PortQry ALL Domain Controllers using #Powershell

So I don’t trust my network guys (sorry) as they say all ports are open but think they is not telling me the trust.

So knocked this up to test. You need to download PortQry from here: http://www.microsoft.com/en-us/download/details.aspx?id=17148

Change $PortQryExe to the location of the .exe

$matrix = @()
$PortQryExe = “Y:ToolsPortQryV2PortQry.exe”
$Ports2Scan = “udp-389″, “tcp-389″, “tcp-135″, “udp-135″, “udp-88″, “tcp-88″, “udp-445″, “tcp-445″, “tcp-1025″
$PortCnt = $Ports2Scan.count
$Fields = @();$fields += “Server”; $fields += $Ports2Scan

Write-Host “`nGetting Domain Controllers [$Server]”
$forest = [System.DirectoryServices.ActiveDirectory.Forest]::getcurrentforest()
$domains = $forest.domains
$servers = @()
$intDCcnt = 0
ForEach($Domain in $domains){
Write-Host $Domain.Name
$tmpDCs = $Domain.DomainControllers
ForEach($tmpDC in $tmpDCs){$servers += $tmpDC.name;$intDCcnt ++}
}
Write-Host ” -$intDCcnt Found” -Foregroundcolor Green

ForEach($Server in $Servers){
Write-host $Server
$tmpMatrix = “” | Select $Fields
$tmpMatrix.Server = $Server
For($i=0;$i -le $PortCnt -1;$i++){
$tmpPort2Scan = ($Ports2Scan[$i]).split(“-”)
$Protocol = $tmpPort2Scan[0]
$port = $tmpPort2Scan[-1]
$cmd = $PortQryExe + ” -n ” + $Server + ” -p ” + $Protocol + ” -e ” + $port

Write-Host ” – $cmd”
$Output = Invoke-Expression $cmd
$Output = $Output | Where {$_}
$tmpOutput = “” | Select Host, Server, Protocol, Port, Service, Status, Result
$tmpOutput.Host = (HOSTNAME)
$tmpOutput.Server = $Server
$tmpOutput.Protocol = $Port.Protocol
$tmpOutput.Port = $Port.port
$tmpOutput.Result = $Output[-1]

$tmpSplit = $tmpOutput.Result.Split(“:”)
$tmpOutput.Service = $tmpSplit[0]
$tmpOutput.Status = $tmpSplit[-1].trim()
Write-host ” +-” $tmpOutput.Result

$tmpMatrix.($Ports2Scan[$i]) = $tmpOutput.Result
}
$matrix += $tmpMatrix
}

$Matrix

The result is an array that you can export to csv and use some excel love on it.

Enjoy

Leave a Reply

%d bloggers like this: