType -eq $global:dicNameToSchemaIDGUIDs.Item($ApplyTo)) -or ($_.InheritedObjectType -eq $global:dicNameToSchemaIDGUIDs.Item($ApplyTo))})
                }
            }
        }
    }

    If ($BolACLPermissionFilter)
    {
        If ($ACLPermissionFilter)
        {
            if ($ACLPermissionFilter.Length -gt 0)
            {
                $sd = @($sd | Where-Object{$_.ActiveDirectoryRights -match $ACLPermissionFilter})
            }
        }
    }

}

if($FilterBuiltin)
{
    # Filter out default and built-in security principals
    $sd = @($sd | Where-Object{`
        ($_.IdentityReference -match "S-1-5-21-") -and `
        ($_.IdentityReference -notmatch $("^"+$domainsid+"-5\d{2}$")) -and 
        ($_.IdentityReference -notmatch $("^"+$domainsid+"-4\d{2}$"))
        }) 
}

if($RecursiveFind)
{
    $RecursiveData = new-object System.Collections.ArrayList
    foreach($ace in $sd)
    {
        [Void]$RecursiveData.add($ace)
        $SID_DN = ""

        $LDAPConnection = New-Object System.DirectoryServices.Protocols.LDAPConnection($global:strDC,$CREDS)
        $LDAPConnection.SessionOptions.ReferralChasing = "None"
        $request = New-Object System.directoryServices.Protocols.SearchRequest
        $request.DistinguishedName = "<SID=$($ace.IdentityReference)>"
        $request.Filter = "(name=*)"
        $request.Scope = "Base"
        [void]$request.Attributes.Add("objectClass")
        [void]$request.Attributes.Add("member")

        try
        {
            $response = $LDAPConnection.SendRequest($request)
            $result = $response.Entries[0]
            $SID_DN = $result.distinguishedName
            $ObjectClass =$result.attributes.objectclass[$result.attributes.objectclass.count-1]
        }
        catch
        {
            Write-Verbose "Could not resolve $sid"
        }

        if($SID_DN)
        {
            if($ObjectClass -eq "Group")
            {
                if(($result.Attributes.AttributeNames -contains "member;range=0-1499") -or ($result.Attributes.AttributeNames -contains "member"))
                {
                    $global:GroupMembersExpanded =  New-Object System.Collections.ArrayList
                    $NetstedResult = Get-LargeNestedADGroup $global:strDC $SID_DN $RecursiveObjectType -CREDS $CREDS
                    if($NetstedResult)
                    {
                        foreach($NestedObject in $NetstedResult)
                        {
                            $LDAPConnection = New-Object System.DirectoryServices.Protocols.LDAPConnection($strDC, $CREDS)
                            $LDAPConnection.SessionOptions.ReferralChasing = "None"
                            $request = New-Object System.directoryServices.Protocols.SearchRequest
                            $request.DistinguishedName = $NestedObject
                            $request.Filter = "(name=*)"
                            $request.Scope = "Base"
                            [void]$request.Attributes.Add("objectsid")
                            [void]$request.Attributes.Add("msds-principalname")

                            $response = $LDAPConnection.SendRequest($request)
                            $ADObject = $response.Entries[0]

                            $recursiveobject = new-object psobject
                            add-member -inputobject $recursiveobject -MemberType NoteProperty -Name "IdentityReference"     -Value $(try{GetSidStringFromSidByte $ADObject.attributes.objectsid.GetValues([byte[]])[0]}catch{})
                            add-member -inputobject $recursiveobject -MemberType NoteProperty -Name "ActiveDirectoryRights" -Value $ace.ActiveDirectoryRights
                            add-member -inputobject $recursiveobject -MemberType NoteProperty -Name "InheritanceType"       -Value $ace.InheritanceType     
                            add-member -inputobject $recursiveobject -MemberType NoteProperty -Name "ObjectType"            -Value $ace.ObjectType          
                            add-member -inputobject $recursiveobject -MemberType NoteProperty -Name "InheritedObjectType"   -Value $ace.InheritedObjectType 
                            add-member -inputobject $recursiveobject -MemberType NoteProperty -Name "ObjectFlags"           -Value $ace.ObjectFlags         
                            add-member -inputobject $recursiveobject -MemberType NoteProperty -Name "AccessControlType"     -Value $ace.AccessControlType   
                            add-member -inputobject $recursiveobject -MemberType NoteProperty -Name "IsInherited"           -Value $ace.IsInherited         
                            add-member -inputobject $recursiveobject -MemberType NoteProperty -Name "InheritanceFlags"      -Value $ace.InheritanceFlags    
                            add-member -inputobject $recursiveobject -MemberType NoteProperty -Name "PropagationFlags"      -Value $ace.PropagationFlags    
                            [Void]$RecursiveData.add($recursiveobject)
                            $recursiveobject = $null
                        }
                    }
                }

            }

        }       

    }
    $SD = $RecursiveData | Sort-Object -Property InheritedObjectType,ObjectType,IdentityReference,ObjectFlags,ActiveDirectoryRights -Unique
    $RecursiveData = $null
}    

If (($FilterEna -eq $true) -and ($bolEffectiveR -eq $false))
{
    If ($FilterForTrustee)
    {
        if ($FilterTrustee.Length -gt 0)
        {
            $sd = @($sd | Where-Object{if($_.IdentityReference -like "S-1-*"){`
            $(ConvertSidToName -server $global:strDomainLongName -Sid $_.IdentityReference  -CREDS $CREDS) -like $FilterTrustee}`
            else{$_.IdentityReference -like $FilterTrustee}})

        }

    }
}

if($ReturnObjectType)
{
    if($ReturnObjectType -ne "*")
    {
        $sd = @($sd | Where-Object{(GetObjectTypeFromSid -server $global:strDC -Sid $_.IdentityReference.toString() -CREDS $CREDS) -eq $ReturnObjectType})
    }
}


If ($bolAssess)
{
    Switch ($AssessLevel)
    {
        "Info" {$CriticalityFilter = 0}
        "Low" {$CriticalityFilter = 1}
        "Medium" {$CriticalityFilter = 2}
        "Warning" {$CriticalityFilter = 3}
        "Critical" {$CriticalityFilter = 4}
    }
    $sd = @($sd | Where-Object{Get-Criticality -Returns "Filter" $_.IdentityReference.toString() $_.ActiveDirectoryRights.toString() $_.AccessControlType.toString() $_.ObjectFlags.toString() $_.InheritanceType.toString() $_.ObjectType.toString() $_.InheritedObjectType.toString() $CriticalityFilter })
}

if ($bolEffectiveR -eq $true)
{

        if ($global:tokens.count -gt 0)
        {

            $sdtemp2 =  New-Object System.Collections.ArrayList

            if ($global:strPrincipalDN -eq $ADObjDN)
            {
                    $sdtemp = ""
                    $sdtemp = $sd | Where-Object{$_.IdentityReference -eq "S-1-5-10"}
                    if($sdtemp)
                    {
                        [void]$sdtemp2.Add( $sdtemp)
                    }
            }
            foreach ($tok in $global:tokens) 
            {

                    $sdtemp = ""
                    $sdtemp = $sd | Where-Object{$_.IdentityReference -eq $tok}
                    if($sdtemp)
                    {
                         [void]$sdtemp2.Add( $sdtemp)
                    }


            }
                $sd = $sdtemp2
        }

}
$intSDCount =  $sd.count

if (!($null -eq $sd))
{
    $index=0
    $permcount = 0

    if ($intSDCount -gt 0)
    {        
        if($SDDL)
        {
            $sd = @($sd[0])
        }
        while($index -le $sd.count -1) 
        {
                if($GPO)
                {
                    $strDistinguishedName = $GPOTarget
                }
                else
                {
                    $strDistinguishedName = $DSobject.distinguishedname.toString()
                }
                $bolMatchDef = $false
                $bolMatchprotected = $false
                if($UseCanonicalName)
                {
                    if($DSobject.attributes.canonicalname)
                    {
                        $CanonicalName = $DSobject.attributes.canonicalname[0]
                    }
                    else
                    {
                        $CanonicalName = Create-CanonicalName  $DSobject.distinguishedname.toString()
                    }
                }
                $strNTAccount = $sd[$index].IdentityReference.ToString()
                If ($strNTAccount.contains("S-1-"))
                {
                    $strNTAccount = ConvertSidToName -server $global:strDomainLongName -Sid $strNTAccount -CREDS $CREDS
                }  
                #Remove Default Permissions if SkipDefaultPerm selected
                if($SkipDefaultPerm)
                {
                    if($strObjectClass  -ne $strTemoObjectClass)
                    {
                        $sdOUDef = Get-DefaultPermissions -strObjectClass $strObjectClass -CREDS $CREDS
                    }
                    $strTemoObjectClass = $strObjectClass
                    $indexDef=0
                    while($indexDef -le $sdOUDef.count -1)
                    {
                        if (($sdOUDef[$indexDef].IdentityReference -eq $sd[$index].IdentityReference) -and ($sdOUDef[$indexDef].ActiveDirectoryRights -eq $sd[$index].ActiveDirectoryRights) -and ($sdOUDef[$indexDef].AccessControlType -eq $sd[$index].AccessControlType) -and ($sdOUDef[$indexDef].ObjectType -eq $sd[$index].ObjectType) -and ($sdOUDef[$indexDef].InheritanceType -eq $sd[$index].InheritanceType) -and ($sdOUDef[$indexDef].InheritedObjectType -eq $sd[$index].InheritedObjectType))
                        {
                            $bolMatchDef = $true
                        } #End If
                        $indexDef++
                    } #End While
                }

                if($bolMatchDef)
                {
                }
                else
                {
                    #Remove Protect Against Accidental Deletaions Permissions if SkipProtectedPerm selected
                    if($SkipProtectedPerm)
                    {
                        if($sdOUProtect -eq "")
                        {
                            $sdOUProtect = Get-ProtectedPerm
                        }
                        $indexProtected=0
                        while($indexProtected -le $sdOUProtect.count -1)
                        {
                            if (($sdOUProtect[$indexProtected].IdentityReference -eq $sd[$index].IdentityReference) -and ($sdOUProtect[$indexProtected].ActiveDirectoryRights -eq $sd[$index].ActiveDirectoryRights) -and ($sdOUProtect[$indexProtected].AccessControlType -eq $sd[$index].AccessControlType) -and ($sdOUProtect[$indexProtected].ObjectType -eq $sd[$index].ObjectType) -and ($sdOUProtect[$indexProtected].InheritanceType -eq $sd[$index].InheritanceType) -and ($sdOUProtect[$indexProtected].InheritedObjectType -eq $sd[$index].InheritedObjectType))
                            {
                                $bolMatchprotected = $true
                            }#End If
                            $indexProtected++
                        } #End While
                    }

                    if($bolMatchprotected)
                    {
                    }
                    else
                    {
                    If ($bolCSV)
                    {
                        $intCSV++

                        if($OutType -eq "CSVTEMPLATE")
                        {
                            WritePermCSV $sd[$index] $strDistinguishedName $CanonicalName $strObjectClass $strFileCSV $bolReplMeta $objLastChange $strOrigInvocationID $strOrigUSN $bolGetOUProtected $bolOUProtected $false $bolToFile $GPO $GPOdisplayname $TranslateGUID -CREDS $CREDS
                        }
                        else
                        {
                            $bolOUHeader = $false
                            WriteOUT $bolACLExist $sd[$index] $strDistinguishedName $CanonicalName $bolOUHeader $strColorTemp $strFileHTA $bolCompare $FilterEna $bolReplMeta $objLastChange $bolACLsize $strACLSize $bolGetOUProtected $bolOUProtected $bolShowCriticalityColor $bolGUIDtoText $strObjectClass $chkBoxObjType.IsChecked $WriteOut $GPO $GPOdisplayname $bolShowCriticalityColor $strSDDL -CREDS $CREDS
                        }

                    }# End If
                    Else
                    {
                        If ($strColorTemp -eq "1")
                        {
                            $strColorTemp = "2"
                        }# End If
                        else
                        {
                            $strColorTemp = "1"
                        }# End If                   
                        if ($permcount -eq 0)
                        {
                            $bolOUHeader = $true    
                            WriteOUT $bolACLExist $sd[$index] $strDistinguishedName $CanonicalName $bolOUHeader $strColorTemp $strFileHTA $bolCompare $FilterEna $bolReplMeta $objLastChange $bolACLsize $strACLSize $bolGetOUProtected $bolOUProtected $bolShowCriticalityColor $bolGUIDtoText $strObjectClass $chkBoxObjType.IsChecked $WriteOut $GPO $GPOdisplayname $bolShowCriticalityColor $strSDDL -CREDS $CREDS

                        }
                        else
                        {
                                $bolOUHeader = $false 
                            WriteOUT $bolACLExist $sd[$index] $strDistinguishedName $CanonicalName $bolOUHeader $strColorTemp $strFileHTA $bolCompare $FilterEna $bolReplMeta $objLastChange $bolACLsize $strACLSize $bolGetOUProtected $bolOUProtected $bolShowCriticalityColor $bolGUIDtoText $strObjectClass $chkBoxObjType.IsChecked $WriteOut $GPO $GPOdisplayname $bolShowCriticalityColor $strSDDL -CREDS $CREDS

                        }# End If
                    }
                    $aclcount++
                    $permcount++
                }# End If SkipProtectedPerm
                }# End If SkipDefaultPerm
                $index++
        }# End while

    }
    else
    {
        If (!($bolCSV))
        {            
            If ($strColorTemp -eq "1")
            {
            $strColorTemp = "2"
            }
            else
            {
            $strColorTemp = "1"
            }       
            if ($permcount -ne 0)
            {
                $bolOUHeader = $false 
                $GetOwnerEna = $false
                WriteOUT $bolACLExist $sd $strDistinguishedName $CanonicalName $bolOUHeader $strColorTemp $strFileHTA $bolCompare $FilterEna $bolReplMeta $objLastChange $bolACLsize $strACLSize $bolGetOUProtected $bolOUProtected $bolShowCriticalityColor $bolGUIDtoText $strObjectClass $chkBoxObjType.IsChecked $WriteOut $GPO $GPOdisplayname $bolShowCriticalityColor $strSDDL -CREDS $CREDS
                #$aclcount++
            }
        }

        $permcount++
    }#End if array        

    If (!($bolCSVO))
    {
        $bolACLExist = $false
        if (($permcount -eq 0) -and ($index -gt 0))
        {
            $bolOUHeader = $true 
            WriteOUT $bolACLExist $sd $strDistinguishedName $CanonicalName $bolOUHeader "1" $strFileHTA $bolCompare $FilterEna $bolReplMeta $objLastChange $bolACLsize $strACLSize $bolGetOUProtected $bolOUProtected $bolShowCriticalityColor $bolGUIDtoText $strObjectClass $chkBoxObjType.IsChecked $WriteOut $GPO $GPOdisplayname $bolShowCriticalityColor $strSDDL -CREDS $CREDS
            $aclcount++
        }# End If
    }# End if bolCSVOnly
}

}#End $global:GetSecErr
$count++
}# End while

if (($count -gt 0))
{
if ($aclcount -eq 0)
{
if($bolCMD)
{
Write-host „No Permissions found!“ -ForegroundColor red
}
else
{
$global:observableCollection.Insert(0,(LogMessage -strMessage „No Permissions found!“ -strType „Error“ -DateStamp ))
if (($PSVersionTable.PSVersion -ne „2.0“) -and ($global:bolProgressBar))
{
$global:ProgressBarWindow.Window.Dispatcher.invoke([action]{$global:ProgressBarWindow.Window.Close()},“Normal“)
$ProgressBarWindow = $null
Remove-Variable -Name „ProgressBarWindow“ -Scope Global
}
}
}
else
{
if(-not $bolCMD)
{
if (($PSVersionTable.PSVersion -ne „2.0“) -and ($global:bolProgressBar))
{

            $global:ProgressBarWindow.Window.Dispatcher.invoke([action]{$global:ProgressBarWindow.Window.Close()},"Normal")
    } 
}

if($bolCSV)
{
    if($OutType -eq "CSVTEMPLATE")
    {
        if($bolCMD)
        {
            if($bolToFile)
            {
                Write-host "Report saved in: $strFileCSV" -ForegroundColor Yellow
                Write-output $strFileCSV
            }
        }
        else
        {
            $global:observableCollection.Insert(0,(LogMessage -strMessage "Report saved in $strFileCSV" -strType "Warning" -DateStamp ))
        }
        #If Get-Perm was called with Show then open the CSV file.
        if($Show)
        {
            Invoke-Item $strFileCSV
        }
    }
    else
    {
        if($bolCMD)
        {
            if($bolToFile)
            {
                $global:ArrayAllACE | export-csv -Path $strFileCSV -NoTypeInformation -NoClobber
                Write-host "Report saved in: $strFileCSV" -ForegroundColor Yellow
                Write-output $strFileCSV
            }
            else
            {
                $global:ArrayAllACE
            }
        }
        else
        {
            $global:ArrayAllACE | export-csv -Path $strFileCSV -NoTypeInformation -NoClobber
            $global:observableCollection.Insert(0,(LogMessage -strMessage "Report saved in $strFileCSV" -strType "Warning" -DateStamp ))
        }
        #If Get-Perm was called with Show then open the CSV file.
        if($Show)
        {
            Invoke-Item $strFileCSV
        }
    }
}
else
{
    #If excel output
    if($OutType -eq "EXCEL")
    {
        $tablename  = $($strNode+"acltbl") -replace '[^a-zA-Z]+',''

        if($bolShowCriticalityColor)
        {
            # Array with alphabet characters
            $ExcelColumnAlphabet = @()  
            for ([byte]$c = [char]'A'; $c -le [char]'Z'; $c++)  
            {  
                $ExcelColumnAlphabet += [char]$c  
            }  

            #Define Column name for "criticality" by using position in array
            $RangeColumnCriticality = $ExcelColumnAlphabet[$(($global:ArrayAllACE | get-member -MemberType NoteProperty ).count -1 )]

            $global:ArrayAllACE | Export-Excel -path $strFileEXCEL -WorkSheetname $($strNode+"_ACL") -BoldTopRow -TableStyle Medium2 -TableName $($strNode+"acltbl") -NoLegend -AutoSize -FreezeTopRow -ConditionalText $( 
            New-ConditionalText -RuleType Equal -ConditionValue Low -Range "$($RangeColumnCriticality):$($RangeColumnCriticality)" -BackgroundColor DeepSkyBlue -ConditionalTextColor Black
            New-ConditionalText -RuleType Equal -ConditionValue Critical -Range "$($RangeColumnCriticality):$($RangeColumnCriticality)" -BackgroundColor Red -ConditionalTextColor Black
            New-ConditionalText -RuleType Equal -ConditionValue Warning -Range "$($RangeColumnCriticality):$($RangeColumnCriticality)" -BackgroundColor Gold -ConditionalTextColor Black
            New-ConditionalText -RuleType Equal -ConditionValue Medium -Range "$($RangeColumnCriticality):$($RangeColumnCriticality)" -BackgroundColor Yellow -ConditionalTextColor Black
            New-ConditionalText -RuleType Equal -ConditionValue Info -Range "$($RangeColumnCriticality):$($RangeColumnCriticality)" -BackgroundColor LightGray -ConditionalTextColor Black
            )
        }
        else
        {
            $global:ArrayAllACE | Export-Excel -path $strFileEXCEL -WorkSheetname $($strNode+"_ACL") -BoldTopRow -TableStyle Medium2 -TableName $tablename -NoLegend -AutoSize -FreezeTopRow -Append
        }

        if($bolCMD)
        {
            Write-host "Report saved in: $strFileEXCEL" -ForegroundColor Yellow
            Write-output $strFileEXCEL
        }
        else
        {
            $global:observableCollection.Insert(0,(LogMessage -strMessage "Report saved in $strFileEXCEL" -strType "Warning" -DateStamp ))
        }
        if($Show)
        {
            If (test-path HKLM:SOFTWARE\Classes\Excel.Application) 
            {
                Invoke-Item $strFileEXCEL
            }
        }
    }#End if EXCEL
    else
    {
        if($bolShowCriticalityColor)
        {
            Switch ($global:intShowCriticalityLevel)
            {
                0
                {
                (Get-Content $strFileHTA) -replace "20141220T021111056594002014122000", '<FONT size="6" color= "grey">INFO' | Set-Content $strFileHTA
                (Get-Content $strFileHTM) -replace "20141220T021111056594002014122000", '<FONT size="6" color= "grey">INFO' | Set-Content $strFileHTM
                }
                1
                {
                (Get-Content $strFileHTA) -replace "20141220T021111056594002014122000", '<FONT size="6" color= "blue">LOW' | Set-Content $strFileHTA
                (Get-Content $strFileHTM) -replace "20141220T021111056594002014122000", '<FONT size="6" color= "blue">LOW' | Set-Content $strFileHTM
                }
                2
                {
                (Get-Content $strFileHTA) -replace "20141220T021111056594002014122000", '<FONT size="6" color= "yellow">MEDIUM' | Set-Content $strFileHTA
                (Get-Content $strFileHTM) -replace "20141220T021111056594002014122000", '<FONT size="6" color= "yellow">MEDIUM' | Set-Content $strFileHTM
                }
                3
                {
                (Get-Content $strFileHTA) -replace "20141220T021111056594002014122000", '<FONT size="6" color= "orange">WARNING' | Set-Content $strFileHTA
                (Get-Content $strFileHTM) -replace "20141220T021111056594002014122000", '<FONT size="6" color= "orange">WARNING' | Set-Content $strFileHTM
                }
                4
                {
                (Get-Content $strFileHTA) -replace "20141220T021111056594002014122000", '<FONT size="6" color= "red">CRITICAL' | Set-Content $strFileHTA
                (Get-Content $strFileHTM) -replace "20141220T021111056594002014122000", '<FONT size="6" color= "red">CRITICAL' | Set-Content $strFileHTM
                }
            }
        }
        #If Get-Perm was called with Show then open the HTA file.
        if($Show)
        {
            try
            {
                Invoke-Item $strFileHTA
            }
            catch
            {
                if($bolCMD)
                {
                    Write-host "Failed to launch MSHTA.exe" -ForegroundColor Red
                    Write-host "Instead opening the following file directly: $strFileHTM" -ForegroundColor Yellow
                }
                else
                {
                    $global:observableCollection.Insert(0,(LogMessage -strMessage "Failed to launch MSHTA.exe" -strType "Error" -DateStamp ))
                    $global:observableCollection.Insert(0,(LogMessage -strMessage "Instead opening the following file directly: $strFileHTM" -strType "Ino" -DateStamp ))
                }   
                invoke-item $strFileHTM
            }
        }
    }
}

}# End If

}
else
{
$global:observableCollection.Insert(0,(LogMessage -strMessage „No objects found!“ -strType „Error“ -DateStamp ))
}
$i = $null
Remove-Variable -Name „i“
$secd = $null

}

==========================================================================

Function : Get-PermCompare

Arguments : OU Path

Returns : N/A

Description : Compare Permissions on node with permissions in CSV file

==========================================================================

Function Get-PermCompare
{
Param([System.Collections.ArrayList]$AllObjectDn,[boolean]$SkipDefaultPerm,[boolean]$SkipProtectedPerm,[boolean]$bolReplMeta,[boolean]$bolGetOwnerEna,[boolean]$bolCSV,[boolean]$bolGetOUProtected,[boolean]$bolACLsize,[boolean] $bolGUIDtoText,[boolean]$Show,[string] $OutType,[string] $TemplateFilter,[bool]$bolToFile,[bool]$bolShowCriticalityColor,[bool]$bolAssess,[string] $AssessLevel,[bool]$GPO,[bool]$TranslateGUID,[Parameter(Mandatory=$false)]
[pscredential]
$CREDS)

&{#Try
$arrOUList = New-Object System.Collections.ArrayList
$bolCompare = $true
$bolCompareDelegation = $false
$bolFilter = $false
$bolOUPRotected = $false
$strACLSize = „“
$bolAClMeta = $false
$strOwner = „“
$count = 0
$aclcount = 0
$SDUsnCheck = $false
$ExitCompare = $false
$sdOUProtect = „“
$global:ArrayAllACE = New-Object System.Collections.ArrayList

if(($OutType -eq „EXCEL“) -or ($OutType -eq „CSV“))
{
$WriteOut = „Object“
}
else
{
$WriteOut = „HTML“
}

If ($bolAssess)
{
Switch ($AssessLevel)
{
„Info“ {$CriticalityFilter = 0}
„Low“ {$CriticalityFilter = 1}
„Medium“ {$CriticalityFilter = 2}
„Warning“ {$CriticalityFilter = 3}
„Critical“ {$CriticalityFilter = 4}
}
$global:csvHistACLs = @($global:csvHistACLs | Where-Object{Get-Criticality -Returns „Filter“ $_.IdentityReference.toString() $_.ActiveDirectoryRights.toString() $_.AccessControlType.toString() $_.ObjectFlags.toString() $_.InheritanceType.toString() $_.ObjectType.toString() $_.InheritedObjectType.toString() $CriticalityFilter })
}

if ($chkBoxTemplateNodes.IsChecked -eq $true)
{

$index = 0
#Enumerate all Nodes in CSV
if($global:csvHistACLs[0].Object)
{
    while($index -le $global:csvHistACLs.count -1) 
    {
        $arrOUList.Add($global:csvHistACLs[$index].Object)
        $index++
    }
}
else
{
    while($index -le $global:csvHistACLs.count -1) 
    {
        $arrOUList.Add($global:csvHistACLs[$index].OU)
        $index++
    }
}


$arrOUListUnique = $arrOUList | Select-Object -Unique

#Replace any existing strings matching <DOMAIN-DN>
$arrOUListUnique = $arrOUListUnique -replace "<DOMAIN-DN>",$global:strDomainDNName

#Replace any existing strings matching <ROOT-DN>
$arrOUListUnique = $arrOUListUnique -replace "<ROOT-DN>",$global:ForestRootDomainDN
#If the user entered any text replace matching string from CSV

if($txtReplaceDN.text.Length -gt 0)
{

    $arrOUListUnique = $arrOUListUnique -replace $txtReplaceDN.text,$global:strDomainDNName

}
$AllObjectDn = @($arrOUListUnique)

}

If ($bolReplMeta -eq $true)
{
If ($global:csvHistACLs[0].SDDate.length -gt 1)
{
$bolAClMeta = $true
}
$arrUSNCheckList = $global:csvHistACLs | Select-Object -Property OU,OrgUSN -Unique
}

