So I don’t trust my network guys (sorry) as they say all ports are open but think they is not telling me the trust.
So knocked this up to test. You need to download PortQry from here: http://www.microsoft.com/en-us/download/details.aspx?id=17148
Change $PortQryExe to the location of the .exe
$matrix = @()
$PortQryExe = “Y:ToolsPortQryV2PortQry.exe”
$Ports2Scan = “udp-389″, “tcp-389″, “tcp-135″, “udp-135″, “udp-88″, “tcp-88″, “udp-445″, “tcp-445″, “tcp-1025″
$PortCnt = $Ports2Scan.count
$Fields = @();$fields += “Server”; $fields += $Ports2Scan
Write-Host “`nGetting Domain Controllers [$Server]”
$forest = [System.DirectoryServices.ActiveDirectory.Forest]::getcurrentforest()
$domains = $forest.domains
$servers = @()
$intDCcnt = 0
ForEach($Domain in $domains){
Write-Host $Domain.Name
$tmpDCs = $Domain.DomainControllers
ForEach($tmpDC in $tmpDCs){$servers += $tmpDC.name;$intDCcnt ++}
}
Write-Host ” -$intDCcnt Found” -Foregroundcolor Green
ForEach($Server in $Servers){
Write-host $Server
$tmpMatrix = “” | Select $Fields
$tmpMatrix.Server = $Server
For($i=0;$i -le $PortCnt -1;$i++){
$tmpPort2Scan = ($Ports2Scan[$i]).split(“-”)
$Protocol = $tmpPort2Scan[0]
$port = $tmpPort2Scan[-1]
$cmd = $PortQryExe + ” -n ” + $Server + ” -p ” + $Protocol + ” -e ” + $port
Write-Host ” – $cmd”
$Output = Invoke-Expression $cmd
$Output = $Output | Where {$_}
$tmpOutput = “” | Select Host, Server, Protocol, Port, Service, Status, Result
$tmpOutput.Host = (HOSTNAME)
$tmpOutput.Server = $Server
$tmpOutput.Protocol = $Port.Protocol
$tmpOutput.Port = $Port.port
$tmpOutput.Result = $Output[-1]
$tmpSplit = $tmpOutput.Result.Split(“:”)
$tmpOutput.Service = $tmpSplit[0]
$tmpOutput.Status = $tmpSplit[-1].trim()
Write-host ” +-” $tmpOutput.Result
$tmpMatrix.($Ports2Scan[$i]) = $tmpOutput.Result
}
$matrix += $tmpMatrix
}
$Matrix
The result is an array that you can export to csv and use some excel love on it.
Enjoy
flaphead.com 