Get-MDIConfiguration
Gets the configuration for various Defender for Identity post-deployment required settings.
Syntax
Default (Default)
Get-MDIConfiguration
[-Mode] <String>
[-Configuration] <String[]>
[-GpoNamePrefix <String>]
[-Server <String>]
[<CommonParameters>]
Description
The Get-MDIConfiguration function gets the configuration for various Defender for Identity
post-deployment required settings.
Examples
EXAMPLE 1
Get-MDIConfiguration -Mode LocalMachine -Configuration NTLMAuditing
Name Status Details
---- ------ -------
NTLMAuditing True {@{Path=HKLM:\System\CurrentControlSet\Services\Netlogon\Parameters\; Name=AuditNTLMInDomain...
This example returns the NTLMAuditing configuration for the local machine.
EXAMPLE 2
Get-MDIConfiguration -Mode Domain -Configuration All -GpoNamePrefix 'CONTOSO' -Identity 'mdisvc01'
Configuration Mode Status Details
------------- ---- ------ -------
AdfsAuditing Domain True {@{Account=Everyone; SecurityIdentifier=S-1-1-0; AccessMask=48; Access...
AdRecycleBin Domain True Active Directory Recycle Bin is Enabled
AdvancedAuditPolicyCAs Domain False 'CONTOSO - Advanced Audit Policy for CAs' - GPO not found
AdvancedAuditPolicyDCs Domain False 'CONTOSO - Advanced Audit Policy for DCs' - GPO not found
CAAuditing Domain False 'CONTOSO - Auditing for CAs' - GPO not found
ConfigurationContainerAuditing Domain True {@{Account=Everyone; SecurityIdentifier=S-1-1-0; AccessMask=32; Access...
DomainObjectAuditing Domain True {@{Account=Everyone; SecurityIdentifier=S-1-1-0; AccessMask=852331; Ac...
EntraConnectAuditing Domain False 'CONTOSO - Advanced Audit and URA Policy for Entra Connect' - GPO not ...
NTLMAuditing Domain False 'CONTOSO - NTLM Auditing for DCs' - GPO not found
ProcessorPerformance Domain False 'CONTOSO - Processor Performance' - GPO not found
RemoteSAM Domain False 'CONTOSO - Remote SAM Access' - GPO not found
This example returns all configurations for the domain (including GPOs and their links), using the
CONTOSO prefix to search for the GPO names.
Parameters
-Configuration
Specifies the configuration to get. You can specify one or more of the following values:
All(all configurations)AdfsAuditingAdRecycleBinAdvancedAuditPolicyCAsAdvancedAuditPolicyDCsCAAuditingConfigurationContainerAuditingEntraConnectAuditingRemoteSAMDomainObjectAuditingNTLMAuditingProcessorPerformance
Parameter properties
| Type: | System.String[] |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | 2 |
| Mandatory: | True |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-Domain
Specifies the name of the domain to run the command against. This parameter is optional and defaults to the user's DNS domain.
Parameter properties
| Type: | System.String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-GpoNamePrefix
Specifies a prefix for the Group Policy Objects (GPO) names to be searched. Use this parameter for GPO naming convention.
Parameter properties
| Type: | System.String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-Identity
Specifies the name of the service account to use for the EntraConnectAuditing or RemoteSAM configuration. This parameter is mandatory.
Parameter properties
| Type: | System.String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-Mode
Specifies the mode to use. You must specify one of the following values:
Domain: Collect settings from the Group Policy objectsLocalMachine: Collect settings from the local machine
Parameter properties
| Type: | System.String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | 1 |
| Mandatory: | True |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
-Server
Specifies the name of the server to run the command against. This parameter is optional and defaults to the PDC Emulator in the domain.
Parameter properties
| Type: | System.String |
| Default value: | None |
| Supports wildcards: | False |
| DontShow: | False |
Parameter sets
(All)
| Position: | Named |
| Mandatory: | False |
| Value from pipeline: | False |
| Value from pipeline by property name: | False |
| Value from remaining arguments: | False |
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable, -ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.