Verify that USN exist in file and that Meta data will be retreived

if($chkBoxScanUsingUSN.IsChecked -eq $true)
{
if($bolAClMeta -eq $true)
{
$SDUsnCheck = $true
}
else
{
If ($bolReplMeta -eq $true)
{
$MsgBox = System.Windows.Forms.MessageBox::Show(„Could not compare using USN.nDid not find USNs in template.nDo you want to continue?“,”Information”,3,“Warning“)
Switch ($MsgBOx)
{
„YES“
{$ExitCompare = $false}
„NO“
{$ExitCompare = $true}
Default
{$ExitCompare = $true}
}
}
else
{
$MsgBox = System.Windows.Forms.MessageBox::Show(„Could not compare using USN.nMake sure scan option SD Modified is selected.nDo you want to continue?“,”Information”,3,“Warning“)
Switch ($MsgBOx)
{
„YES“
{$ExitCompare = $false}
„NO“
{$ExitCompare = $true}
Default
{$ExitCompare = $true}
}
}
}
}
if(!($ExitCompare))
{
If ($bolCSV)
{
If ((Test-Path $strFileCSV) -eq $true)
{
Remove-Item $strFileCSV
}
}

$i = 0
$intCSV = 0
$intReturned = 0
if($global:bolCMD)
{
$intTot = 0
#calculate percentage
$intTot = $AllObjectDn.count
}
else
{
if (($PSVersionTable.PSVersion -ne „2.0“) -and ($global:bolProgressBar))
{
$intTot = 0
#calculate percentage
$intTot = $AllObjectDn.count
if ($intTot -gt 0)
{
LoadProgressBar

    }
}

}

while($count -le $AllObjectDn.count -1)
{
$global:GetSecErr = $false
$global:secd = „“

if(($global:bolCMD) -and ($global:bolProgressBar))
{

    $i++
    [int]$pct = ($i/$intTot)*100
    Write-Progress -Activity "Collecting objects" -Status "Currently scanning $i of $intTot objects" -Id 0 -CurrentOperation "Reading ACL on: $ADObjDN" -PercentComplete $pct 
}
else
{
    if (($PSVersionTable.PSVersion -ne "2.0") -and ($global:bolProgressBar))
    {
        $i++
        [int]$pct = ($i/$intTot)*100
        #Update the progress bar
        while(($null -eq $global:ProgressBarWindow.Window.IsInitialized) -and ($intLoop -lt 20))
        {
                    Start-Sleep -Milliseconds 1
                    $cc++
        }
        if ($global:ProgressBarWindow.Window.IsInitialized -eq $true)
        {
            Update-ProgressBar "Currently scanning $i of $intTot objects" $pct 
        }  

    }
}


$OUMatchResultOverall = $false

$sd =  New-Object System.Collections.ArrayList
$GetOwnerEna = $bolGetOwnerEna
if($GPO)
{
    $ADObjDN = $AllObjectDn[$count].Split(";")[0]
    $GPOTarget = $AllObjectDn[$count].Split(";")[1]
    if($GPO)
    {
        $LDAPConnection = New-Object System.DirectoryServices.Protocols.LDAPConnection($global:strDC, $CREDS)
        $LDAPConnection.SessionOptions.ReferralChasing = "None"
        $request = New-Object System.directoryServices.Protocols.SearchRequest
        $request.DistinguishedName = $ADObjDN
        $request.Filter = "(objectClass=*)"
        $request.Scope = "Base"
        [void]$request.Attributes.Add("displayname")
        $response = $LDAPConnection.SendRequest($request)
        $result = $response.Entries[0]
        try
        {
            $GPOdisplayname = $result.attributes.displayname[0]
        }
        catch
        {
        }            
    }
}
else
{
    $ADObjDN = $($AllObjectDn[$count])
}
$OUdnorgDN = $ADObjDN 

#Counter used for fitlerout Nodes with only defaultpermissions configured
$intAclOccurence = 0

$LDAPConnection = New-Object System.DirectoryServices.Protocols.LDAPConnection($global:strDC, $CREDS)
$LDAPConnection.SessionOptions.ReferralChasing = "None"
$request = New-Object System.directoryServices.Protocols.SearchRequest("$ADObjDN", "(name=*)", "base")
if($global:bolShowDeleted)
{
    [string] $LDAP_SERVER_SHOW_DELETED_OID = "1.2.840.113556.1.4.417"
    [void]$request.Controls.Add((New-Object "System.DirectoryServices.Protocols.DirectoryControl" -ArgumentList "$LDAP_SERVER_SHOW_DELETED_OID",$null,$false,$true ))
}
[void]$request.Attributes.Add("objectclass")
if($UseCanonicalName)
{
    [void]$request.Attributes.Add("canonicalname")
}
[void]$request.Attributes.Add("ntsecuritydescriptor")

$response = $null
 $DSobject = $null

if ($rdbDACL.IsChecked)
{
    $SecurityMasks = [System.DirectoryServices.Protocols.SecurityMasks]'Owner' -bor [System.DirectoryServices.Protocols.SecurityMasks]'Group'-bor [System.DirectoryServices.Protocols.SecurityMasks]'Dacl' #-bor [System.DirectoryServices.Protocols.SecurityMasks]'Sacl'
    $control = New-Object System.DirectoryServices.Protocols.SecurityDescriptorFlagControl($SecurityMasks)
    [void]$request.Controls.Add($control)
    $SendRequest = $false
    try
    {
        $response = $LDAPConnection.SendRequest($request)
        $SendRequest = $true
    }
    catch
    {
        if($global:bolCMD)
        {
            Write-host "Failed to connect to:$ADObjDN"
        }
        else
        {
            $global:observableCollection.Insert(0,(LogMessage -strMessage "Failed to connect to:$ADObjDN" -strType "Error" -DateStamp ))
        }
    }
    if($SendRequest)
    {
    $DSobject = $response.Entries[0]
    if($GPO)
    {
        $strDistinguishedName = $GPOTarget
    }
    else
    {
        $strDistinguishedName = $DSobject.distinguishedname.toString()
    }
    #Check if any NTsecuritydescr
    if($null -ne $DSobject.Attributes.ntsecuritydescriptor)
    {
        if($null -ne $DSobject.Attributes.objectclass)
        {                
            $strObjectClass = $DSobject.Attributes.objectclass[$DSobject.Attributes.objectclass.count-1]
        }
        else
        {
            $strObjectClass = "unknown"
        }

        if($UseCanonicalName)
        {
            if($DSobject.attributes.canonicalname)
            {
                $CanonicalName = $DSobject.attributes.canonicalname[0]
            }
            else
            {
                $CanonicalName = Create-CanonicalName  $DSobject.distinguishedname.toString()
            }
        }
        $sec = New-Object System.DirectoryServices.ActiveDirectorySecurity

        if($chkBoxRAWSDDL.IsChecked)
        {

            $secSDDL = New-Object System.DirectoryServices.ActiveDirectorySecurity
            $objSd =  $DSobject.Attributes.ntsecuritydescriptor[0]
            if ($objSD -is [Byte[]]) {
                    $SDDLSec = New-Object System.Security.AccessControl.RawSecurityDescriptor @($objSd, 0)
                } elseif ($objSD -is [string]) {
                    $SDDLSec = New-Object System.Security.AccessControl.RawSecurityDescriptor @($objSd)
                }
            $strSDDL = $SDDLSec.GetSddlForm('Access,Owner')

            $arrSplitedSDDL = $strSDDL.Split("(")
            $intI = 0
            Foreach ($strSDDLPart in $arrSplitedSDDL)
            {
                if($intI -gt 0)
                {
                    if($sec.Owner -eq $null)
                    {
                        $sec.SetSecurityDescriptorSDDLForm("$($arrSplitedSDDL[0])($strSDDLPart")
                    }
                    else
                    {
                        if(!($chkInheritedPerm.IsChecked))
                        {
                            if(($strSDDLPart.split(";")[1] -ne "CIID") -and ($strSDDLPart.split(";")[1] -ne "CIIOID"))
                            {
                                $secSDDL.SetSecurityDescriptorSDDLForm("$($arrSplitedSDDL[0])($strSDDLPart")
                                $sec.AddAccessRule($secSDDL.Access[0]) 
                            }
                        }
                        else
                        {
                            $secSDDL.SetSecurityDescriptorSDDLForm("$($arrSplitedSDDL[0])($strSDDLPart")
                            $sec.AddAccessRule($secSDDL.Access[0])
                        }
                    }
                }
                $intI++
            }

        }
        else
        {
            $sec.SetSecurityDescriptorBinaryForm($DSobject.Attributes.ntsecuritydescriptor[0])
        }
        &{#Try
            $global:secd = $sec.GetAccessRules($true, $chkInheritedPerm.IsChecked, [System.Security.Principal.SecurityIdentifier])

        }
        Trap [SystemException]
        { 
            $global:observableCollection.Insert(0,(LogMessage -strMessage "Failed to translate identity:$ADObjDN" -strType "Warning" -DateStamp ))
            &{#Try
                $global:secd = $sec.GetAccessRules($true, $chkInheritedPerm.IsChecked, [System.Security.Principal.SecurityIdentifier])
            }
            Trap [SystemException]
            { 
                $global:GetSecErr = $true
                Continue
            }
            Continue
        }
    }
    else
    {
        #Fail futher scan when NTsecurityDescriptor is null
        $global:GetSecErr = $true
    }
    }#End If failed Send Request

}
else
{
    $SecurityMasks = [System.DirectoryServices.Protocols.SecurityMasks]'Owner' -bor [System.DirectoryServices.Protocols.SecurityMasks]'Group'-bor [System.DirectoryServices.Protocols.SecurityMasks]'Dacl' -bor [System.DirectoryServices.Protocols.SecurityMasks]'Sacl'
    $control = New-Object System.DirectoryServices.Protocols.SecurityDescriptorFlagControl($SecurityMasks)
    [void]$request.Controls.Add($control)
    $response = $LDAPConnection.SendRequest($request)
    $DSobject = $response.Entries[0]
    if($null -ne $DSobject.Attributes.objectclass)
    {                
        $strObjectClass = $DSobject.Attributes.objectclass[$DSobject.Attributes.objectclass.count-1]
    }
    else
    {
        $strObjectClass = "unknown"
    }
    $sec = New-Object System.DirectoryServices.ActiveDirectorySecurity
    $sec.SetSecurityDescriptorBinaryForm($DSobject.Attributes.ntsecuritydescriptor[0])
    &{#Try
        #$DSobject.psbase.Options.SecurityMasks = [System.DirectoryServices.SecurityMasks]'Owner' -bor [System.DirectoryServices.SecurityMasks]'Group'-bor [System.DirectoryServices.SecurityMasks]'Dacl' -bor [System.DirectoryServices.SecurityMasks]'Sacl'
        $global:secd = $sec.GetAuditRules($true, $chkInheritedPerm.IsChecked, [System.Security.Principal.SecurityIdentifier])
    }
    Trap [SystemException]
    { 
        $global:observableCollection.Insert(0,(LogMessage -strMessage "Failed to translate identity:$ADObjDN" -strType "Warning" -DateStamp ))
        &{#Try
            $global:secd = $sec.GetAuditRules($true, $chkInheritedPerm.IsChecked, [System.Security.Principal.SecurityIdentifier])
        }
        Trap [SystemException]
        { 
            $global:GetSecErr = $true
            Continue
        }
        Continue
    }
}
if($DSobject.attributes.count -gt 0)
{
if(($global:GetSecErr -ne $true) -or ($global:secd -ne ""))
{
    $sd.clear()
    if($null -ne $global:secd){
        $(ConvertTo-ObjectArrayListFromPsCustomObject  $global:secd)| ForEach-Object{[void]$sd.add($_)}
    }
    If ($GetOwnerEna -eq $true)
    {

        &{#Try
            $global:strOwner = $sec.GetOwner([System.Security.Principal.SecurityIdentifier]).value
        }

        Trap [SystemException]
        { 
            if($global:bolADDSType)
            {
                $global:observableCollection.Insert(0,(LogMessage -strMessage "Failed to translate owner identity:$ADObjDN" -strType "Warning" -DateStamp ))
            }
            $global:strOwner = $sec.GetOwner([System.Security.Principal.SecurityIdentifier]).value
            Continue
        }


        $newSdOwnerObject = New-Object PSObject -Property @{ActiveDirectoryRights="Read permissions, Modify permissions";InheritanceType="None";ObjectType ="None";`
        InheritedObjectType="None";ObjectFlags="None";AccessControlType="Owner";IdentityReference=$global:strOwner;IsInherited="False";`
        InheritanceFlags="None";PropagationFlags="None"}

        [void]$sd.insert(0,$newSdOwnerObject)

    }
     If ($SkipDefaultPerm)
    {
        If ($GetOwnerEna -eq $false)
            {

            &{#Try
                $global:strOwner = $sec.GetOwner([System.Security.Principal.SecurityIdentifier]).value
            }

            Trap [SystemException]
            { 
                $global:observableCollection.Insert(0,(LogMessage -strMessage "Failed to translate owner identity:$ADObjDN" -strType "Error" -DateStamp ))
                $global:strOwner = $sec.GetOwner([System.Security.Principal.SecurityIdentifier]).value
                Continue
            }
        } 
    }

    If ($bolAssess)
    {
        Switch ($AssessLevel)
        {
            "Info" {$CriticalityFilter = 0}
            "Low" {$CriticalityFilter = 1}
            "Medium" {$CriticalityFilter = 2}
            "Warning" {$CriticalityFilter = 3}
            "Critical" {$CriticalityFilter = 4}
        }
        $sd = @($sd | Where-Object{Get-Criticality -Returns "Filter" $_.IdentityReference.toString() $_.ActiveDirectoryRights.toString() $_.AccessControlType.toString() $_.ObjectFlags.toString() $_.InheritanceType.toString() $_.ObjectType.toString() $_.InheritedObjectType.toString() $CriticalityFilter })
    }

    if ($bolACLsize -eq $true) 
    {
        #$strACLSize = $sec.GetSecurityDescriptorBinaryForm().length
        $strACLSize = $SDDLSec.BinaryLength
    }
    if ($bolGetOUProtected -eq $true)
    {
        $bolOUProtected = $sec.AreAccessRulesProtected
    }

    if ($bolReplMeta -eq $true)
    {

        $AclChange = $(GetACLMeta  $global:strDC $ADObjDN -CREDS $CREDS)
        $objLastChange = $AclChange.split(";")[0]
        $strOrigInvocationID = $AclChange.split(";")[1]
        $strOrigUSN = $AclChange.split(";")[2]
    }



    #$rar = @($($sd | select-Object -Property *))


    $index = 0
    $SDResult = $false
    $OUMatchResult = $false


    $SDUsnNew = $true
    if ($SDUsnCheck -eq $true)
    {



                while($index -le $arrUSNCheckList.count -1) 
                {
                    $SDHistResult = $false


                    if($arrUSNCheckList[$index].Object)
                    {
                        $strOUcol = $arrUSNCheckList[$index].Object
                    }
                    else
                    {
                        $strOUcol = $arrUSNCheckList[$index].OU
                    }
                    if($strOUcol.Contains("<DOMAIN-DN>") -gt 0)
                    {
                        $strOUcol = ($strOUcol -Replace "<DOMAIN-DN>",$global:strDomainDNName)

                    }
                    if($strOUcol.Contains("<ROOT-DN>") -gt 0)
                    {
                        $strOUcol = ($strOUcol -Replace "<ROOT-DN>",$global:ForestRootDomainDN)

                    }
                    if($txtReplaceDN.text.Length -gt 0)
                    {
                        $strOUcol = ($strOUcol -Replace $txtReplaceDN.text,$global:strDomainDNName)

                    }     
                    if ($OUdnorgDN -eq $strOUcol )
                    {
                        $OUMatchResult = $true
                        $SDResult = $true

                        if($strOrigUSN -eq $arrUSNCheckList[$index].OrgUSN)
                        {
                            $aclcount++
                            foreach($sdObject in $sd)
                            {


                                if($null  -ne $sdObject.AccessControlType)
                                {
                                    $ACEType = $sdObject.AccessControlType
                                }
                                else
                                {
                                    $ACEType = $sdObject.AuditFlags
                                }
                                $strNTAccount = $sdObject.IdentityReference
                                If ($strNTAccount.contains("S-1-"))
                                {
                                    $strNTAccount = ConvertSidToName -server $global:strDomainLongName -Sid $strNTAccount -CREDS $CREDS

                                }
                                $newSdObject = New-Object PSObject -Property @{ActiveDirectoryRights=$sdObject.ActiveDirectoryRights;InheritanceType=$sdObject.InheritanceType;ObjectType=$sdObject.ObjectType;`
                                InheritedObjectType=$sdObject.InheritedObjectType;ObjectFlags=$sdObject.ObjectFlags;AccessControlType=$ACEType;IdentityReference=$sdObject.IdentityReference;PrincipalName=$strNTAccount;IsInherited=$sdObject.IsInherited;`
                                InheritanceFlags=$sdObject.InheritanceFlags;PropagationFlags=$sdObject.PropagationFlags;State="Match"}

                                if(($TemplateFilter -eq "MATCH") -or ($TemplateFilter -eq "ALL"))
                                {
                                    $OUMatchResultOverall = $true
                                    $intReturned++
                                    If ($bolCSV)
                                    {
                                        $intCSV++
                                        if($OutType -eq "CSVTEMPLATE")
                                        {
                                            WritePermCSV $newSdObject $strDistinguishedname $CanonicalName $strObjectClass $strFileCSV $bolReplMeta $objLastChange $strOrigInvocationID $strOrigUSN $bolGetOUProtected $bolOUProtected $true $bolToFile $GPO $GPODisplayname $TranslateGUID -CREDS $CREDS
                                        }
                                        else
                                        {
                                            $bolOUHeader = $false               
                                            WriteOUT $true $newSdObject $strDistinguishedname $CanonicalName $bolOUHeader "4" $strFileHTA $bolCompare $bolFilter $bolReplMeta $objLastChange $bolACLsize $strACLSize $bolGetOUProtected $bolOUProtected $bolShowCriticalityColor $bolGUIDtoText $strObjectClass $chkBoxObjType.IsChecked $WriteOut $GPO $GPODisplayname $bolShowCriticalityColor -CREDS $CREDS
                                        }
                                    }# End If
                                    Else
                                    {
                                        if ($intAclOccurence -eq 0)
                                        {
                                            $intAclOccurence++
                                            $bolOUHeader = $true 
                                            WriteOUT $false $sd $strDistinguishedname $CanonicalName $bolOUHeader $strColorTemp $strFileHTA $bolCompare $bolFilter $bolReplMeta $objLastChange $bolACLsize $strACLSize $bolGetOUProtected $bolOUProtected $bolShowCriticalityColor $bolGUIDtoText $strObjectClass $chkBoxObjType.IsChecked $WriteOut $GPO $GPODisplayname $bolShowCriticalityColor -CREDS $CREDS

                                        }
                                        $bolOUHeader = $false 
                                        WriteOUT $true $newSdObject $strDistinguishedname $CanonicalName $bolOUHeader "4" $strFileHTA $bolCompare $bolFilter $bolReplMeta $objLastChange $bolACLsize $strACLSize $bolGetOUProtected $bolOUProtected $bolShowCriticalityColor $bolGUIDtoText $strObjectClass $chkBoxObjType.IsChecked $WriteOut $GPO $GPODisplayname $bolShowCriticalityColor -CREDS $CREDS
                                    }#End !$bolCSVOnly
                                }#End Returns
                            }
                            $SDUsnNew = $false
                            break
                        }
                        else
                        {
                            $aclcount++

                            $SDUsnNew = $true
                            break
                        }

                    }
                    $index++
                }


    } 

    If (($SDUsnCheck -eq $false) -or ($SDUsnNew -eq $true))
    { 
        foreach($sdObject in $sd)
        {
            $bolMatchDef = $false
            $bolMatchprotected = $false
            $strIdentityReference= $sdObject.IdentityReference.toString()
            If ($strIdentityReference.contains("S-1-"))
            {
                $strNTAccount = ConvertSidToName -server $global:strDomainLongName -Sid $strIdentityReference -CREDS $CREDS
            }
            #Remove Default Permissions if SkipDefaultPerm selected
            if($SkipDefaultPerm)
            {
                if($strObjectClass  -ne $strTemoObjectClass)
                {
                    $sdOUDef = Get-DefaultPermissions -strObjectClass $strObjectClass -CREDS $CREDS
                }
                $strTemoObjectClass = $strObjectClass
                $indexDef=0
                while($indexDef -le $sdOUDef.count -1) {
                            if (($sdOUDef[$indexDef].IdentityReference -eq $sdObject.IdentityReference) -and ($sdOUDef[$indexDef].ActiveDirectoryRights -eq $sdObject.ActiveDirectoryRights) -and ($sdOUDef[$indexDef].AccessControlType -eq $sdObject.AccessControlType) -and ($sdOUDef[$indexDef].ObjectType -eq $sdObject.ObjectType) -and ($sdOUDef[$indexDef].InheritanceType -eq $sdObject.InheritanceType) -and ($sdOUDef[$indexDef].InheritedObjectType -eq $sdObject.InheritedObjectType))
                            {
                                $bolMatchDef = $true
                            } #End If
                    $indexDef++
                } #End While
            }

            if($bolMatchDef)
            {
            }
            else
            {
                #Remove Protect Against Accidental Deletaions Permissions if SkipProtectedPerm selected
                if($SkipProtectedPerm)
                {
                    if($sdOUProtect -eq "")
                    {
                        $sdOUProtect = Get-ProtectedPerm
                    }
                    $indexProtected=0
                    while($indexProtected -le $sdOUProtect.count -1)
                    {
                        if (($sdOUProtect[$indexProtected].IdentityReference -eq $sdObject.IdentityReference) -and ($sdOUProtect[$indexProtected].ActiveDirectoryRights -eq $sdObject.ActiveDirectoryRights) -and ($sdOUProtect[$indexProtected].AccessControlType -eq $sdObject.AccessControlType) -and ($sdOUProtect[$indexProtected].ObjectType -eq $sdObject.ObjectType) -and ($sdOUProtect[$indexProtected].InheritanceType -eq $sdObject.InheritanceType) -and ($sdOUProtect[$indexProtected].InheritedObjectType -eq $sdObject.InheritedObjectType))
                        {
                            $bolMatchprotected = $true
                        }#End If
                        $indexProtected++
                    } #End While
                }

                if($bolMatchprotected)
                {
                }
                else
                {

                    $index = 0
                    $SDResult = $false
                    $OUMatchResult = $false
                    $aclcount++
                    if($null  -ne $sdObject.AccessControlType)
                    {
                        $ACEType = $sdObject.AccessControlType
                    }
                    else
                    {
                        $ACEType = $sdObject.AuditFlags
                    }

                    $newSdObject = New-Object PSObject -Property @{ActiveDirectoryRights=$sdObject.ActiveDirectoryRights;InheritanceType=$sdObject.InheritanceType;ObjectType=$sdObject.ObjectType;`
                    InheritedObjectType=$sdObject.InheritedObjectType;ObjectFlags=$sdObject.ObjectFlags;AccessControlType=$ACEType;IdentityReference=$strIdentityReference;PrincipalName=$strNTAccount;IsInherited=$sdObject.IsInherited;`
                    InheritanceFlags=$sdObject.InheritanceFlags;PropagationFlags=$sdObject.PropagationFlags;State="Match"}

                    while($index -le $global:csvHistACLs.count -1) 
                    {
                        if($global:csvHistACLs[$index].Object)
                        {
                            $strOUcol = $global:csvHistACLs[$index].Object
                        }
                        else
                        {
                            $strOUcol = $global:csvHistACLs[$index].OU
                        }
                        if($strOUcol.Contains("<DOMAIN-DN>") -gt 0)
                        {
                            $strOUcol = ($strOUcol -Replace "<DOMAIN-DN>",$global:strDomainDNName)

                        }
                        if($strOUcol.Contains("<ROOT-DN>") -gt 0)
                        {
                            $strOUcol = ($strOUcol -Replace "<ROOT-DN>",$global:ForestRootDomainDN)

                        }
                        if($txtReplaceDN.text.Length -gt 0)
                        {
                            $strOUcol = ($strOUcol -Replace $txtReplaceDN.text,$global:strDomainDNName)

                        }
                        if ($OUdnorgDN -eq $strOUcol )
                        {
                            $OUMatchResult = $true
                            $OUMatchResultOverall = $true
                            $strPrincipalName = $global:csvHistACLs[$index].PrincipalName
                            if($strPrincipalName.Contains("<DOMAIN-NETBIOS>"))
                            {
                                $strPrincipalName = ($strPrincipalName -Replace "<DOMAIN-NETBIOS>",$global:strDomainShortName)

                            }
                            if($strPrincipalName.Contains("<ROOT-NETBIOS>"))
                            {
                                $strPrincipalName = ($strPrincipalName -Replace "<ROOT-NETBIOS>",$global:strRootDomainShortName)

                            }
                            if($strPrincipalName.Contains("<DOMAINSID>"))
                            {
                                $strPrincipalName = ($strPrincipalName -Replace "<DOMAINSID>",$global:DomainSID)

                            }
                            if($strPrincipalName.Contains("<ROOTDOMAINSID>"))
                            {
                                $strPrincipalName = ($strPrincipalName -Replace "<ROOTDOMAINSID>",$global:ForestRootDomainSID)

                            }
                            If ($strPrincipalName.contains("S-1-"))
                            {
                                $strPrincipalName = ConvertSidToName -server $global:strDomainLongName -Sid $strPrincipalName -CREDS $CREDS

                            }
                            if($txtReplaceNetbios.text.Length -gt 0)
                            {
                                $strPrincipalName = ($strPrincipalName -Replace $txtReplaceNetbios.text,$global:strDomainShortName)

                            }
                            $strTmpActiveDirectoryRights = $global:csvHistACLs[$index].ActiveDirectoryRights             
                            $strTmpInheritanceType = $global:csvHistACLs[$index].InheritanceType         
                            $strTmpObjectTypeGUID = $global:csvHistACLs[$index].ObjectType
                            $strTmpInheritedObjectTypeGUID = $global:csvHistACLs[$index].InheritedObjectType
                            $strTmpAccessControlType = $global:csvHistACLs[$index].AccessControlType
                            if ($strTmpAccessControlType -eq "Owner" )
                            {
                                $global:strOwnerTemplate = $strPrincipalName
                            }

                            If (($newSdObject.PrincipalName -eq $strPrincipalName) -and ($newSdObject.ActiveDirectoryRights -eq $strTmpActiveDirectoryRights) -and ($newSdObject.AccessControlType -eq $strTmpAccessControlType) -and ($newSdObject.ObjectType -eq $strTmpObjectTypeGUID) -and ($newSdObject.InheritanceType -eq $strTmpInheritanceType) -and ($newSdObject.InheritedObjectType -eq $strTmpInheritedObjectTypeGUID))
                            {
                                $SDResult = $true
                            }
                         }
                        $index++
                    }# End While
                    if(($TemplateFilter -eq "MATCH") -or ($TemplateFilter -eq "ALL"))
                    {
                        if ($SDResult)
                        {
                            $intReturned++
                    If ($bolCSV)
                    {
                        $intCSV++
                        if($OutType -eq "CSVTEMPLATE")
                        {
                            WritePermCSV $newSdObject $strDistinguishedname $CanonicalName $strObjectClass $strFileCSV $bolReplMeta $objLastChange $strOrigInvocationID $strOrigUSN $bolGetOUProtected $bolOUProtected $true $bolToFile $GPO $GPODisplayname $TranslateGUID -CREDS $CREDS
                        }
                        else
                        {
                            $bolOUHeader = $false               
                            WriteOUT $true $newSdObject $strDistinguishedname $CanonicalName $bolOUHeader "4" $strFileHTA $bolCompare $bolFilter $bolReplMeta $objLastChange $bolACLsize $strACLSize $bolGetOUProtected $bolOUProtected $bolShowCriticalityColor $bolGUIDtoText $strObjectClass $chkBoxObjType.IsChecked $WriteOut $GPO $GPODisplayname $bolShowCriticalityColor -CREDS $CREDS
                        }
                    }# End If
                    Else
                    {
                        if ($intAclOccurence -eq 0)
                        {
                            $intAclOccurence++
                            $bolOUHeader = $true 
                            WriteOUT $false $sd $strDistinguishedname $CanonicalName $bolOUHeader $strColorTemp $strFileHTA $bolCompare $bolFilter $bolReplMeta $objLastChange $bolACLsize $strACLSize $bolGetOUProtected $bolOUProtected $bolShowCriticalityColor $bolGUIDtoText $strObjectClass $chkBoxObjType.IsChecked $WriteOut $GPO $GPODisplayname $bolShowCriticalityColor -CREDS $CREDS

                        }
                        $bolOUHeader = $false 
                        WriteOUT $true $newSdObject $strDistinguishedname $CanonicalName $bolOUHeader "4" $strFileHTA $bolCompare $bolFilter $bolReplMeta $objLastChange $bolACLsize $strACLSize $bolGetOUProtected $bolOUProtected $bolShowCriticalityColor $bolGUIDtoText $strObjectClass $chkBoxObjType.IsChecked $WriteOut $GPO $GPODisplayname $bolShowCriticalityColor -CREDS $CREDS
                    }#End !$bolCSVOnly

                }
                }#End Retrunrs
                If ($OUMatchResult -And !($SDResult))
                {
                    if(($TemplateFilter -eq "NEW") -or ($TemplateFilter -eq "ALL"))
                    {
                        $newSdObject.State = "New"
                        $intReturned++
                    If ($bolCSV)
                    {
                        $intCSV++
                        if($OutType -eq "CSVTEMPLATE")
                        {
                            WritePermCSV $newSdObject $strDistinguishedname $CanonicalName $strObjectClass $strFileCSV $bolReplMeta $objLastChange $strOrigInvocationID $strOrigUSN $bolGetOUProtected $bolOUProtected $true $bolToFile $GPO $GPODisplayname $TranslateGUID -CREDS $CREDS
                        }
                        else
                        {
                            $bolOUHeader = $false               
                            WriteOUT $true $newSdObject $strDistinguishedname $CanonicalName $bolOUHeader "5" $strFileHTA $bolCompare $bolFilter $bolReplMeta $objLastChange $bolACLsize $strACLSize $bolGetOUProtected $bolOUProtected $bolShowCriticalityColor $bolGUIDtoText $strObjectClass $chkBoxObjType.IsChecked $WriteOut $GPO $GPODisplayname $bolShowCriticalityColor -CREDS $CREDS
                        }
                    }# End If
                    Else
                    {
                        if ($intAclOccurence -eq 0)
                        {
                            $intAclOccurence++
                            $bolOUHeader = $true 
                            WriteOUT $false $sd $strDistinguishedname $CanonicalName $bolOUHeader $strColorTemp $strFileHTA $bolCompare $bolFilter $bolReplMeta $objLastChange $bolACLsize $strACLSize $bolGetOUProtected $bolOUProtected $bolShowCriticalityColor $bolGUIDtoText $strObjectClass $chkBoxObjType.IsChecked $WriteOut $GPO $GPODisplayname $bolShowCriticalityColor -CREDS $CREDS
                        }   
                        $bolOUHeader = $false 
                        WriteOUT $true $newSdObject $strDistinguishedname $CanonicalName $bolOUHeader "5" $strFileHTA $bolCompare $bolFilter $bolReplMeta $objLastChange $bolACLsize $strACLSize $bolGetOUProtected $bolOUProtected $bolShowCriticalityColor $bolGUIDtoText $strObjectClass $chkBoxObjType.IsChecked $WriteOut $GPO $GPODisplayname $bolShowCriticalityColor -CREDS $CREDS
                    }#End !$bolCSVO
                    }#End Returns

                 }
            }# End If SkipProtectedPerm
        }# End If SkipDefaultPerm
    }
        } # if $SDUsnCheck -eq $true

    If (($SDUsnCheck -eq $false) -or ($SDUsnNew -eq $true))
    {
        $index = 0

        while($index -le $global:csvHistACLs.count -1) 
        {
            $SDHistResult = $false

            if($global:csvHistACLs[$index].Object)
            {
                $strOUcol = $global:csvHistACLs[$index].Object
            }
            else
            {
                $strOUcol = $global:csvHistACLs[$index].OU
            }

            if($strOUcol.Contains("<DOMAIN-DN>") -gt 0)
            {
                $strOUcol = ($strOUcol -Replace "<DOMAIN-DN>",$global:strDomainDNName)

            }
            if($strOUcol.Contains("<ROOT-DN>") -gt 0)
            {
                $strOUcol = ($strOUcol -Replace "<ROOT-DN>",$global:ForestRootDomainDN)

            }
            if($txtReplaceDN.text.Length -gt 0)
            {
                $strOUcol = ($strOUcol -Replace $txtReplaceDN.text,$global:strDomainDNName)

            }     
            if ($OUdnorgDN -eq $strOUcol )
            {
                $OUMatchResult = $true
                $strIdentityReference = $global:csvHistACLs[$index].IdentityReference

                if($strIdentityReference.Contains("<DOMAIN-NETBIOS>"))
                {
                    $strIdentityReference = ($strIdentityReference -Replace "<DOMAIN-NETBIOS>",$global:strDomainShortName)
                }
                if($strIdentityReference.Contains("<ROOT-NETBIOS>"))
                {
                    $strIdentityReference = ($strIdentityReference -Replace "<ROOT-NETBIOS>",$global:strRootDomainShortName)

                }
                if($strIdentityReference.Contains("<DOMAINSID>"))
                {
                    $strIdentityReference = ($strIdentityReference -Replace "<DOMAINSID>",$global:DomainSID)

                }
                if($strIdentityReference.Contains("<ROOTDOMAINSID>"))
                {
                    $strIdentityReference = ($strIdentityReference -Replace "<ROOTDOMAINSID>",$global:ForestRootDomainSID)

                }

                if($txtReplaceNetbios.text.Length -gt 0)
                {
                    $strIdentityReference = ($strIdentityReference -Replace $txtReplaceNetbios.text,$global:strDomainShortName)

                }
                $strTmpActiveDirectoryRights = $global:csvHistACLs[$index].ActiveDirectoryRights         
                $strTmpInheritanceType = $global:csvHistACLs[$index].InheritanceType             
                $strTmpObjectTypeGUID = $global:csvHistACLs[$index].ObjectType
                $strTmpInheritedObjectTypeGUID = $global:csvHistACLs[$index].InheritedObjectType
                $strTmpAccessControlType = $global:csvHistACLs[$index].AccessControlType
                if ($strTmpAccessControlType -eq "Owner" )
                {
                    $global:strOwnerTemplate = $strIdentityReference
                }


                #$rarHistCheck = @($($sd | select-object -Property *))

                foreach($sdObject in $sd)
                {
                    $bolMatchDef = $false
                    #$strIdentityReference = $sdObject.IdentityReference.toString()
                    #If ($strIdentityReference.contains("S-1-"))
                    #{
                    #    $strNTAccount = ConvertSidToName -server $global:strDomainLongName -Sid $strIdentityReference -CREDS $CREDS
                    #}
                    #Remove Default Permissions if SkipDefaultPerm selected
                    if($SkipDefaultPerm)
                    {
                        if($strObjectClass  -ne $strTemoObjectClass)
                        {
                            $sdOUDef = Get-DefaultPermissions -strObjectClass $strObjectClass -CREDS $CREDS
                        }
                        $strTemoObjectClass = $strObjectClass
                        $indexDef=0
                        while($indexDef -le $sdOUDef.count -1) {
                                    if (($sdOUDef[$indexDef].IdentityReference -eq $sdObject.IdentityReference) -and ($sdOUDef[$indexDef].ActiveDirectoryRights -eq $sdObject.ActiveDirectoryRights) -and ($sdOUDef[$indexDef].AccessControlType -eq $sdObject.AccessControlType) -and ($sdOUDef[$indexDef].ObjectType -eq $sdObject.ObjectType) -and ($sdOUDef[$indexDef].InheritanceType -eq $sdObject.InheritanceType) -and ($sdOUDef[$indexDef].InheritedObjectType -eq $sdObject.InheritedObjectType))
                                    {
                                        $bolMatchDef = $true
                                    }#} #End If
                            $indexDef++
                        } #End While
                    }

                    if($bolMatchDef)
                    {
                    }
                    else
                    {     
                        #Remove Protect Against Accidental Deletaions Permissions if SkipProtectedPerm selected
                        if($SkipProtectedPerm)
                        {
                            if($sdOUProtect -eq "")
                            {
                                $sdOUProtect = Get-ProtectedPerm
                            }
                            $indexProtected=0
                            while($indexProtected -le $sdOUProtect.count -1)
                            {
                                if (($sdOUProtect[$indexProtected].IdentityReference -eq $strNTAccount) -and ($sdOUProtect[$indexProtected].ActiveDirectoryRights -eq $sdObject.ActiveDirectoryRights) -and ($sdOUProtect[$indexProtected].AccessControlType -eq $sdObject.AccessControlType) -and ($sdOUProtect[$indexProtected].ObjectType -eq $sdObject.ObjectType) -and ($sdOUProtect[$indexProtected].InheritanceType -eq $sdObject.InheritanceType) -and ($sdOUProtect[$indexProtected].InheritedObjectType -eq $sdObject.InheritedObjectType))
                                {
                                    $bolMatchprotected = $true
                                }#End If
                                $indexProtected++
                            } #End While
                        }

                        if($bolMatchprotected)
                        {
                        }
                        else
                        {                     
                            if($null  -ne $sdObject.AccessControlType)
                            {
                                $ACEType = $sdObject.AccessControlType
                            }
                            else
                            {
                                $ACEType = $sdObject.AuditFlags
                            }                                          

                            $newSdObject = New-Object PSObject -Property @{ActiveDirectoryRights=$sdObject.ActiveDirectoryRights;InheritanceType=$sdObject.InheritanceType;ObjectType=$sdObject.ObjectType;`
                            InheritedObjectType=$sdObject.InheritedObjectType;ObjectFlags=$sdObject.ObjectFlags;AccessControlType=$ACEType;IdentityReference=$sdObject.IdentityReference;PrincipalName=$strNTAccount;IsInherited=$sdObject.IsInherited;`
                            InheritanceFlags=$sdObject.InheritanceFlags;PropagationFlags=$sdObject.PropagationFlags}

                            If (($newSdObject.IdentityReference -eq $strIdentityReference) -and ($newSdObject.ActiveDirectoryRights -eq $strTmpActiveDirectoryRights) -and ($newSdObject.AccessControlType -eq $strTmpAccessControlType) -and ($newSdObject.ObjectType -eq $strTmpObjectTypeGUID) -and ($newSdObject.InheritanceType -eq $strTmpInheritanceType) -and ($newSdObject.InheritedObjectType -eq $strTmpInheritedObjectTypeGUID))
                            {
                                $SDHistResult = $true
                            }#End If $newSdObject
                        }# End If SkipProtectedPerm
                    }# End If SkipDefaultPerm
                }# End foreach 

                #If OU exist in CSV but no matching ACE found
                If ($OUMatchResult -And !($SDHistResult))
                {

                    $strIdentityReference = $global:csvHistACLs[$index].IdentityReference
                    if($strIdentityReference.Contains("<DOMAIN-NETBIOS>"))
                    {
                        $strIdentityReference = ($strIdentityReference -Replace "<DOMAIN-NETBIOS>",$global:strDomainShortName)

                    }
                    if($strIdentityReference.Contains("<ROOT-NETBIOS>"))
                    {
                        $strIdentityReference = ($strIdentityReference -Replace "<ROOT-NETBIOS>",$global:strRootDomainShortName)

                    }
                    if($strIdentityReference.Contains("<DOMAINSID>"))
                    {
                        $strIdentityReference = ($strIdentityReference -Replace "<DOMAINSID>",$global:DomainSID)

                    }
                    if($strIdentityReference.Contains("<ROOTDOMAINSID>"))
                    {
                        $strIdentityReference = ($strIdentityReference -Replace "<ROOTDOMAINSID>",$global:ForestRootDomainSID)

                    }
                    if($txtReplaceNetbios.text.Length -gt 0)
                    {
                        $strIdentityReference = ($strIdentityReference -Replace $txtReplaceNetbios.text,$global:strDomainShortName)

                    }                  
                    If ($strIdentityReference.contains("S-1-"))
                    {
                     $strIdentityReference = ConvertSidToName -server $global:strDomainLongName -Sid $strIdentityReference -CREDS $CREDS

                    }
                    $histSDObject = New-Object PSObject -Property @{ActiveDirectoryRights=$global:csvHistACLs[$index].ActiveDirectoryRights;InheritanceType=$global:csvHistACLs[$index].InheritanceType;ObjectType=$global:csvHistACLs[$index].ObjectType;`
                    InheritedObjectType=$global:csvHistACLs[$index].InheritedObjectType;ObjectFlags=$global:csvHistACLs[$index].ObjectFlags;AccessControlType=$global:csvHistACLs[$index].AccessControlType;IdentityReference=$strIdentityReference;PrincipalName=$strNTAccount;IsInherited=$global:csvHistACLs[$index].IsInherited;`
                    InheritanceFlags=$global:csvHistACLs[$index].InheritanceFlags;PropagationFlags=$global:csvHistACLs[$index].PropagationFlags;State="Missing"}
                    if(($TemplateFilter -eq "MISSING") -or ($TemplateFilter -eq "ALL"))
                    {
                        $intReturned++
                    If ($bolCSV)
                    {
                        $intCSV++
                        if($OutType -eq "CSVTEMPLATE")
                        {
                            WritePermCSV $histSDObject $strDistinguishedname $CanonicalName $strObjectClass $strFileCSV $bolReplMeta $objLastChange $strOrigInvocationID $strOrigUSN $bolGetOUProtected $bolOUProtected $true $bolToFile $GPO $GPODisplayname $TranslateGUID -CREDS $CREDS
                        }
                        else
                        {
                            $bolOUHeader = $false               
                            WriteOUT $true $histSDObject $strDistinguishedname $CanonicalName $bolOUHeader "3" $strFileHTA $bolCompare $bolFilter $bolReplMeta $objLastChange $bolACLsize $strACLSize $bolGetOUProtected $bolOUProtected $bolShowCriticalityColor $bolGUIDtoText $strObjectClass $chkBoxObjType.IsChecked $WriteOut $GPO $GPODisplayname $bolShowCriticalityColor -CREDS $CREDS
                        }
                    }# End If
                    Else
                    {                    
                        if ($intAclOccurence -eq 0)
                        {
                            $intAclOccurence++
                            $bolOUHeader = $true 
                            WriteOUT $false $sd $strDistinguishedname $CanonicalName $bolOUHeader $strColorTemp $strFileHTA $bolCompare $bolFilter $bolReplMeta $objLastChange $bolACLsize $strACLSize $bolGetOUProtected $bolOUProtected $bolShowCriticalityColor $bolGUIDtoText $strObjectClass $chkBoxObjType.IsChecked $WriteOut $GPO $GPODisplayname $bolShowCriticalityColor -CREDS $CREDS
                        }
                        $bolOUHeader = $false               
                        WriteOUT $true $histSDObject $strDistinguishedname $CanonicalName $bolOUHeader "3" $strFileHTA $bolCompare $bolFilter $bolReplMeta $objLastChange $bolACLsize $strACLSize $bolGetOUProtected $bolOUProtected $bolShowCriticalityColor $bolGUIDtoText $strObjectClass $chkBoxObjType.IsChecked $WriteOut $GPO $GPODisplayname $bolShowCriticalityColor -CREDS $CREDS
                    }#End !$bolCSVOnly
                    }#End Returns
                    $histSDObject = ""
                }# End If $OUMatchResult
            }# End if $OUdn
            $index++
        }# End While

    } #End If If ($SDUsnCheck -eq $false)

    #If the OU was not found in the CSV
    If (!$OUMatchResultOverall)        
    {

        foreach($sdObject in $sd)
        {
            $bolMatchDef = $false
            if($sdObject.IdentityReference.value)
            {
                $strNTAccount = $sdObject.IdentityReference.value
            }
            else
            {
               $strNTAccount = $sdObject.IdentityReference
            }
            If ($strNTAccount.contains("S-1-"))
            {
             $strNTAccount = ConvertSidToName -server $global:strDomainLongName -Sid $strNTAccount -CREDS $CREDS

            }

            #Remove Default Permissions if SkipDefaultPerm selected
            if($SkipDefaultPerm -or $bolCompareDelegation) 
            {
                if($strObjectClass  -ne $strTemoObjectClass)
                {
                    $sdOUDef = Get-DefaultPermissions -strObjectClass $strObjectClass -CREDS $CREDS
                }
                $strTemoObjectClass = $strObjectClass
                $indexDef=0
                while($indexDef -le $sdOUDef.count -1) {
                            if (($sdOUDef[$indexDef].IdentityReference -eq $sdObject.IdentityReference) -and ($sdOUDef[$indexDef].ActiveDirectoryRights -eq $sdObject.ActiveDirectoryRights) -and ($sdOUDef[$indexDef].AccessControlType -eq $sdObject.AccessControlType) -and ($sdOUDef[$indexDef].ObjectType -eq $sdObject.ObjectType) -and ($sdOUDef[$indexDef].InheritanceType -eq $sdObject.InheritanceType) -and ($sdOUDef[$indexDef].InheritedObjectType -eq $sdObject.InheritedObjectType))
                            {
                                $bolMatchDef = $true
                            }#} #End If
                    $indexDef++
                } #End While
            }

            if($bolMatchDef)
            {
            }
            else
            {   
                if($SkipDefaultPerm -or $bolCompareDelegation) 
                {
                    $strDelegationNotation = "Node not in file"


                    If (($strNTAccount -eq $global:strOwnerTemplate) -and ($sdObject.ActiveDirectoryRights -eq "Read permissions, Modify permissions") -and ($sdObject.AccessControlType -eq "Owner") -and ($sdObject.ObjectType -eq "None") -and ($sdObject.InheritanceType -eq "None") -and ($sdObject.InheritedObjectType -eq "None"))
                    {

                    }#End If $newSdObject
                    else
                    {

                        $MissingOUSdObject = New-Object PSObject -Property @{ActiveDirectoryRights=$sdObject.ActiveDirectoryRights;InheritanceType=$sdObject.InheritanceType;ObjectType=$sdObject.ObjectType;`
                        InheritedObjectType=$sdObject.InheritedObjectType;ObjectFlags=$sdObject.ObjectFlags;AccessControlType=$sdObject.AccessControlType;IdentityReference=$sdObject.IdentityReference;PrincipalName=$strNTAccount;IsInherited=$sdObject.IsInherited;`
                        InheritanceFlags=$sdObject.InheritanceFlags;PropagationFlags=$sdObject.PropagationFlags;State=$strDelegationNotation}
                        $intReturned++
                        If ($bolCSV)
                        {
                            $intCSV++

                            if($OutType -eq "CSVTEMPLATE")
                            {
                                WritePermCSV $MissingOUSdObject $strDistinguishedname $CanonicalName $strObjectClass $strFileCSV $bolReplMeta $objLastChange $strOrigInvocationID $strOrigUSN $bolGetOUProtected $bolOUProtected $true $bolToFile $GPO $GPODisplayname $TranslateGUID -CREDS $CREDS
                            }
                            else
                            {
                                $bolOUHeader = $false               
                                WriteOUT $true $MissingOUSdObject $OUdn $CanonicalName $bolOUHeader "5" $strFileHTA $bolCompare $bolFilter $bolReplMeta $objLastChange $bolACLsize $strACLSize $bolGetOUProtected $bolOUProtected $bolShowCriticalityColor $bolGUIDtoText $strObjectClass $chkBoxObjType.IsChecked $WriteOut $GPO $GPODisplayname $bolShowCriticalityColor -CREDS $CREDS
                            }
                        }# End If
                        Else
                        {   
                            if ($intAclOccurence -eq 0)
                            {
                                $intAclOccurence++
                                $bolOUHeader = $true 
                                WriteOUT $false $sd $strDistinguishedname $CanonicalName $bolOUHeader $strColorTemp $strFileHTA $bolCompare $bolFilter $bolReplMeta $objLastChange $bolACLsize $strACLSize $bolGetOUProtected $bolOUProtected $bolShowCriticalityColor $bolGUIDtoText $strObjectClass $chkBoxObjType.IsChecked $WriteOut $GPO $GPODisplayname $bolShowCriticalityColor -CREDS $CREDS
                            }
                            $bolOUHeader = $false 
                            WriteOUT $true $MissingOUSdObject $OUdn $CanonicalName $bolOUHeader "5" $strFileHTA $bolCompare $bolFilter $bolReplMeta $objLastChange $bolACLsize $strACLSize $bolGetOUProtected $bolOUProtected $bolShowCriticalityColor $bolGUIDtoText $strObjectClass $chkBoxObjType.IsChecked $WriteOut $GPO $GPODisplayname $bolShowCriticalityColor -CREDS $CREDS
                        }#End !$bolCSVOnly
                    }
                }
                else
                {
                    if($SDUsnCheck -eq $false)
                    {
                        $strDelegationNotation = "Node not in file"


                        $MissingOUSdObject = New-Object PSObject -Property @{ActiveDirectoryRights=$sdObject.ActiveDirectoryRights;InheritanceType=$sdObject.InheritanceType;ObjectType=$sdObject.ObjectType;`
                        InheritedObjectType=$sdObject.InheritedObjectType;ObjectFlags=$sdObject.ObjectFlags;AccessControlType=$sdObject.AccessControlType;IdentityReference=$sdObject.IdentityReference;PrincipalName=$strNTAccount;IsInherited=$sdObject.IsInherited;`
                        InheritanceFlags=$sdObject.InheritanceFlags;PropagationFlags=$sdObject.PropagationFlags;State=$strDelegationNotation}
                        if(($TemplateFilter -eq "MISSING") -or ($TemplateFilter -eq "ALL"))
                        {
                             $intReturned++
                         If ($bolCSV)
                        {
                            $intCSV++
                            if($OutType -eq "CSVTEMPLATE")
                            {
                                WritePermCSV $MissingOUSdObject $strDistinguishedname $CanonicalName $strObjectClass $strFileCSV $bolReplMeta $objLastChange $strOrigInvocationID $strOrigUSN $bolGetOUProtected $bolOUProtected $true $bolToFile $GPO $GPODisplayname $TranslateGUID -CREDS $CREDS
                            }
                            else

                            {
                                $bolOUHeader = $false               
                                WriteOUT $false $sd $strDistinguishedname $CanonicalName $bolOUHeader $strColorTemp $strFileHTA $bolCompare $bolFilter $bolReplMeta $objLastChange $bolACLsize $strACLSize $bolGetOUProtected $bolOUProtected $bolShowCriticalityColor $bolGUIDtoText $strObjectClass $chkBoxObjType.IsChecked $WriteOut $GPO $GPODisplayname $bolShowCriticalityColor -CREDS $CREDS
                            }
                        }# End If
                        Else
                        {   
                            if ($intAclOccurence -eq 0)
                            {
                                $intAclOccurence++
                                $bolOUHeader = $true 
                                WriteOUT $false $sd $strDistinguishedname $CanonicalName $bolOUHeader $strColorTemp $strFileHTA $bolCompare $bolFilter $bolReplMeta $objLastChange $bolACLsize $strACLSize $bolGetOUProtected $bolOUProtected $bolShowCriticalityColor $bolGUIDtoText $strObjectClass $chkBoxObjType.IsChecked $WriteOut $GPO $GPODisplayname $bolShowCriticalityColor -CREDS $CREDS
                            }
                            $bolOUHeader = $false                  
                            WriteOUT $true $MissingOUSdObject $strDistinguishedname $CanonicalName $bolOUHeader "5" $strFileHTA $bolCompare $bolFilter $bolReplMeta $objLastChange $bolACLsize $strACLSize $bolGetOUProtected $bolOUProtected $bolShowCriticalityColor $bolGUIDtoText $strObjectClass $chkBoxObjType.IsChecked $WriteOut $GPO $GPODisplayname $bolShowCriticalityColor -CREDS $CREDS
                        }#End !$bolCSVOnly
                    }#End Returns
                    }
                }
            }#Skip Default or bolComparedelegation
        }#End Forech $sd
    } #End If not OUMatchResultOverall
  }#End Global:GetSecErr

}#else if adobject missing name
else
{
$index = 0

 while($index -le $global:csvHistACLs.count -1) 
 {
    $SDHistResult = $false

    if($global:csvHistACLs[$index].Object)
    {
        $strOUcol = $global:csvHistACLs[$index].Object
    }
    else
    {
        $strOUcol = $global:csvHistACLs[$index].OU
    }
    if($strOUcol.Contains("<DOMAIN-DN>") -gt 0)
    {
        $strOUcol = ($strOUcol -Replace "<DOMAIN-DN>",$global:strDomainDNName)

    }
    if($strOUcol.Contains("<ROOT-DN>") -gt 0)
    {
        $strOUcol = ($strOUcol -Replace "<ROOT-DN>",$global:ForestRootDomainDN)

    }
    if($txtReplaceDN.text.Length -gt 0)
    {
        $strOUcol = ($strOUcol -Replace $txtReplaceDN.text,$global:strDomainDNName)

    }           
    if ($OUdnorgDN -eq $strOUcol )
    {

        $strIdentityReference = $global:csvHistACLs[$index].IdentityReference
        if($strIdentityReference.Contains("<DOMAIN-NETBIOS>"))
        {
            $strIdentityReference = ($strIdentityReference -Replace "<DOMAIN-NETBIOS>",$global:strDomainShortName)

        }
        if($strIdentityReference.Contains("<ROOT-NETBIOS>"))
        {
            $strIdentityReference = ($strIdentityReference -Replace "<ROOT-NETBIOS>",$global:strRootDomainShortName)

        }
        if($strIdentityReference.Contains("<DOMAINSID>"))
        {
            $strIdentityReference = ($strIdentityReference -Replace "<DOMAINSID>",$global:DomainSID)

