Src/Private/Get-AbrADInfrastructureService.ps1

function Get-AbrADInfrastructureService {
    <#
    .SYNOPSIS
    Used by As Built Report to retrieve Microsoft AD Domain Controller Infrastructure Services information.
    .DESCRIPTION
 
    .NOTES
        Version: 0.9.2
        Author: Jonathan Colon
        Twitter: @jcolonfzenpr
        Github: rebelinux
    .EXAMPLE
 
    .LINK
 
    #>

    [CmdletBinding()]
    param (
        [Parameter (
            Position = 0,
            Mandatory)]
        [string]
        $DC
    )

    begin {
        Write-PScriboMessage "Collecting Active Directory DC Infrastructure Services information of $DC."
    }

    process {
        try {
            $DCPssSession = Get-ValidPSSession -ComputerName $DC -SessionName 'DomainControllerInfrastructureServices'
            if ($DCPssSession) {
                $Available = Invoke-Command -Session $DCPssSession -ScriptBlock { Get-Service "W32Time" | Select-Object DisplayName, Name, Status }
            } else {
                if (-Not $_.Exception.MessageId) {
                    $ErrorMessage = $_.FullyQualifiedErrorId
                } else { $ErrorMessage = $_.Exception.MessageId }
                Write-PScriboMessage -IsWarning "Domain Controller Infrastructure Services Section: New-PSSession: Unable to connect to $($DC): $ErrorMessage"
            }
            if ($Available) {
                $OutObj = @()
                $Services = @('CertSvc', 'DHCPServer', 'DNS', 'DFS Replication', 'Intersite Messaging', 'Kerberos Key Distribution Center', 'NetLogon', 'Active Directory Domain Services', 'W32Time', 'ADWS', 'RPCSS', 'EVENTSYSTEM', 'DNSCACHE', 'SAMSS', 'WORKSTATION', 'Spooler')
                foreach ($Service in $Services) {
                    try {
                        $Status = Invoke-Command -Session $DCPssSession -ScriptBlock { Get-Service $using:Service -ErrorAction SilentlyContinue | Select-Object DisplayName, Name, Status }
                        if ($Status) {
                            $inObj = [ordered] @{
                                'Display Name' = $Status.DisplayName
                                'Short Name' = $Status.Name
                                'Status' = $Status.Status
                            }
                            $OutObj += [pscustomobject](ConvertTo-HashToYN $inObj)
                        }
                    } catch {
                        Write-PScriboMessage -IsWarning "$($_.Exception.Message) (Domain Controller Infrastructure Services Item)"
                    }
                }

                if ($HealthCheck.DomainController.Services) {
                    $OutObj | Where-Object { $_.'Status' -notlike 'Running' -and $_.'Short Name' -notlike 'Spooler' } | Set-Style -Style Warning -Property 'Status'
                    $OutObj | Where-Object { $_.'Short Name' -eq 'Spooler' } | Set-Style -Style Critical
                }

                if ($OutObj) {
                    Section -ExcludeFromTOC -Style NOTOCHeading5 $($DC.ToString().ToUpper().Split(".")[0]) {

                        $TableParams = @{
                            Name = "Infrastructure Services Status - $($DC.ToString().ToUpper().Split(".")[0])"
                            List = $false
                            ColumnWidths = 40, 40, 20
                        }

                        if ($Report.ShowTableCaptions) {
                            $TableParams['Caption'] = "- $($TableParams.Name)"
                        }

                        $OutObj | Sort-Object -Property 'Display Name' | Table @TableParams
                        if ($HealthCheck.DomainController.Services -and ($OutObj | Where-Object { $_.'Short Name' -eq 'Spooler' -and $_.'Status' -like 'Running' })) {
                            Paragraph "Health Check:" -Bold -Underline
                            BlankLine
                            Paragraph {
                                Text "Corrective Actions:" -Bold
                                Text "The Print Spooler service has been known to have vulnerabilities that can be exploited by attackers to gain unauthorized access or execute malicious code. Disabling this service on Domain Controllers and other critical servers that do not require print services can help reduce the attack surface and improve the overall security posture of your Active Directory environment."
                            }
                        }
                    }
                }
            } else {
                Write-PScriboMessage "No Infrastructure Services Status information found in $DC, Disabling this section."
            }
            if ($DCPssSession) {
                Remove-PSSession -Session $DCPssSession
            }
        } catch {
            Write-PScriboMessage -IsWarning "$($_.Exception.Message) (Domain Controller Infrastructure Services Section)"
        }
    }

    end {}

}