ToolchestEvergreenactive-directory-identity
AD stale computer cleanup report
A read-only Active Directory stale computer report for last logon, OU, operating system, enabled state, and cleanup planning.
Read-onlyPublished
Recent Writeups
Newest operator notes in one place.
Review the latest troubleshooting articles, Labs builds, and Toolchest guides without jumping between section landing pages.
Total194
Insights111
Labs42
Toolchest41
Current Feed
41 writeups
ToolchestEvergreenactive-directory-identity
All-DC lastLogon collector and stale-user evidence report
Collect non-replicated lastLogon values from every writable domain controller, calculate the newest observed logon per account, and export evidence suitable for stale-user or stale-computer cleanup decisions without relying on replicated lastLogonTimestamp alone.
Read-onlyPublished
ToolchestEvergreensecurity-exposure
Authenticated Users drive ACL scanner
PowerShell scanner that checks fixed local drives on Windows servers for root ACL entries where Authenticated Users have broad access. Produces console and CSV evidence so admins can review exposure before any ACL changes.
Read-onlyPublished
ToolchestEvergreenhybrid-cloud-operations
Azure Arc bulk onboarding CSV and logging starter
Reusable starter for Azure Arc onboarding waves using a host CSV, dry-run expectations, per-host logging, and repeatable result tracking suitable for tickets, change records, and post-wave reporting.
Read-onlyPublished
ToolchestEvergreenhybrid-cloud-operations
Azure Arc onboarding preflight checklist
Preflight checklist for onboarding Windows servers to Azure Arc. Confirms supported OS state, outbound connectivity, proxy/TLS behavior, local admin rights, target Azure placement, tagging, pilot scope, and rollback notes before any agent install.
Read-onlyPublished
ToolchestEvergreenreporting-evidence
Azure Update Manager compliance workbook starter
Starter template for an Azure Workbook plus Resource Graph evidence pack that shows patch compliance, pending updates, unsupported coverage, and patch-group drift across Azure and Arc-enabled machines.
Read-onlyPublished
ToolchestEvergreenhybrid-cloud-operations
Azure Update Manager patch wave planning template
Operator-ready planning template for Azure Update Manager patch waves covering scope, maintenance windows, reboot tolerance, exclusions, soak periods, rollback contacts, and stop-go criteria before scheduled patching.
Read-onlyPublished
ToolchestEvergreenbackup-recovery
Backup Restore Drill Evidence Checklist
A restore-drill evidence template for proving backups are usable, measuring recovery time, and turning failed assumptions into repair tasks before an outage.
Changes system statePublished
ToolchestEvergreenreporting-evidence
Build the Ops Reporting Foundation Helper
Create the local PowerShell helper file that every Ops Stack reporting-compatible script can share. This guide walks through the folder structure, the helper contract, the commented PowerShell implementation, a sample validation run, and the artifacts the helper creates so a new reader can build it from scratch and prove it works.
Changes system statePublished
ToolchestEvergreensecurity-exposure
Certificate expiration scanner
A read-only certificate inventory that finds local-machine store certificates nearing expiration and captures certificates presented by known TLS endpoints for review.
Read-onlyPublished
ToolchestEvergreenconnectivity-network-triage
DHCP scope utilization report
A read-only DHCP scope report that surfaces high utilization, exhausted ranges, and cleanup candidates.
Read-onlyPublished
ToolchestEvergreenwindows-server-health
Disk space cleanup candidate report
A read-only disk-pressure report that captures low-space context and returns targeted cleanup candidates from known folders without deleting, compressing, or moving anything.
Read-onlyPublished
ToolchestEvergreendns-dhcp
DNS and DHCP Health Check
A read-only DNS and DHCP triage checklist that captures client-side evidence, compares DNS paths, and narrows the failure domain before anyone flushes caches or changes records.
Read-onlyPublished
ToolchestEvergreenconnectivity-network-triage
DNS resolution and reverse lookup audit
A read-only DNS audit that compares forward and reverse lookup results across host lists and expected DNS servers.
Read-onlyPublished
ToolchestEvergreenfile-backup-storage
File share permission audit
A read-only file share audit that records SMB share permissions, NTFS access, and ownership evidence for review.
Read-onlyPublished
ToolchestEvergreenfreeware-utilities
Free network scanner and port inventory guide
A practical guide to free network scanning options for host discovery, port inventory, and safe scan scoping.
Review before runningPublished
ToolchestEvergreenwindows-server-health
IIS site and binding inventory
A read-only IIS inventory that correlates sites, bindings, ports, host headers, app-pool identities, content paths, and certificate thumbprints for migration or renewal work.
Read-onlyPublished
ToolchestEvergreenactive-directory-identity
Inactive AD user disable review workflow
Two-phase review checklist for identifying inactive AD user accounts, validating inactivity evidence, applying exclusions, capturing approval, and preparing rollback details before any disable action.
Changes system statePublished
ToolchestEvergreenoperations-templates
Incident Note Template
A compact operator note format for capturing symptoms, checks, decisions, and follow-up while the issue is fresh.