        }
        if($strIdentityReference.Contains("<ROOTDOMAINSID>"))
        {
            $strIdentityReference = ($strIdentityReference -Replace "<ROOTDOMAINSID>",$global:ForestRootDomainSID)

        }
        if($txtReplaceNetbios.text.Length -gt 0)
        {
            $strIdentityReference = ($strIdentityReference -Replace $txtReplaceNetbios.text,$global:strDomainShortName)

        }    
        If ($strIdentityReference.contains("S-1-"))
        {
         $strIdentityReference = ConvertSidToName -server $global:strDomainLongName -Sid $strIdentityReference -CREDS $CREDS

        }
        $histSDObject = New-Object PSObject -Property @{ActiveDirectoryRights=$global:csvHistACLs[$index].ActiveDirectoryRights;InheritanceType=$global:csvHistACLs[$index].InheritanceType;ObjectType=$global:csvHistACLs[$index].ObjectType;`
        InheritedObjectType=$global:csvHistACLs[$index].InheritedObjectType;ObjectFlags=$global:csvHistACLs[$index].ObjectFlags;AccessControlType=$global:csvHistACLs[$index].AccessControlType;IdentityReference=$global:csvHistACLs[$index].IdentityReference;PrincipalName=$strNTAccount;IsInherited=$global:csvHistACLs[$index].IsInherited;`
        InheritanceFlags=$global:csvHistACLs[$index].InheritanceFlags;PropagationFlags=$global:csvHistACLs[$index].PropagationFlags;State="Node does not exist in AD"}
        $intReturned++
        If ($bolCSV)
        {
            if($OutType -eq "CSVTEMPLATE")
            {
                WritePermCSV $histSDObject $DSobject.distinguishedname.toString() $CanonicalName $strObjectClass $strFileCSV $bolReplMeta $objLastChange $strOrigInvocationID $strOrigUSN $bolGetOUProtected $bolOUProtected $true $bolToFile $GPO $GPODisplayname $TranslateGUID -CREDS $CREDS
            }
            else

            {
                $bolOUHeader = $false               
                WriteOUT $true $histSDObject $strOUcol $CanonicalName $bolOUHeader "3" $strFileHTA $bolCompare $bolFilter $bolReplMeta $objLastChange $bolACLsize $strACLSize $bolGetOUProtected $bolOUProtected $bolShowCriticalityColor $bolGUIDtoText $strObjectClass $chkBoxObjType.IsChecked $WriteOut $GPO $GPODisplayname $bolShowCriticalityColor -CREDS $CREDS
            }


        }# End If
        Else
        {                       
            if ($intAclOccurence -eq 0)
            {
                $intAclOccurence++
                $bolOUHeader = $true 
                WriteOUT $false $histSDObject $strOUcol $CanonicalName $bolOUHeader $strColorTemp $strFileHTA $bolCompare $bolFilter $bolReplMeta $objLastChange $bolACLsize $strACLSize $bolGetOUProtected $bolOUProtected $bolShowCriticalityColor $bolGUIDtoText $strObjectClass $chkBoxObjType.IsChecked $WriteOut $GPO $GPODisplayname $bolShowCriticalityColor -CREDS $CREDS
            }
            $bolOUHeader = $false               
            WriteOUT $true $histSDObject $strOUcol $CanonicalName $bolOUHeader "3" $strFileHTA $bolCompare $bolFilter $bolReplMeta $objLastChange $bolACLsize $strACLSize $bolGetOUProtected $bolOUProtected $bolShowCriticalityColor $bolGUIDtoText $strObjectClass $chkBoxObjType.IsChecked $WriteOut $GPO $GPODisplayname $bolShowCriticalityColor -CREDS $CREDS
        }#End !$bolCSVOnly
        $histSDObject = ""
    }
    $index++
}

}#End if adobject missing name
$count++
}# End While $AllObjectDn.count

if (($count -gt 0))
{
if(-not $bolCMD)
{
if (($PSVersionTable.PSVersion -ne „2.0“) -and ($global:bolProgressBar))
{

            $global:ProgressBarWindow.Window.Dispatcher.invoke([action]{$global:ProgressBarWindow.Window.Close()},"Normal")
    } 
}  
if ($aclcount -eq 0)
{
[System.Windows.Forms.MessageBox]::Show("No Permissions found!" , "Status") 
}  
else
{

    if($intReturned -gt 0)
    {
        if($bolCSV)
        {
            if($OutType -eq "CSVTEMPLATE")
            {
                if($bolCMD)
                {
                    if($bolToFile)
                    {
                        Write-host "Report saved in: $strFileCSV" -ForegroundColor Yellow
                        Write-output $strFileCSV
                    }
                }
                else
                {
                    $global:observableCollection.Insert(0,(LogMessage -strMessage "Report saved in $strFileCSV" -strType "Warning" -DateStamp ))
                }
                #If Get-Perm was called with Show then open the CSV file.
                if($Show)
                {
                    Invoke-Item $strFileCSV
                }
            }
            else
            {
                if($bolCMD)
                {
                    if($bolToFile)
                    {
                        $global:ArrayAllACE | export-csv -Path $strFileCSV -NoTypeInformation -NoClobber
                        Write-host "Report saved in: $strFileCSV" -ForegroundColor Yellow
                        Write-output $strFileCSV
                    }
                    else
                    {
                        $global:ArrayAllACE
                    }
                }
                else
                {
                    $global:ArrayAllACE | export-csv -Path $strFileCSV -NoTypeInformation -NoClobber
                    $global:observableCollection.Insert(0,(LogMessage -strMessage "Report saved in $strFileCSV" -strType "Warning" -DateStamp ))
                }
                #If Get-Perm was called with Show then open the CSV file.
                if($Show)
                {
                    Invoke-Item $strFileCSV
                }
            }
        }
    else
    {
        #If excel output
        if($OutType -eq "EXCEL")
        {
            # Array with alphabet characters
            $ExcelColumnAlphabet = @()  
            for ([byte]$c = [char]'A'; $c -le [char]'Z'; $c++)  
            {  
                $ExcelColumnAlphabet += [char]$c  
            } 

            if($bolShowCriticalityColor)
            {

                #Define Column name for "criticality" by using position in array
                $RangeColumnCriticality = $ExcelColumnAlphabet[$(($global:ArrayAllACE | get-member -MemberType NoteProperty ).count -1 )]
                #Define Column name for "state" by using position in array
                $RangeColumnState = $ExcelColumnAlphabet[$(($global:ArrayAllACE | get-member -MemberType NoteProperty ).count -2 )]

                $global:ArrayAllACE | Export-Excel -path $strFileEXCEL -WorkSheetname $($strNode+"_ACL") -BoldTopRow -TableStyle Medium2 -TableName $($strNode+"acltbl") -NoLegend -AutoSize -FreezeTopRow -ConditionalText $( 
                New-ConditionalText -RuleType Equal -ConditionValue Low -Range "$($RangeColumnCriticality):$($RangeColumnCriticality)" -BackgroundColor DeepSkyBlue -ConditionalTextColor Black
                New-ConditionalText -RuleType Equal -ConditionValue Critical -Range "$($RangeColumnCriticality):$($RangeColumnCriticality)" -BackgroundColor Red -ConditionalTextColor Black
                New-ConditionalText -RuleType Equal -ConditionValue Warning -Range "$($RangeColumnCriticality):$($RangeColumnCriticality)" -BackgroundColor Gold -ConditionalTextColor Black
                New-ConditionalText -RuleType Equal -ConditionValue Medium -Range "$($RangeColumnCriticality):$($RangeColumnCriticality)" -BackgroundColor Yellow -ConditionalTextColor Black
                New-ConditionalText -RuleType Equal -ConditionValue Info -Range "$($RangeColumnCriticality):$($RangeColumnCriticality)" -BackgroundColor LightGray -ConditionalTextColor Black
                New-ConditionalText Missing -Range "$($RangeColumnState):$($RangeColumnState)" -BackgroundColor Red -ConditionalTextColor Black
                New-ConditionalText Match -Range "$($RangeColumnState):$($RangeColumnState)" -BackgroundColor Green -ConditionalTextColor Black
                New-ConditionalText New -Range "$($RangeColumnState):$($RangeColumnState)" -BackgroundColor Yellow -ConditionalTextColor Black
                )
            }
            else
            {
                #Define Column name for "state" by using position in array
                $RangeColumnState = $ExcelColumnAlphabet[$(($global:ArrayAllACE | get-member -MemberType NoteProperty ).count -1 )]

                $global:ArrayAllACE | Export-Excel -path $strFileEXCEL -WorkSheetname $($strNode+"_ACL") -BoldTopRow -TableStyle Medium2 -TableName $($strNode+"acltbl") -NoLegend -AutoSize -FreezeTopRow -Append -ConditionalText $( 
                New-ConditionalText Missing -Range "$($RangeColumnState):$($RangeColumnState)" -BackgroundColor Red -ConditionalTextColor Black
                New-ConditionalText Match -Range "$($RangeColumnState):$($RangeColumnState)" -BackgroundColor Green -ConditionalTextColor Black
                New-ConditionalText New -Range "$($RangeColumnState):$($RangeColumnState)" -BackgroundColor Yellow -ConditionalTextColor Black
                )
            }

            if($bolCMD)
            {
                Write-host "Report saved in: $strFileEXCEL" -ForegroundColor Yellow
                Write-output $strFileEXCEL
            }
            else
            {
                $global:observableCollection.Insert(0,(LogMessage -strMessage "Report saved in $strFileEXCEL" -strType "Warning" -DateStamp ))
            }
        }#End if EXCEL
        else
        {
            if($bolShowCriticalityColor)
            {
                Switch ($global:intShowCriticalityLevel)
                {
                    0
                    {
                    (Get-Content $strFileHTA) -replace "20141220T021111056594002014122000", '<FONT size="6" color= "grey">INFO' | Set-Content $strFileHTA
                    (Get-Content $strFileHTM) -replace "20141220T021111056594002014122000", '<FONT size="6" color= "grey">INFO' | Set-Content $strFileHTM
                    }
                    1
                    {
                    (Get-Content $strFileHTA) -replace "20141220T021111056594002014122000", '<FONT size="6" color= "blue">LOW' | Set-Content $strFileHTA
                    (Get-Content $strFileHTM) -replace "20141220T021111056594002014122000", '<FONT size="6" color= "blue">LOW' | Set-Content $strFileHTM
                    }
                    2
                    {
                    (Get-Content $strFileHTA) -replace "20141220T021111056594002014122000", '<FONT size="6" color= "yellow">MEDIUM' | Set-Content $strFileHTA
                    (Get-Content $strFileHTM) -replace "20141220T021111056594002014122000", '<FONT size="6" color= "yellow">MEDIUM' | Set-Content $strFileHTM
                    }
                    3
                    {
                    (Get-Content $strFileHTA) -replace "20141220T021111056594002014122000", '<FONT size="6" color= "orange">WARNING' | Set-Content $strFileHTA
                    (Get-Content $strFileHTM) -replace "20141220T021111056594002014122000", '<FONT size="6" color= "orange">WARNING' | Set-Content $strFileHTM
                    }
                    4
                    {
                    (Get-Content $strFileHTA) -replace "20141220T021111056594002014122000", '<FONT size="6" color= "red">CRITICAL' | Set-Content $strFileHTA
                    (Get-Content $strFileHTM) -replace "20141220T021111056594002014122000", '<FONT size="6" color= "red">CRITICAL' | Set-Content $strFileHTM
                    }
                }
            }
            #If Get-Perm was called with Show then open the HTA file.
            if($Show)
            {
                try
                {
                    Invoke-Item $strFileHTA
                }
                catch
                {
                    if($bolCMD)
                    {
                        Write-host "Failed to launch MSHTA.exe" -ForegroundColor Red
                        Write-host "Instead opening the following file directly: $strFileHTM" -ForegroundColor Yellow
                    }
                    else
                    {
                        $global:observableCollection.Insert(0,(LogMessage -strMessage "Failed to launch MSHTA.exe" -strType "Error" -DateStamp ))
                        $global:observableCollection.Insert(0,(LogMessage -strMessage "Instead opening the following file directly: $strFileHTM" -strType "Ino" -DateStamp ))
                    }                        
                    invoke-item $strFileHTM
                }
            }
        }
    }
}
else
{
    if($bolCMD)
    {
        Write-host "No results" -ForegroundColor Red
    }
    else
    {
        $global:observableCollection.Insert(0,(LogMessage -strMessage "No results" -strType "Error" -DateStamp ))
    } 
}
}# End If

}
else
{
}
}#End if ExitCompare
}# End Try

$histSDObject = „“
$sdObject = „“
$MissingOUSdObject = „“
$newSdObject = „“
$DSobject = „“
$global:strOwner = „“
$global:csvHistACLs = „“

$secd = $null
Remove-Variable -Name „secd“ -Scope Global
}

==========================================================================

Function : ConvertCSVtoHTM

Arguments : Fle Path

Returns : N/A

Description : Convert CSV file to HTM Output

==========================================================================

Function ConvertCSVtoHTM
{
Param($CSVInput,[boolean] $bolGUIDtoText,[Parameter(Mandatory=$false)]
[pscredential]
$CREDS)

$OutType = „HTML“
$bolReplMeta = $false
if($chkBoxSeverity.isChecked -or $chkBoxEffectiveRightsColor.isChecked)
{
$bolShowCriticalityColor = $true
}
else
{
$bolShowCriticalityColor = $false
}
If(Test-Path $CSVInput)
{

$fileName = $(Get-ChildItem $CSVInput).BaseName
$strFileHTA = $env:temp + "\"+$global:ACLHTMLFileName+".hta" 
$strFileHTM = $env:temp + "\"+"$fileName"+".htm"     

$global:csvHistACLs = import-Csv $CSVInput
#Test CSV file format



if(TestCSVColumns $global:csvHistACLs)
{
    If ($global:csvHistACLs[0].SDDate.length -gt 1)
    {
        $bolReplMeta = $true
    }

    $colHeaders = ( $global:csvHistACLs| Get-member -MemberType 'NoteProperty' | Select-Object -ExpandProperty 'Name')
    $bolObjType = $false
    Foreach ($ColumnName in $colHeaders )
    {

        if($ColumnName.Trim() -eq "ObjectClass")
        {
            $bolObjType = $true
        }
    }

    CreateHTM $fileName $strFileHTM
    CreateHTA $fileName $strFileHTA $strFileHTM $CurrentFSPath $global:strDomainDNName $global:strDC
    $UseCanonicalName = $chkBoxUseCanonicalName.IsChecked
    InitiateHTM $strFileHTM $fileName $fileName $bolReplMeta $false $Protected $bolShowCriticalityColor $false $false $false $strCompareFile $false $false $bolObjType -bolCanonical:$UseCanonicalName $GPO
    InitiateHTM $strFileHTA $fileName $fileName $bolReplMeta $false $Protected $bolShowCriticalityColor $false $false $false $strCompareFile $false $false $bolObjType -bolCanonical:$UseCanonicalName $GPO



    $tmpOU = ""
    $index = 0
    while($index -le $global:csvHistACLs.count -1)
    {

        if($global:csvHistACLs[$index].Object)
        {
            $strOUcol = $global:csvHistACLs[$index].Object
        }
        else
        {
            $strOUcol = $global:csvHistACLs[$index].OU
        }

        if($strOUcol.Contains("<DOMAIN-DN>") -gt 0)
        {
            $strOUcol = ($strOUcol -Replace "<DOMAIN-DN>",$global:strDomainDNName)

        }

        if($strOUcol.Contains("<ROOT-DN>") -gt 0)
        {
            $strOUcol = ($strOUcol -Replace "<ROOT-DN>",$global:ForestRootDomainDN)  
        }


        $strOU = $strOUcol
        $strTrustee = $global:csvHistACLs[$index].IdentityReference
        $strRights = $global:csvHistACLs[$index].ActiveDirectoryRights               
        $strInheritanceType = $global:csvHistACLs[$index].InheritanceType                
        $strObjectTypeGUID = $global:csvHistACLs[$index].ObjectType
        $strInheritedObjectTypeGUID = $global:csvHistACLs[$index].InheritedObjectType
        $strObjectFlags = $global:csvHistACLs[$index].ObjectFlags
        $strAccessControlType = $global:csvHistACLs[$index].AccessControlType
        $strIsInherited = $global:csvHistACLs[$index].IsInherited
        $strInheritedFlags = $global:csvHistACLs[$index].InheritanceFlags
        $strPropFlags = $global:csvHistACLs[$index].PropagationFlags

        If ($bolReplMeta -eq $true)
        {
            $strTmpACLDate = $global:csvHistACLs[$index].SDDate

        }

        If ($UseCanonicalName -eq $true)
        {
            $CanonicalName = $global:csvHistACLs[$index].CanonicalName

        }


        If ($bolObjType -eq $true)
        {

            $strObjectClass = $global:csvHistACLs[$index].ObjectClass
        }
        if($strTrustee.Contains("<DOMAIN-NETBIOS>"))
        {
            $strTrustee = ($strTrustee -Replace "<DOMAIN-NETBIOS>",$global:strDomainShortName)

        }
        if($strTrustee.Contains("<ROOT-NETBIOS>"))
        {
            $strTrustee = ($strTrustee -Replace "<ROOT-NETBIOS>",$global:strRootDomainShortName)

        }
        if($strTrustee.Contains("<DOMAINSID>"))
        {
            $strTrustee = ($strTrustee -Replace "<DOMAINSID>",$global:DomainSID)

        }
        if($strTrustee.Contains("<ROOTDOMAINSID>"))
        {
            $strTrustee = ($strTrustee -Replace "<ROOTDOMAINSID>",$global:ForestRootDomainSID)

        }
        $txtSdObject = New-Object PSObject -Property @{ActiveDirectoryRights=$strRights;InheritanceType=$strInheritanceType;ObjectType=$strObjectTypeGUID;`
        InheritedObjectType=$strInheritedObjectTypeGUID;ObjectFlags=$strObjectFlags;AccessControlType=$strAccessControlType;IdentityReference=$strTrustee;IsInherited=$strIsInherited;`
        InheritanceFlags=$strInheritedFlags;PropagationFlags=$strPropFlags}

        If ($strColorTemp -eq "1")
        {
            $strColorTemp = "2"
        }# End If
        else
        {
            $strColorTemp = "1"
        }# End If                  
        if ($tmpOU -ne $strOU)      
        {

            $bolOUHeader = $true   
            WriteOUT $true $txtSdObject $strOU $CanonicalName $bolOUHeader $strColorTemp $strFileHTA $false $false $bolReplMeta $strTmpACLDate $false $strACLSize $false $false $bolShowCriticalityColor $bolGUIDtoText $strObjectClass $bolObjType $WriteOut $GPO $GPODisplayname $bolShowCriticalityColor -CREDS $CREDS


            $tmpOU = $strOU
        }
        else
        {
            $bolOUHeader = $false   
            WriteOUT $true $txtSdObject $strOU $CanonicalName $bolOUHeader $strColorTemp $strFileHTA $false $false $bolReplMeta $strTmpACLDate  $false $strACLSize $false $false $bolShowCriticalityColor $bolGUIDtoText $strObjectClass $bolObjType $WriteOut $GPO $GPODisplayname $bolShowCriticalityColor -CREDS $CREDS


        }

        $index++

    }#End While


    if($bolShowCriticalityColor)
    {
        Switch ($global:intShowCriticalityLevel)
        {
            0
            {
            (Get-Content $strFileHTA) -replace "20141220T021111056594002014122000", '<FONT size="6" color= "grey">INFO' | Set-Content $strFileHTA
            (Get-Content $strFileHTM) -replace "20141220T021111056594002014122000", '<FONT size="6" color= "grey">INFO' | Set-Content $strFileHTM
            }
            1
            {
            (Get-Content $strFileHTA) -replace "20141220T021111056594002014122000", '<FONT size="6" color= "blue">LOW' | Set-Content $strFileHTA
            (Get-Content $strFileHTM) -replace "20141220T021111056594002014122000", '<FONT size="6" color= "blue">LOW' | Set-Content $strFileHTM
            }
            2
            {
            (Get-Content $strFileHTA) -replace "20141220T021111056594002014122000", '<FONT size="6" color= "yellow">MEDIUM' | Set-Content $strFileHTA
            (Get-Content $strFileHTM) -replace "20141220T021111056594002014122000", '<FONT size="6" color= "yellow">MEDIUM' | Set-Content $strFileHTM
            }
            3
            {
            (Get-Content $strFileHTA) -replace "20141220T021111056594002014122000", '<FONT size="6" color= "orange">WARNING' | Set-Content $strFileHTA
            (Get-Content $strFileHTM) -replace "20141220T021111056594002014122000", '<FONT size="6" color= "orange">WARNING' | Set-Content $strFileHTM
            }
            4
            {
            (Get-Content $strFileHTA) -replace "20141220T021111056594002014122000", '<FONT size="6" color= "red">CRITICAL' | Set-Content $strFileHTA
            (Get-Content $strFileHTM) -replace "20141220T021111056594002014122000", '<FONT size="6" color= "red">CRITICAL' | Set-Content $strFileHTM
            }
        }
    }

    Invoke-Item $strFileHTA
}#else if test column names exist
else
{
    $global:observableCollection.Insert(0,(LogMessage -strMessage "CSV file got wrong format! File:  $CSVInput" -strType "Error" -DateStamp ))
} #End if test column names exist

}
else
{
$global:observableCollection.Insert(0,(LogMessage -strMessage „Failed! $CSVInput does not exist!“ -strType „Error“ -DateStamp ))
}

}# End Function

==========================================================================

Function : GetACLMeta

Arguments : Domain Controller, AD Object DN

Returns : Semi-colon separated string

Description : Get AD Replication Meta data LastOriginatingChange, LastOriginatingDsaInvocationID

usnOriginatingChange and returns as string

==========================================================================

Function GetACLMeta
{
Param($DomainController,$objDN,
[Parameter(Mandatory=$false)]
[pscredential]
$CREDS)

$LDAPConnection = New-Object System.DirectoryServices.Protocols.LDAPConnection($global:strDC, $CREDS)
$LDAPConnection.SessionOptions.ReferralChasing = „None“
$request = New-Object System.directoryServices.Protocols.SearchRequest($objDN, „(name=*)“, „base“)
$SecurityMasks = [System.DirectoryServices.Protocols.SecurityMasks]’Owner‘ -bor [System.DirectoryServices.Protocols.SecurityMasks]’Group‘-bor [System.DirectoryServices.Protocols.SecurityMasks]’Dacl‘ #-bor [System.DirectoryServices.Protocols.SecurityMasks]’Sacl‘
$control = New-Object System.DirectoryServices.Protocols.SecurityDescriptorFlagControl($SecurityMasks)
[void]$request.Controls.Add($control)
[void]$request.Attributes.Add(„ntsecuritydescriptor“)
[void]$request.Attributes.Add(„name“)

[void]$request.Attributes.Add(„msDS-ReplAttributeMetaData“)
$response = $LDAPConnection.SendRequest($request)

foreach ($entry in $response.Entries)
{

$index = 0
while($index -le $entry.attributes.'msds-replattributemetadata'.count -1) 
     {
        $childMember = $entry.attributes.'msds-replattributemetadata'[$index]
        $childMember = $childMember.replace("$($childMember[-1])","")
        If ($([xml]$childMember).DS_REPL_ATTR_META_DATA.pszAttributeName -eq "nTSecurityDescriptor")
        {
            $strLastChangeDate = $([xml]$childMember).DS_REPL_ATTR_META_DATA.ftimeLastOriginatingChange
            $strInvocationID = $([xml]$childMember).DS_REPL_ATTR_META_DATA.uuidLastOriginatingDsaInvocationID
            $strOriginatingChange = $([xml]$childMember).DS_REPL_ATTR_META_DATA.usnOriginatingChange
        }
        $index++
     }

}
if ($strLastChangeDate -eq $nul)
{
$ACLdate = $(get-date „1601-01-01“ -UFormat „%Y-%m-%d %H:%M:%S“)
$strInvocationID = „00000000-0000-0000-0000-000000000000“
$strOriginatingChange = „000000“
}
else
{
$ACLdate = $(get-date $strLastChangeDate -UFormat „%Y-%m-%d %H:%M:%S“)
}
return „$ACLdate;$strInvocationID;$strOriginatingChange“
}

==========================================================================

Function : Get-DefaultSD

Arguments : string ObjectClass

Returns :

Description : Create report of default Security Descriptor

==========================================================================

Function Get-DefaultSD
{
Param( [String[]] $strObjectClass,[bool] $bolChangedDefSD,[bool]$bolSDDL,[string]$File,
[boolean]$Show,[string] $OutType,[bool]$bolShowCriticalityColor,[bool]$Assess,[string]$Criticality,[bool]$FilterBuiltin,[bool]$bolReplMeta,
[Parameter(Mandatory=$false)]
[pscredential]
$CREDS)

if($OutType -eq „CSV“)
{
$ToFile = $true
If ((Test-Path $File) -eq $true)
{
Remove-Item $File
}
}
else
{
$ToFile = $false
}

$bolOUHeader = $true

$bolCompare = $false
$intNumberofDefSDFound = 0
$global:ArrayAllACE = New-Object System.Collections.ArrayList

$strColorTemp = 1

$LDAPConnection = New-Object System.DirectoryServices.Protocols.LDAPConnection($global:strDC, $CREDS)
$LDAPConnection.SessionOptions.ReferralChasing = „None“
$request = New-Object System.directoryServices.Protocols.SearchRequest($global:SchemaDN, „(&(objectClass=classSchema)(name=$strObjectClass))“, „Subtree“)
[System.DirectoryServices.Protocols.PageResultRequestControl]$pagedRqc = new-object System.DirectoryServices.Protocols.PageResultRequestControl($global:PageSize)
$request.Controls.Add($pagedRqc) | Out-Null
[void]$request.Attributes.Add(„defaultsecuritydescriptor“)
[void]$request.Attributes.Add(„name“)
[void]$request.Attributes.Add(„msds-replattributemetadata“)

$CountadObject = 0
while ($true)
{
$response = $LdapConnection.SendRequest($request, (new-object System.Timespan(0,0,$global:TimeoutSeconds))) -as [System.DirectoryServices.Protocols.SearchResponse];

#for paged search, the response for paged search result control - we will need a cookie from result later
if($global:PageSize -gt 0) {
    [System.DirectoryServices.Protocols.PageResultResponseControl] $prrc=$null;
    if ($response.Controls.Length -gt 0)
    {
        foreach ($ctrl in $response.Controls)
        {
            if ($ctrl -is [System.DirectoryServices.Protocols.PageResultResponseControl])
            {
                $prrc = $ctrl;
                break;
            }
        }
    }
    if($null -eq $prrc) {
        #server was unable to process paged search
        throw "Find-LdapObject: Server failed to return paged response for request $SearchFilter"
    }
}
#now process the returned list of distinguishedNames and fetch required properties using ranged retrieval

$CountadObject = $CountadObject + $response.Entries.Count

if($global:PageSize -gt 0) 
{
    if ($prrc.Cookie.Length -eq 0)
    {
        #last page --> we're done
        break;
    }
    #pass the search cookie back to server in next paged request
    $pagedRqc.Cookie = $prrc.Cookie;
}
else
{
    #exit the processing for non-paged search
    break;
}

}#End While

Load Progressbar

if (($PSVersionTable.PSVersion -ne „2.0“) -and ($global:bolProgressBar))
{
$intTot = 0
#calculate percentage
$intTot = $CountadObject
if ($intTot -gt 0)
{
LoadProgressBar

}

}

$response = $null

$LDAPConnection = New-Object System.DirectoryServices.Protocols.LDAPConnection($global:strDC, $CREDS)
$LDAPConnection.SessionOptions.ReferralChasing = „None“
$request = New-Object System.directoryServices.Protocols.SearchRequest($global:SchemaDN, „(&(objectClass=classSchema)(name=$strObjectClass))“, „Subtree“)
[System.DirectoryServices.Protocols.PageResultRequestControl]$pagedRqc = new-object System.DirectoryServices.Protocols.PageResultRequestControl($global:PageSize)
$request.Controls.Add($pagedRqc) | Out-Null
[void]$request.Attributes.Add(„defaultsecuritydescriptor“)
[void]$request.Attributes.Add(„name“)
[void]$request.Attributes.Add(„msds-replattributemetadata“)
while ($true)
{
$response = $LdapConnection.SendRequest($request, (new-object System.Timespan(0,0,$global:TimeoutSeconds))) -as [System.DirectoryServices.Protocols.SearchResponse];

#for paged search, the response for paged search result control - we will need a cookie from result later
if($global:PageSize -gt 0) {
    [System.DirectoryServices.Protocols.PageResultResponseControl] $prrc=$null;
    if ($response.Controls.Length -gt 0)
    {
        foreach ($ctrl in $response.Controls)
        {
            if ($ctrl -is [System.DirectoryServices.Protocols.PageResultResponseControl])
            {
                $prrc = $ctrl;
                break;
            }
        }
    }
    if($null -eq $prrc) {
        #server was unable to process paged search
        throw "Find-LdapObject: Server failed to return paged response for request $SearchFilter"
    }
}
#now process the returned list of distinguishedNames and fetch required properties using ranged retrieval

foreach ($entry  in $response.Entries)
{
    #Update Progressbar
    if (($PSVersionTable.PSVersion -ne "2.0") -and ($global:bolProgressBar))
    {
        $i++
        [int]$pct = ($i/$intTot)*100
        #Update the progress bar
        while(($null -eq $global:ProgressBarWindow.Window.IsInitialized) -and ($intLoop -lt 20))
        {
                    Start-Sleep -Milliseconds 1
                    $cc++
        }
        if ($global:ProgressBarWindow.Window.IsInitialized -eq $true)
        {
            Update-ProgressBar "Currently scanning $i of $intTot objects" $pct 
        }  

    } 
    $index = 0
    while($index -le $entry.attributes.'msds-replattributemetadata'.count -1) 
        {
        $childMember = $entry.attributes.'msds-replattributemetadata'[$index]
        $childMember = $childMember.replace("$($childMember[-1])","")
        If ($([xml]$childMember).DS_REPL_ATTR_META_DATA.pszAttributeName -eq "defaultSecurityDescriptor")
        {
            $strLastChangeDate = $([xml]$childMember).DS_REPL_ATTR_META_DATA.ftimeLastOriginatingChange
            $strVersion = $([xml]$childMember).DS_REPL_ATTR_META_DATA.dwVersion
            if ($strLastChangeDate -eq $nul)
            {
                $strLastChangeDate = $(get-date "1601-01-01" -UFormat "%Y-%m-%d %H:%M:%S")

            }
            else
            {
            $strLastChangeDate = $(get-date $strLastChangeDate -UFormat "%Y-%m-%d %H:%M:%S")
            }             
        }
        $index++
        }   

    if($bolChangedDefSD -eq $true)
    {

        if($strVersion -gt 1)
        {
            $strObjectClassName = $entry.Attributes.name[0]
            $sec = New-Object System.DirectoryServices.ActiveDirectorySecurity

          if($bolSDDL -eq $true)
          {
            $strSDDL = ""
            if($null -ne $entry.Attributes.defaultsecuritydescriptor)
            {
                $strSDDL = $entry.Attributes.defaultsecuritydescriptor[0]
            }  
            #Indicate that a defaultsecuritydescriptor was found
            $intNumberofDefSDFound++
            WriteDefSDSDDLHTM $strColorTemp $strFileDefSDHTA $strFileDefSDHTM $strObjectClassName $strVersion $strLastChangeDate $strSDDL
            Switch ($strColorTemp) 
            {

                "1"
                    {
                    $strColorTemp = "2"
                    }
                "2"
                    {
                    $strColorTemp = "1"
                    }   
            }
          }
          else
          {
            $sd = ""
            if($null -ne $entry.Attributes.defaultsecuritydescriptor)
            {
                $sec.SetSecurityDescriptorSddlForm($entry.Attributes.defaultsecuritydescriptor[0])
            }
            $sd = $sec.GetAccessRules($true, $false, [System.Security.Principal.SecurityIdentifier])   

            if($FilterBuiltin)
            {
                # Filter out default and built-in security principals
                $sd = @($sd | Where-Object{`
                    ($_.IdentityReference -match "S-1-5-21-") -and `
                    ($_.IdentityReference -notmatch $("^"+$domainsid+"-5\d{2}$")) -and 
                    ($_.IdentityReference -notmatch $("^"+$domainsid+"-4\d{2}$"))
                    }) 
            }

            If ($Assess)
            {
                Switch ($Criticality)
                {
                    "Info" {$CriticalityFilter = 0}
                    "Low" {$CriticalityFilter = 1}
                    "Medium" {$CriticalityFilter = 2}
                    "Warning" {$CriticalityFilter = 3}
                    "Critical" {$CriticalityFilter = 4}
                }
                $sd = @($sd | Where-Object{Get-Criticality -Returns "Filter" $_.IdentityReference.toString() $_.ActiveDirectoryRights.toString() $_.AccessControlType.toString() $_.ObjectFlags.toString() $_.InheritanceType.toString() $_.ObjectType.toString() $_.InheritedObjectType.toString() $CriticalityFilter })
            }

            #Indicate that a defaultsecuritydescriptor was found
            $intNumberofDefSDFound++  

            if (($OutType -eq "CSV") -or ($OutType -eq ""))
            {

                WriteDefSDPermCSV $sd $entry.distinguishedName $strObjectClassName $File $bolReplMeta $strVersion $strLastChangeDate $ToFile $bolShowCriticalityColor -CREDS $CREDS
            }
            else
            {
                WriteDefSDAccessHTM $true $sd $true $strObjectClassName $strColorTemp $strFileDefSDHTA $strFileDefSDHTM $bolOUHeader $bolReplMeta $strVersion $strLastChangeDate $bolShowCriticalityColor $bolCompare $strFileEXCEL $OutType
            }
           } 

        }
    }
    else
    {
        $strObjectClassName = $entry.Attributes.name[0]
        $sec = New-Object System.DirectoryServices.ActiveDirectorySecurity
        if($bolSDDL -eq $true)
        {
            $strSDDL = ""
            if($null -ne $entry.Attributes.defaultsecuritydescriptor)
            {
                $strSDDL = $entry.Attributes.defaultsecuritydescriptor[0]
            } 
            #Indicate that a defaultsecuritydescriptor was found
            $intNumberofDefSDFound++                           
            WriteDefSDSDDLHTM $strColorTemp $strFileDefSDHTA $strFileDefSDHTM $strObjectClassName $strVersion $strLastChangeDate $strSDDL
            Switch ($strColorTemp) 
            {

                "1"
                    {
                    $strColorTemp = "2"
                    }
                "2"
                    {
                    $strColorTemp = "1"
                    }   
            }
        }
        else
        {
            $sd = ""
            if($null -ne $entry.Attributes.defaultsecuritydescriptor)
            {
                Try{
                    $sec.SetSecurityDescriptorSddlForm($entry.Attributes.defaultsecuritydescriptor[0])
                }
                catch
                {
                    if($bolCMD)
                    {
                        Write-host "The SDDL string contains an invalid sid or a sid that cannot be translated." -ForegroundColor Red
                        Write-host "Only domain-joined computers can translate some sids." -ForegroundColor Red
                    }
                    else
                    {
                        $global:observableCollection.Insert(0,(LogMessage -strMessage "The SDDL string contains an invalid sid or a sid that cannot be translated." -strType "Error" -DateStamp ))
                        $global:observableCollection.Insert(0,(LogMessage -strMessage "Only domain-joined computers can translate some sids." -strType "Error" -DateStamp ))
                    }  
                }
            }
            #If any access has been added report it
            if($sec.access.count -gt 0)
            {
                $sd = $sec.GetAccessRules($true, $false, [System.Security.Principal.SecurityIdentifier])   

                if($FilterBuiltin)
                {
                    # Filter out default and built-in security principals
                    $sd = @($sd | Where-Object{`
                        ($_.IdentityReference -match "S-1-5-21-") -and `
                        ($_.IdentityReference -notmatch $("^"+$domainsid+"-5\d{2}$")) -and 
                        ($_.IdentityReference -notmatch $("^"+$domainsid+"-4\d{2}$"))
                        }) 
                }

                If ($Assess)
                {
                    Switch ($Criticality)
                    {
                        "Info" {$CriticalityFilter = 0}
                        "Low" {$CriticalityFilter = 1}
                        "Medium" {$CriticalityFilter = 2}
                        "Warning" {$CriticalityFilter = 3}
                        "Critical" {$CriticalityFilter = 4}
                    }
                    $sd = @($sd | Where-Object{Get-Criticality -Returns "Filter" $_.IdentityReference.toString() $_.ActiveDirectoryRights.toString() $_.AccessControlType.toString() $_.ObjectFlags.toString() $_.InheritanceType.toString() $_.ObjectType.toString() $_.InheritedObjectType.toString() $CriticalityFilter })
                }

                #Indicate that a defaultsecuritydescriptor was found
                $intNumberofDefSDFound++

                if (($OutType -eq "CSV") -or ($OutType -eq ""))
                {

                    WriteDefSDPermCSV $sd $entry.distinguishedName $strObjectClassName $File $bolReplMeta $strVersion $strLastChangeDate $ToFile $bolShowCriticalityColor -CREDS $CREDS
                }
                else
                {
                    WriteDefSDAccessHTM $true $sd $true $strObjectClassName $strColorTemp $strFileDefSDHTA $strFileDefSDHTM $bolOUHeader $bolReplMeta $strVersion $strLastChangeDate $bolShowCriticalityColor $bolCompare $strFileEXCEL $OutType
                }
            }#End if $sec

        }
    }
}

if($global:PageSize -gt 0) 
{
    if ($prrc.Cookie.Length -eq 0)
    {
        #last page --> we're done
        break;
    }
    #pass the search cookie back to server in next paged request
    $pagedRqc.Cookie = $prrc.Cookie;
}
else
{
    #exit the processing for non-paged search
    break;
}

}#End While

if (($PSVersionTable.PSVersion -ne „2.0“) -and ($global:bolProgressBar))
{
$global:ProgressBarWindow.Window.Dispatcher.invoke([action]{$global:ProgressBarWindow.Window.Close()},“Normal“)
$ProgressBarWindow = $null
Remove-Variable -Name „ProgressBarWindow“ -Scope Global
}
if($intNumberofDefSDFound -gt 0)
{

if($ToFile )
{
    if($bolCMD)
    {
        Write-host "Report saved in: $strFileCSV" -ForegroundColor Yellow
        Write-output $strFileCSV
    }
    else
    {
        $global:observableCollection.Insert(0,(LogMessage -strMessage "Report saved in $strFileCSV" -strType "Warning" -DateStamp ))
    }
        #If Get-Perm was called with Show then open the CSV file.
        if($Show)
        {
            #Invoke-Item $strFileCSV
        }
}
else
{
    #If excel output
    if($OutType -eq "EXCEL")
    {
        $global:ArrayAllACE 
        #| Export-Excel -path $strFileEXCEL -WorkSheetname "DefaultSD" -BoldTopRow -TableStyle Medium2 -TableName "defaultsdacltbl" -NoLegend -AutoSize -FreezeTopRow -Append

        if($bolCMD)
        {
            Write-host "Report saved in: $strFileEXCEL" -ForegroundColor Yellow
            Write-output $strFileEXCEL
        }
        else
        {
            $global:observableCollection.Insert(0,(LogMessage -strMessage "Report saved in $strFileEXCEL" -strType "Warning" -DateStamp ))
        }
        if($Show)
        {
            If (test-path HKLM:SOFTWARE\Classes\Excel.Application) 
            {
                Invoke-Item $strFileEXCEL
            }
        }
    }#End if EXCEL
    else
    {
        if($bolCMD)
        {
            Write-host "Report saved in: $strFileDefSDHTM" -ForegroundColor Yellow
            Write-output $strFileDefSDHTM
        }
        else
        {
            $global:observableCollection.Insert(0,(LogMessage -strMessage "Report saved in $strFileDefSDHTM" -strType "Warning" -DateStamp ))
        }            
        #If Get-Perm was called with Show then open the HTA file.
        if($Show)
        {
            try
            {    
                Invoke-Item $strFileDefSDHTA 
            }
            catch
            {
                if($bolCMD)
                {
                    Write-host "Failed to launch MSHTA.exe" -ForegroundColor Red
                    Write-host "Instead opening the following file directly: $strFileDefSDHTM" -ForegroundColor Yellow
                }
                else
                {
                    $global:observableCollection.Insert(0,(LogMessage -strMessage "Failed to launch MSHTA.exe" -strType "Error" -DateStamp ))
                    $global:observableCollection.Insert(0,(LogMessage -strMessage "Instead opening the following file directly: $strFileDefSDHTM" -strType "Ino" -DateStamp ))
                }   
                Invoke-Item $strFileDefSDHTM
            }
        }
    }
}

}
else
{
if($bolCMD)
{
Write-host „No defaultsecuritydescriptor found!“ -ForegroundColor Yellow
}
else
{
$global:observableCollection.Insert(0,(LogMessage -strMessage „No defaultsecuritydescriptor found!“ -strType „Error“ -DateStamp ))
}
}
}

==========================================================================

Function : Get-DefaultSDCompare

Arguments : string ObjectClass

Returns :

Description : Compare the default Security Descriptor

==========================================================================

Function Get-DefaultSDCompare
{
Param( [String[]] $strObjectClass=“*“,
[string] $strTemplate,
[Parameter(Mandatory=$false)]
[pscredential]
$CREDS
)
$strFileDefSDHTA = $env:temp + „\“+$global:ModifiedDefSDAccessFileName+“.hta“
$strFileDefSDHTM = $env:temp + „\“+$global:ModifiedDefSDAccessFileName+“.htm“
$bolOUHeader = $true
$bolReplMeta = $true
$bolCompare = $true

Indicator that a defaultsecuritydescriptor was found

$intNumberofDefSDFound = 0

CreateHTM „strObjectClass“ $strFileDefSDHTM
CreateHTA „$strObjectClass“ $strFileDefSDHTA $strFileDefSDHTM $CurrentFSPath $global:strDomainDNName $global:strDC
InitiateDefSDAccessHTM $strFileDefSDHTA $strObjectClass $bolReplMeta $true $strTemplate
InitiateDefSDAccessHTM $strFileDefSDHTM $strObjectClass $bolReplMeta $true $strTemplate

Default color

$strColorTemp = 1

$LDAPConnection = New-Object System.DirectoryServices.Protocols.LDAPConnection($global:strDC, $CREDS)
$LDAPConnection.SessionOptions.ReferralChasing = „None“
$request = New-Object System.directoryServices.Protocols.SearchRequest($global:SchemaDN, „(&(objectClass=classSchema)(name=$strObjectClass))“, „Subtree“)
[System.DirectoryServices.Protocols.PageResultRequestControl]$pagedRqc = new-object System.DirectoryServices.Protocols.PageResultRequestControl($global:PageSize)
$request.Controls.Add($pagedRqc) | Out-Null
[void]$request.Attributes.Add(„defaultsecuritydescriptor“)
[void]$request.Attributes.Add(„name“)
[void]$request.Attributes.Add(„msds-replattributemetadata“)

$CountadObject = 0
while ($true)
{
$response = $LdapConnection.SendRequest($request, (new-object System.Timespan(0,0,$global:TimeoutSeconds))) -as [System.DirectoryServices.Protocols.SearchResponse];

#for paged search, the response for paged search result control - we will need a cookie from result later
if($global:PageSize -gt 0) {
    [System.DirectoryServices.Protocols.PageResultResponseControl] $prrc=$null;
    if ($response.Controls.Length -gt 0)
    {
        foreach ($ctrl in $response.Controls)
        {
            if ($ctrl -is [System.DirectoryServices.Protocols.PageResultResponseControl])
            {
                $prrc = $ctrl;
                break;
            }
        }
    }
    if($null -eq $prrc) {
        #server was unable to process paged search
        throw "Find-LdapObject: Server failed to return paged response for request $SearchFilter"
    }
}
#now process the returned list of distinguishedNames and fetch required properties using ranged retrieval

$CountadObject = $CountadObject + $response.Entries.Count

if($global:PageSize -gt 0) 
{
    if ($prrc.Cookie.Length -eq 0)
    {
        #last page --> we're done
        break;
    }
    #pass the search cookie back to server in next paged request
    $pagedRqc.Cookie = $prrc.Cookie;
}
else
{
    #exit the processing for non-paged search
    break;
}

}#End While

Load Progressbar

if (($PSVersionTable.PSVersion -ne „2.0“) -and ($global:bolProgressBar))
{
$intTot = 0
#calculate percentage
$intTot = $CountadObject
if ($intTot -gt 0)
{
LoadProgressBar

}

}

$LDAPConnection = New-Object System.DirectoryServices.Protocols.LDAPConnection($global:strDC, $CREDS)
$LDAPConnection.SessionOptions.ReferralChasing = „None“
$request = New-Object System.directoryServices.Protocols.SearchRequest($global:SchemaDN, „(&(objectClass=classSchema)(name=$strObjectClass))“, „Subtree“)
[System.DirectoryServices.Protocols.PageResultRequestControl]$pagedRqc = new-object System.DirectoryServices.Protocols.PageResultRequestControl($global:PageSize)
$request.Controls.Add($pagedRqc) | Out-Null
[void]$request.Attributes.Add(„defaultsecuritydescriptor“)
[void]$request.Attributes.Add(„name“)
[void]$request.Attributes.Add(„msds-replattributemetadata“)

while ($true)
{
$response = $LdapConnection.SendRequest($request, (new-object System.Timespan(0,0,$global:TimeoutSeconds))) -as [System.DirectoryServices.Protocols.SearchResponse];

#for paged search, the response for paged search result control - we will need a cookie from result later
if($global:PageSize -gt 0) {
    [System.DirectoryServices.Protocols.PageResultResponseControl] $prrc=$null;
    if ($response.Controls.Length -gt 0)
    {
        foreach ($ctrl in $response.Controls)
        {
            if ($ctrl -is [System.DirectoryServices.Protocols.PageResultResponseControl])
            {
                $prrc = $ctrl;
                break;
            }
        }
    }
    if($null -eq $prrc) {
        #server was unable to process paged search
        throw "Find-LdapObject: Server failed to return paged response for request $SearchFilter"
    }
}
#now process the returned list of distinguishedNames and fetch required properties using ranged retrieval

foreach ($entry  in $response.Entries)
{
    $ObjectMatchResult = $false
    #Update Progressbar
    if (($PSVersionTable.PSVersion -ne "2.0") -and ($global:bolProgressBar))
    {
        $i++
        [int]$pct = ($i/$intTot)*100
        #Update the progress bar
        while(($null -eq $global:ProgressBarWindow.Window.IsInitialized) -and ($intLoop -lt 20))
        {
                    Start-Sleep -Milliseconds 1
                    $cc++
        }
        if ($global:ProgressBarWindow.Window.IsInitialized -eq $true)
        {
            Update-ProgressBar "Currently scanning $i of $intTot objects" $pct 
        }  

    }
    #Counter for Metadata
    $index = 0
    #Get metadata for defaultSecurityDescriptor
    while($index -le $entry.attributes.'msds-replattributemetadata'.count -1) 
    {
        $childMember = $entry.attributes.'msds-replattributemetadata'[$index]
        $childMember = $childMember.replace("$($childMember[-1])","")
        If ($([xml]$childMember).DS_REPL_ATTR_META_DATA.pszAttributeName -eq "defaultSecurityDescriptor")
        {
            $strLastChangeDate = $([xml]$childMember).DS_REPL_ATTR_META_DATA.ftimeLastOriginatingChange
            $strVersion = $([xml]$childMember).DS_REPL_ATTR_META_DATA.dwVersion
            if ($strLastChangeDate -eq $nul)
            {
                $strLastChangeDate = $(get-date "1601-01-01" -UFormat "%Y-%m-%d %H:%M:%S")

            }
            else
            {
                $strLastChangeDate = $(get-date $strLastChangeDate -UFormat "%Y-%m-%d %H:%M:%S")
            }             
        }
        $index++
    }
    #Get object name
    $strObjectClassName = $entry.Attributes.name[0]


    #Make sure strSDDL is empty
    $strSDDL = ""
    if($null -ne $entry.Attributes.defaultsecuritydescriptor)
    {
        $strSDDL = $entry.Attributes.defaultsecuritydescriptor[0]
    }  
    $index = 0 
    #Enumerate template file
    $ObjectMatchResult = $false  
    while($index -le $global:csvdefSDTemplate.count -1) 
    {
        $strNamecol = $global:csvdefSDTemplate[$index].Name
        #Check for matching object names
        if ($strObjectClassName -eq $strNamecol )
        {
            $ObjectMatchResult = $true    
            $strSDDLcol = $global:csvdefSDTemplate[$index].SDDL
            #Replace any <ROOT-DOAMIN> strngs with Forest Root Domain SID
            if($strSDDLcol.Contains("<ROOT-DOMAIN>"))
            {
                if($global:ForestRootDomainSID -gt "")
                {
                    $strSDDLcol  = $strSDDLcol.Replace("<ROOT-DOMAIN>",$global:ForestRootDomainSID)
                }
            }
            #Compare SDDL
            if($strSDDL -eq $strSDDLcol)
            {
                $sd = ""
                #Create ad security object
                $sec = New-Object System.DirectoryServices.ActiveDirectorySecurity
                if($null -ne $entry.Attributes.defaultsecuritydescriptor)
                {
                    $sec.SetSecurityDescriptorSddlForm($entry.Attributes.defaultsecuritydescriptor[0])
                }
                $sd = $sec.GetAccessRules($true, $false, [System.Security.Principal.NTAccount]) 
                #Count ACE for applying header on fist
                $intACEcount = 0
                foreach($ObjectDefSD in $sd)
                {
                    $strNTAccount = $ObjectDefSD.IdentityReference.toString()
                    If ($strNTAccount.contains("S-1-"))
                    {
                     $strNTAccount = ConvertSidToName -server $global:strDomainLongName -Sid $strNTAccount -CREDS $CREDS

                    }
                    $newObjectDefSD = New-Object PSObject -Property @{ActiveDirectoryRights=$ObjectDefSD.ActiveDirectoryRights;InheritanceType=$ObjectDefSD.InheritanceType;ObjectType=$ObjectDefSD.ObjectType;`
                    InheritedObjectType=$ObjectDefSD.InheritedObjectType;ObjectFlags=$ObjectDefSD.ObjectFlags;AccessControlType=$ObjectDefSD.AccessControlType;IdentityReference=$strNTAccount;IsInherited=$ObjectDefSD.IsInherited;`
                    InheritanceFlags=$ObjectDefSD.InheritanceFlags;PropagationFlags=$ObjectDefSD.PropagationFlags;State="Match"}

                    #Matching color "green"
                    $strColorTemp = 4
                    #If first ACE add header
                    if ($intACEcount -eq 0)
                    {
                        #Indicate that a defaultsecuritydescriptor was found
                        $intNumberofDefSDFound++
                        $bolOUHeader = $true
                        WriteDefSDAccessHTM $newObjectDefSD $strObjectClassName $strColorTemp $strFileDefSDHTA $strFileDefSDHTM $bolOUHeader $bolReplMeta $strVersion $strLastChangeDate $bolShowCriticalityColor $bolCompare
                    }
                    else
                    {
                        $bolOUHeader = $false
                        WriteDefSDAccessHTM $newObjectDefSD $strObjectClassName $strColorTemp $strFileDefSDHTA $strFileDefSDHTM $bolOUHeader $bolReplMeta $strVersion $strLastChangeDate $bolShowCriticalityColor $bolCompare
                    }
                    #Count ACE to not ad a header
                    $intACEcount++
                }
                $newObjectDefSD = $null
                $sd = $null
                $sec = $null
            }
            else
            {
                $sd = ""
                #Create ad security object
                $sec = New-Object System.DirectoryServices.ActiveDirectorySecurity
                if($null -ne $entry.Attributes.defaultsecuritydescriptor)
                {
                    $sec.SetSecurityDescriptorSddlForm($entry.Attributes.defaultsecuritydescriptor[0])
                }
                $sd = $sec.GetAccessRules($true, $false, [System.Security.Principal.NTAccount]) 
                #Count ACE for applying header on fist
                $intACEcount = 0
                #Comare DefaultSecurityDesriptor in schema with template looking for matching and new ACE's
                foreach($ObjectDefSD in $sd)
                {
                    #Check if matchin ACE exits, FALSE until found 
                    $SDCompareResult = $false

                    $strNTAccount = $ObjectDefSD.IdentityReference.toString()
                    If ($strNTAccount.contains("S-1-"))
                    {
                     $strNTAccount = ConvertSidToName -server $global:strDomainLongName -Sid $strNTAccount -CREDS $CREDS

                    }

                    $newObjectDefSD = New-Object PSObject -Property @{ActiveDirectoryRights=$ObjectDefSD.ActiveDirectoryRights;InheritanceType=$ObjectDefSD.InheritanceType;ObjectType=$ObjectDefSD.ObjectType;`
                    InheritedObjectType=$ObjectDefSD.InheritedObjectType;ObjectFlags=$ObjectDefSD.ObjectFlags;AccessControlType=$ObjectDefSD.AccessControlType;IdentityReference=$strNTAccount;IsInherited=$ObjectDefSD.IsInherited;`
                    InheritanceFlags=$ObjectDefSD.InheritanceFlags;PropagationFlags=$ObjectDefSD.PropagationFlags;State="New"}

