ToolchestEvergreenactive-directory-identity
AD stale computer cleanup report
A read-only Active Directory stale computer report for last logon, OU, operating system, enabled state, and cleanup planning.
Read-onlyPublished
Recent Writeups
Newest operator notes in one place.
Review the latest troubleshooting articles, Labs builds, and Toolchest guides without jumping between section landing pages.
Total174
Insights93
Labs42
Toolchest39
Current Feed
31 writeups
ToolchestEvergreenactive-directory-identity
All-DC lastLogon collector and stale-user evidence report
Collect non-replicated lastLogon values from every writable domain controller, calculate the newest observed logon per account, and export evidence suitable for stale-user or stale-computer cleanup decisions without relying on replicated lastLogonTimestamp alone.
Read-onlyPublished
ToolchestEvergreensecurity-exposure
Authenticated Users drive ACL scanner
PowerShell scanner that checks fixed local drives on Windows servers for root ACL entries where Authenticated Users have broad access. Produces console and CSV evidence so admins can review exposure before any ACL changes.
Read-onlyPublished
ToolchestEvergreenhybrid-cloud-operations
Azure Arc bulk onboarding CSV and logging starter
Reusable starter for Azure Arc onboarding waves using a host CSV, dry-run expectations, per-host logging, and repeatable result tracking suitable for tickets, change records, and post-wave reporting.
Read-onlyPublished
ToolchestEvergreenhybrid-cloud-operations
Azure Arc onboarding preflight checklist
Preflight checklist for onboarding Windows servers to Azure Arc. Confirms supported OS state, outbound connectivity, proxy/TLS behavior, local admin rights, target Azure placement, tagging, pilot scope, and rollback notes before any agent install.
Read-onlyPublished
ToolchestEvergreenreporting-evidence
Azure Update Manager compliance workbook starter
Starter template for an Azure Workbook plus Resource Graph evidence pack that shows patch compliance, pending updates, unsupported coverage, and patch-group drift across Azure and Arc-enabled machines.
Read-onlyPublished
ToolchestEvergreenhybrid-cloud-operations
Azure Update Manager patch wave planning template
Operator-ready planning template for Azure Update Manager patch waves covering scope, maintenance windows, reboot tolerance, exclusions, soak periods, rollback contacts, and stop-go criteria before scheduled patching.
Read-onlyPublished
ToolchestEvergreensecurity-exposure
Certificate expiration scanner
A read-only certificate inventory for finding expiring Windows certificate-store items and endpoint certificates before outages.
Read-onlyPublished
InsightEvergreenAzure
Comparing Robocopy, PowerShell, rsync, and Storage-Native Replication for File Migrations
Use this when you need to choose the right file-migration path instead of defaulting blindly to Robocopy, PowerShell, rsync, or storage replication.
Read-onlyOperator guide
ToolchestEvergreenconnectivity-network-triage
DHCP scope utilization report
A read-only DHCP scope report that surfaces high utilization, exhausted ranges, and cleanup candidates.
Read-onlyPublished
ToolchestEvergreenwindows-server-health
Disk space cleanup candidate report
A read-only disk pressure report that finds likely cleanup candidates without deleting logs, caches, dumps, or user data.
Read-onlyPublished
ToolchestEvergreendns-dhcp
DNS and DHCP Health Check
A diagnostic DNS and DHCP triage flow that captures evidence, follows decision branches, and explains what each result means before changing anything.
Read-onlyPublished
ToolchestEvergreenconnectivity-network-triage
DNS resolution and reverse lookup audit
A read-only DNS audit that compares forward and reverse lookup results across host lists and expected DNS servers.
Read-onlyPublished
ToolchestEvergreenfile-backup-storage
File share permission audit
A read-only file share audit that records SMB share permissions, NTFS access, and ownership evidence for review.
Read-onlyPublished
ToolchestEvergreenwindows-server-health
IIS site and binding inventory
A read-only IIS inventory for sites, app pools, bindings, host headers, ports, certificate thumbprints, and content paths.
Read-onlyPublished
ToolchestEvergreenactive-directory-identity
Inactive AD user disable review workflow
Two-phase review checklist for identifying inactive AD user accounts, validating inactivity evidence, applying exclusions, capturing approval, and preparing rollback details before any disable action.
Read-onlyPublished
ToolchestEvergreeninventory
Installed Application Inventory for Windows Endpoints
A read-only PowerShell inventory starter for collecting installed applications from local or remote Windows endpoints.
Read-onlyPublished
ToolchestEvergreenapplication-hosting
Internal IIS site rollout checklist
Operator checklist for launching an internal IIS-hosted site with evidence capture for IIS role presence, site folder layout, bindings, app pool identity, DNS readiness, browser validation, and rollback notes.
Read-onlyPublished
ToolchestEvergreenactive-directory-identity
Local administrator group audit across Windows endpoints
A read-only local administrator audit that records privileged group membership across Windows endpoints for review.
Read-onlyPublished
ToolchestEvergreenpatch-reboot-readiness
Pending reboot detection across Windows servers
A read-only pending reboot check for Windows servers before patching, application installs, or maintenance-window closure.
Read-onlyPublished
ToolchestEvergreenconnectivity-network-triage
PowerShell server connectivity quick check
A read-only connectivity triage script that separates DNS, ping, RDP, WinRM, and application-port failures before escalation.
Read-onlyPublished
ToolchestEvergreeninventory
RADIUS and NPS server detection report
Read-only PowerShell reporting script pattern to identify likely Microsoft NPS or other RADIUS-capable Windows servers using multiple evidence sources: NPS service presence, NPAS role/feature state, IAS/NPS event log activity, UDP 1812/1813 listener evidence, and registry indicators. Designed for migration discovery, audit support, and authentication troubleshooting.
Read-onlyPublished
ToolchestEvergreenremote-access
RDP Connectivity Checklist
A structured check for RDP failures before changing firewall rules, user rights, or server policy.
Read-onlyPublished
ToolchestEvergreenconnectivity-network-triage
RDP failure triage script
A read-only RDP triage script pattern for DNS, TCP 3389, listener state, firewall evidence, sessions, and event logs.
Read-onlyPublished
ToolchestEvergreenwindows-server-health
Scheduled task inventory and failure report
A read-only scheduled task inventory that highlights failed runs, missed runs, disabled tasks, and ownership gaps.
Read-onlyPublished
ToolchestEvergreenactive-directory-identity
Service account usage finder
A read-only service account discovery pass for Windows services, scheduled tasks, and IIS application pools.
Read-onlyPublished
ToolchestEvergreenfreeware-utilities
Sysinternals first-response kit guide
A practical Sysinternals first-response map for process, file handle, startup, network, login, and registry symptoms.
Read-onlyPublished
InsightEvergreenNetworking
Validating File Migrations Before Cutover and Proving the Target Is Authoritative
Use this when you need a validation model that proves a migrated target is ready before users, apps, or cutover steps depend on it.
Read-onlyOperator guide
InsightEvergreenWindows
Windows Evidence-First Recovery Workflow Before Repair Commands
Use this supporting Insight to gather Windows evidence before SFC, DISM, uninstalls, Safe Mode, or other repair commands change the system.
Read-onlyOperator guide
ToolchestEvergreensecurity-exposure
Windows firewall rule audit
A read-only Windows Firewall audit that records enabled allow rules, ports, profiles, and address scopes.
Read-onlyPublished
ToolchestEvergreenwindows-server-health
Windows server health snapshot
A read-only Windows Server snapshot for uptime, disk pressure, memory, stopped automatic services, and recent critical events.
Read-onlyPublished