Addressed usability issues

Separted all from header functionality. Validate GUID. Updated examples and documention.

Author: Reed Williams

AdfsEventsModule.psm1

@@ -316,13 +316,20 @@ function AggregateOutputObject
 
     [parameter(Mandatory=$true,Position=2)]
     [AllowEmptyCollection()]
-    [PSObject[]]$Headers)
+    [PSObject[]]$Headers,
+
+    [parameter(Mandatory=$false, Position=3)]
+    [bool]$AddHeaders)
 
      $Output = New-Object PSObject -Property @{
         "CorrelationID" = $CorrID
         "Events" = $Events
-        "Headers" = $Headers
     }
+    if($AddHeaders)
+    {
+        $Output | Add-Member Headers $Headers
+    }
+
     Write-Output $Output
 }
 
@@ -381,13 +388,15 @@ function Get-ADFSEvents
     time conversions will be based on the UTC of these values.
 
     .EXAMPLE
-    Get-ADFSEvents -Logs Security, Admin, Debug -CorrelationID 669bced6-d6ae-4e69-889b-09ceb8db78c9 -Servers LocalHost, MyServer
+    Get-ADFSEvents -Logs Security, Admin, Debug -CorrelationID 669bced6-d6ae-4e69-889b-09ceb8db78c9 -Server LocalHost, MyServer
+    .Example
+    Get-ADFSEvents -CorrelationID 669bced6-d6ae-4e69-889b-09ceb8db78c9 -Headers
     .EXAMPLE
-    Get-ADFSEvents -Logs Admin -AllWithHeaders -Servers LocalHost
+    Get-ADFSEvents -Logs Admin -All 
     .EXAMPLE
-    Get-ADFSEvents -Logs Debug, Security -AllWithoutHeaders -Servers LocalHost, Server1, Server2
+    Get-ADFSEvents -Logs Debug, Security -All -Headers -Server LocalHost, Server1, Server2
     .Example
-    Get-ADFSEvents -Logs Debug -StartTime $start -EndTime $End -server localhost
+    Get-ADFSEvents -Logs Debug -StartTime (Get-Date -Date ("2017-09-14T18:37:26.910168700Z"))  -EndTime (Get-Date) -Headers
 
     #>
 
@@ -403,18 +412,18 @@ function Get-ADFSEvents
     [ValidateNotNullOrEmpty()]
     [string]$CorrelationID,
 
-    [parameter(Mandatory=$true, Position=1, ParameterSetName="AllEventsWithoutHeaderSet")]
-    [switch]$AllWithoutHeaders,
-
-    [parameter(Mandatory=$true, Position=1, ParameterSetName ="AllEventsWithHeaderSet")]
-    [switch]$AllWithHeaders, 
+    [parameter(Mandatory=$true, Position=1, ParameterSetName="AllEventsSet")]
+    [switch]$All,
 
     [parameter(Mandatory=$true, Position=1, ParameterSetName="AllEventsByTimeSet")]
     [DateTime]$StartTime,
 
     [parameter(Mandatory=$true, Position=2, ParameterSetName="AllEventsByTimeSet")]
     [DateTime]$EndTime,
 
+    [parameter(Mandatory=$false)]
+    [switch]$Headers, 
+
     [parameter(Mandatory=$false, ValueFromPipeline=$True, ValueFromPipelineByPropertyName=$True)]
     [string[]]$Server="LocalHost"
     )
@@ -423,6 +432,12 @@ function Get-ADFSEvents
     {
         $ServerList = @()
         $HashTable = @{}
+        $Var = [ref] [System.Guid]::NewGuid()
+        if($CorrelationID -ne "" -and ![System.Guid]::TryParse($CorrelationID, $Var)){ #Validate provided Correlation ID is a valid GUID
+            Write-Error "Invalid correlation id. Please provide valid input"
+            Break
+        }
+
         if($StartTime -ne $null -and $EndTime -ne $null)
         {
             $ByTime = $true
@@ -445,7 +460,7 @@ function Get-ADFSEvents
         {
             $Session = New-PSSession -ComputerName $Server
             $Events += QueryDesiredLogs -CorrID $CorrelationID -Session $Session -ByTime $ByTime -Start $StartTime.ToUniversalTime() -End $EndTime.ToUniversalTime()
-            if($CorrelationID -ne "")
+            if($CorrelationID -ne "" -and $Headers)
             {
                 $HTTPInformation += GetHTTPRequestInformation -CorrID $CorrelationID -Session $Session
             }
@@ -483,7 +498,7 @@ function Get-ADFSEvents
 
         else #Events gathered for a single correlation id
         {
-            AggregateOutputObject -CorrID $CorrelationID -Events $Events -Headers $HTTPInformation
+            AggregateOutputObject -CorrID $CorrelationID -Events $Events -Headers $HTTPInformation -AddHeader $Headers.IsPresent
         }
 
