From d9b67dfa04a8febdaac9ee74b17d70b5f2d89d03 Mon Sep 17 00:00:00 2001
From: Michael Grafnetter <michael.grafnetter@outlook.com>
Date: Sun, 12 May 2019 20:04:54 +0200
Subject: [PATCH] Improved cmdlet links in help

---
 .github/README.md                  |  18 ++--
 Documentation/CHANGELOG.md         | 148 ++++++++++++++---------------
 Documentation/PowerShell/Readme.md |  80 ++++++++--------
 3 files changed, 123 insertions(+), 123 deletions(-)

diff --git a/.github/README.md b/.github/README.md
index 46b97b4..6baaf9b 100644
--- a/.github/README.md
+++ b/.github/README.md
@@ -10,14 +10,14 @@
 The DSInternals project consists of these two parts:
 - The [DSInternals Framework](https://www.nuget.org/profiles/MichaelGrafnetter) exposes several internal features of *Active Directory* and can be used from any .NET application. The codebase has already been integrated into several 3<sup>rd</sup> party commercial products that use it in scenarios like Active Directory disaster recovery, identity management, cross-forest migrations and password strength auditing.
 - The [DSInternals PowerShell Module](https://www.powershellgallery.com/packages/DSInternals/) provides easy-to-use cmdlets that are built on top of the Framework. These are the main features:
-  - [Active Directory password auditing](../Documentation/PowerShell/Test-PasswordQuality.md) that discovers accounts sharing the same passwords or having passwords in a public database like [HaveIBeenPwned](https://haveibeenpwned.com) or in a custom dictionary.
-  - [Bare-metal recovery of domain controllers](../Documentation/PowerShell/New-ADDBRestoreFromMediaScript.md) from just IFM backups (ntds.dit + SYSVOL).
-  - Offline ntds.dit file manipulation, including [hash dumping](../Documentation/PowerShell/Get-ADDBAccount.md), [password resets](../Documentation/PowerShell/Set-ADDBAccountPassword.md), [group membership changes](../Documentation/PowerShell/Set-ADDBPrimaryGroup.md), [SID History injection](../Documentation/PowerShell/Add-ADDBSidHistory.md) and [enabling](../Documentation/PowerShell/Enable-ADDBAccount.md)/[disabling](../Documentation/PowerShell/Disable-ADDBAccount.md) accounts.
-  - [Online password hash dumping](../Documentation/PowerShell/Get-ADReplAccount.md) through the Directory Replication Service (DRS) Remote Protocol (MS-DRSR). This feature is commonly called DCSync.
-  - [Domain or local account password hash injection](../Documentation/PowerShell/Set-SamAccountPasswordHash.md) through the Security Account Manager (SAM) Remote Protocol (MS-SAMR) or [directly into the database](../Documentation/PowerShell/Set-ADDBAccountPasswordHash.md).
-  - [LSA Policy modification](../Documentation/PowerShell/Set-LsaPolicyInformation.md) through the Local Security Authority (Domain Policy) Remote Protocol (MS-LSAD / LSARPC).
-  - [Extracting credential roaming data](../Documentation/PowerShell/Save-DPAPIBlob.md) and DPAPI domain backup keys, either online through [directory replication](../Documentation/PowerShell/Get-ADReplBackupKey.md), [LSARPC](../Documentation/PowerShell/Get-LsaBackupKey.md) and [offline from ntds.dit](../Documentation/PowerShell/Get-ADDBBackupKey.md).
-  - Password hash calculation, including [NT hash](../Documentation/PowerShell/ConvertTo-NTHash.md), [LM hash](../Documentation/PowerShell/ConvertTo-LMHash.md) and [kerberos keys](../Documentation/PowerShell/ConvertTo-KerberosKey.md).
+  - [Active Directory password auditing](../Documentation/PowerShell/Test-PasswordQuality.md#test-passwordquality) that discovers accounts sharing the same passwords or having passwords in a public database like [HaveIBeenPwned](https://haveibeenpwned.com) or in a custom dictionary.
+  - [Bare-metal recovery of domain controllers](../Documentation/PowerShell/New-ADDBRestoreFromMediaScript.md#new-addbrestorefrommediascript) from just IFM backups (ntds.dit + SYSVOL).
+  - Offline ntds.dit file manipulation, including [hash dumping](../Documentation/PowerShell/Get-ADDBAccount.md#get-addbaccount), [password resets](../Documentation/PowerShell/Set-ADDBAccountPassword.md#set-addbaccountpassword), [group membership changes](../Documentation/PowerShell/Set-ADDBPrimaryGroup.md#set-addbprimarygroup), [SID History injection](../Documentation/PowerShell/Add-ADDBSidHistory.md#add-addbsidhistory) and [enabling](../Documentation/PowerShell/Enable-ADDBAccount.md#enable-addbaccount)/[disabling](../Documentation/PowerShell/Disable-ADDBAccount.md#disable-addbaccount) accounts.
+  - [Online password hash dumping](../Documentation/PowerShell/Get-ADReplAccount.md#get-adreplaccount) through the Directory Replication Service (DRS) Remote Protocol (MS-DRSR). This feature is commonly called DCSync.
+  - [Domain or local account password hash injection](../Documentation/PowerShell/Set-SamAccountPasswordHash.md#set-samaccountpasswordhash) through the Security Account Manager (SAM) Remote Protocol (MS-SAMR) or [directly into the database](../Documentation/PowerShell/Set-ADDBAccountPasswordHash.md#set-addbaccountpasswordhash).
+  - [LSA Policy modification](../Documentation/PowerShell/Set-LsaPolicyInformation.md#set-lsapolicyinformation) through the Local Security Authority (Domain Policy) Remote Protocol (MS-LSAD / LSARPC).
+  - [Extracting credential roaming data](../Documentation/PowerShell/Save-DPAPIBlob.md#save-dpapiblob) and DPAPI domain backup keys, either online through [directory replication](../Documentation/PowerShell/Get-ADReplBackupKey.md#get-adreplbackupkey), [LSARPC](../Documentation/PowerShell/Get-LsaBackupKey.md#get-lsabackupkey) and [offline from ntds.dit](../Documentation/PowerShell/Get-ADDBBackupKey.md#get-addbbackupkey).
+  - Password hash calculation, including [NT hash](../Documentation/PowerShell/ConvertTo-NTHash.md#convertto-nthash), [LM hash](../Documentation/PowerShell/ConvertTo-LMHash.md#convertto-lmhash) and [kerberos keys](../Documentation/PowerShell/ConvertTo-KerberosKey.md#convertto-kerberoskey).
 
 > DISCLAIMER: Features exposed through these tools are not supported by Microsoft. Improper use might cause irreversible damage to domain controllers or negatively impact domain security.
 
@@ -61,7 +61,7 @@ Install-Module DSInternals -Force
 The DSInternals PowerShell Module can also be installed using the official [Chocolatey package](https://chocolatey.org/packages/dsinternals-psmodule) by executing the following Chocolatey command:
 
 ```powershell
-choco install dsinternals-psmodule 
+choco install dsinternals-psmodule --confirm
 ```
 
 This package is self-contained and it will also install all dependencies. Note that package versions prior to 3.5 were not official.
diff --git a/Documentation/CHANGELOG.md b/Documentation/CHANGELOG.md
index ac21908..fed1185 100644
--- a/Documentation/CHANGELOG.md
+++ b/Documentation/CHANGELOG.md
@@ -12,19 +12,19 @@ All notable changes to this project will be documented in this file. The format
 
 ### Fixed
 - Improved the [JohnNT](PowerShell/Readme.md#john-the-ripper) and [JohnLM](PowerShell/Readme.md#john-the-ripper) export formats.
-- Scripts generated by the [New-ADDBRestoreFromMediaScript](PowerShell/New-ADDBRestoreFromMediaScript.md) cmdlet now correctly restore SYSVOL on Windows Server 2008 R2+.
-- Scripts generated by the [New-ADDBRestoreFromMediaScript](PowerShell/New-ADDBRestoreFromMediaScript.md) cmdlet now supports SYSVOL FRS replication in addition to DFS-R.
-- Scripts generated by the [New-ADDBRestoreFromMediaScript](PowerShell/New-ADDBRestoreFromMediaScript.md) cmdlet now do not require the ActiveDirectory module to be pre-installed.
+- Scripts generated by the [New-ADDBRestoreFromMediaScript](PowerShell/New-ADDBRestoreFromMediaScript.md#new-addbrestorefrommediascript) cmdlet now correctly restore SYSVOL on Windows Server 2008 R2+.
+- Scripts generated by the [New-ADDBRestoreFromMediaScript](PowerShell/New-ADDBRestoreFromMediaScript.md#new-addbrestorefrommediascript) cmdlet now supports SYSVOL FRS replication in addition to DFS-R.
+- Scripts generated by the [New-ADDBRestoreFromMediaScript](PowerShell/New-ADDBRestoreFromMediaScript.md#new-addbrestorefrommediascript) cmdlet now do not require the ActiveDirectory module to be pre-installed.
 
 ## [3.4] - 2019-04-23
 
 ### Added
-- The [Test-PasswordQuality](PowerShell/Test-PasswordQuality.md) cmdlet now has a parameter called `-WeakPasswordHashesSortedFile`. This parameter should be used with ordered hash files downloaded from [HaveIBeenPwned](https://haveibeenpwned.com/Passwords) as it has huge performance benefits over the older `-WeakPasswordHashesFile` parameter due to the usage of binary search algorithm.
-- The [Test-PasswordQuality](PowerShell/Test-PasswordQuality.md) cmdlet now has a proper documentation, including usage examples.
+- The [Test-PasswordQuality](PowerShell/Test-PasswordQuality.md#test-passwordquality) cmdlet now has a parameter called `-WeakPasswordHashesSortedFile`. This parameter should be used with ordered hash files downloaded from [HaveIBeenPwned](https://haveibeenpwned.com/Passwords) as it has huge performance benefits over the older `-WeakPasswordHashesFile` parameter due to the usage of binary search algorithm.
+- The [Test-PasswordQuality](PowerShell/Test-PasswordQuality.md#test-passwordquality) cmdlet now has a proper documentation, including usage examples.
 
 ### Fixed
   - The [PWDump](PowerShell/Readme.md#other-formats) export format is now more compatible with some 3rd party tools, e.g. ElcomSoft Distributed Password Recovery, although the ASCII encoding still must be enforced.
-  - The speed of processing the `-WeakPasswordHashesFile` and `-WeakPasswordsFile` parameters of the [Test-PasswordQuality](PowerShell/Test-PasswordQuality.md) cmdlet has significantly been increased.
+  - The speed of processing the `-WeakPasswordHashesFile` and `-WeakPasswordsFile` parameters of the [Test-PasswordQuality](PowerShell/Test-PasswordQuality.md#test-passwordquality) cmdlet has significantly been increased.
   - Parsing of roamed credentials is now slightly faster.
   - Documentation improvements!
 
@@ -34,7 +34,7 @@ All notable changes to this project will be documented in this file. The format
 - The .NET Framework 4.5.1 requirement is now enforced.
 
 ### Fixed
-- Scripts generated by the [New-ADDBRestoreFromMediaScript](PowerShell/New-ADDBRestoreFromMediaScript.md) cmdlet will also fix SYSVOL references in the DFS-R subscription object if it is restored to a different path.
+- Scripts generated by the [New-ADDBRestoreFromMediaScript](PowerShell/New-ADDBRestoreFromMediaScript.md#new-addbrestorefrommediascript) cmdlet will also fix SYSVOL references in the DFS-R subscription object if it is restored to a different path.
 - A more explanatory exception is now thrown when opening databases that originate from different OS versions.
 - A more explanatory exception is now thrown when the *Universal C Runtime* is missing from Windows.
 - A more explanatory exception is now thrown when the assemblies are blocked.
@@ -47,12 +47,12 @@ All notable changes to this project will be documented in this file. The format
 
 ## [3.2] - 2019-01-03
 ### Added
-- [Module] Added the `Get-LsaBackupKey` cmdlet for DPAPI domain backup key retrieval through LSARPC.
+- [Module] Added the [Get-LsaBackupKey](PowerShell/Get-LsaBackupKey.md#get-lsabackupkey) cmdlet for DPAPI domain backup key retrieval through LSARPC.
 - [Framework] Added support for DPAPI domain backup key retrieval from LSA Policy.
 
 ### Changed
-- [Module] The `Set-ADDBBootKey` cmdlet now works with Windows Server 2000-2019 databases.
-- [Module] The `New-ADDBRestoreFromMediaScript` cmdlet now uses shutdown.exe instead of Restart-Computer.
+- [Module] The [Set-ADDBBootKey](PowerShell/Set-ADDBBootKey.md#set-addbbootkey) cmdlet now works with Windows Server 2000-2019 databases.
+- [Module] The [New-ADDBRestoreFromMediaScript](PowerShell/New-ADDBRestoreFromMediaScript.md#new-addbrestorefrommediascript) cmdlet now uses shutdown.exe instead of Restart-Computer.
 - [Framework] Updated package references.
 
 ### Fixed
@@ -60,9 +60,9 @@ All notable changes to this project will be documented in this file. The format
 
 ## [3.1] - 2018-12-29
 ### Added
-- [Module] Added the `New-ADDBRestoreFromMediaScript` cmdlet to aid with file-level DC recovery process.
-- [Module] Added the `Get-LSAPolicyInformation` and `Set-LSAPolicyInformation` cmdlets that can be used to retrieve and change domain-related LSA Policies.
-- [Module] Extended the information returned by the `Get-ADDBDomainController` cmdlet.
+- [Module] Added the [New-ADDBRestoreFromMediaScript](PowerShell/New-ADDBRestoreFromMediaScript.md#new-addbrestorefrommediascript) cmdlet to aid with file-level DC recovery process.
+- [Module] Added the [Get-LSAPolicyInformation](PowerShell/Get-LSAPolicyInformation.md#get-lsapolicyinformation) and [Set-LSAPolicyInformation](PowerShell/Set-LSAPolicyInformation.md#set-lsapolicyinformation) cmdlets that can be used to retrieve and change domain-related LSA Policies.
+- [Module] Extended the information returned by the [Get-ADDBDomainController](PowerShell/Get-ADDBDomainController.md#get-addbdomaincontroller) cmdlet.
 - [Module] Added MAML documentation for `Get-Help`.
 - [Framework] Added support for LSA Policy retrieval and modification.
 
@@ -74,18 +74,18 @@ All notable changes to this project will be documented in this file. The format
 
 ## [3.0] - 2018-09-29
 ### Added
-- [Module] Added the `Set-ADDBAccountPassword` and `Set-ADDBAccountPasswordHash` cmdlets for offline password modification.
-- [Module] The `Test-PasswordQuality` cmdlet now supports NTLM hash list from haveibeenpwned.com.
-- [Module] Added the `Get-ADKeyCredential` cmdlet for linked credential generation (AKA Windows Hello for Business).
-- [Module] The `Get-ADDBAccount`, `Get-ADReplAccount` and `Get-ADSIAccount` cmdlets now display linked credentials.
+- [Module] Added the [Set-ADDBAccountPassword](PowerShell/Set-ADDBAccountPassword.md#set-addbaccountpassword) and [Set-ADDBAccountPasswordHash](PowerShell/Set-ADDBAccountPasswordHash.md#set-addbaccountpasswordhash) cmdlets for offline password modification.
+- [Module] The [Test-PasswordQuality](PowerShell/Test-PasswordQuality.md#test-passwordquality) cmdlet now supports NTLM hash list from haveibeenpwned.com.
+- [Module] Added the [Get-ADKeyCredential](PowerShell/Get-ADKeyCredential.md#get-adkeycredential) cmdlet for linked credential generation (AKA Windows Hello for Business).
+- [Module] The [Get-ADDBAccount](PowerShell/Get-ADDBAccount.md#get-addbaccount), [Get-ADReplAccount](PowerShell/Get-ADReplAccount.md#get-adreplaccount) and [Get-ADSIAccount](PowerShell/Get-ADSIAccount.md#get-adsiaccount) cmdlets now display linked credentials.
 - [Module] Databases from Windows Server 2016 can now be read on non-DCs.
-- [Module] Added the `ConvertTo-KerberosKey` cmdlet for key generation.
-- [Module] The `Save-DPAPIBlob` now generates scripts for mimikatz.
-- [Module] The `Save-DPAPIBlob` cmdlet now accepts pipeline input from both Get-ADDBBackupKey and ADDBAccount cmdlets.
-- [Module] Added Views `JohnNTHistory`, `HashcatNTHistory` and `NTHashHistory`.
-- [Module] The `Get-ADDBDomainController` now displays domain and forest functional levels.
-- [Module] The `Set-ADDBDomainController` can now be used to modify backup expiration.
-- [Module] The `Get-ADDBAccount` cmdlet now reports progress when retrieving multiple accounts.
+- [Module] Added the [ConvertTo-KerberosKey](PowerShell/ConvertTo-KerberosKey.md#convertto-kerberoskey) cmdlet for key generation.
+- [Module] The [Save-DPAPIBlob](PowerShell/Save-DPAPIBlob.md#save-dpapiblob) now generates scripts for mimikatz.
+- [Module] The [Save-DPAPIBlob](PowerShell/Save-DPAPIBlob.md#save-dpapiblob) cmdlet now accepts pipeline input from both Get-ADDBBackupKey and ADDBAccount cmdlets.
+- [Module] Added Views [JohnNTHistory](PowerShell/Readme.md#john-the-ripper), [HashcatNTHistory](PowerShell/Readme.md#hashcat) and [NTHashHistory](PowerShell/Readme.md#other-formats).
+- [Module] The [Get-ADDBDomainController](PowerShell/Get-ADDBDomainController.md#get-addbdomaincontroller) now displays domain and forest functional levels.
+- [Module] The [Set-ADDBDomainController](PowerShell/Set-ADDBDomainController.md#set-addbdomaincontroller) can now be used to modify backup expiration.
+- [Module] The [Get-ADDBAccount](PowerShell/Get-ADDBAccount.md#get-addbaccount) cmdlet now reports progress when retrieving multiple accounts.
 - [Framework] Added support for offline password changes.
 - [Framework] Added support for kerberos key derivation.
 - [Framework] Added support for WDigest hash calculation.
@@ -94,19 +94,19 @@ All notable changes to this project will be documented in this file. The format
 - [Framework] Minor bug fixes.
 
 ### Removed
-- [Module] Removed the `ConvertTo-NTHashDictionary` cmdlet as its functionality had been integrated into the `Test-PasswordQuality` cmdlet.
-- [Module] Removed the `-ShowPlainTextPasswords` parameter of the `Test-PasspasswordQualiy` cmdlet. It might be re-added in the future.
+- [Module] Removed the `ConvertTo-NTHashDictionary` cmdlet as its functionality had been integrated into the [Test-PasswordQuality](PowerShell/Test-PasswordQuality.md#test-passwordquality) cmdlet.
+- [Module] Removed the `-ShowPlainTextPasswords` parameter of the [Test-PasswordQualiy](PowerShell/Test-PasswordQuality.md#test-passwordquality) cmdlet. It might be re-added in the future.
 
 ## [2.23] - 2018-07-07
 ### Changed
-- [Module] The `Test-PasswordQuality` now supports accounts that require smart card authentication.
+- [Module] The [Test-PasswordQuality](PowerShell/Test-PasswordQuality.md#test-passwordquality) now supports accounts that require smart card authentication.
 
 ### Fixed
-- [Module] Fixed a bug in in the processing of the `-SkipDuplicatePasswordTest` switch of the `Test-PasswordQuality` cmdlet.
+- [Module] Fixed a bug in in the processing of the `-SkipDuplicatePasswordTest` switch of the [Test-PasswordQuality](PowerShell/Test-PasswordQuality.md#test-passwordquality) cmdlet.
 
 ## [2.22] - 2017-04-29
 ### Added
-- [Framework] Added the `Enable-ADDBAccount` and `Disable-ADDBAccount` cmdlets.
+- [Framework] Added the [Enable-ADDBAccount](PowerShell/Enable-ADDBAccount.md#enable-addbaccount) and [Disable-ADDBAccount](PowerShell/Disable-ADDBAccount.md#disable-addbaccount) cmdlets.
 - [Module] Added the ability to enable or disable accounts in offline databases.
 
 ## [2.21.2] - 2017-04-19
@@ -127,15 +127,15 @@ All notable changes to this project will be documented in this file. The format
 - [Framework] Added the SamEnumerateDomainsInSamServer call.
 
 ## [2.20] - 2016-11-15
-- Added the `Get-ADPasswordPolicy` cmdlet.
+- Added the [Get-ADPasswordPolicy](PowerShell/Get-SamPasswordPolicy.md#get-sampasswordpolicy) cmdlet.
 
 ## [2.19] - 2016-10-21
 - Added support for the ServicePrincipalName attribute.
 
 ## [2.18] - 2016-10-02
-- [Module] Added the `Get-ADDBKdsRootKey` cmdlet to aid DPAPI-NG decryption, e.g. SID-protected PFX files.
-- [Module] The `Get-ADReplAccount` cmdlet now correctly reports the access denied error.
-- [Module] Fixed a bug in progress reporting of the `Get-ADReplAccount` cmdlet.
+- [Module] Added the [Get-ADDBKdsRootKey](PowerShell/Get-ADDBKdsRootKey.md#get-addbkdsrootkey) cmdlet to aid DPAPI-NG decryption, e.g. SID-protected PFX files.
+- [Module] The [Get-ADReplAccount](PowerShell/Get-ADReplAccount.md#get-adreplaccount) cmdlet now correctly reports the access denied error.
+- [Module] Fixed a bug in progress reporting of the [Get-ADReplAccount](PowerShell/Get-ADReplAccount.md#get-adreplaccount) cmdlet.
 - [Framework] Added support for KDS Root Key retrieval.
 - [Framework] Replication errors are now reported using more suitable exception types.
 
@@ -146,11 +146,11 @@ All notable changes to this project will be documented in this file. The format
 - [Framework] Win32 exceptions are now translated to more specific .NET exceptions by the `Validator` class.
 
 ## [2.16.1] - 2016-08-08
-- [Module] Added the `-ShowPlainTextPasswords` parameter to the `Test-PasswordQuality` cmdlet.
+- [Module] Added the `-ShowPlainTextPasswords` parameter to the [Test-PasswordQuality](PowerShell/Test-PasswordQuality.md#test-passwordquality) cmdlet.
   Cracked and cleartext passwords now do not get displayed by default.
 
 ## [2.16] - 2016-08-07
-- [Module] Added the `Test-PasswordQuality` and `ConvertTo-NTHashSet` cmdlets.
+- [Module] Added the [Test-PasswordQuality](PowerShell/Test-PasswordQuality.md#test-passwordquality) and `ConvertTo-NTHashDictionary` cmdlets.
 - [Module] Added support for the the UserAccountControl attribute of user accounts.
 - [Framework] Added the ability to replicate user accounts by specifying their UPN.
 - [Framework] Added the ability to calculate a NT hash from both String and SecureString.
@@ -159,10 +159,10 @@ All notable changes to this project will be documented in this file. The format
 
 ## [2.15] - 2016-06-18
 - Removed dependency on ADSI.
-- Added support for the PAM optional feature. 
-- Added the `PWDump` custom view.
-- Added the `HashNT` custom view.
-- Added the `HashLM` custom view.
+- Added support for the PAM optional feature.
+- Added the [PWDump](PowerShell/Readme.md#other-formats) custom view.
+- Added the [NTHash](PowerShell/Readme.md#other-formats) custom view.
+- Added the [LMHash](PowerShell/Readme.md#other-formats) custom view.
 
 ## [2.14] - 2016-04-30
 - Added support for Windows Server 2016 ntds.dit encryption.
@@ -193,50 +193,50 @@ All notable changes to this project will be documented in this file. The format
 - Added support for the NTLM-Strong-NTOWF package in Supplemental Credentials (new in Windows Server 2016 TP4)
 - Added support for initial databases
 - Added partial support for ADAM/LDS databases
-- The `Get-ADDBSchemaAttribute` now shows attribute OIDs
+- The [Get-ADDBSchemaAttribute](PowerShell/Get-ADDBSchemaAttribute.md#get-addbschemaattribute) now shows attribute OIDs
 - Fixed a bug in Exchange schema loading
 
 ## 2.9 - 2015-12-27
-- The `Get-BootKey` cmdlet now supports online boot key retrieval
+- The [Get-BootKey](PowerShell/Get-BootKey.md#get-bootkey) cmdlet now supports online boot key retrieval
 - The PBKDF2.NET library has been replaced by CryptSharp
-- The `Get-ADDBDomainController` cmdlet now extracts some more data from the DB
+- The [Get-ADDBDomainController](PowerShell/Get-ADDBDomainController.md#get-addbdomaincontroller) cmdlet now extracts some more data from the DB
 - The project has been open-sourced
 
 ## 2.8 - 2015-10-20
-- Added the `ConvertFrom-ADManagedPasswordBlob` cmdlet
-- Added the `Get-ADDBBackupKey` cmdlet
-- Added the `Get-ADReplBackupKey` cmdlet
-- Added the `Save-DPAPIBlob` cmdlet
-- Added the `HashcatLM` view
+- Added the [ConvertFrom-ADManagedPasswordBlob](PowerShell/ConvertFrom-ADManagedPasswordBlob.md#convertfrom-admanagedpasswordblob) cmdlet
+- Added the [Get-ADDBBackupKey](PowerShell/Get-ADDBBackupKey.md#get-addbbackupkey) cmdlet
+- Added the [Get-ADReplBackupKey](PowerShell/Get-ADReplBackupKey.md#get-adreplbackupkey) cmdlet
+- Added the [Save-DPAPIBlob](PowerShell/Save-DPAPIBlob.md#save-dpapiblob) cmdlet
+- Added the [HashcatLM](PowerShell/Readme.md#hashcat) view
 
 ## 2.7 - 2015-09-30
 - Added the `about_DSInternals` help page (work in progress)
-- Fixed a bug in the `Set-ADDBPrimaryGroup` cmdlet
+- Fixed a bug in the [Set-ADDBPrimaryGroup](PowerShell/Set-ADDBPrimaryGroup.md#set-addbprimarygroup) cmdlet
 
 ## 2.6 - 2015-09-21
-- Implemented CRC checks in the `Get-ADReplAccount` cmdlet
-- The `Get-ADReplAccount` cmdlet now displays meaningful error messages on 64-bit systems
-- The `-Server` parameter of the `Get-ADReplAccount` is now compulsory instead of localhost being default
-- The `Get-ADReplAccount` and `Set-SamAccountPasswordHash` cmdlets now display a warning in case they are supplied with a DNS domain name instead of a NetBIOS one.
+- Implemented CRC checks in the [Get-ADReplAccount](PowerShell/Get-ADReplAccount.md#get-adreplaccount) cmdlet
+- The [Get-ADReplAccount](PowerShell/Get-ADReplAccount.md#get-adreplaccount) cmdlet now displays meaningful error messages on 64-bit systems
+- The `-Server` parameter of the [Get-ADReplAccount](PowerShell/Get-ADReplAccount.md#get-adreplaccount) is now compulsory instead of localhost being default
+- The [Get-ADReplAccount](PowerShell/Get-ADReplAccount.md#get-adreplaccount) and [Set-SamAccountPasswordHash](PowerShell/Set-SamAccountPasswordHash.md#set-samaccountpasswordhash) cmdlets now display a warning in case they are supplied with a DNS domain name instead of a NetBIOS one.
 - Fixed a bug in SupplementalCredentials parsing
 
 ## 2.5 - 2015-09-14
 - Both x86 and x64 platforms are now supported.
 - A few parameters have been changed and new aliases added.
-- Fixed a bug in the `Add-ADDBSidHistory` cmdlet.
+- Fixed a bug in the [Add-ADDBSidHistory](PowerShell/Add-ADDBSidHistory.md#add-addbsidhistory) cmdlet.
 
 ## 2.4 - 2015-09-05
-- Fixed a bug regarding distinguished name parsing in the `Get-ADDBAccount` cmdlet
-- Removed a big memory leak in the `Get-ADReplAccount` cmdlet
-- Added the `Get-ADReplicationAccount` alias for `Get-ADReplAccount`
+- Fixed a bug regarding distinguished name parsing in the [Get-ADDBAccount](PowerShell/Get-ADDBAccount.md#get-addbaccount) cmdlet
+- Removed a big memory leak in the [Get-ADReplAccount](PowerShell/Get-ADReplAccount.md#get-adreplaccount) cmdlet
+- Added the `Get-ADReplicationAccount` alias for [Get-ADReplAccount](PowerShell/Get-ADReplAccount.md#get-adreplaccount)
 - Updated AutoMapper to the latest version
 - Switched to the official build of Microsoft's Managed Esent libraries
 - The module has been published in PowerShell Gallery.
 
 ## 2.3
-- Parameter `-SystemHiveFilePath` of the `Get-BootKey` cmdlet is now positional
+- Parameter `-SystemHiveFilePath` of the [Get-BootKey](PowerShell/Get-BootKey.md#get-bootkey) cmdlet is now positional
 - Added the Readme.txt file with system requirements
-- Fixed a bug in distinguished name parsing that caused the `Get-ADReplAccount` cmdlet to fail under some circumstances
+- Fixed a bug in distinguished name parsing that caused the [Get-ADReplAccount](PowerShell/Get-ADReplAccount.md#get-adreplaccount) cmdlet to fail under some circumstances
 
 ## 2.2
 ### Changed
@@ -245,53 +245,53 @@ All notable changes to this project will be documented in this file. The format
 - Fixed a bug in SupplementalCredentials parsing
 
 ## 2.1
-- The `Get-ADReplAccount` cmdlet can now retrieve all accounts from AD or just a sigle one
+- The [Get-ADReplAccount](PowerShell/Get-ADReplAccount.md#get-adreplaccount) cmdlet can now retrieve all accounts from AD or just a sigle one
 - Added Microsoft Visual C++ 2013 Runtime libraries to the distribution
 - The module is now 64-bit only
 - Minor bug fixes
 
 ## 2.0 - 2015-07-14
-- Added the `Get-ADDBAccount` cmdlet
-- Added the `Get-BootKey` cmdlet
-- Added the `Get-ADReplAccount` cmdlet
-- Added the `Remove-ADDBObject` cmdlet
-- Added the `Format-Hex` cmdlet
+- Added the [Get-ADDBAccount](PowerShell/Get-ADDBAccount.md#get-addbaccount) cmdlet
+- Added the [Get-BootKey](PowerShell/Get-BootKey.md#get-bootkey) cmdlet
+- Added the [Get-ADReplAccount](PowerShell/Get-ADReplAccount.md#get-adreplaccount) cmdlet
+- Added the [Remove-ADDBObject](PowerShell/Remove-ADDBObject.md#remove-addbobject) cmdlet
+- Added the [ConvertTo-Hex](PowerShell/ConvertTo-Hex.md#convertto-hex) cmdlet
 - Merged the `DSInternals.Cryptography` assembly into `DSInternals.Common`
 - Minor bug fixes
 
 ## 1.6
 ### Added
-- Added the `Set-ADDBDomainController` cmdlet
-- Added the `Get-ADDBSchemaAttribute` cmdlet
+- Added the [Set-ADDBDomainController](PowerShell/Set-ADDBDomainController.md#set-addbdomaincontroller) cmdlet
+- Added the [Get-ADDBSchemaAttribute](PowerShell/Get-ADDBSchemaAttribute.md#get-addbschemaattribute) cmdlet
 
 ## 1.5
 ### Added
-- Added the `Get-ADDBDomainController` cmdlet
+- Added the [Get-ADDBDomainController](PowerShell/Get-ADDBDomainController.md#get-addbdomaincontroller) cmdlet
 
 ## 1.4 - 2015-05-31
 ### Added
-- Added the `Set-ADDBPrimaryGroup` cmdlet
+- Added the [Set-ADDBPrimaryGroup](PowerShell/Set-ADDBPrimaryGroup.md#set-addbprimarygroup) cmdlet
 
 ### Fixed
-- The `Add-ADDBSidHistory` cmdlet now supports relative file paths
+- The [Add-ADDBSidHistory](PowerShell/Add-ADDBSidHistory.md#add-addbsidhistory) cmdlet now supports relative file paths
 
 ## 1.3.1
 ### Fixed
 - Fixed a bug in the Microsoft.Isam.Esent.Interop library,
-  that prevented the `Add-ADDBSidHistory` cmdlet to run on Windows Server 2008 R2
+  that prevented the [Add-ADDBSidHistory](PowerShell/Add-ADDBSidHistory.md#add-addbsidhistory) cmdlet to run on Windows Server 2008 R2
 
 ## 1.3 - 2015-05-24
 ### Added
-- Added the `Add-ADDBSidHistory` cmdlet
+- Added the [Add-ADDBSidHistory](PowerShell/Add-ADDBSidHistory.md#add-addbsidhistory) cmdlet
 
 ## 1.2
 ### Added
-- Added the `ConvertTo-GPPrefPassword` cmdlet
+- Added the [ConvertTo-GPPrefPassword](PowerShell/ConvertTo-GPPrefPassword.md#convertto-gpprefpassword) cmdlet
 
 ## 1.1
 ### Added
-- Added the `ConvertTo-OrgIdHash` cmdlet
-- Added the `ConvertFrom-GPPrefPassword` cmdlet
+- Added the [ConvertTo-OrgIdHash](PowerShell/ConvertTo-OrgIdHash.md#convertto-orgidhash) cmdlet
+- Added the [ConvertFrom-GPPrefPassword](PowerShell/ConvertFrom-GPPrefPassword.md#convertfrom-gpprefpassword) cmdlet
 
 ## 1.0 - 2015-01-20
 Initial release!
diff --git a/Documentation/PowerShell/Readme.md b/Documentation/PowerShell/Readme.md
index fa50f5a..5fae11d 100644
--- a/Documentation/PowerShell/Readme.md
+++ b/Documentation/PowerShell/Readme.md
@@ -13,80 +13,80 @@ The DSInternals PowerShell Module exposes several internal features of Active Di
 
 ## Cmdlets for Offline Active Directory Operations
 
-### [Get-ADDBAccount](Get-ADDBAccount.md)
+### [Get-ADDBAccount](Get-ADDBAccount.md#get-addbaccount)
 Reads one or more accounts from a ntds.dit file, including secret attributes.
 
-### [Enable-ADDBAccount](Enable-ADDBAccount.md)
+### [Enable-ADDBAccount](Enable-ADDBAccount.md#enable-addbaccount)
 Enables an Active Directory account in an offline ntds.dit file.
 
-### [Disable-ADDBAccount](Disable-ADDBAccount.md)
+### [Disable-ADDBAccount](Disable-ADDBAccount.md#disable-addbaccount)
 Disables an Active Directory account in an offline ntds.dit file.
 