                    $sdFile = ""
                    #Create ad security object
                    $secFile = New-Object System.DirectoryServices.ActiveDirectorySecurity
                    if($null -ne $strSDDLcol)
                    {
                        $secFile.SetSecurityDescriptorSddlForm($strSDDLcol)
                    }
                    $sdFile = $secFile.GetAccessRules($true, $false, [System.Security.Principal.NTAccount]) 
                    foreach($ObjectDefSDFile in $sdFile)
                    {
                            If (($newObjectDefSD.IdentityReference -eq $ObjectDefSDFile.IdentityReference) -and ($newObjectDefSD.ActiveDirectoryRights -eq $ObjectDefSDFile.ActiveDirectoryRights) -and ($newObjectDefSD.AccessControlType -eq $ObjectDefSDFile.AccessControlType) -and ($newObjectDefSD.ObjectType -eq $ObjectDefSDFile.ObjectType) -and ($newObjectDefSD.InheritanceType -eq $ObjectDefSDFile.InheritanceType) -and ($newObjectDefSD.InheritedObjectType -eq $ObjectDefSDFile.InheritedObjectType))
                            {
                                $SDCompareResult = $true
                            }
                    }
                    if ($SDCompareResult)
                    {
                        #Change from New to Match
                        $newObjectDefSD.State = "Match"
                        #Match color "Green"
                        $strColorTemp = 4
                        #If first ACE add header
                        if ($intACEcount -eq 0)
                        {
                            #Indicate that a defaultsecuritydescriptor was found
                            $intNumberofDefSDFound++
                            $bolOUHeader = $true
                            WriteDefSDAccessHTM $newObjectDefSD $strObjectClassName $strColorTemp $strFileDefSDHTA $strFileDefSDHTM $bolOUHeader $bolReplMeta $strVersion $strLastChangeDate $bolShowCriticalityColor $bolCompare
                        }
                        else
                        {
                            $bolOUHeader = $false
                            WriteDefSDAccessHTM $newObjectDefSD $strObjectClassName $strColorTemp $strFileDefSDHTA $strFileDefSDHTM $bolOUHeader $bolReplMeta $strVersion $strLastChangeDate $bolShowCriticalityColor $bolCompare
                        }
                        #Count ACE to not ad a header
                        $intACEcount++
                    }
                    else
                    {
                        #New color "Yellow"
                        $strColorTemp = 5
                        #If first ACE add header
                        if ($intACEcount -eq 0)
                        {
                            #Indicate that a defaultsecuritydescriptor was found
                            $intNumberofDefSDFound++
                            $bolOUHeader = $true
                            WriteDefSDAccessHTM $newObjectDefSD $strObjectClassName $strColorTemp $strFileDefSDHTA $strFileDefSDHTM $bolOUHeader $bolReplMeta $strVersion $strLastChangeDate $bolShowCriticalityColor $bolCompare
                        }
                        else
                        {
                            $bolOUHeader = $false
                            WriteDefSDAccessHTM $newObjectDefSD $strObjectClassName $strColorTemp $strFileDefSDHTA $strFileDefSDHTM $bolOUHeader $bolReplMeta $strVersion $strLastChangeDate $bolShowCriticalityColor $bolCompare
                        }
                        #Count ACE to not ad a header
                        $intACEcount++        
                    }
                }
                $newObjectDefSD = $null
                #Comare DefaultSecurityDesriptor in template with schema looking for missing ACE's
                $secFile = New-Object System.DirectoryServices.ActiveDirectorySecurity
                if($null -ne $strSDDLcol)
                {
                    $secFile.SetSecurityDescriptorSddlForm($strSDDLcol)
                }
                $sdFile = $secFile.GetAccessRules($true, $false, [System.Security.Principal.NTAccount]) 
                foreach($ObjectDefSDFromFile in $sdFile)
                {
                    #Check if matchin ACE missing, TRUE until found 
                    $SDMissingResult = $true

                    $ObjectDefSDFile = New-Object PSObject -Property @{ActiveDirectoryRights=$ObjectDefSDFromFile.ActiveDirectoryRights;InheritanceType=$ObjectDefSDFromFile.InheritanceType;ObjectType=$ObjectDefSDFromFile.ObjectType;`
                    InheritedObjectType=$ObjectDefSDFromFile.InheritedObjectType;ObjectFlags=$ObjectDefSDFromFile.ObjectFlags;AccessControlType=$ObjectDefSDFromFile.AccessControlType;IdentityReference=$ObjectDefSDFromFile.IdentityReference;IsInherited=$ObjectDefSDFromFile.IsInherited;`
                    InheritanceFlags=$ObjectDefSDFromFile.InheritanceFlags;PropagationFlags=$ObjectDefSDFromFile.PropagationFlags;State="Missing"}

                    foreach($ObjectDefSD in $sd)
                    {

                        If (($ObjectDefSD.IdentityReference -eq $ObjectDefSDFile.IdentityReference) -and ($ObjectDefSD.ActiveDirectoryRights -eq $ObjectDefSDFile.ActiveDirectoryRights) -and ($ObjectDefSD.AccessControlType -eq $ObjectDefSDFile.AccessControlType) -and ($ObjectDefSD.ObjectType -eq $ObjectDefSDFile.ObjectType) -and ($ObjectDefSD.InheritanceType -eq $ObjectDefSDFile.InheritanceType) -and ($ObjectDefSD.InheritedObjectType -eq $ObjectDefSDFile.InheritedObjectType))
                        {
                            $SDMissingResult = $false
                        }
                    }
                    if ($SDMissingResult)
                    {
                        #Missig´ng color "Red"
                        $strColorTemp = 3
                        #If first ACE add header
                        if ($intACEcount -eq 0)
                        {
                            #Indicate that a defaultsecuritydescriptor was found
                            $intNumberofDefSDFound++
                            $bolOUHeader = $true
                            WriteDefSDAccessHTM $ObjectDefSDFile $strObjectClassName $strColorTemp $strFileDefSDHTA $strFileDefSDHTM $bolOUHeader $bolReplMeta $strVersion $strLastChangeDate $bolShowCriticalityColor $bolCompare
                        }
                        else
                        {
                            $bolOUHeader = $false
                            WriteDefSDAccessHTM $ObjectDefSDFile $strObjectClassName $strColorTemp $strFileDefSDHTA $strFileDefSDHTM $bolOUHeader $bolReplMeta $strVersion $strLastChangeDate $bolShowCriticalityColor $bolCompare
                        }
                        #Count ACE to not ad a header
                        $intACEcount++
                    }
                }
                $secFile = $null
                $sdFile = $null
                $ObjectDefSDFile = $null
                $ObjectDefSDFromFile = $null
                $ObjectDefSD = $null
                $sd = $null
                $sec = $null
            }#End matchin SDDL
        }#End matching object name
        $index++
    }#End while 
    #Check if the schema object does not exist in template
    if($ObjectMatchResult -eq $false)
    {
        $sd = ""
        #Create ad security object
        $sec = New-Object System.DirectoryServices.ActiveDirectorySecurity
        if($null -ne $entry.Attributes.defaultsecuritydescriptor)
        {
            $sec.SetSecurityDescriptorSddlForm($entry.Attributes.defaultsecuritydescriptor[0])
        }
        $sd = $sec.GetAccessRules($true, $false, [System.Security.Principal.NTAccount]) 
        #Count ACE for applying header on fist
        $intACEcount = 0
        foreach($ObjectDefSD in $sd)
        {

            $newObjectDefSD = New-Object PSObject -Property @{ActiveDirectoryRights=$ObjectDefSD.ActiveDirectoryRights;InheritanceType=$ObjectDefSD.InheritanceType;ObjectType=$ObjectDefSD.ObjectType;`
            InheritedObjectType=$ObjectDefSD.InheritedObjectType;ObjectFlags=$ObjectDefSD.ObjectFlags;AccessControlType=$ObjectDefSD.AccessControlType;IdentityReference=$ObjectDefSD.IdentityReference;IsInherited=$ObjectDefSD.IsInherited;`
            InheritanceFlags=$ObjectDefSD.InheritanceFlags;PropagationFlags=$ObjectDefSD.PropagationFlags;State="Missing in file"}

            #Matching color "green"
            $strColorTemp = 5
            #If first ACE add header
            if ($intACEcount -eq 0)
            {
                $bolOUHeader = $true
                #Indicate that a defaultsecuritydescriptor was found
                $intNumberofDefSDFound++
                WriteDefSDAccessHTM $newObjectDefSD $strObjectClassName $strColorTemp $strFileDefSDHTA $strFileDefSDHTM $bolOUHeader $bolReplMeta $strVersion $strLastChangeDate $bolShowCriticalityColor $bolCompare
            }
            else
            {
                $bolOUHeader = $false
                WriteDefSDAccessHTM $newObjectDefSD $strObjectClassName $strColorTemp $strFileDefSDHTA $strFileDefSDHTM $bolOUHeader $bolReplMeta $strVersion $strLastChangeDate $bolShowCriticalityColor $bolCompare
            }
            #Count ACE to not ad a header
            $intACEcount++
        }
        $newObjectDefSD = $null
        $sd = $null    
    }

}#End foreach
if($global:PageSize -gt 0) 
{
    if ($prrc.Cookie.Length -eq 0)
    {
        #last page --> we're done
        break;
    }
    #pass the search cookie back to server in next paged request
    $pagedRqc.Cookie = $prrc.Cookie;
}
else
{
    #exit the processing for non-paged search
    break;
}

}#End While
if (($PSVersionTable.PSVersion -ne „2.0“) -and ($global:bolProgressBar))
{
$global:ProgressBarWindow.Window.Dispatcher.invoke([action]{$global:ProgressBarWindow.Window.Close()},“Normal“)
$ProgressBarWindow = $null
Remove-Variable -Name „ProgressBarWindow“ -Scope Global
}

if($intNumberofDefSDFound -gt 0)
{
Invoke-Item $strFileDefSDHTA
}
else
{
$global:observableCollection.Insert(0,(LogMessage -strMessage „No defaultsecuritydescriptor found!“ -strType „Error“ -DateStamp ))
}
}

==========================================================================

Function : Write-DefaultSDCSV

Arguments : string ObjectClass

Returns :

Description : Write the default Security Descriptor to a CSV

==========================================================================

Function Write-DefaultSDCSV
{
Param(
[string]
$fileout,

$strObjectClass="*",

[Parameter(Mandatory=$false)]
$strFontTH Account Name$strFontTH Object Type$strFontTH Number of Groups

[pscredential]

$CREDS)

Number of columns in CSV import

$strCSVHeaderDefsd = @“
„Name“,“distinguishedName“,“Version“,“ModifiedDate“,“SDDL“
„@

If ((Test-Path $fileout) -eq $true)
{
Remove-Item $fileout
}

$strCSVHeaderDefsd | Out-File -FilePath $fileout -Encoding UTF8

$LDAPConnection = New-Object System.DirectoryServices.Protocols.LDAPConnection($global:strDC, $CREDS)
$LDAPConnection.SessionOptions.ReferralChasing = „None“
$request = New-Object System.directoryServices.Protocols.SearchRequest($global:SchemaDN, „(&(objectClass=classSchema)(name=$strObjectClass))“, „Subtree“)
[System.DirectoryServices.Protocols.PageResultRequestControl]$pagedRqc = new-object System.DirectoryServices.Protocols.PageResultRequestControl($global:PageSize)
$request.Controls.Add($pagedRqc) | Out-Null
[void]$request.Attributes.Add(„defaultsecuritydescriptor“)
[void]$request.Attributes.Add(„name“)
[void]$request.Attributes.Add(„msds-replattributemetadata“)
while ($true)
{
$response = $LdapConnection.SendRequest($request, (new-object System.Timespan(0,0,$global:TimeoutSeconds))) -as [System.DirectoryServices.Protocols.SearchResponse];

#for paged search, the response for paged search result control - we will need a cookie from result later
if($global:PageSize -gt 0) {
    [System.DirectoryServices.Protocols.PageResultResponseControl] $prrc=$null;
    if ($response.Controls.Length -gt 0)
    {
        foreach ($ctrl in $response.Controls)
        {
            if ($ctrl -is [System.DirectoryServices.Protocols.PageResultResponseControl])
            {
                $prrc = $ctrl;
                break;
            }
        }
    }
    if($null -eq $prrc) {
        #server was unable to process paged search
        throw "Find-LdapObject: Server failed to return paged response for request $SearchFilter"
    }
}
#now process the returned list of distinguishedNames and fetch required properties using ranged retrieval

foreach ($entry  in $response.Entries)
{
    $index = 0
    while($index -le $entry.attributes.'msds-replattributemetadata'.count -1) 
    {
        $childMember = $entry.attributes.'msds-replattributemetadata'[$index]
        $childMember = $childMember.replace("$($childMember[-1])","")
        If ($([xml]$childMember).DS_REPL_ATTR_META_DATA.pszAttributeName -eq "defaultSecurityDescriptor")
        {
            $strLastChangeDate = $([xml]$childMember).DS_REPL_ATTR_META_DATA.ftimeLastOriginatingChange
            $strVersion = $([xml]$childMember).DS_REPL_ATTR_META_DATA.dwVersion
            if ($strLastChangeDate -eq $nul)
            {
                $strLastChangeDate = $(get-date "1601-01-01" -UFormat "%Y-%m-%d %H:%M:%S")

            }
            else
            {
            $strLastChangeDate = $(get-date $strLastChangeDate -UFormat "%Y-%m-%d %H:%M:%S")
            }             
        }
        $index++
    }   

    $strSDDL = ""
    if($null -ne $entry.Attributes.defaultsecuritydescriptor)
    {
        $strSDDL = $entry.Attributes.defaultsecuritydescriptor[0]
    }            
    $strName = $entry.Attributes.name[0]
    $strDistinguishedName = $entry.distinguishedname

    #Write to file
    [char]34+$strName+[char]34+","+[char]34+`
    $strDistinguishedName+[char]34+","+[char]34+`
    $strVersion+[char]34+","+[char]34+`
    $strLastChangeDate+[char]34+","+[char]34+`
    $strSDDL+[char]34 | Out-File -Append -FilePath $fileout  -Encoding UTF8


}

if($global:PageSize -gt 0) 
{
    if ($prrc.Cookie.Length -eq 0)
    {
        #last page --> we're done
        break;
    }
    #pass the search cookie back to server in next paged request
    $pagedRqc.Cookie = $prrc.Cookie;
}
else
{
    #exit the processing for non-paged search
    break;
}

}#End While
$global:observableCollection.Insert(0,(LogMessage -strMessage „Report saved in $fileout“ -strType „Warning“ -DateStamp ))

}

==========================================================================

Function : GetEffectiveRightSP

Arguments :

Returns :

Description : Rs

==========================================================================

Function GetEffectiveRightSP
{
param(
[string] $strPrincipal,
[string] $strDomainDistinguishedName,
[Parameter(Mandatory=$false)]
[pscredential]
$CREDS
)
$global:strEffectiveRightSP = „“
$global:strEffectiveRightAccount = „“
$global:strSPNobjectClass = „“
$global:strPrincipalDN = „“
$strPrinName = „“
$SPFound = $false

if ($global:strPrinDomDir -eq 2)
{
&{#Try

$Script:CredsExt = $host.ui.PromptForCredential("Need credentials", "Please enter your user name and password.", "", "$global:strPrinDomFlat")
$Window.Activate()
}
Trap [SystemException]
{
continue
}
$h =  (get-process -id $global:myPID).MainWindowHandle # just one notepad must be opened!
[SFW]::SetForegroundWindow($h)
if($null -ne $Script:CredsExt.UserName)
{
    if (TestCreds $CredsExt)
    {    
        $global:strPinDomDC = $(GetDomainController $global:strDomainPrinDNName $true $Script:CredsExt)
        $global:strPrincipalDN = (GetSecPrinDN $strPrincipal $global:strPinDomDC $true -CREDS $Script:CredsExt)
     }
     else
     {
         $global:observableCollection.Insert(0,(LogMessage -strMessage "Bad user name or password!" -strType "Error" -DateStamp ))
         $lblEffectiveSelUser.Content = ""
     }
 }
 else
 {
    $global:observableCollection.Insert(0,(LogMessage -strMessage "Faild to insert credentials!" -strType "Error" -DateStamp ))

 }

}
else
{
if ( $global:strDomainPrinDNName -eq $global:strDomainDNName )
{
$lblSelectPrincipalDom.Content = $global:strDomainShortName+“:“
$global:strPinDomDC = $global:strDC
$global:strPrincipalDN = (GetSecPrinDN $strPrincipal $global:strPinDomDC $false -CREDS $CREDS)
}
else
{
$global:strPinDomDC = $global:strDC
$global:strPrincipalDN = (GetSecPrinDN $strPrincipal $global:strPinDomDC $false -CREDS $CREDS)
}
}
if ($global:strPrincipalDN -eq „“)
{
if($global:bolCMD)
{
Write-host „Could not find $strPrincipal!“ -ForegroundColor Red
}
else
{
$global:observableCollection.Insert(0,(LogMessage -strMessage „Could not find $strPrincipal!“ -strType „Error“ -DateStamp ))
$lblEffectiveSelUser.Content = „“
}
}
else
{
$SPFound = $true
$global:strEffectiveRightAccount = $strPrincipal
if($global:bolCMD)
{
#Write-host „Found security principal“
}
else
{
$global:observableCollection.Insert(0,(LogMessage -strMessage „Found security principal“ -strType „Info“ -DateStamp ))
}

if ($global:strPrinDomDir -eq 2)
{
    [System.Collections.ArrayList] $global:tokens = @(GetTokenGroups -PrincipalDomDC $global:strPinDomDC -PrincipalDN $global:strPrincipalDN -bolCreds $true -GetTokenCreds $Script:CredsExt -CREDS $CREDS)

    if($CREDS)
    {
        $objADPrinipal = new-object DirectoryServices.DirectoryEntry("LDAP://$global:strPinDomDC/$global:strPrincipalDN",$Script:CredsExt.UserName,$Script:CredsExt.GetNetworkCredential().Password)
    }
    else
    {
        $objADPrinipal = new-object DirectoryServices.DirectoryEntry("LDAP://$global:strPinDomDC/$global:strPrincipalDN")
    }

    $objADPrinipal.psbase.RefreshCache("msDS-PrincipalName")
    $strPrinName = $($objADPrinipal.psbase.Properties.Item("msDS-PrincipalName"))
    $global:strSPNobjectClass = $($objADPrinipal.psbase.Properties.Item("objectClass"))[$($objADPrinipal.psbase.Properties.Item("objectClass")).count-1]
    if (($strPrinName -eq "") -or ($null -eq $strPrinName))
    {
        $strPrinName = "$global:strPrinDomFlat\$($objADPrinipal.psbase.Properties.Item("samAccountName"))"
    }
    $global:strEffectiveRightSP = $strPrinName
    $lblEffectiveSelUser.Content = $strPrinName    
}
else
{
    [System.Collections.ArrayList] $global:tokens = @(GetTokenGroups -PrincipalDomDC $global:strPinDomDC -PrincipalDN $global:strPrincipalDN -bolCreds $false -CREDS $CREDS)

    if($CREDS)
    {
        $objADPrinipal = new-object DirectoryServices.DirectoryEntry("LDAP://$global:strPinDomDC/$global:strPrincipalDN",$CREDS.UserName,$CREDS.GetNetworkCredential().Password)
    }
    else
    {
        $objADPrinipal = new-object DirectoryServices.DirectoryEntry("LDAP://$global:strPinDomDC/$global:strPrincipalDN")
    }

    $objADPrinipal.psbase.RefreshCache("msDS-PrincipalName")
    $strPrinName = $($objADPrinipal.psbase.Properties.Item("msDS-PrincipalName"))
    $global:strSPNobjectClass = $($objADPrinipal.psbase.Properties.Item("objectClass"))[$($objADPrinipal.psbase.Properties.Item("objectClass")).count-1]
    if (($strPrinName -eq "") -or ($null -eq $strPrinName))
    {
        $strPrinName = "$global:strPrinDomFlat\$($objADPrinipal.psbase.Properties.Item("samAccountName"))"
    }
    $global:strEffectiveRightSP = $strPrinName
    $lblEffectiveSelUser.Content = $strPrinName
}

}
return $SPFound
}

==========================================================================

Function : LoadProgressBar

Arguments : n/a

Returns : n/a

Description : Open up a progress bar in a XAML window

==========================================================================

Function LoadProgressBar
{
$global:ProgressBarWindow = [hashtable]::Synchronized(@{})
$newRunspace =[runspacefactory]::CreateRunspace()
$newRunspace.ApartmentState = „STA“
$newRunspace.ThreadOptions = „ReuseThread“
$newRunspace.Open()
$newRunspace.SessionStateProxy.SetVariable(„global:ProgressBarWindow“,$global:ProgressBarWindow)
$psCmd = [PowerShell]::Create().AddScript({
[xml]$xamlProgressBar = @“





</Grid>


„@

$xamlProgressBar.Window.RemoveAttribute(„x:Class“)
$reader=(New-Object System.Xml.XmlNodeReader $xamlProgressBar)
$global:ProgressBarWindow.Window=[Windows.Markup.XamlReader]::Load( $reader )
$global:ProgressBarWindow.lblProgressBarInfo = $global:ProgressBarWindow.window.FindName(„lblProgressBarInfo“)
$global:ProgressBarWindow.ProgressBar = $global:ProgressBarWindow.window.FindName(„ProgressBar“)
$global:ProgressBarWindow.ProgressBar.Value = 0
$global:ProgressBarWindow.Window.ShowDialog() | Out-Null
$global:ProgressBarWindow.Error = $Error

})

$psCmd.Runspace = $newRunspace

[void]$psCmd.BeginInvoke()

}

==========================================================================

Function : Update-ProgressBar

Arguments : n/a

Returns : n/a

Description : Update progress bar in a XAML window

==========================================================================

Function Update-ProgressBar
{
Param ($txtlabel,$valProgress)

    &{#Try
       $global:ProgressBarWindow.ProgressBar.Dispatcher.invoke([action]{ $global:ProgressBarWindow.lblProgressBarInfo.Content = $txtlabel;$global:ProgressBarWindow.ProgressBar.Value = $valProgress},"Normal")
    }
    Trap [SystemException]
    {
        $global:observableCollection.Insert(0,(LogMessage -strMessage "Progressbar Failed!" -strType "Error" -DateStamp ))

    }

}

==========================================================================

Function : Find-RiskyTemplates

Arguments : Configuration partition distinguishedname

Returns : An array of distinguishednames for templates that are published

Description : Find and returns an array of distinguishednames for templates that are published and have supply in request without certificate manage approval

==========================================================================

Function Find-RiskyTemplates
{
Param(
[Parameter(Mandatory=$true,
ValueFromPipeline=$true,
ValueFromPipelineByPropertyName=$true,
ValueFromRemainingArguments=$false,
Position=0,
ParameterSetName=’Default‘)]
[ValidateNotNull()]
[ValidateNotNullOrEmpty()]
[String]
$ConfigurationDN=““,

[Parameter(Mandatory=$false)]

[pscredential]

$CREDS) #array Published templates names $arrPublishedPKITemplates = New-Object System.Collections.ArrayList #array Published templates DN $arrPublishedTemplatesDN = New-Object System.Collections.ArrayList # Search published for PKI templates $LDAPConnection = New-Object System.DirectoryServices.Protocols.LDAPConnection($global:strDC, $CREDS) $LDAPConnection.SessionOptions.ReferralChasing = „None“ $SearchFilter = „(objectClass=pKIEnrollmentService)“ $request = New-Object System.directoryServices.Protocols.SearchRequest(„CN=Enrollment Services,CN=Public Key Services,CN=Services,$ConfigurationDN“, $SearchFilter, „OneLevel“) [System.DirectoryServices.Protocols.PageResultRequestControl]$pagedRqc = new-object System.DirectoryServices.Protocols.PageResultRequestControl($global:PageSize) $request.Controls.Add($pagedRqc) | Out-Null [void]$request.Attributes.Add(„certificatetemplates“) while ($true) { $response = $LdapConnection.SendRequest($request, (new-object System.Timespan(0,0,$global:TimeoutSeconds))) -as [System.DirectoryServices.Protocols.SearchResponse]; #for paged search, the response for paged search result control – we will need a cookie from result later if($global:PageSize -gt 0) { [System.DirectoryServices.Protocols.PageResultResponseControl] $prrc=$null; if ($response.Controls.Length -gt 0) { foreach ($ctrl in $response.Controls) { if ($ctrl -is [System.DirectoryServices.Protocols.PageResultResponseControl]) { $prrc = $ctrl; break; } } } if($null -eq $prrc) { #server was unable to process paged search throw „Find-LdapObject: Server failed to return paged response for request $SearchFilter“ } } #now process the returned list of distinguishedNames and fetch required properties using ranged retrieval $colResults = $response.Entries foreach ($objResult in $colResults) { for($i=0;$i -lt $objResult.attributes.certificatetemplates.count;$i++) { [void]$arrPublishedPKITemplates.Add($objResult.attributes.certificatetemplates[$i]) } } if($global:PageSize -gt 0) { if ($prrc.Cookie.Length -eq 0) { #last page –> we’re done break; } #pass the search cookie back to server in next paged request $pagedRqc.Cookie = $prrc.Cookie; } else { #exit the processing for non-paged search break; } }#End While #if any results found in published template names continue to a search for the object if($arrPublishedPKITemplates) { # For each template name searc for the object Foreach($PublishedTemplate in $arrPublishedPKITemplates) { # Search for PKI templates objects $LDAPConnection = New-Object System.DirectoryServices.Protocols.LDAPConnection($global:strDC, $CREDS) $LDAPConnection.SessionOptions.ReferralChasing = „None“ $SearchFilter = „(&(objectClass=pKICertificateTemplate)(cn=$PublishedTemplate)(!(mspki-enrollment-flag:1.2.840.113556.1.4.804:=2))(|(mspki-ra-signature=0)(!(mspki-ra-signature=*)))(|(pkiextendedkeyusage=1.3.6.1.4.1.311.20.2.2)(pkiextendedkeyusage=1.3.6.1.5.5.7.3.2)(pkiextendedkeyusage=1.3.6.1.5.2.3.4)(pkiextendedkeyusage=2.5.29.37.0)(!(pkiextendedkeyusage=*)))(mspki-certificate-name-flag:1.2.840.113556.1.4.804:=1))“ $request = New-Object System.directoryServices.Protocols.SearchRequest(„CN=Certificate Templates,CN=Public Key Services,CN=Services,$ConfigurationDN“, $SearchFilter, „OneLevel“) [System.DirectoryServices.Protocols.PageResultRequestControl]$pagedRqc = new-object System.DirectoryServices.Protocols.PageResultRequestControl($global:PageSize) $request.Controls.Add($pagedRqc) | Out-Null [void]$request.Attributes.Add(„mspki-enrollment-flag“) $arrPublishedPKITemplates = New-Object System.Collections.ArrayList while ($true) { $response = $LdapConnection.SendRequest($request, (new-object System.Timespan(0,0,$global:TimeoutSeconds))) -as [System.DirectoryServices.Protocols.SearchResponse]; #for paged search, the response for paged search result control – we will need a cookie from result later if($global:PageSize -gt 0) { [System.DirectoryServices.Protocols.PageResultResponseControl] $prrc=$null; if ($response.Controls.Length -gt 0) { foreach ($ctrl in $response.Controls) { if ($ctrl -is [System.DirectoryServices.Protocols.PageResultResponseControl]) { $prrc = $ctrl; break; } } } if($null -eq $prrc) { #server was unable to process paged search throw „Find-LdapObject: Server failed to return paged response for request $SearchFilter“ } } #now process the returned list of distinguishedNames and fetch required properties using ranged retrieval $colResults = $response.Entries foreach ($objResult in $colResults) { for($i=0;$i -le $objResult.attributes.certificatetemplates.count;$i++) { $strEnrollmentFlag = $(GetEnrollmentFlag $objResult.attributes.’mspki-enrollment-flag'[0]) if(($strEnrollmentFlag -eq „“) -or (-not($strEnrollmentFlag -match „CT_FLAG_PEND_ALL_REQUESTS“))) { [void]$arrPublishedTemplatesDN.Add($objResult.distinguishedname) } } } if($global:PageSize -gt 0) { if ($prrc.Cookie.Length -eq 0) { #last page –> we’re done break; } #pass the search cookie back to server in next paged request $pagedRqc.Cookie = $prrc.Cookie; } else { #exit the processing for non-paged search break; } }#End While } } # Return all published template objects return $arrPublishedTemplatesDN