     }
@@ -493,12 +508,13 @@ function Get-ADFSEvents
         #Print the result of gathering events for all correlation ids
         foreach($EventList in $HashTable.Values)
         {
-            if($AllWithoutHeaders)
+           <# if(!$Headers)
             {
-                Write-Output $EventList
+                AggregateOutputObject -CorrID $EventList[0].CorrelationID -Events $EventList -Headers []
             }
+            #>
 
-            else{ #Gather headers for each correlation id from each server
+            if($Headers){ #Gather headers for each correlation id from each server
                 foreach($Machine in $ServerList)
                 {
                     $HTTPInformation = @()
@@ -518,13 +534,13 @@ function Get-ADFSEvents
                             Remove-PSSession $Session
                         }
                     }  
-                }
-                AggregateOutputObject -CorrID $EventList[0].CorrelationID -Events $EventList -Headers $HTTPInformation
+                }  
             }
+            AggregateOutputObject -CorrID $EventList[0].CorrelationID -Events $EventList -Headers $HTTPInformation -AddHeaders $Headers.IsPresent
         }
     }
 
 
 }
 Export-ModuleMember -Function Get-ADFSEvents
-Export-ModuleMember -Function Write-ADFSEventsSummary
+Export-ModuleMember -Function Write-ADFSEventsSummarys

README.md

@@ -28,31 +28,32 @@ in.
 * __Logs__ - A list of AD FS logs to include in the aggregation. Current options are: "Admin", "Debug", "Security".
 The default will pull from both Security and Admin.
 * __CorrelationID__ - The correlation ID for a single request. This will aggregate all chosen logs for this request  
-* __AllWithoutHeaders__ - this flag will cause all requests to be grouped by correlation ID, but the HTTP headers 
-will not be extracted from the logs
-* __AllWithHeaders__ - this flag will cause all requests to be grouped by correlation ID, and the HTTP headers of 
-each request will be extracted from the logs 
-* __StartTime__ - the UTC start time to use when aggregating multiple requests. All requests that start after this 
+* __All__ - This flag will cause all events in the desired logs to be grouped by correlation ID.
+* __Headers__ - This flag can be combined with any means of event collection (a single correlation id, all events, or
+time based) to reconstruct available HTTP requests and responses. 
+* __StartTime__ - The UTC start time to use when aggregating multiple requests. All requests that start after this 
 time will be aggregated
-* __EndTime__ - the UTC end time to use when aggregating multiple requests. All requests that end before this time
+* __EndTime__ - The UTC end time to use when aggregating multiple requests. All requests that end before this time
 will be aggregated
-* __Server__ - a comma-separated list of server names to pull logs from. 
+* __Server__ - A comma-separated list of server names to pull logs from. 
 The default will pull from LocalHost
 
 ## Get-ADFSEvents Output
 
-The output produced by Get-ADFSEvents is a list of objects with each containing the following properties:
+The output produced by Get-ADFSEvents is a list of objects with each containing at least the following properties:
 
 1.  __CorrelationID__
 2.  __Events__
-3.  __Headers__
+
 
 The __CorrelationID__ property contains a string representation of the Correlation ID that all events and headers within that object share.
 
 The __Events__ property contains a list of [EventLogRecord](https://msdn.microsoft.com/en-us/library/system.diagnostics.eventing.reader.eventlogrecord)
 objects for the matching Correlation ID.
 
-The __Headers__ property contains a list of objects, each containing of the following properties:
+If the __Headers__ flag is included in the cmdlet's invocation, the output object will also contain a __Headers__ property.
+
+The __Headers__ property contains a list of objects, each containing the following properties:
 
 1.  __QueryString__
 2.  __ResponseString__
@@ -80,7 +81,7 @@ The __ResponseHeader__ property is a dictionary containing the headers included
 
     EXAMPLE: Retrieve all logs from two servers for a specific request
 
-    ```$logs = Get-ADFSEvents -Logs Security, Admin, Debug -CorrelationID 0c0fd6ee-4b1e-4260-0300-0080070000e3 -Server LocalHost, MyServer```
+    ```$logs = Get-ADFSEvents -Logs Security, Admin, Debug -CorrelationID 0c0fd6ee-4b1e-4260-0300-0080070000e3 -Headers -Server LocalHost, MyServer```
 
     OUTPUT: