EvotecIT · PrzemyslawKlys · Apr 27, 2026 · Mar 31, 2026 · Apr 11, 2026 · Apr 11, 2026
diff --git a/Private/ConvertTo-DHCPOptionIssueRecord.ps1 b/Private/ConvertTo-DHCPOptionIssueRecord.ps1
@@ -0,0 +1,71 @@
+function ConvertTo-DHCPOptionIssueRecord {
+    [CmdletBinding()]
+    param(
+        [Parameter(Mandatory)]
+        [object] $Issue
+    )
+
+    if ($null -eq $Issue) {
+        return $null
+    }
+
+    if ($Issue -is [string] -and [string]::IsNullOrWhiteSpace($Issue)) {
+        return $null
+    }
+
+    if ($Issue -isnot [string]) {
+        $text = if ($Issue.PSObject.Properties['Issue']) { [string] $Issue.Issue } else { [string] $Issue }
+        $serverName = if ($Issue.PSObject.Properties['ServerName']) { [string] $Issue.ServerName } else { $null }
+        $scopeId = if ($Issue.PSObject.Properties['ScopeId']) { [string] $Issue.ScopeId } else { $null }
+        $category = if ($Issue.PSObject.Properties['Category']) { [string] $Issue.Category } else { 'Other' }
+        $recommendation = if ($Issue.PSObject.Properties['Recommendation']) { [string] $Issue.Recommendation } else { 'Review the DHCP option configuration and align it with the approved standard.' }
+
+        if ([string]::IsNullOrWhiteSpace($text)) {
+            return $null
+        }
+
+        return [PSCustomObject]@{
+            Category       = $category
+            ServerName     = $serverName
+            ScopeId        = $scopeId
+            Details        = $text
+            Recommendation = $recommendation
+        }
+    }
+
+    $text = [string] $Issue
+    $category = 'Other'
+    $serverName = $null
+    $scopeId = $null
+    $recommendation = 'Review the DHCP option configuration and align it with the approved standard.'
+
+    if ($text -match '^Public DNS servers configured in scope (?<scope>.+?) on (?<server>.+)$') {
+        $category = 'Public DNS'
+        $scopeId = $Matches.scope
+        $serverName = $Matches.server
+        $recommendation = 'Replace public DNS servers with approved internal DNS servers or document the exception.'
+    } elseif ($text -match '^Very long lease time \((?<hours>\d+) hours\) in scope (?<scope>.+?) on (?<server>.+)$') {
+        $category = 'Lease Time'
+        $scopeId = $Matches.scope
+        $serverName = $Matches.server
+        $recommendation = 'Reduce the lease duration to 168 hours or less unless the longer value is explicitly approved.'
+    } elseif ($text -match '^Empty domain name in scope (?<scope>.+?) on (?<server>.+)$') {
+        $category = 'Domain Name'
+        $scopeId = $Matches.scope
+        $serverName = $Matches.server
+        $recommendation = 'Configure DHCP option 15 with the expected DNS domain name.'
+    } elseif ($text -match '^Invalid lease time format in scope (?<scope>.+?) on (?<server>.+)$') {
+        $category = 'Lease Time Format'
+        $scopeId = $Matches.scope
+        $serverName = $Matches.server
+        $recommendation = 'Verify DHCP option 51 uses a valid numeric value expressed in seconds.'
+    }
+
+    [PSCustomObject]@{
+        Category       = $category
+        ServerName     = $serverName
+        ScopeId        = $scopeId
+        Details        = $text
+        Recommendation = $recommendation
+    }
+}
diff --git a/Private/Get-WinADDHCPScopeValidation.ps1 b/Private/Get-WinADDHCPScopeValidation.ps1
@@ -1,67 +1,74 @@
-function Get-WinADDHCPScopeValidation {
-    [CmdletBinding()]
-    param(
-        [Object] $Scope,
-        [PSCustomObject] $ScopeObject
-    )
-
+function Get-WinADDHCPScopeValidation {
+    [CmdletBinding()]
+    param(
+        [Object] $Scope,
+        [PSCustomObject] $ScopeObject
+    )
+
     # Validate scope configuration
     # Check lease duration (should not exceed 48 hours unless explicitly documented)
     if ($Scope.LeaseDuration.TotalHours -gt 48) {
-        # Check for documented exceptions (like V2 validator's "DHCP lease time" check)
-        if ($Scope.Description -notlike "*DHCP lease time*") {
-            # Use consistent string for both reports
-            $ScopeObject.Issues.Add("Lease duration exceeds 48 hours ($([Math]::Round($Scope.LeaseDuration.TotalHours, 1)) hours)")
-            $ScopeObject.Issues.Add("Lease duration greater than 48 hours")  # For minimal report matching
-            $ScopeObject.HasIssues = $true
-        }
+        # Check for documented exceptions (like V2 validator's "DHCP lease time" check)
+        if ($Scope.Description -notlike "*DHCP lease time*") {
+            # Use consistent string for both reports
+            $ScopeObject.Issues.Add("Lease duration exceeds 48 hours ($([Math]::Round($Scope.LeaseDuration.TotalHours, 1)) hours)")
+            $ScopeObject.Issues.Add("Lease duration greater than 48 hours")  # For minimal report matching
+            $ScopeObject.HasIssues = $true
+        }
+    }
+
+    # PTR registration should stay enabled
+    if ($ScopeObject.DisableDnsPtrRRUpdate -eq $true) {
+        $ScopeObject.Issues.Add("DisableDnsPtrRRUpdate is enabled")
+        $ScopeObject.Issues.Add("PTR registration disabled")
+        $ScopeObject.HasIssues = $true
     }
 
     # Check for dynamic DNS updates with public DNS servers
     if ($ScopeObject.DNSSettings -and $ScopeObject.DNSSettings.DynamicUpdates -ne 'Never') {
         if ($ScopeObject.DNSServers) {
-            # Check for non-private DNS servers (V2 validator's ^10. check)
-            $DNSServerArray = $ScopeObject.DNSServers -split ',' | ForEach-Object { $_.Trim() }
-            $NonPrivateDNS = $DNSServerArray | Where-Object { 
-                $_ -notmatch "^10\." -and 
-                $_ -notmatch "^192\.168\." -and 
-                $_ -notmatch "^172\.(1[6-9]|2[0-9]|3[0-1])\." 
-            }
-            if ($NonPrivateDNS) {
-                $ScopeObject.Issues.Add("DNS updates enabled with non-private DNS servers: $($NonPrivateDNS -join ', ')")
-                $ScopeObject.Issues.Add("DNS updates enabled with public DNS servers")  # For minimal report matching
-                $ScopeObject.HasIssues = $true
-            }
-        }
-
-        # Enhanced DNS update validation (from V2 validator)
-        if (-not $ScopeObject.UpdateDnsRRForOlderClients -and -not $ScopeObject.DeleteDnsRROnLeaseExpiry) {
-            $ScopeObject.Issues.Add("Both UpdateDnsRRForOlderClients and DeleteDnsRROnLeaseExpiry are disabled")
-            $ScopeObject.Issues.Add("DNS update settings misconfigured")  # For minimal report matching
-            $ScopeObject.HasIssues = $true
-        } elseif (-not $ScopeObject.UpdateDnsRRForOlderClients) {
-            $ScopeObject.Issues.Add("UpdateDnsRRForOlderClients is disabled")
-            $ScopeObject.Issues.Add("DNS update settings misconfigured")  # For minimal report matching
-            $ScopeObject.HasIssues = $true
-        } elseif (-not $ScopeObject.DeleteDnsRROnLeaseExpiry) {
-            $ScopeObject.Issues.Add("DeleteDnsRROnLeaseExpiry is disabled")
-            $ScopeObject.Issues.Add("DNS update settings misconfigured")  # For minimal report matching
-            $ScopeObject.HasIssues = $true
-        }
-
+            # Check for non-private DNS servers (V2 validator's ^10. check)
+            $DNSServerArray = $ScopeObject.DNSServers -split ',' | ForEach-Object { $_.Trim() }
+            $NonPrivateDNS = $DNSServerArray | Where-Object { 
+                $_ -notmatch "^10\." -and 
+                $_ -notmatch "^192\.168\." -and 
+                $_ -notmatch "^172\.(1[6-9]|2[0-9]|3[0-1])\." 
+            }
+            if ($NonPrivateDNS) {
+                $ScopeObject.Issues.Add("DNS updates enabled with non-private DNS servers: $($NonPrivateDNS -join ', ')")
+                $ScopeObject.Issues.Add("DNS updates enabled with public DNS servers")  # For minimal report matching
+                $ScopeObject.HasIssues = $true
+            }
+        }
+
+        # Enhanced DNS update validation (from V2 validator)
+        if (-not $ScopeObject.UpdateDnsRRForOlderClients -and -not $ScopeObject.DeleteDnsRROnLeaseExpiry) {
+            $ScopeObject.Issues.Add("Both UpdateDnsRRForOlderClients and DeleteDnsRROnLeaseExpiry are disabled")
+            $ScopeObject.Issues.Add("DNS update settings misconfigured")  # For minimal report matching
+            $ScopeObject.HasIssues = $true
+        } elseif (-not $ScopeObject.UpdateDnsRRForOlderClients) {
+            $ScopeObject.Issues.Add("UpdateDnsRRForOlderClients is disabled")
+            $ScopeObject.Issues.Add("DNS update settings misconfigured")  # For minimal report matching
+            $ScopeObject.HasIssues = $true
+        } elseif (-not $ScopeObject.DeleteDnsRROnLeaseExpiry) {
+            $ScopeObject.Issues.Add("DeleteDnsRROnLeaseExpiry is disabled")
+            $ScopeObject.Issues.Add("DNS update settings misconfigured")  # For minimal report matching
+            $ScopeObject.HasIssues = $true
+        }
+
         if (-not $ScopeObject.DomainNameOption -or [string]::IsNullOrEmpty($ScopeObject.DomainNameOption)) {
             $ScopeObject.Issues.Add("Domain name option (015) is empty")
             $ScopeObject.Issues.Add("DNS updates enabled but missing domain name option")  # For minimal report matching
             $ScopeObject.HasIssues = $true
         }
-    }
-
-    # Check for missing failover configuration
-    if (-not $ScopeObject.FailoverPartner) {
-        $ScopeObject.Issues.Add("DHCP Failover not configured")
-        $ScopeObject.Issues.Add("Missing DHCP failover configuration")  # For minimal report matching
-        $ScopeObject.HasIssues = $true
-    }
-
-    return $ScopeObject.HasIssues
-}
+    }
+
+    # Check for missing failover configuration
+    if (-not $ScopeObject.FailoverPartner) {
+        $ScopeObject.Issues.Add("DHCP Failover not configured")
+        $ScopeObject.Issues.Add("Missing DHCP failover configuration")  # For minimal report matching
+        $ScopeObject.HasIssues = $true
+    }
+
+    return $ScopeObject.HasIssues
+}