}

==========================================================================

Function : GetEnrollmentFlag

Arguments : Enrollment flags of a certificate template

Returns : String of the translated values

Description : Returns a certificate enrollment flag status

==========================================================================

Function GetEnrollmentFlag ($EnrollmentFlag)
{

[string] $strStatus = „“

if ($EnrollmentFlag -band 0x00000001)
{ $strStatus = $strStatus + „,CT_FLAG_INCLUDE_SYMMETRIC_ALGORITHMS“}
if ($EnrollmentFlag -band 0x00000002)
{ $strStatus = $strStatus + „,CT_FLAG_PEND_ALL_REQUESTS“}
if ($EnrollmentFlag -band 0x00000004)
{ $strStatus = $strStatus + „,CT_FLAG_PUBLISH_TO_KRA_CONTAINER“}
if ($EnrollmentFlag -band 0x00000008)
{ $strStatus = $strStatus + „,CT_FLAG_PUBLISH_TO_DS“}
if ($EnrollmentFlag -band 0x00000010)
{ $strStatus = $strStatus + „,CT_FLAG_AUTO_ENROLLMENT_CHECK_USER_DS_CERTIFICATE“}
if ($EnrollmentFlag -band 0x00000020)
{ $strStatus = $strStatus + „,CT_FLAG_AUTO_ENROLLMENT“}
if ($EnrollmentFlag -band 0x00000040)
{ $strStatus = $strStatus + „,CT_FLAG_PREVIOUS_APPROVAL_VALIDATE_REENROLLMENT“}
if ($EnrollmentFlag -band 0x00000100)
{ $strStatus = $strStatus + „,CT_FLAG_USER_INTERACTION_REQUIRED“}
if ($EnrollmentFlag -band 0x00000400)
{ $strStatus = $strStatus + „,CT_FLAG_REMOVE_INVALID_CERTIFICATE_FROM_PERSONAL_STORE“}
if ($EnrollmentFlag -band 0x00000800)
{ $strStatus = $strStatus + „,CT_FLAG_ALLOW_ENROLL_ON_BEHALF_OF“}
if ($EnrollmentFlag -band 0x00001000)
{ $strStatus = $strStatus + „,CT_FLAG_ADD_OCSP_NOCHECK“}
if ($EnrollmentFlag -band 0x00002000)
{ $strStatus = $strStatus + „,CT_FLAG_ENABLE_KEY_REUSE_ON_NT_TOKEN_KEYSET_STORAGE_FULL“}
if ($EnrollmentFlag -band 0x00004000)
{ $strStatus = $strStatus + „,CT_FLAG_NOREVOCATIONINFOINISSUEDCERTS“}
if ($EnrollmentFlag -band 0x00008000)
{ $strStatus = $strStatus + „,CT_FLAG_INCLUDE_BASIC_CONSTRAINTS_FOR_EE_CERTS“}
if ($EnrollmentFlag -band 0x00010000)
{ $strStatus = $strStatus + „,CT_FLAG_ALLOW_PREVIOUS_APPROVAL_KEYBASEDRENEWAL_VALIDATE_REENROLLMENT“}
if ($EnrollmentFlag -band 0x00020000)
{ $strStatus = $strStatus + „,CT_FLAG_ISSUANCE_POLICIES_FROM_REQUEST“}
if ($EnrollmentFlag -band 0x00040000)
{ $strStatus = $strStatus + „,CT_FLAG_SKIP_AUTO_RENEWAL“}

[int] $index = $strStatus.IndexOf(„,“)
If($index -eq 0)
{
$strStatus = $strStatus.substring($strStatus.IndexOf(„,“) + 1, $strStatus.Length -1 )
}

return $strStatus

}#End function

Number of columns in CSV import

$strCSVHeader = @“
„Object“,“ObjectClass“,“IdentityReference“,“PrincipalName“,“ActiveDirectoryRights“,“InheritanceType“,“ObjectType“,“InheritedObjectType“,“ObjectFlags“,“AccessControlType“,“IsInherited“,“InheritanceFlags“,“PropagationFlags“,“SDDate“,“InvocationID“,“OrgUSN“,“Criticality“,“CanonicalName“,“Inheritance Disabled“
„@

$strCSVCompareHeader = @“
„Object“,“ObjectClass“,“IdentityReference“,“PrincipalName“,“ActiveDirectoryRights“,“InheritanceType“,“ObjectType“,“InheritedObjectType“,“ObjectFlags“,“AccessControlType“,“IsInherited“,“InheritanceFlags“,“PropagationFlags“,“SDDate“,“InvocationID“,“OrgUSN“,“Criticality“,“CanonicalName“,“Inheritance Disabled“,“State“
„@

$global:myPID = $PID
$global:csvHistACLs = New-Object System.Collections.ArrayList

$strLastCacheGuidsDom = „“
$sd = „“
$global:intObjeComputer = 0

$null = Add-Type -AssemblyName System.DirectoryServices.Protocols
if($base -or $GPO)
{
# Display script info
Write-Host $ADACLScanVersion

$CREDS = $null
if($credentials)
{
    $CREDS = $Credentials
}

if($Criticality)
{
    $ShowCriticalityColor = $true
}

if($Output -eq "")
{
    $Show = $false
}

if($AccessType.Length -gt 0)
{
    $AccessFilter = $true
}
else
{
    $AccessFilter = $false
}

if($ApplyTo.Length -gt 0)
{
    $ACLObjectFilter = $true
}
else
{
    $ACLObjectFilter = $false
}

if($FilterTrustee.Length -gt 0)
{
    $FilterForTrustee = $true
}
else
{
    $FilterForTrustee = $false
}

if($Permission.Length -gt 0)
{
    $BolACLPermissionFilter = $true
}
else
{
    $BolACLPermissionFilter = $false
}

if($FilterForTrustee -or $ACLObjectFilter -or $AccessFilter -or $Permission)
{
    $ACLFilter = $True
}
else
{
    $ACLFilter= $False
}

if($ShowProgressBar)
{
    $global:bolProgressBar = $true
}
else
{
    $global:bolProgressBar = $false
}

#Connect to Custom Naming Context
$global:bolCMD = $true

if (($base.Length -gt 0) -or ($GPO))
{

    if($base -ne "RootDSE")
    {
        $strNamingContextDN = $base
    }
    if($Server -eq "")
    {
        if($Port -eq "")
        {                    
            $global:strDC = ""
        }
        else
        {
            $global:strDC = "localhost:" +$Port
        }
    }
    else
    {
        if($Port -eq "")
        {                    
            $global:strDC = $Server
        }
        else
        {
            $global:strDC = $Server + ":" + $Port
        }
    }
    $global:bolLDAPConnection = $false
    $LDAPConnection = New-Object System.DirectoryServices.Protocols.LDAPConnection($global:strDC, $CREDS)
    $LDAPConnection.SessionOptions.ReferralChasing = "None"
    $request = New-Object System.directoryServices.Protocols.SearchRequest("", "(objectClass=*)", "base")
    if($global:bolShowDeleted)
    {
        [string] $LDAP_SERVER_SHOW_DELETED_OID = "1.2.840.113556.1.4.417"
        [void]$request.Controls.Add((New-Object "System.DirectoryServices.Protocols.DirectoryControl" -ArgumentList "$LDAP_SERVER_SHOW_DELETED_OID",$null,$false,$true ))
    }
    [void]$request.Attributes.Add("dnshostname")
    [void]$request.Attributes.Add("supportedcapabilities")
    [void]$request.Attributes.Add("namingcontexts")
    [void]$request.Attributes.Add("defaultnamingcontext")
    [void]$request.Attributes.Add("schemanamingcontext")
    [void]$request.Attributes.Add("configurationnamingcontext")
    [void]$request.Attributes.Add("rootdomainnamingcontext")
    [void]$request.Attributes.Add("isGlobalCatalogReady")                        

    try
    {
        $response = $LDAPConnection.SendRequest($request)
        $global:bolLDAPConnection = $true
        $global:bolConnected = $true  

    }
    catch
    {
        $global:bolLDAPConnection = $false
        $global:bolConnected = $false  
        Write-host "Failed! Domain does not exist or can not be connected: $($_.Exception.InnerException.Message.ToString())" -ForegroundColor red
    }
    if($global:bolLDAPConnection -eq $true)
    {
        $strPrimaryCapability= $response.Entries[0].attributes.supportedcapabilities[0]
        Switch ($strPrimaryCapability)
        {
            "1.2.840.113556.1.4.1851"
            {
                $global:DSType = "AD LDS"
                $global:bolADDSType = $false
                $global:strDomainDNName = $response.Entries[0].Attributes.namingcontexts[-1]
                $global:SchemaDN = $response.Entries[0].Attributes.schemanamingcontext[0]
                $global:ConfigDN = $response.Entries[0].Attributes.configurationnamingcontext[0]
                if($Port -eq "")
                {                    
                    if(Test-ResolveDNS $response.Entries[0].Attributes.dnshostname[0])
                    {
                        $global:strDC = $response.Entries[0].Attributes.dnshostname[0]
                    }
                }
                else
                {
                    if(Test-ResolveDNS $response.Entries[0].Attributes.dnshostname[0])
                    {
                        $global:strDC = $response.Entries[0].Attributes.dnshostname[0] +":" + $Port     
                    }
                }

            }
            "1.2.840.113556.1.4.800"
            {
                $global:DSType = "AD DS"
                $global:bolADDSType = $true
                $global:ForestRootDomainDN = $response.Entries[0].Attributes.rootdomainnamingcontext[0]
                $global:strDomainDNName = $response.Entries[0].Attributes.defaultnamingcontext[0]
                $global:SchemaDN = $response.Entries[0].Attributes.schemanamingcontext[0]
                $global:ConfigDN = $response.Entries[0].Attributes.configurationnamingcontext[0]
                $global:IS_GC = $response.Entries[0].Attributes.isglobalcatalogready[0]

                if($Port -eq "")
                {                    
                    if(Test-ResolveDNS $response.Entries[0].Attributes.dnshostname[0])
                    {
                        $global:strDC = $response.Entries[0].Attributes.dnshostname[0]
                    }
                }
                else
                {
                    if(Test-ResolveDNS $response.Entries[0].Attributes.dnshostname[0])
                    {
                        $global:strDC = $response.Entries[0].Attributes.dnshostname[0] +":" + $Port
                    }

                }
                $global:strDomainPrinDNName = $global:strDomainDNName
                $global:strDomainShortName = GetDomainShortName -strDomain $global:strDomainDNName -strConfigDN $global:ConfigDN -CREDS $CREDS
                $global:strRootDomainShortName = GetDomainShortName -strDomain $global:ForestRootDomainDN -strConfigDN $global:ConfigDN -CREDS $CREDS
                $lblSelectPrincipalDom.Content = $global:strDomainShortName+":"
            }
            default
            {
                $global:ForestRootDomainDN = $response.Entries[0].Attributes.rootdomainnamingcontext[0]
                $global:strDomainDNName = $response.Entries[0].Attributes.defaultnamingcontext[0]
                $global:SchemaDN = $response.Entries[0].Attributes.schemanamingcontext[0]
                $global:ConfigDN = $response.Entries[0].Attributes.configurationnamingcontext[0]
                $global:IS_GC = $response.Entries[0].Attributes.isglobalcatalogready[0]

                if($Port -eq "")
                {                    
                    $global:strDC = $response.Entries[0].Attributes.dnshostname[0]
                }
                else
                {
                    $global:strDC = $response.Entries[0].Attributes.dnshostname[0] +":" + $Port
                }
            }
        }  
        if($strNamingContextDN -eq "")
        {
            $strNamingContextDN = $global:strDomainDNName
        }
        If(CheckDNExist -sADobjectName $strNamingContextDN -strDC $global:strDC -CREDS $CREDS)
        {
            $NCSelect = $true
        }
        else
        {
            Write-Output "Failed to connect to $base"
            $global:bolConnected = $false
        }

    }#bolLDAPConnection
} # End If D lenght
else
{
    $global:bolConnected = $false  
}

$bolEffective = $false
if($EffectiveRightsPrincipal.Length -gt 0)
{
    if($(GetEffectiveRightSP $EffectiveRightsPrincipal $global:strDomainDNName -CREDS $CREDS))
     {
        $bolEffective = $true
        $IncludeInherited = $true
    }
    else
    {
        break;
    }
}
#Check if a naming context is selected
If ($NCSelect -eq $true)  
{
    If (!($strLastCacheGuidsDom -eq $global:strDomainDNName))
    {
        $global:dicRightsGuids = @{"Seed" = "xxx"}
        CacheRightsGuids -CREDS $CREDS
        $strLastCacheGuidsDom = $global:strDomainDNName


    }
    #Get Forest Root Domain ObjectSID
    if ($global:bolADDSType)
    {
        $LDAPConnection = New-Object System.DirectoryServices.Protocols.LDAPConnection($global:strDC, $CREDS)
        $LDAPConnection.SessionOptions.ReferralChasing = "None"
        $request = New-Object System.directoryServices.Protocols.SearchRequest($global:strDomainDNName, "(objectClass=*)", "base")
        [void]$request.Attributes.Add("objectsid")

        try
        {
            $response = $LDAPConnection.SendRequest($request)
            $global:bolLDAPConnection = $true
        }
        catch
        {
            $global:bolLDAPConnection = $false
            Write-host "Failed! Domain does not exist or can not be connected: $($_.Exception.InnerException.Message.ToString())" -ForegroundColor red
        }
        if($global:bolLDAPConnection -eq $true)
        {
            $global:DomainSID = GetSidStringFromSidByte $response.Entries[0].attributes.objectsid.GetValues([byte[]])[0]

        }

        if($global:ForestRootDomainDN -ne $global:strDomainDNName)
        {
            $global:strForestDomainLongName = $global:ForestRootDomainDN.Replace("DC=","")
            $global:strForestDomainLongName = $global:strForestDomainLongName.Replace(",",".")
            if($CREDS.UserName)
            {
                $Context = New-Object DirectoryServices.ActiveDirectory.DirectoryContext("Domain",$global:strForestDomainLongName,$CREDS.UserName,$CREDS.GetNetworkCredential().Password) 
            }
            else
            {
                $Context = New-Object DirectoryServices.ActiveDirectory.DirectoryContext("Domain",$global:strForestDomainLongName) 
            }
            $ojbDomain = [DirectoryServices.ActiveDirectory.Domain]::GetDomain($Context)
            $global:strForestDC = $($ojbDomain.FindDomainController()).name

            $LDAPConnection = New-Object System.DirectoryServices.Protocols.LDAPConnection($global:strForestDC, $CREDS)
            $LDAPConnection.SessionOptions.ReferralChasing = "None"
            $request = New-Object System.directoryServices.Protocols.SearchRequest($global:ForestRootDomainDN, "(objectClass=*)", "base")
            [void]$request.Attributes.Add("objectsid")

            try
            {
                $response = $LDAPConnection.SendRequest($request)
                $global:bolLDAPConnection = $true
            }
            catch
            {
                $global:bolLDAPConnection = $false
                Write-host "Failed! Domain does not exist or can not be connected: $($_.Exception.InnerException.Message.ToString())" -ForegroundColor red
            }
            if($global:bolLDAPConnection -eq $true)
            {
                $global:ForestRootDomainSID = GetSidStringFromSidByte $response.Entries[0].attributes.objectsid.GetValues([byte[]])[0]

            }
        }
        else
        {
            $global:strForestDC = $global:strDC
            $global:ForestRootDomainSID = $global:DomainSID
        }


    }

    #Verify that you could connect to the naming context
    if($Global:bolLDAPConnection)
    {
        if($GPO -or ($base -eq "RootDSE"))
        {
            if(($base -eq "") -or ($base -eq "RootDSE"))
            {
                $base = $global:strDomainDNName
            }
        }


        $LDAPConnection = New-Object System.DirectoryServices.Protocols.LDAPConnection($global:strDC, $CREDS)
        $LDAPConnection.SessionOptions.ReferralChasing = "None"
        $request = New-Object System.directoryServices.Protocols.SearchRequest($base, "(objectClass=*)", "base")
        [void]$request.Attributes.Add("name")               

        try
        {
            $response = $LDAPConnection.SendRequest($request)            
            #Set search base as the name of the output file
            $strNode = fixfilename $response.Entries[0].Attributes.name[0]
        }
        catch
        {
        }

        if($GPO)
        {
            $strNode = $strNode + "_GPOs"
        }
        ############### COMPARE THINGS ##########
        if($Template)
        {
            if ($(Test-Path $Template) -eq $true)
            {
                $global:bolCSVLoaded = $false
                $strCompareFile = $Template
                &{#Try
                    $global:bolCSVLoaded = $true
                    $global:csvHistACLs = import-Csv $strCompareFile 
                }
                Trap [SystemException]
                {
                    $strCSVErr = $_.Exception.Message
                    Write-Host "Failed to load CSV. $strCSVErr" -ForegroundColor Red
                    $global:bolCSVLoaded = $false
                    continue
                }   
                #Verify that a successful CSV import is performed before continue            
                if($global:bolCSVLoaded)
                {
                    #Test CSV file format
                    if(TestCSVColumns $global:csvHistACLs)
                    {                                                                                                                                                                                                                                                                      

                        $bolContinue = $true

                        if($global:csvHistACLs[0].Object)
                        {
                            $strOUcol = $global:csvHistACLs[0].Object
                        }
                        else
                        {
                            $strOUcol = $global:csvHistACLs[0].OU
                        }
                        if($strOUcol.Contains("<DOMAIN-DN>") -gt 0)
                        {
                            $strOUcol = ($strOUcol -Replace "<DOMAIN-DN>",$global:strDomainDNName)

                        }

                        if($strOUcol.Contains("<ROOT-DN>") -gt 0)
                        {
                            $strOUcol = ($strOUcol -Replace "<ROOT-DN>",$global:ForestRootDomainDN)

                            if($global:strDomainDNName -ne $global:ForestRootDomainDN)
                            {
                                if($global:IS_GC -eq "TRUE")
                                {
                                    Write-Host "You are not connected to the forest root domain: $global:ForestRootDomainDN.`n`nYour DC is a Global Catalog.`nDo you want to use Global Catalog and  continue?"
                                    $a = Read-Host "Do you want to continue? Press Y[Yes] or N[NO]:"
                                    if($a -eq "Y")
                                    {
                                        if($global:strDC.contains(":"))
                                        {
                                            $global:strDC = $global:strDC.split(":")[0] + ":3268"
                                        }
                                        else
                                        {
                                            $global:strDC = $global:strDC + ":3268"
                                        }

                                    }
                                    else
                                    {
                                        $bolContinue = $false
                                    }

                                }
                                else
                                {
                                    Write-host "You are not connected to the forest root domain: $global:ForestRootDomainDN." -ForegroundColor Yellow
                                    $bolContinue = $false
                                }
                            }

                        }


                        if($txtReplaceDN.text.Length -gt 0)
                        {
                            $strOUcol = ($strOUcol -Replace $txtReplaceDN.text,$global:strDomainDNName)

                        }
                        $sADobjectName = $strOUcol
                        #Verify if the connection can be done
                        if($bolContinue)
                        {
                            $LDAPConnection = New-Object System.DirectoryServices.Protocols.LDAPConnection($global:strDC,$CREDS)
                            $LDAPConnection.SessionOptions.ReferralChasing = "None"
                            $request = New-Object System.directoryServices.Protocols.SearchRequest
                            if($global:bolShowDeleted)
                            {
                                [string] $LDAP_SERVER_SHOW_DELETED_OID = "1.2.840.113556.1.4.417"
                                [void]$request.Controls.Add((New-Object "System.DirectoryServices.Protocols.DirectoryControl" -ArgumentList "$LDAP_SERVER_SHOW_DELETED_OID",$null,$false,$true ))
                            }
                            $request.DistinguishedName = $sADobjectName
                            $request.Filter = "(name=*)"
                            $request.Scope = "Base"
                            [void]$request.Attributes.Add("name")

                            $response = $LDAPConnection.SendRequest($request)

                            $ADobject = $response.Entries[0]
                            $strNode = fixfilename $ADobject.attributes.name[0]
                        }
                        else
                        {
                            #Set the node to empty , no connection will be done
                            $strNode = ""
                        }

                    }
                    else
                    {
                        Write-host "Wrong format in: $Template" -ForegroundColor Red
                        exit
                    }
                }
            }
            else
            {
                Write-host "File not found $Template" -ForegroundColor Red
                exit
            }
        }

        ############### COMPARE THINGS ##########

        #Get current date
        $date= get-date -uformat %Y%m%d_%H%M%S

        if($ACLObjectFilter)
        {
            GetSchemaObjectGUID  -Domain $global:strDomainDNName -CREDS $CREDS
        }

        if($Targets)
        {
            if($Targets -eq "RiskyTemplates")
            {
                $allSubOU = Find-RiskyTemplates -ConfigurationDN $global:ConfigDN -CREDS $CREDS
            }
        }
        else
        {
            if(-not($GPO))
            {
                #Get all LDAP objects to read ACL's on
                $allSubOU = @(GetAllChildNodes -firstnode $base -Scope $Scope -CustomFilter $LDAPFilter -CREDS $CREDS)
            }
            else
            {
                #Get all LDAP objects to read ACL's on
                $allSubOU = @(GetAllChildNodes -firstnode $base -Scope $Scope -CustomFilter "(&(|(objectClass=organizationalUnit)(objectClass=domainDNS))(gplink=*LDAP*))" -CREDS $CREDS)
            }
        }

        if($CanonicalNames)
        {
            $UseCanonicalName = $true
        }
        else
        {
            $UseCanonicalName = $false
        }


        #If more than 0 objects returned send it to Get-Perm to read ACL's
        if($allSubOU.count -gt 0)
        {
            #Set the path for the CSV file name
            if($OutputFolder -gt "")
            {
                #Check if foler exist if not use current folder
                if(Test-Path $OutputFolder)
                {
                    $strFileCSV = $OutputFolder + "\" +$strNode + "_" + $global:strDomainShortName + "_adAclOutput" + $date + ".csv" 
                }
                else
                {
                    Write-host "Path:$OutputFolder was not found! Writting to current folder." -ForegroundColor red
                    $strFileCSV = $CurrentFSPath + "\" +$strNode + "_" + $global:strDomainShortName + "_adAclOutput" + $date + ".csv"
                }
            }
            else
            {
                $strFileCSV = $CurrentFSPath + "\" +$strNode + "_" + $global:strDomainShortName + "_adAclOutput" + $date + ".csv" 
            }
            $bolAssess = if($Criticality){$true}else{$false} 
            if(($Output -eq "CSV") -or ($Output -eq "CSVTEMPLATE")  -or ($Output -eq "HTML") -or ($Output -eq "EXCEL"))
            {
                $file = $true
                # Check if HTML switch is selected , creates a HTML file
                Switch ($Output)
                {
                "HTML"
                    {            
                        $bolCSV = $false
                        $strFileHTA = $env:temp + "\"+$global:ACLHTMLFileName+".hta" 
                        #Set the path for the HTM file name
                        if($OutputFolder -gt "")
                        {
                            #Check if foler exist if not use current folder
                            if(Test-Path $OutputFolder)
                            {
                                $strFileHTM = $OutputFolder + "\"+"$global:strDomainShortName-$strNode-$global:SessionID"+".htm" 
                            }
                            else
                            {
                                Write-host "Path:$OutputFolder was not found! Writting to current folder." -ForegroundColor red
                                $strFileHTM = $CurrentFSPath + "\"+"$global:strDomainShortName-$strNode-$global:SessionID"+".htm" 
                            }
                        }
                        else
                        {
                            $strFileHTM = $CurrentFSPath + "\"+"$global:strDomainShortName-$strNode-$global:SessionID"+".htm"  
                        }
                        CreateHTA "$global:strDomainShortName-$strNode" $strFileHTA $strFileHTM $CurrentFSPath $global:strDomainDNName $global:strDC
                        CreateHTM "$global:strDomainShortName-$strNode" $strFileHTM    
                        if($Template)
                        {
                            InitiateHTM $strFileHTA $strNode $Base $SDDate $false $Protected $ShowCriticalityColor $true $false $false $Template $false $bolEffective $false -bolCanonical:$UseCanonicalName $GPO
                            InitiateHTM $strFileHTM $strNode $Base $SDDate $false $Protected $ShowCriticalityColor $true $false $false $Template $false $bolEffective $false -bolCanonical:$UseCanonicalName $GPO
                        }
                        else
                        {

                        InitiateHTM $strFileHTA $strNode $Base $SDDate $false $Protected $ShowCriticalityColor $false $false $false "" $false $bolEffective $false -bolCanonical:$UseCanonicalName $GPO
                        InitiateHTM $strFileHTM $strNode $Base $SDDate $false $Protected $ShowCriticalityColor $false $false $false "" $false $bolEffective $false -bolCanonical:$UseCanonicalName $GPO
                        }

                    if($Template)
                    {
                        Get-PermCompare $allSubOU $SkipDefaults $SkipProtected $false $Owner $bolCSV $Protected $false $false $Show "HTML" $TemplateFilter $file $ShowCriticalityColor $bolAssess $Criticality $GPO -CREDS $CREDS
                    }
                    else
                    {
                        Get-Perm -AllObjectDn $allSubOU -DomainNetbiosName $global:strDomainShortName -IncludeInherited $IncludeInherited -SkipDefaultPerm $SkipDefaults -SkipProtectedPerm $SkipProtected -FilterEna $ACLFilter -bolGetOwnerEna $Owner -bolReplMeta $SDDate -bolACLsize $false -bolEffectiveR $bolEffective -bolGetOUProtected $Protected -bolGUIDtoText $false -Show $Show -OutType "HTML" -bolToFile $file -bolAssess $bolAssess -AssessLevel $Criticality -bolShowCriticalityColor $ShowCriticalityColor -GPO $GPO -FilterBuiltin $SkipBuiltIn -TranslateGUID $Translate -RecursiveFind $RecursiveFind -RecursiveObjectType $RecursiveObjectType  -ApplyTo $ApplyTo -ACLObjectFilter $ACLObjectFilter -FilterTrustee $FilterTrustee -FilterForTrustee $FilterForTrustee -AccessType $AccessType -AccessFilter $AccessFilter -BolACLPermissionFilter $BolACLPermissionFilter -ACLPermissionFilter $Permission -CREDS $CREDS -ReturnObjectType $ReturnObjectType -SDDL $SDDL
                    }

                    Write-host "Report saved in: $strFileHTM" -ForegroundColor Yellow
                    Write-output $strFileHTM
                }
                "EXCEL"
                    {    
                        $bolCSV = $false
                        $ExcelModuleExist = $true
                        if(!$(get-module&nbsp;ImportExcel))
                        {&nbsp;
                            Write-Host&nbsp;"Checking for ImportExcel PowerShell Module..."&nbsp;
                            if(!$(get-module -ListAvailable | Where-Object name -eq "ImportExcel"))
                            {
                                write-host&nbsp;"You need to install the PowerShell module ImportExcel found in the PSGallery"&nbsp;-ForegroundColor&nbsp;red&nbsp;   
                                $ExcelModuleExist = $false 
                            }
                            else
                            {
                                Import-Module ImportExcel
                                $ExcelModuleExist = $true
                            }

                        }
                        if($ExcelModuleExist)
                        {                
                            if($ExcelFile -eq "")
                            {
                                #Set the path for the Excel file name        
                                if($OutputFolder -gt "")
                                {
                                    #Check if foler exist if not use current folder
                                    if(Test-Path $OutputFolder)
                                    {
                                        $strFileEXCEL = $OutputFolder + "\" +$strNode + "_" + $global:strDomainShortName + "_adAclOutput" + $date +".xlsx" 
                                    }
                                    else
                                    {
                                        Write-host "Path:$OutputFolder was not found! Writting to current folder." -ForegroundColor red
                                        $strFileEXCEL = $CurrentFSPath + "\" +$strNode + "_" + $global:strDomainShortName + "_adAclOutput" + $date +".xlsx" 
                                    }
                                }
                                else
                                {
                                    $strFileEXCEL = $CurrentFSPath + "\" +$strNode + "_" + $global:strDomainShortName + "_adAclOutput" + $date +".xlsx" 
                                }
                            }
                            else
                            {
                                $strFileEXCEL = $ExcelFile
                            }

                            if($Template)
                            {
                                Get-PermCompare $allSubOU $SkipDefaults $SkipProtected $SDDate $Owner $bolCSV $Protected $false $false $Show "EXCEL" $TemplateFilter $file $ShowCriticalityColor $bolAssess $Criticality $GPO -CREDS $CREDS
                            }
                            else
                            {
                                Get-Perm -AllObjectDn $allSubOU -DomainNetbiosName $global:strDomainShortName -IncludeInherited $IncludeInherited -SkipDefaultPerm $SkipDefaults -SkipProtectedPerm $SkipProtected -FilterEna $ACLFilter -bolGetOwnerEna $Owner -bolReplMeta $SDDate -bolACLsize $false -bolEffectiveR $bolEffective -bolGetOUProtected $Protected -bolGUIDtoText $false -Show $Show -OutType "EXCEL" -bolToFile $file -bolAssess $bolAssess -AssessLevel $Criticality -bolShowCriticalityColor $ShowCriticalityColor -GPO $GPO -FilterBuiltin $SkipBuiltIn -TranslateGUID $Translate -RecursiveFind $RecursiveFind -RecursiveObjectType $RecursiveObjectType  -ApplyTo $ApplyTo -ACLObjectFilter $ACLObjectFilter -FilterTrustee $FilterTrustee -FilterForTrustee $FilterForTrustee -AccessType $AccessType -AccessFilter $AccessFilter -BolACLPermissionFilter $BolACLPermissionFilter -ACLPermissionFilter $Permission -CREDS $CREDS -ReturnObjectType $ReturnObjectType
                            }
                        }
                    }
                "CSVTEMPLATE"
                    {
                        $bolCSV = $true
                        if($Template)
                        {
                            Get-PermCompare $allSubOU $SkipDefaults $SkipProtected $false $Owner $bolCSV $Protected $false $false $Show "CSVTEMPLATE" $TemplateFilter $file $ShowCriticalityColor $bolAssess $Criticality $GPO -CREDS $CREDS
                        }
                        else
                        {
                            Get-Perm -AllObjectDn $allSubOU -DomainNetbiosName $global:strDomainShortName -IncludeInherited $IncludeInherited -SkipDefaultPerm $SkipDefaults -SkipProtectedPerm $SkipProtected -FilterEna $ACLFilter -bolGetOwnerEna $Owner -bolReplMeta $SDDate -bolACLsize $false -bolEffectiveR $bolEffective -bolGetOUProtected $Protected -bolGUIDtoText $false -Show $Show -OutType "CSVTEMPLATE" -bolToFile $file -bolAssess $bolAssess -AssessLevel $Criticality -bolShowCriticalityColor $ShowCriticalityColor -GPO $GPO -FilterBuiltin $SkipBuiltIn -TranslateGUID $Translate -RecursiveFind $RecursiveFind -RecursiveObjectType $RecursiveObjectType  -ApplyTo $ApplyTo -ACLObjectFilter $ACLObjectFilter -FilterTrustee $FilterTrustee -FilterForTrustee $FilterForTrustee -AccessType $AccessType -AccessFilter $AccessFilter -BolACLPermissionFilter $BolACLPermissionFilter -ACLPermissionFilter $Permission -CREDS $CREDS -ReturnObjectType $ReturnObjectType

                        }


                    }
                default
                    {
                        $bolCSV = $true
                        if($Template)
                        {
                            Get-PermCompare $allSubOU $SkipDefaults $SkipProtected $false $Owner $bolCSV $Protected $false $false $Show "CSV" $TemplateFilter $file $ShowCriticalityColor $bolAssess $Criticality $GPO -CREDS $CREDS
                        }
                        else
                        {
                            Get-Perm -AllObjectDn $allSubOU -DomainNetbiosName $global:strDomainShortName -IncludeInherited $IncludeInherited -SkipDefaultPerm $SkipDefaults -SkipProtectedPerm $SkipProtected -FilterEna $ACLFilter -bolGetOwnerEna $Owner -bolReplMeta $SDDate -bolACLsize $false -bolEffectiveR $bolEffective -bolGetOUProtected $Protected -bolGUIDtoText $false -Show $Show -OutType "CSV" -bolToFile $file -bolAssess $bolAssess -AssessLevel $Criticality -bolShowCriticalityColor $ShowCriticalityColor -GPO $GPO -FilterBuiltin $SkipBuiltIn -TranslateGUID $Translate -RecursiveFind $RecursiveFind -RecursiveObjectType $RecursiveObjectType  -ApplyTo $ApplyTo -ACLObjectFilter $ACLObjectFilter -FilterTrustee $FilterTrustee -FilterForTrustee $FilterForTrustee -AccessType $AccessType -AccessFilter $AccessFilter -BolACLPermissionFilter $BolACLPermissionFilter -ACLPermissionFilter $Permission -CREDS $CREDS -ReturnObjectType $ReturnObjectType

                        }


                    }

                }
            }
            else
            {
                if($RAW)
                {
                    $bolCSV = $true
                    $file = $false
                    if($Template)
                    {
                        Get-PermCompare $allSubOU $SkipDefaults $SkipProtected $false $Owner $bolCSV $Protected $false $false $Show "CSVTEMPLATE" $TemplateFilter $file $ShowCriticalityColor $bolAssess $Criticality $GPO -CREDS $CREDS
                    }
                    else
                    {

                        Get-Perm -AllObjectDn $allSubOU -DomainNetbiosName $global:strDomainShortName -IncludeInherited $IncludeInherited -SkipDefaultPerm $SkipDefaults -SkipProtectedPerm $SkipProtected -FilterEna $ACLFilter -bolGetOwnerEna $Owner -bolReplMeta $SDDate -bolACLsize $false -bolEffectiveR $bolEffective -bolGetOUProtected $Protected -bolGUIDtoText $false -Show $Show -OutType "CSVTEMPLATE" -bolToFile $file -bolAssess $bolAssess -AssessLevel $Criticality -bolShowCriticalityColor $ShowCriticalityColor -GPO $GPO -FilterBuiltin $SkipBuiltIn -TranslateGUID $Translate -RecursiveFind $RecursiveFind -RecursiveObjectType $RecursiveObjectType -ApplyTo $ApplyTo -ACLObjectFilter $ACLObjectFilter -FilterTrustee $FilterTrustee -FilterForTrustee $FilterForTrustee -AccessType $AccessType -AccessFilter $AccessFilter -BolACLPermissionFilter $BolACLPermissionFilter -ACLPermissionFilter $Permission -CREDS $CREDS -ReturnObjectType $ReturnObjectType -SDDL $SDDL
                    }
                }
                else
                {
                    $bolCSV = $true
                    $file = $false
                    if($Template)
                    {
                        Get-PermCompare $allSubOU $SkipDefaults $SkipProtected $false $Owner $bolCSV $Protected $false $false $Show "CSV" $TemplateFilter $file $ShowCriticalityColor $bolAssess $Criticality $GPO -CREDS $CREDS
                    }
                    else
                    {
                        Get-Perm -AllObjectDn $allSubOU -DomainNetbiosName $global:strDomainShortName -IncludeInherited $IncludeInherited -SkipDefaultPerm $SkipDefaults -SkipProtectedPerm $SkipProtected -FilterEna $ACLFilter -bolGetOwnerEna $Owner -bolReplMeta $SDDate -bolACLsize $false -bolEffectiveR $bolEffective -bolGetOUProtected $Protected -bolGUIDtoText $false -Show $Show -OutType "CSV" -bolToFile $file -bolAssess $bolAssess -AssessLevel $Criticality -bolShowCriticalityColor $ShowCriticalityColor -GPO $GPO -FilterBuiltin $SkipBuiltIn -TranslateGUID $Translate -RecursiveFind $RecursiveFind -RecursiveObjectType $RecursiveObjectType  -ApplyTo $ApplyTo -ACLObjectFilter $ACLObjectFilter -FilterTrustee $FilterTrustee -FilterForTrustee $FilterForTrustee -AccessType $AccessType -AccessFilter $AccessFilter -BolACLPermissionFilter $BolACLPermissionFilter -ACLPermissionFilter $Permission -CREDS $CREDS -ReturnObjectType $ReturnObjectType -SDDL $SDDL
                    }
                }

            }
        }
        else
        {
                Write-host "No objects returned! Does your filter relfect the objects you are searching for?" -ForegroundColor red
        }
    }#end if $Global:bolLDAPConnection
    else {
        Write-Verbose "Could not connect! Check your credentials" 
    }     
}#End if $NCSelect

}# End if D
else
{
if($DefaultSecurityDescriptor)
{
$global:bolProgressBar = $false
#Connect to Custom Naming Context
$global:bolCMD = $true
$bolReplMeta = $true

     if($Criticality)
    {
        $ShowCriticalityColor = $true
    }
    else
    {
        $ShowCriticalityColor = $false
    }

    if($Criticality)
    {
        $CriticalitySelected = $true
    }
    else
    {
        $CriticalitySelected = $false
    }

    $global:bolLDAPConnection = $false
    $LDAPConnection = New-Object System.DirectoryServices.Protocols.LDAPConnection("")
    $LDAPConnection.SessionOptions.ReferralChasing = "None"
    $request = New-Object System.directoryServices.Protocols.SearchRequest("", "(objectClass=*)", "base")
    if($global:bolShowDeleted)
    {
        [string] $LDAP_SERVER_SHOW_DELETED_OID = "1.2.840.113556.1.4.417"
        [void]$request.Controls.Add((New-Object "System.DirectoryServices.Protocols.DirectoryControl" -ArgumentList "$LDAP_SERVER_SHOW_DELETED_OID",$null,$false,$true ))
    }
    [void]$request.Attributes.Add("dnshostname")
    [void]$request.Attributes.Add("supportedcapabilities")
    [void]$request.Attributes.Add("namingcontexts")
    [void]$request.Attributes.Add("defaultnamingcontext")
    [void]$request.Attributes.Add("schemanamingcontext")
    [void]$request.Attributes.Add("configurationnamingcontext")
    [void]$request.Attributes.Add("rootdomainnamingcontext")
    [void]$request.Attributes.Add("isGlobalCatalogReady")                        

    try
    {
        $response = $LDAPConnection.SendRequest($request)
        $global:bolLDAPConnection = $true

    }
    catch
    {
        $global:bolLDAPConnection = $false
        Write-host "Failed! Domain does not exist or can not be connected: $($_.Exception.InnerException.Message.ToString())" -ForegroundColor red
    }
    if($global:bolLDAPConnection -eq $true)
    {
        $strPrimaryCapability= $response.Entries[0].attributes.supportedcapabilities[0]
        Switch ($strPrimaryCapability)
        {
                "1.2.840.113556.1.4.1851"
                {
                    $global:DSType = "AD LDS"
                    $global:bolADDSType = $false
                    $global:strDomainDNName = $response.Entries[0].Attributes.namingcontexts[-1]
                    $global:SchemaDN = $response.Entries[0].Attributes.schemanamingcontext[0]
                    $global:ConfigDN = $response.Entries[0].Attributes.configurationnamingcontext[0]
                    if($Port -eq "")
                    {                    
                        if(Test-ResolveDNS $response.Entries[0].Attributes.dnshostname[0])
                        {
                            $global:strDC = $response.Entries[0].Attributes.dnshostname[0]
                        }
                    }
                    else
                    {
                        if(Test-ResolveDNS $response.Entries[0].Attributes.dnshostname[0])
                        {
                            $global:strDC = $response.Entries[0].Attributes.dnshostname[0] +":" + $Port     
                        }
                    }

                }
                "1.2.840.113556.1.4.800"
                {
                    $global:DSType = "AD DS"
                    $global:bolADDSType = $true
                    $global:ForestRootDomainDN = $response.Entries[0].Attributes.rootdomainnamingcontext[0]
                    $global:strDomainDNName = $response.Entries[0].Attributes.defaultnamingcontext[0]
                    $global:SchemaDN = $response.Entries[0].Attributes.schemanamingcontext[0]
                    $global:ConfigDN = $response.Entries[0].Attributes.configurationnamingcontext[0]
                    $global:IS_GC = $response.Entries[0].Attributes.isglobalcatalogready[0]

                    if($Port -eq "")
                    {                    
                        if(Test-ResolveDNS $response.Entries[0].Attributes.dnshostname[0])
                        {
                            $global:strDC = $response.Entries[0].Attributes.dnshostname[0]
                        }
                    }
                    else
                    {
                        if(Test-ResolveDNS $response.Entries[0].Attributes.dnshostname[0])
                        {
                            $global:strDC = $response.Entries[0].Attributes.dnshostname[0] +":" + $Port
                        }

                    }
                    $global:strDomainPrinDNName = $global:strDomainDNName
                    $global:strDomainShortName = GetDomainShortName -strDomain $global:strDomainDNName -strConfigDN $global:ConfigDN -CREDS $CREDS
                    $global:strRootDomainShortName = GetDomainShortName -strDomain $global:ForestRootDomainDN -strConfigDN $global:ConfigDN -CREDS $CREDS
                    $lblSelectPrincipalDom.Content = $global:strDomainShortName+":"
                }
                default
                {
                    $global:ForestRootDomainDN = $response.Entries[0].Attributes.rootdomainnamingcontext[0]
                    $global:strDomainDNName = $response.Entries[0].Attributes.defaultnamingcontext[0]
                    $global:SchemaDN = $response.Entries[0].Attributes.schemanamingcontext[0]
                    $global:ConfigDN = $response.Entries[0].Attributes.configurationnamingcontext[0]
                    $global:IS_GC = $response.Entries[0].Attributes.isglobalcatalogready[0]

                    if($Port -eq "")
                    {                    
                        $global:strDC = $response.Entries[0].Attributes.dnshostname[0]
                    }
                    else
                    {
                        $global:strDC = $response.Entries[0].Attributes.dnshostname[0] +":" + $Port
                    }
                }
            }  
        if($strNamingContextDN -eq "")
        {
            $strNamingContextDN = $global:strDomainDNName
        }
        If(CheckDNExist -sADobjectName $strNamingContextDN -strDC $global:strDC -CREDS $CREDS)
        {
            $NCSelect = $true
        }
        else
        {
            Write-Output "Failed to connect to $base"
            $global:bolConnected = $false
        }

    }#bolLDAPConnection



    If ($NCSelect -eq $true)  
    {
        If (!($strLastCacheGuidsDom -eq $global:strDomainDNName))
        {
            $global:dicRightsGuids = @{"Seed" = "xxx"}
            CacheRightsGuids -CREDS $CREDS
            $strLastCacheGuidsDom = $global:strDomainDNName


        }
        #Get Forest Root Domain ObjectSID
        if ($global:bolADDSType)
        {
            $LDAPConnection = New-Object System.DirectoryServices.Protocols.LDAPConnection($global:strDC, $CREDS)
            $LDAPConnection.SessionOptions.ReferralChasing = "None"
            $request = New-Object System.directoryServices.Protocols.SearchRequest($global:strDomainDNName, "(objectClass=*)", "base")
            [void]$request.Attributes.Add("objectsid")

            try
            {
                $response = $LDAPConnection.SendRequest($request)
                $global:bolLDAPConnection = $true
            }
            catch
            {
                $global:bolLDAPConnection = $false
                Write-host "Failed! Domain does not exist or can not be connected: $($_.Exception.InnerException.Message.ToString())" -ForegroundColor red
            }
            if($global:bolLDAPConnection -eq $true)
            {
                $global:DomainSID = GetSidStringFromSidByte $response.Entries[0].attributes.objectsid.GetValues([byte[]])[0]

            }

            if($global:ForestRootDomainDN -ne $global:strDomainDNName)
            {
                $global:strForestDomainLongName = $global:ForestRootDomainDN.Replace("DC=","")
                $global:strForestDomainLongName = $global:strForestDomainLongName.Replace(",",".")
                if($CREDS.UserName)
                {
                    $Context = New-Object DirectoryServices.ActiveDirectory.DirectoryContext("Domain",$global:strForestDomainLongName,$CREDS.UserName,$CREDS.GetNetworkCredential().Password) 
                }
                else
                {
                    $Context = New-Object DirectoryServices.ActiveDirectory.DirectoryContext("Domain",$global:strForestDomainLongName) 
                }
                $ojbDomain = [DirectoryServices.ActiveDirectory.Domain]::GetDomain($Context)
                $global:strForestDC = $($ojbDomain.FindDomainController()).name

                $LDAPConnection = New-Object System.DirectoryServices.Protocols.LDAPConnection($global:strForestDC, $CREDS)
                $LDAPConnection.SessionOptions.ReferralChasing = "None"
                $request = New-Object System.directoryServices.Protocols.SearchRequest($global:ForestRootDomainDN, "(objectClass=*)", "base")
                [void]$request.Attributes.Add("objectsid")

                try
                {
                    $response = $LDAPConnection.SendRequest($request)
                    $global:bolLDAPConnection = $true
                }
                catch
                {
                    $global:bolLDAPConnection = $false
                    Write-host "Failed! Domain does not exist or can not be connected: $($_.Exception.InnerException.Message.ToString())" -ForegroundColor red
                }
                if($global:bolLDAPConnection -eq $true)
                {
                    $global:ForestRootDomainSID = GetSidStringFromSidByte $response.Entries[0].attributes.objectsid.GetValues([byte[]])[0]

                }
            }
            else
            {
                $global:strForestDC = $global:strDC
                $global:ForestRootDomainSID = $global:DomainSID
            }


        }


        $LDAPConnection = New-Object System.DirectoryServices.Protocols.LDAPConnection("")
        $LDAPConnection.SessionOptions.ReferralChasing = "None"
        $request = New-Object System.directoryServices.Protocols.SearchRequest($global:SchemaDN, "(objectClass=*)", "base")
        [void]$request.Attributes.Add("name")               
        $response = $LDAPConnection.SendRequest($request)

        #Set search base as the name of the output file
        $strNode = fixfilename $response.Entries[0].Attributes.name[0]
        if($SchemaObjectName -ne "*")                
        {
            $strNode = $SchemaObjectName
        }
        #Get current date
        $date= get-date -uformat %Y%m%d_%H%M%S

        Switch ($Output)
        {
            "HTML"
            {
                #Set the path for the HTM file name
                if($OutputFolder -gt "")
                {
                    #Check if foler exist if not use current folder
                    if(Test-Path $OutputFolder)
                    {
                        $strFileDefSDHTM = $OutputFolder + "\"+"$global:strDomainShortName-$strNode-$global:SessionID"+".htm" 
                    }
                    else
                    {
                        Write-host "Path:$OutputFolder was not found! Writting to current folder." -ForegroundColor red
                        $strFileDefSDHTM = $CurrentFSPath + "\"+"$global:strDomainShortName-$strNode-$global:SessionID"+".htm" 
                    }
                }
                else
                {
                    $strFileDefSDHTM = $CurrentFSPath + "\"+"$global:strDomainShortName-$strNode-$global:SessionID"+".htm"  
                }
                $strFileDefSDHTA = $env:temp + "\"+$global:ACLHTMLFileName+".hta" 

                if($bolSDDL -eq $true)
                {
                        CreateDefaultSDReportHTA $global:strDomainLongName $strFileDefSDHTA $strFileDefSDHTM $CurrentFSPath
                        CreateDefSDHTM $global:strDomainLongName $strFileDefSDHTM
                        InitiateDefSDHTM $strFileDefSDHTM $strObjectClass
                        InitiateDefSDHTM $strFileDefSDHTA $strObjectClass
                }
                else
                {
                    CreateHTM $strNode $strFileDefSDHTM                    
                    CreateHTA $strNode $strFileDefSDHTA $strFileDefSDHTM $CurrentFSPath $global:strDomainDNName $global:strDC
                    InitiateDefSDAccessHTM $strFileDefSDHTA $strObjectClass $bolReplMeta $false "" $ShowCriticalityColor
                    InitiateDefSDAccessHTM $strFileDefSDHTM $strObjectClass $bolReplMeta $false "" $ShowCriticalityColor
                }

                Get-DefaultSD -strObjectClass $SchemaObjectName -bolChangedDefSD $OnlyModified -bolSDDL $false -Show $Show -File $strFileDefSDHTM  -OutType $Output -bolShowCriticalityColor $ShowCriticalityColor -Assess $CriticalitySelected -Criticality $Criticality -FilterBuiltin $SkipBuiltIn -bolReplMeta $bolReplMeta -CREDS $CREDS

            }
            "EXCEL"
            {
                $bolCSV = $false
                $ExcelModuleExist = $true
                if(!$(get-module&nbsp;ImportExcel))
                {&nbsp;
                    Write-Host&nbsp;"Checking for ImportExcel PowerShell Module..."&nbsp;
                    if(!$(get-module -ListAvailable | Where-Object name -eq "ImportExcel"))
                    {
                        write-host&nbsp;"You need to install the PowerShell module ImportExcel found in the PSGallery"&nbsp;-ForegroundColor&nbsp;red&nbsp;   
                        $ExcelModuleExist = $false 
                    }
                    else
                    {
                        Import-Module ImportExcel
                        $ExcelModuleExist = $true
                    }

                }
                if($ExcelModuleExist)
                {                        
                    if($ExcelFile -eq "")
                    {
                        #Set the path for the Excel file name
                        if($OutputFolder -gt "")
                        {
                            #Check if foler exist if not use current folder
                            if(Test-Path $OutputFolder)
                            {
                                $strFileEXCEL = $OutputFolder + "\" +$strNode + "_" + $global:strDomainShortName + "_adAclOutput" + $date +".xlsx" 
                            }
                            else
                            {
                                Write-host "Path:$OutputFolder was not found! Writting to current folder." -ForegroundColor red
                                $strFileEXCEL = $CurrentFSPath + "\" +$strNode + "_" + $global:strDomainShortName + "_adAclOutput" + $date +".xlsx" 
                            }
                        }
                        else
                        {
                            $strFileEXCEL = $CurrentFSPath + "\" +$strNode + "_" + $global:strDomainShortName + "_adAclOutput" + $date +".xlsx" 
                        }
                    }
                    else
                    {
                        $strFileEXCEL = $ExcelFile
                    }
                    #$rslt = Get-DefaultSD -strObjectClass "*" -bolChangedDefSD $true  -bolSDDL $false -Show $Show -OutType "EXCEL"
                    Get-DefaultSD -strObjectClass $SchemaObjectName -bolChangedDefSD $OnlyModified -bolSDDL $false -Show $Show -File $strFileDefSDHTM  -OutType $Output -bolShowCriticalityColor $ShowCriticalityColor -Assess $CriticalitySelected -Criticality $Criticality -FilterBuiltin $SkipBuiltIn -bolReplMeta $bolReplMeta -CREDS $CREDS
                }
            }
            default
            {


                #Set the path for the CSV file name
                if($OutputFolder -gt "")
                {
                    #Check if foler exist if not use current folder
                    if(Test-Path $OutputFolder)
                    {
                        $strFileCSV = $OutputFolder + "\" +$strNode + "_" + $global:strDomainShortName + "_adAclOutput" + $date + ".csv" 
                    }
                    else
                    {
                        Write-host "Path:$OutputFolder was not found! Writting to current folder." -ForegroundColor red
                        $strFileCSV = $CurrentFSPath + "\" +$strNode + "_" + $global:strDomainShortName + "_adAclOutput" + $date + ".csv"
                    }
                }
                else
                {
                    $strFileCSV = $CurrentFSPath + "\" +$strNode + "_" + $global:strDomainShortName + "_adAclOutput" + $date + ".csv" 
                }


                Get-DefaultSD -strObjectClass $SchemaObjectName -bolChangedDefSD $OnlyModified -bolSDDL $false -File $strFileCSV -Show $Show  -OutType $Output -bolShowCriticalityColor $ShowCriticalityColor -Assess $CriticalitySelected -Criticality $Criticality -FilterBuiltin $SkipBuiltIn -bolReplMeta $bolReplMeta -CREDS $CREDS

            }
        }


    }#End if $NCSelect

}# End if D
else # Else GUI will open
{
$global:bolCMD = $false
[void]$Window.ShowDialog()
}
}

Back to Top