search

AsBuiltReport / AsBuiltReport.Microsoft.AD

Repository for AsBuiltReport Microsoft Active Directory module
https://techmyth.blog/posts/homelab-ad-doc-using-asbuiltreport/
MIT License
63 stars 18 forks source link

Output fails with image error #132

Closed kennyparsons closed 1 year ago

kennyparsons commented 1 year ago

Bug description

VERBOSE: [ 14:06:40:058 ] [ Document ] - Document 'Microsoft AD As Built Report' processing completed.
VERBOSE: [ 14:06:40:073 ] [ Document ] - Total processing time '3,942.40' minutes.
New-AsBuiltReport : The variable '$Images' cannot be retrieved because it has not been set.
At line:1 char:1
+ New-AsBuiltReport -Report [Microsoft.AD](http://microsoft.ad/) -Target 'server.domain ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Write-Error], WriteErrorException
    + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,New-AsBuiltReport

I've installed this module manually by cloning the repo in my windows powershell in Documents. The config file:

{
    "Report": {
        "Name": "Microsoft AD As Built Report",
        "Version": "1.0",
        "Status": "Released",
        "ShowCoverPageImage": true,
        "ShowTableOfContents": true,
        "ShowHeaderFooter": true,
        "ShowTableCaptions": true
    },
    "Options": {
        "ShowDefinitionInfo": false,
        "PSDefaultAuthentication": "Negotiate",
        "EnableCharts": false,
        "Exclude": {
            "Domains": [],
            "DCs": []
        },
        "Include": {
            "Domains": []
        }
    },
    "InfoLevel": {
        "_comment_": "0 = Disabled, 1 = Enabled, 2 = Adv Summary, 3 = Detailed",
        "Forest": 3,
        "Domain": 3,
        "DNS": 3,
        "CA": 3
    },
    "HealthCheck": {
        "Domain": {
            "GMSA": true,
            "GPO": true,
            "Backup": true,
            "DFS": true,
            "SPN": true,
            "DuplicateObject": true,
            "Security": true,
            "BestPractice": true
        },
        "DomainController": {
            "Diagnostic": true,
            "Services": true,
            "Software": true,
            "BestPractice": true
        },
        "Site": {
            "Replication": true,
            "BestPractice": true
        },
        "DNS": {
            "Aging": true,
            "DP": true,
            "Zones": true,
            "BestPractice": true

        },
        "CA": {
            "Status": true,
            "Statistics": true,
            "BestPractice": true
        }
    }
}

Everything is stock, no modifications. The huge problem is that due to this error, the report was not saved.

So there are two problems:

  1. The image is set in the code (base64 encoded). So this shouldn't error out.
  2. If there is an error, especially for one that is not fatal like an image being set, the report should still be output.

Command-line input

New-AsBuiltReport -Report Microsoft.AD -Target 'fqdn' -Format Word,HTML -OutputFolderPath 'C:\Users\myuser\Documents\finalrun' -ReportConfigFilePath 'C:\Users\myuser\Documents\AsBuilt\asbuilt1.json' -Verbose

Steps to reproduce

Run the report, wait 65 hours, cry. :(

Expected behaviour

So there are two problems:

  1. The image is set in the code (base64 encoded). So this shouldn't error out.
  2. If there is an error, especially for one that is not fatal like an image being set, the report should still be output.

Screenshots

No response

Operating System

Windows Server 2019

PowerShell Version

Name Value
PSVersion 5.1.20348.1850
PSEdition Desktop
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0...}
BuildVersion 10.0.20348.1850
CLRVersion 4.0.30319.42000
WSManStackVersion 3.0
PSRemotingProtocolVersion 2.3
SerializationVersion 1.1.0.1

PowerShell Modules

Name Version
AsBuiltReport.Core 1.3.0
AsBuiltReport.Microsoft.AD 0.7.14
PScribo 0.10.0
PScriboCharts 0.9.0
PSPKI 4.0.0

Additional Context

No response

Before submitting

kennyparsons commented 1 year ago

Also, when i re-run with "ShowCoverPageImage": false,

The report finishes in about 30 minutes, having skipped a lot of content and all healthchecks, bestpractices, etc

rebelinux commented 1 year ago 
New-AsBuiltReport : The variable '$Images' cannot be retrieved because it has not been set.
At line:1 char:1
+ New-AsBuiltReport -Report [Microsoft.AD](http://microsoft.ad/) -Target 'server.domain ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Write-Error], WriteErrorException
    + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,New-AsBuiltReport

This is a bug in pscribo 0.10.0. As you mention the solution is to disable the "ShowCoverPageImage" option.

Update: This error is displayed only with the Word format enabled

rebelinux commented 1 year ago

The report finishes in about 30 minutes, having skipped a lot of content and all healthchecks, bestpractices, etc

I did not understand this part. Do you mean that the report ended incomplete or that you manually disabled the healthcheck and the report ended faster?

kennyparsons commented 1 year ago

I did not understand this part. Do you mean that the report ended incomplete or that you manually disabled the healthcheck and the report ended faster?

I did not disable anything, left everything on, including healthchecks and best practices. The output simply did not include them any more, even though i know there are section that should have hundreds of these best practices and health checks.

rebelinux commented 1 year ago

Can you open a new powershell console and rerun the report with the verbose option enabled and send the output to my email?

jcolonf@zenprsolutions.com

Also remember to obfuscate any private data!

kennyparsons commented 1 year ago

@rebelinux I ran with -Verbose and set the whole command to a variable but the only output was 

$verbose = New-AsBuiltReport -Report Microsoft.AD -Target ... -Verbose
PS C:\Users\myuser\Documents> $verbose
Microsoft AD As Built Report 'Microsoft AD As Built Report' has been saved to 'C:\Users\myusers\Documents\AB'.

The screen does show a lot of output, but it gets truncated

I just ran again on level 3 with all healthchecks, best practices turned on (html only to avoid the image issue) and no healthchecks are done. Consequently, GPOs is missing a lot of sections:

old run from a couple months ago:

oldrun_full

New run just now:

newrun_incomplete
rebelinux commented 1 year ago

You can save the content to a output file like this: *> output.txt:

New-AsBuiltReport -Report Microsoft.AD -Target server -Verbose *> output.txt

kennyparsons commented 1 year ago

log incoming.

kennyparsons commented 1 year ago

no matter what I do, it will not output healthchecks/best practices in any section, other than Privileged Groups.

Furthermore, it's not generating the wmi filters section, unlinked GPO, Empty GPO, Enforced GPO, or Orphaned GPO sections. So I suppose I should rename this issue to Incomplete output (since the original issue of the image is a known bug, worked around by generating html only.

rebelinux commented 1 year ago

Did you use the -EnableHealthCheck option?

New-AsBuiltReport -Report Microsoft.AD -Target 'fqdn' -Format Word,HTML -OutputFolderPath 'C:\Users\myuser\Documents\finalrun' -ReportConfigFilePath 'C:\Users\myuser\Documents\AsBuilt\asbuilt1.json' -Verbose

I reviewed the log you sent me and only found access denial errors in some sections but other than that I don't see anything wrong.

kennyparsons commented 1 year ago

So the runtime argument is still required, even if the config file explicitly says true for all the healthcheck options?

rebelinux commented 1 year ago

The answer is yes, the EnableHealthCheck option is required.

rebelinux commented 1 year ago

The next version will have a more detailed logging

image

rebelinux commented 1 year ago

Were you able to generate the report with the heatlcheck, any progress on this?

kennyparsons commented 1 year ago

Yes, the cli flag was the issue.