These two scripts help to create a nice report from the output of DSInternals Test-PasswordQuality function.
There are 2 scripts, because I think the procedure should be done in 2 steps:
- Data-Collection on the Domain Controller with the installed DSInternals PowerShell Module
- Creation of the Excel report from the collected data with the help of the excelent ImportExcel PowerShell module to import/export Excel spreadsheets, without the need of Excel itself.
Check the Demo folder for a sample of the created files.
To get this list (about a 30 GByte text file) from have i been pwned use the PawnedPasswordsDownloader.
Install the module DSInternals directly with Install-Module DSInternals -Force or by saving it on a workstation first with for example Save-Module DSInternals -Path C:\Data\PSModules and then copy it to the domain controller to the path C:\Windows\System32\WindowsPowerShell\v1.0\Modules .
Create a folder (for Example D:\PW-Audit) on the Domain Controller on a disk with sufficient space for the has file.
Copy the hash file download in step 1 to this folder or an a network share accessible by the Domain Controller (with high performance).
Also download the script PasswordQuality-Create-Exports.ps1 from this repository and copy it to the above created folder.
Open the Script PasswordQuality-Create-Exports.ps1 in an editor an change line 4 ($SortedHashFile = "D:\PW-Audit\pwnedpasswords_ntlm.txt") to represent the actual path to the hashes file. Then execute the script. This will take a few minutes while searching hashes in the big file.
To create the Excel sheet, you need to have the PowerShell Module ImportExcel installed on the workstation where you also what to view the report later. The module is also available from the Powershell Gallery. The simplest way to install the module will be to execute Install-Module -Name ImportExcel -Force in an (elevated) PowerShell window.
Download the second script PasswordQuality-Create-Report.ps1 from this repository to a folder where you plan to have the report. Depending on you PowerShell configuration, this folder should be localy. Also don't forget to unblock it after downloading it from the internet.
The export script run in point 4 should create three files:
PasswordQuality_<DomainName>_Accounts.xml
PasswordQuality_<DomainName>_PWQ-Data.txt
PasswordQuality_<DomainName>_PWQ-Data.xml
Copy at least the two .xml files to the same folder as the PasswordQuality-Create-Report.ps1 script.
The script will first look for all PWQ-Data.xml files and then work on these files for every domain name found.
It will create and open an Excel file named PasswordQuality_<DomainName>_Report_<ExportModifyDate>.xlsx
If Excel is not installed on the machine, an requester will pop up, but the file is created anyways.