A Guide to Executing Test-MdiReadiness.ps1
In today’s rapidly evolving cybersecurity landscape, ensuring your environment’s readiness for advanced protection solutions is crucial. Microsoft’s Test-MdiReadiness.ps1 script is a powerful tool designed by the Microsoft Team to streamline the deployment of Microsoft Defender for Identity (MDI). This script provides a thorough pre-deployment check, assessing your domain, domain controllers, and CA servers against MDI prerequisites. With its ability to generate detailed reports in both HTML and JSON formats, administrators are empowered to identify and address potential deployment blockers efficiently. Let’s dive into how to leverage this script to secure your environment and enhance your cybersecurity posture.
Now, let’s delve deeper into the Test-MdiReadiness.ps1 script and explore the practical steps to execute it within a lab environment. This hands-on approach will guide you through running the script effectively, ensuring your lab setup is fully prepared for deploying Microsoft Defender for Identity.
Pre-requisites
Before running the script, ensure you have:
- PowerShell installed on the system from which you’re running the script.
- Necessary administrative privileges to access domain controllers, CA servers, and perform the checks.
- Network connectivity to all servers being tested.
How to Execute Test-MdiReadiness.ps1
Step 1: Download the Script
First, you need to obtain the Test-MdiReadiness.ps1 script. This can typically be done through Microsoft’s official documentation or a trusted Microsoft repository.
Github Link: Test-MdiReadiness.ps1
Step 2: Prepare to Run the Script
Open PowerShell with administrative privileges. This is necessary to ensure the script can perform checks across your domain controllers and CA servers without permission issues.
Navigate to the directory where you downloaded the Test-MdiReadiness.ps1 script. If you downloaded it to your Downloads folder, you could navigate there using:
C:\scripts\Mdi\Test-MdiReadiness.ps1
Step 3: Execution Policy (If Required)
Depending on your system’s execution policy settings, you may need to modify them to run the script. To do so, execute:
Set-ExecutionPolicy RemoteSigned
This command allows the execution of PowerShell scripts that are downloaded from the internet, provided they are signed by a trusted publisher. Choose “Yes” or “A” (Yes to All) when prompted.
Step 4: Run the Script
To run the script with its default parameters, simply enter:
.\Test-MdiReadiness.ps1
However, to fully leverage the script’s capabilities and customize it for your environment, consider using the following parameters:
- -Path: Specifies the folder where reports will be saved. If not set, reports are saved to the current directory.
- -Domain: The domain you want to test. Defaults to the current domain if not specified.
- -DomainController: Targets specific domain controllers for testing. If omitted, it queries AD for a list of all DCs.
- -CAServer: Specifies particular CA servers for testing. Without this parameter, it checks all CA servers found in AD.
- -SkipCA: Use this switch if you want to skip CA server checks.
- -OpenHtmlReport: Opens the HTML report automatically upon completion.
For example, to specify a path and domain, and to automatically open the HTML report, you would use:
.\Test-MdiReadiness.ps1 -Path C:\Scripts\MDIReports -Domain thatlazyadmin.local -OpenHtmlReport
Step 5: Review the Reports
After running the script, check the specified output location for the HTML and JSON reports. These reports will detail the readiness of your environment for MDI deployment, highlighting any areas that need attention.
As we can see from the below report, Ntlm Auditing is not enabled.
Troubleshooting
If you encounter issues, verify:
- Your account has sufficient permissions.
- The script’s execution policy restrictions are not blocking the script.
- All specified paths and domain information are correct.
By following these steps, you can effectively prepare your environment for Microsoft Defender for Identity, ensuring a smooth and secure deployment process.
Be First to Comment