-### [Add-ADDBSidHistory](Add-ADDBSidHistory.md)
+### [Add-ADDBSidHistory](Add-ADDBSidHistory.md#add-addbsidhistory)
 Adds one or more values to the sIDHistory attribute of an object in a ntds.dit file.
 
-### [Set-ADDBAccountPassword](Set-ADDBAccountPassword.md)
+### [Set-ADDBAccountPassword](Set-ADDBAccountPassword.md#set-addbaccountpassword)
 Sets the password for a user, computer, or service account stored in a ntds.dit file.
 
-### [Set-ADDBAccountPasswordHash](Set-ADDBAccountPasswordHash.md)
+### [Set-ADDBAccountPasswordHash](Set-ADDBAccountPasswordHash.md#set-addbaccountpasswordhash)
 Sets the password hash for a user, computer, or service account stored in a ntds.dit file.
 
-### [Set-ADDBPrimaryGroup](Set-ADDBPrimaryGroup.md)
+### [Set-ADDBPrimaryGroup](Set-ADDBPrimaryGroup.md#set-addbprimarygroup)
 Modifies the primaryGroupId attribute of an object in a ntds.dit file.
 
-### [Get-ADDBBackupKey](Get-ADDBBackupKey.md)
+### [Get-ADDBBackupKey](Get-ADDBBackupKey.md#get-addbbackupkey)
 Reads the DPAPI backup keys from a ntds.dit file.
 
-### [Get-ADDBKdsRootKey](Get-ADDBKdsRootKey.md)
+### [Get-ADDBKdsRootKey](Get-ADDBKdsRootKey.md#get-addbkdsrootkey)
 Reads KDS Root Keys from a ntds.dit. file. Can be used to aid DPAPI-NG decryption, e.g. SID-protected PFX files.
 
-### [Get-ADDBDomainController](Get-ADDBDomainController.md)
+### [Get-ADDBDomainController](Get-ADDBDomainController.md#get-addbdomaincontroller)
 Reads information about the originating DC from a ntds.dit file, including domain name, domain SID, DC name and DC site.
 
-### [Set-ADDBDomainController](Set-ADDBDomainController.md)
+### [Set-ADDBDomainController](Set-ADDBDomainController.md#set-addbdomaincontroller)
 Writes information about the DC to a ntds.dit file, including the highest committed USN and database epoch.
 
-### [Get-ADDBSchemaAttribute](Get-ADDBSchemaAttribute.md)
+### [Get-ADDBSchemaAttribute](Get-ADDBSchemaAttribute.md#get-addbschemaattribute)
 Reads AD schema from a ntds.dit file, including datatable column names.
 
-### [Get-BootKey](Get-BootKey.md)
+### [Get-BootKey](Get-BootKey.md#get-bootkey)
 Reads the Boot Key (AKA SysKey or System Key) from an online or offline SYSTEM registry hive.
 
-### [Set-ADDBBootKey](Set-ADDBBootKey.md)
+### [Set-ADDBBootKey](Set-ADDBBootKey.md#set-addbbootkey)
 Re-encrypts a ntds.dit file with a new BootKey/SysKey. Highly experimental!
 
-### [Remove-ADDBObject](Remove-ADDBObject.md)
+### [Remove-ADDBObject](Remove-ADDBObject.md#remove-addbobject)
 Physically removes specified object from a ntds.dit file, making it semantically inconsistent. Highly experimental!
 
 ## Cmdlets for Online Active Directory Operations
 
-### [Get-ADReplAccount](Get-ADReplAccount.md)
+### [Get-ADReplAccount](Get-ADReplAccount.md#get-adreplaccount)
 Reads one or more accounts through the MS-DRSR protocol, including secret attributes.
 
-### [Get-ADReplBackupKey](Get-ADReplBackupKey.md)
+### [Get-ADReplBackupKey](Get-ADReplBackupKey.md#get-adreplbackupkey)
 Reads the DPAPI backup keys through the MS-DRSR protocol.
 
-### [Get-SamPasswordPolicy](Get-SamPasswordPolicy.md)
+### [Get-SamPasswordPolicy](Get-SamPasswordPolicy.md#get-sampasswordpolicy)
 Queries Active Directory for the default password policy.
 
-### [Set-SamAccountPasswordHash](Set-SamAccountPasswordHash.md)
+### [Set-SamAccountPasswordHash](Set-SamAccountPasswordHash.md#set-samaccountpasswordhash)
 Sets NT and LM hashes of an Active Directory or local account through the MS-SAMR protocol.
 
-### [Get-ADSIAccount](Get-ADSIAccount.md)
+### [Get-ADSIAccount](Get-ADSIAccount.md#get-adsiaccount)
 Gets all Active Directory user accounts from a given domain controller using ADSI. Typically used for Credential Roaming data retrieval through LDAP.
 
-### [Get-LsaBackupKey](Get-LsaBackupKey.md)
+### [Get-LsaBackupKey](Get-LsaBackupKey.md#get-lsabackupkey)
 Reads the DPAPI backup keys from a domain controller through the LSARPC protocol.
 
-### [Get-LsaPolicyInformation](Get-LsaPolicyInformation.md)
+### [Get-LsaPolicyInformation](Get-LsaPolicyInformation.md#get-lsapolicyinformation)
 Retrieves AD-related information from the Local Security Authority Policy of the local computer or a remote one.
 
-### [Set-LsaPolicyInformation](Set-LsaPolicyInformation.md)
+### [Set-LsaPolicyInformation](Set-LsaPolicyInformation.md#set-lsapolicyinformation)
 Configures AD-related Local Security Authority Policies of the local computer or a remote one.
 
