Closed jeff-bb closed 2 years ago
PrzemyslawKlys
commented
2 years ago The idea is - those shouldn't be default for computers or users, but redirected to somewhere else. This is because Users/Computers are containers and OU's and you can't have GPOs assigned to there. That means only Root Level GPOs are applied.
More information: https://docs.microsoft.com/en-us/troubleshoot/windows-server/identity/redirect-users-computers-containers
jeff-bb
commented
2 years ago I didn't realize the formatting was so bad, apologizes.
I understand the concept fine (or at least I believe I do). We do have Computers and users at non-default locations (and pass those tests).
[t][contosocorp.ad.contoso.com] Users Container shouldn't be at default [Good] [OU=contosoUsers,DC=contosocorp,DC=ad,DC=contoso,DC=com] [t][contosocorp.ad.contoso.com] Computers Container shouldn't be at default [Good] [OU=Workstations,DC=contosocorp,DC=ad,DC=contoso,DC=com]
The problem is the rest of them, which should be at the default, but are being marked as failure for being at the default.
Domain Controllers Container should be at default location [High] [OU=Domain Controllers,DC=contosocorp,DC=ad,DC=contoso,DC=com]
Well known folders [Time to execute tests: 0 days, 0 hours, 0 minutes, 1 seconds, 761 milliseconds][Tests Total: 9, Passed: 3, Failed: 6, Skipped: 0]
If the test is for equality and $WellKnownFolders.DomainControllersContainer -eq $DomainControllersContainer is true -- marking as a failure feels incorrect.
PrzemyslawKlys
commented
2 years ago weird, but i'll take a look
PrzemyslawKlys
commented
2 years ago Fixed in 0.0.79.
I'm not sure how these are failing as they are correct (by being default). In looking at the code, I'm not seeing where the issue is in equality test either.
And a quick mockup from source.