Test-MDIConfiguration
Validates the configuration for various Defender for Identity post-deployment required settings.
Syntax
Test-MDIConfiguration
[-Mode] <String>
[-Configuration] <String[]>
[-GpoNamePrefix <String>][-Server <String>]
[<CommonParameters>]
Description
This cmdlet validates the Defender for Identity configuration for settings specified by the Configuration parameter.
Examples
EXAMPLE 1
Test-MDIConfiguration -Mode LocalMachine -Configuration NTLMAuditing
This example validates the NTLMAuditing
configuration for the local machine.
EXAMPLE 2
Test-MDIConfiguration -Mode Domain -Configuration NTLMAuditing -GpoNamePrefix 'CONTOSO'
This example validates the NTLMAuditing
configurations for the domain, in a GPO with the
prefix of CONTOSO
in its name.
EXAMPLE 3
Test-MDIConfiguration -Mode Domain -Configuration All
This example validates all configurations for the domain, including SACLs and GPOs.
Parameters
-Configuration
Specifies the configuration to test. You can specify one or more of the following values:
All
(all configurations)AdfsAuditing
AdvancedAuditPolicyCAs
AdvancedAuditPolicyDCs
CAAuditing
ConfigurationContainerAuditing
EntraConnectAuditing
RemoteSAM
DomainObjectAuditing
NTLMAuditing
ProcessorPerformance
Type: | System.String[] |
Position: | 2 |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-GpoNamePrefix
Specifies a prefix for the Group Policy Objects (GPO) names to be searched and tested. Use this parameter for GPO naming convention.
Type: | System.String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Identity
Specifies the name of the service account to use for the EntraConnectAuditing or RemoteSAM configuration. This parameter is mandatory.
Type: | System.String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Mode
Specifies the mode to use. You must specify one of the following values:
Domain
: Collect settings from the Group Policy objectsLocalMachine
: Collect settings from the local machine
Type: | System.String |
Position: | 1 |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Server
Specifies the name of the server to run the command against. This parameter is optional and defaults to the PDC Emulator in the domain.
Type: | System.String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Outputs
System.Boolean
The cmdlet returns $true
when the settings are configured as required. Otherwise, it returns
$false
.