Compares DCs for the same OS level, OS version level, hotfix level, service pack level
List sites without Global Catalog
Checks whether one DC holds all FSMO roles
Checks if DES or RC4 available on DCs for Kerberos
Get-PrivelegedGroupMembership
Alerts is Schema Admins not empty and dumps to file
Alerts is Enterprise Admins not empty and dumps to file
Dumps Domain Admins to file
Get-GPOEnum
Loops all domain GPOs
Finds GPO that allow group to join PCs to the domain and writes that groups
Looking for GPOs that disables NTLM, enables NTLM audit and allows NTLM auth exceptions
Looking for GPO that controls Kerberos Encryption algorithm
Get-DefaultDomainControllersPolicy
Enumerates excessive permission set (basically ensures noone except for BUILTIN\Administrators and NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS has permissions to logon, batch logon, backup, install drivers, etc.)
Complete list of changes: