Test-MDIConfiguration

Validates the configuration for various Defender for Identity post-deployment required settings.

Syntax

Test-MDIConfiguration
    [-Mode] <String>
    [-Configuration] <String[]>
    [-GpoNamePrefix <String>][-Server <String>]
    [<CommonParameters>]

Description

This cmdlet validates the Defender for Identity configuration for settings specified by the Configuration parameter.

Examples

EXAMPLE 1

Test-MDIConfiguration -Mode LocalMachine -Configuration NTLMAuditing

This example validates the NTLMAuditing configuration for the local machine.

EXAMPLE 2

Test-MDIConfiguration -Mode Domain -Configuration NTLMAuditing -GpoNamePrefix 'CONTOSO'

This example validates the NTLMAuditing configurations for the domain, in a GPO with the prefix of CONTOSO in its name.

EXAMPLE 3

Test-MDIConfiguration -Mode Domain -Configuration All

This example validates all configurations for the domain, including SACLs and GPOs.

Parameters

-Configuration

Specifies the configuration to test. You can specify one or more of the following values:

  • All (all configurations)
  • AdfsAuditing
  • AdvancedAuditPolicyCAs
  • AdvancedAuditPolicyDCs
  • CAAuditing
  • ConfigurationContainerAuditing
  • EntraConnectAuditing
  • RemoteSAM
  • DomainObjectAuditing
  • NTLMAuditing
  • ProcessorPerformance
Type:System.String[]
Position:2
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-GpoNamePrefix

Specifies a prefix for the Group Policy Objects (GPO) names to be searched and tested. Use this parameter for GPO naming convention.

Type:System.String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Identity

Specifies the name of the service account to use for the EntraConnectAuditing or RemoteSAM configuration. This parameter is mandatory.

Type:System.String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Mode

Specifies the mode to use. You must specify one of the following values:

  • Domain: Collect settings from the Group Policy objects
  • LocalMachine: Collect settings from the local machine
Type:System.String
Position:1
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-Server

Specifies the name of the server to run the command against. This parameter is optional and defaults to the PDC Emulator in the domain.

Type:System.String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

Outputs

System.Boolean

The cmdlet returns $true when the settings are configured as required. Otherwise, it returns $false.