 ## Password Hash Export Formats
 
-The output of the [Get-ADDBAccount](Get-ADDBAccount.md) and [Get-ADReplAccount](Get-ADReplAccount.md) cmdlets can be formatted using the following custom [Views](https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.utility/format-custom) to support different password cracking tools. ASCII file encoding is strongly recommended.
+The output of the [Get-ADDBAccount](Get-ADDBAccount.md#get-addbaccount) and [Get-ADReplAccount](Get-ADReplAccount.md#get-adreplaccount) cmdlets can be formatted using the following custom [Views](https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.utility/format-custom) to support different password cracking tools. ASCII file encoding is strongly recommended.
 
 ### Hashcat
 
@@ -129,48 +129,48 @@ Get-ADReplAccount -All -NamingContext 'DC=adatum,DC=com' -Server LON-DC1 | Forma
 
 ## Cmdlets for Password Hash Calculation
 
-### [ConvertTo-KerberosKey](ConvertTo-KerberosKey.md)
+### [ConvertTo-KerberosKey](ConvertTo-KerberosKey.md#convertto-kerberoskey)
 Computes Kerberos keys from a given password using Kerberos version 5 Key Derivation Functions.
 
-### [ConvertTo-NTHash](ConvertTo-NTHash.md)
+### [ConvertTo-NTHash](ConvertTo-NTHash.md#convertto-nthash)
 Calculates NT hash of a given password.
 
-### [ConvertTo-LMHash](ConvertTo-LMHash.md)
+### [ConvertTo-LMHash](ConvertTo-LMHash.md#convertto-lmhash)
 Calculates LM hash of a given password.
 
-### [ConvertTo-OrgIdHash](ConvertTo-OrgIdHash.md)
+### [ConvertTo-OrgIdHash](ConvertTo-OrgIdHash.md#convertto-orgidhash)
 Calculates OrgId hash of a given password. Used by Azure Active Directory Connect.
 
 ## Cmdlets for Credential Decryption
 
-### [Save-DPAPIBlob](Save-DPAPIBlob.md)
-Saves DPAPI and Credential Roaming data returned by the [Get-ADReplBackupKey](Get-ADReplBackupKey.md), [Get-ADDBBackupKey](Get-ADDBBackupKey.md), [Get-ADReplAccount](Get-ADReplAccount.md), [Get-ADDBAccount](Get-ADDBAccount.md) and [Get-ADSIAccount](Get-ADSIAccount.md) cmdlets to files for further processing.
+### [Save-DPAPIBlob](Save-DPAPIBlob.md#save-dpapiblob)
+Saves DPAPI and Credential Roaming data returned by the [Get-ADReplBackupKey](Get-ADReplBackupKey.md#get-adreplbackupkey), [Get-ADDBBackupKey](Get-ADDBBackupKey.md#get-addbbackupkey), [Get-ADReplAccount](Get-ADReplAccount.md#get-adreplaccount), [Get-ADDBAccount](Get-ADDBAccount.md#get-addbaccount) and [Get-ADSIAccount](Get-ADSIAccount.md#get-adsiaccount) cmdlets to files for further processing.
 
-### [ConvertFrom-ADManagedPasswordBlob](ConvertFrom-ADManagedPasswordBlob.md)
+### [ConvertFrom-ADManagedPasswordBlob](ConvertFrom-ADManagedPasswordBlob.md#convertfrom-admanagedpasswordblob)
 Decodes the value of the msDS-ManagedPassword attribute of a Group Managed Service Account.
 
-### [Get-ADKeyCredential](Get-ADKeyCredential.md)
+### [Get-ADKeyCredential](Get-ADKeyCredential.md#get-adkeycredential)
 Creates an object representing Windows Hello for Business credentials from its binary representation or an X.509 certificate.
 
-### [ConvertFrom-GPPrefPassword](ConvertFrom-GPPrefPassword.md)
+### [ConvertFrom-GPPrefPassword](ConvertFrom-GPPrefPassword.md#convertfrom-gpprefpassword)
 Decodes a password from the format used by Group Policy Preferences.
 
-### [ConvertTo-GPPrefPassword](ConvertTo-GPPrefPassword.md)
+### [ConvertTo-GPPrefPassword](ConvertTo-GPPrefPassword.md#convertto-gpprefpassword)
 Converts a password to the format used by Group Policy Preferences.
 
-### [ConvertFrom-UnicodePassword](ConvertFrom-UnicodePassword.md)
+### [ConvertFrom-UnicodePassword](ConvertFrom-UnicodePassword.md#convertfrom-unicodepassword)
 Decodes a password from the format used in unattend.xml files.
 
-### [ConvertTo-UnicodePassword](ConvertTo-UnicodePassword.md)
+### [ConvertTo-UnicodePassword](ConvertTo-UnicodePassword.md#convertto-unicodepassword)
 Converts a password to the format used in unattend.xml or *.ldif files.
 
 ## Miscellaneous Cmdlets
 
-### [New-ADDBRestoreFromMediaScript](New-ADDBRestoreFromMediaScript.md)
+### [New-ADDBRestoreFromMediaScript](New-ADDBRestoreFromMediaScript.md#new-addbrestorefrommediascript)
 Generates a PowerShell script that can be used to restore a domain controller from an IFM-equivalent backup (i.e. ntds.dit + SYSVOL).
 
-### [Test-PasswordQuality](Test-PasswordQuality.md)
-Performs AD audit, including checks for weak, duplicate, default and empty passwords. Accepts input from the [Get-ADReplAccount](Get-ADReplAccount.md) and [Get-ADDBAccount](Get-ADDBAccount.md) cmdlets.
+### [Test-PasswordQuality](Test-PasswordQuality.md#test-passwordquality)
+Performs AD audit, including checks for weak, duplicate, default and empty passwords. Accepts input from the [Get-ADReplAccount](Get-ADReplAccount.md#get-adreplaccount) and [Get-ADDBAccount](Get-ADDBAccount.md#get-addbaccount) cmdlets.
 
-### [ConvertTo-Hex](ConvertTo-Hex.md)
+### [ConvertTo-Hex](ConvertTo-Hex.md#convertto-hex)
 Helper cmdlet that converts binary input to a hexadecimal string.