Any wiki pages or documentation on the tests and errors?

[Sparticuz]

I think this project is a much needed addition to AD. Much better than BPA. I would like to know if there is any documentation on the errors. I've got quite a few lines that show as Fail, but I have no idea what they mean. Thanks!

Example:

Group Policy Empty & Unlinked [Fail] [Data is available. This is a bad thing.]
Group Policy Empty [Fail] [Expected value (Equal): 0, Found value: 3]
Group Policy Unlinked [Fail] [Expected value (Equal): 0, Found value: 3]

[PrzemyslawKlys]

Yes and no. I do hope you run testimo with -ShowReport??

Invoke-Testimo -ShowReport

This will make sure you get more information. Not a lot more but you will get at least information what was output so you can asses a bit more from that.

Additionally, each test is defined as a separate file. For example:

• https://github.com/EvotecIT/Testimo/blob/master/Private/SourcesDomain/DNSZonesForest0ADEL.ps1
• https://github.com/EvotecIT/Testimo/blob/master/Private/SourcesDomain/GroupPolicyMissingPermissions.ps1

Each test contains a resources section, description, and resolution but not for everything it's filled in. More - resources are a bunch of blog posts that would make sense to read to understand where the error is coming from. There are 2 problems with this? First, one - none of that is exposed in HTML output so they don't tell much until you actually start looking for it. The second problem is - it's not enough. Of course, there's a 3rd issue - not all fails means something is bad, just that it's outside of defined rule - and it's up to you to decide whether it requires fixing or not. This is a bit of technical debt of two-state True/False for each test that Testimo currently delivers. I have a plan to make it multistate but it's gonna need a serious rewrite.

However, the problems you mentioned are GPO related problems. Those are detected thanks to a module called GPOZaurr. GPOZaurr is installed alongside testimo when you install it. The sources for it are here: https://github.com/EvotecIT/GPOZaurr and I spent the last 6 months making sure it's a one-stop shop to detect and fix issues with GPOs.

What's different about GPOZaurr is that there's no single documentation document yet for it. No blog post. No wiki.

However, with GPOZaurr I am doing an experiment where documentation will not be needed in a form you would normally get. It's proof of concept for what is supposed to happen with Testimo in 2021.

Do me a favor and do:

• Update-Module GPOZaurr
• Import-Module GPOZaurr -Force

Finally, if your domain is not that big run this:

Invoke-GPOZaurr

It will work a bit like Testimo, just with assessing GPO problems.

When you run it you will get similar view

When it's done you will get something like this:

Where each tab has:

• description of an issue with details
• summary in a chart
• output in a table for assessment
• and step by step on how to fix it

It's roughly a concept that's coming for Testimo in 2021. Not all reports are finished. Some of them require updates. Make sure to "understand" what you're doing. I use this on a domain with 5000 GPOs so I need automation even in fixing, but if you have small domains you can just "understand" what it's saying and fix it manually if you're not convinced in GPO automation (I am, but still I am very caution when running deletion scripts). As always make a backup prior to doing any action.

Invoke-GPOZaurr is read only and contrary to Testimo doesn' t require rights to get reports.

[Sparticuz]

This is great stuff. Thanks! I'm not sure the difference between running with and without -ShowReport. The output looks the same to me. I totally understand that not all fails are bad, in fact, the example fail I posted about is only partially a problem (the unlinked policies). I knew that the empty policies existed because I haven't gotten around to filling them out. I'll take a look at the source to see the resources. It would be good if that was somehow exposed in the output.

The GPOZaurr looks fantastic though! Most of my errors were ownership and permission problems from the Default Domain Policies. I've only got about 50 policies.

[PrzemyslawKlys]

The difference being:

Outout to console only:

invoke-testimo -sources DCServices

Output to console + html

invoke-testimo -sources DCServices -ShowReport

[PrzemyslawKlys]

Closing, as slowly this started to happen in Testimo for some tests. It will take a while to fix all tests. Feel free to submit some PR's with some updates.

Good tests:

• https://github.com/EvotecIT/Testimo/blob/130e59a7c8ffff45232c7624c00967f97c081ac2/Private/SourcesForest/Backup.ps1
• https://github.com/EvotecIT/Testimo/blob/a0f37fefff3f363374d75378ba43381da1c65d47/Private/SourcesForest/ForestConfigurationPartitionOwnersContainer.ps1
• https://github.com/EvotecIT/Testimo/blob/bf9c7d979b6980f86b9d5b3e957b5a5e05f441da/Private/SourcesForest/ForestSubnets.ps1