Share via

Get-MDIConfiguration

  • Reference
Module:
DefenderForIdentity

Gets the configuration for various Defender for Identity post-deployment required settings.

Syntax

Get-MDIConfiguration
   [-Mode] <String>
   [-Configuration] <String[]>
   [-GpoNamePrefix <String>]
   [-Server <String>]
   [<CommonParameters>]

Description

The Get-MDIConfiguration function gets the configuration for various Defender for Identity post-deployment required settings.

Examples

EXAMPLE 1

Get-MDIConfiguration -Mode LocalMachine -Configuration NTLMAuditing

Name         Status Details
----         ------ -------
NTLMAuditing   True {@{Path=HKLM:\System\CurrentControlSet\Services\Netlogon\Parameters\; Name=AuditNTLMInDomain...

This example returns the NTLMAuditing configuration for the local machine.

EXAMPLE 2

Get-MDIConfiguration -Mode Domain -Configuration All -GpoNamePrefix 'CONTOSO' -Identity 'mdisvc01'

Configuration                  Mode   Status Details
-------------                  ----   ------ -------
AdfsAuditing                   Domain   True {@{Account=Everyone; SecurityIdentifier=S-1-1-0; AccessMask=48; Access...
AdvancedAuditPolicyCAs         Domain  False 'CONTOSO - Advanced Audit Policy for CAs' - GPO not found
AdvancedAuditPolicyDCs         Domain  False 'CONTOSO - Advanced Audit Policy for DCs' - GPO not found
CAAuditing                     Domain  False 'CONTOSO - Auditing for CAs' - GPO not found
ConfigurationContainerAuditing Domain   True {@{Account=Everyone; SecurityIdentifier=S-1-1-0; AccessMask=32; Access...
DomainObjectAuditing           Domain   True {@{Account=Everyone; SecurityIdentifier=S-1-1-0; AccessMask=852331; Ac...
EntraConnectAuditing           Domain  False 'CONTOSO - Advanced Audit and URA Policy for Entra Connect' - GPO not ...
NTLMAuditing                   Domain  False 'CONTOSO - NTLM Auditing for DCs' - GPO not found
ProcessorPerformance           Domain  False 'CONTOSO - Processor Performance' - GPO not found
RemoteSAM                      Domain  False 'CONTOSO - Remote SAM Access' - GPO not found

This example returns all configurations for the domain (including GPOs and their links), using the CONTOSO prefix to search for the GPO names.

Parameters

-Configuration

Specifies the configuration to get. You can specify one or more of the following values:

  • All (all configurations)
  • AdfsAuditing
  • AdvancedAuditPolicyCAs
  • AdvancedAuditPolicyDCs
  • CAAuditing
  • ConfigurationContainerAuditing
  • EntraConnectAuditing
  • RemoteSAM
  • DomainObjectAuditing
  • NTLMAuditing
  • ProcessorPerformance
Type:System.String[]
Position:2
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-GpoNamePrefix

Specifies a prefix for the Group Policy Objects (GPO) names to be searched. Use this parameter for GPO naming convention.

Type:System.String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Identity

Specifies the name of the service account to use for the EntraConnectAuditing or RemoteSAM configuration. This parameter is mandatory.

Type:System.String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Mode

Specifies the mode to use. You must specify one of the following values:

  • Domain: Collect settings from the Group Policy objects
  • LocalMachine: Collect settings from the local machine
Type:System.String
Position:1
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-Server

Specifies the name of the server to run the command against. This parameter is optional and defaults to the PDC Emulator in the domain.

Type:System.String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False