Changes system statePublished
ToolchestEvergreeninventory
Installed Application Inventory for Windows Endpoints
A read-only PowerShell inventory starter for collecting installed applications from local or remote Windows endpoints.
Read-onlyPublished
ToolchestEvergreenapplication-hosting
Internal IIS site rollout checklist
Operator checklist for launching an internal IIS-hosted site with evidence capture for IIS role presence, site folder layout, bindings, app pool identity, DNS readiness, browser validation, and rollback notes.
Read-onlyPublished
ToolchestEvergreenactive-directory-identity
Local administrator group audit across Windows endpoints
A read-only local administrator audit that records privileged group membership across Windows endpoints for review.
Read-onlyPublished
ToolchestEvergreenpatch-reboot-readiness
Pending reboot detection across Windows servers
A read-only pending reboot check for Windows servers before patching, application installs, or maintenance-window closure.
Read-onlyPublished
ToolchestEvergreenreporting-evidence
PowerShell HTML operations report starter
Concrete PowerShell reporting pattern for turning host-check results into an HTML operations summary with a status rollup, per-host table, failure section, saved local artifacts, and optional email delivery.
Changes system statePublished
ToolchestEvergreenreporting-evidence
PowerShell operations reporting foundation
Academy-style guide for using the Ops Reporting Foundation helper to turn PowerShell checks into consistent HTML, CSV, JSON, and log artifacts. Start here after creating the helper file, then plug health checks, patch checks, certificate scans, AD hygiene checks, and other collectors into the same reporting pattern.
Changes system statePublished
ToolchestEvergreenconnectivity-network-triage
PowerShell server connectivity quick check
A concise read-only connectivity triage script that separates DNS, ICMP reachability, and expected TCP-port failures before escalation.
Read-onlyPublished
ToolchestEvergreeninventory
RADIUS and NPS server detection report
Read-only PowerShell reporting script pattern to identify likely Microsoft NPS or other RADIUS-capable Windows servers using multiple evidence sources: NPS service presence, NPAS role/feature state, IAS/NPS event log activity, UDP 1812/1813 listener evidence, and registry indicators. Designed for migration discovery, audit support, and authentication troubleshooting.
Read-onlyPublished
ToolchestEvergreenremote-access
RDP Connectivity Checklist
A structured check for RDP failures before changing firewall rules, user rights, or server policy.
Read-onlyPublished
ToolchestEvergreenconnectivity-network-triage
RDP failure triage script
A read-only RDP triage script pattern for DNS, TCP 3389, listener state, firewall evidence, sessions, and event logs.
Read-onlyPublished
ToolchestEvergreenfile-services
Robocopy Job Template
A safer starting point for repeatable Windows file copy jobs with logging and dry-run review.
Changes system statePublished
ToolchestEvergreenfile-backup-storage
Robocopy job template and log parser
A safer Robocopy job template with dry-run review, log capture, exit-code interpretation, and migration evidence.
Changes system statePublished
ToolchestEvergreenmigration-cutover
Robocopy migration cutover checklist and evidence pack
Operator checklist and evidence structure for file migration cutovers using Robocopy. Covers pre-copy checks, dry-run evidence, final sync readiness, exclusion review, validation samples, rollback details, and signoff artifacts suitable for tickets and change records.
Changes system statePublished
ToolchestEvergreenwindows-server-health
Scheduled task inventory and failure report
A read-only scheduled task inventory that highlights failed runs, missed runs, disabled tasks, and ownership gaps.
Read-onlyPublished
ToolchestEvergreenactive-directory-identity
Service account usage finder
A read-only service account discovery pass for Windows services, scheduled tasks, and IIS application pools.
Read-onlyPublished
ToolchestEvergreenfreeware-utilities
Sysinternals first-response kit guide
A practical Sysinternals first-response map for process, file handle, startup, network, login, and registry symptoms.
Read-onlyPublished
ToolchestEvergreenmonitoring
Uptime Kuma Monitoring Starter
A simple monitoring starter for internal services, homelab systems, and small-office status checks.
Changes system statePublished
ToolchestEvergreensecurity-exposure
Windows firewall rule audit
A read-only Windows Firewall audit that records enabled allow rules, ports, profiles, and address scopes.
Read-onlyPublished
ToolchestEvergreenwindows-server-health
Windows server health snapshot
A read-only Windows Server health snapshot that returns one compact row per host for uptime, disk pressure, memory headroom, stopped automatic services, and recent system errors.
Read-onlyPublished
ToolchestEvergreenpatch-reboot-readiness
Windows Update readiness and repair evidence pack
A patch readiness and repair evidence pack for reboot state, servicing health, update logs, and approved repair actions.
Changes system statePublished
ToolchestEvergreenpatching
Windows Update Repair Checks
A staged Windows Update troubleshooting path that starts read-only and escalates only when needed.
Changes system statePublished
ToolchestEvergreenconnectivity-network-triage
Wireshark packet capture triage guide
A packet-capture triage guide for DNS, TLS, DHCP, SMB, RDP, retransmissions, and sensitive-data handling.
Review before runningPublished