Using Powershell to perform DC health Checks.

I’ve been dabbling in Powershell recently and decided to have a go at automating the health checks of our DC’s.

This script is very early days and is a work in progress.  Now that I have the basics down, I plan to spruce it up a bit by adding baseline comparisons and html reporting that will alert you of any relevant errors rather than currently having to trawl through separate log files.

My plan is to schedule the script to run on a weekly basis and email the results to our Systems Team.

I’ll post the new script anytime I add anything significant.

NB: This script is Powershell 2 friendly!

 

<#
.SYNOPSIS
Performs an Active Directory Health Check.

.DESCRIPTION
- Runs the Best Practices Analyzer against Active Directory and creates a log file showing everything except Informational messages.
- Runs DCDIAG with the following parameters: /a /c /v
/a =Tests all servers in this site
/c = Comprehensive. Runs all tests except DCPROMO and RegisterInDNS.
/v= Verbose. Outputs extended information.
- Runs REPADMIN with the /replsummary parameter. This command identifies domain controllers that are failing inbound replication or outbound replication and summarises the results in a report.

.PARAMETER LogPath
A path where the log files will be placed. Do not include a backslash (\) as the last character.

.EXAMPLE
Get-ADHealth

Runs the AD Health Check and places the log files in the root directory C:\

.EXAMPLE
Get-ADHealth -LogPath c:\ADLogs

Runs the AD Health Check and places the logfiles in the directory c:\ADLogs If the directory does not exist, it is created.

.EXAMPLE
Get-ADHealth c:\MyLogs\ADLogs

Runs the AD Health Check and places the logfiles in the directory c:\MyLogs\ADLogs If the directory does not exist, it is created.

#>
param (
[string] $LogPath = "C:"
)

# Function to create the logfile directory specified by the parameter if it does not exist.
function DirCheck {
if (!(Test-Path $Logpath)) {
New-Item -Force -Path $Logpath -ItemType directory
}
}
# Call function to check for directory existence..if not, create it.
DirCheck

#Set paths etc to our vars.
$BPAModel = "Microsoft/Windows/DirectoryServices"

#Import Best Practices Analyzer.
Import-Module BestPractices

CLS
Write-Output "**********************************************************************************"
Write-Output "Please wait while the Best Practice Analyser runs - this may take a few minutes..."
Write-Output "**********************************************************************************"

#Start the analyzer.
Invoke-BpaModel -id $BPAModel

#Get the results - we are not interested in any Informational errors...
Get-BpaResult -id $BPAModel | Where-Object {$_.severity -ne "Information"} | Out-File -FilePath $logpath\BestPracticesWarnings.log

CLS
Write-Output "**************************************************************"
Write-Output "Please wait while DCDIAG runs - this may take a few minutes..."
Write-Output "**************************************************************"

#Run DCDIAG.
&cmd /c dcdiag /a /c /v | Out-File -FilePath $LogPath\DCDiag.log

#Run replication checks.
Write-Output ""
Write-Output ""
Write-Output "****************************************************************"
Write-Output "Please wait while repadmin runs - this may take a few minutes..."
Write-Output "****************************************************************"

&cmd /c repadmin /replsummary /bysrc /bydest /sort:delta | out-file -FilePath $LogPath\Replication.Log

cls

Write-Output "Health Check Complete."
Write-Output "----------------------"
Write-Output "Logs can be found here:"
Write-Output ""
Write-Output "Best Practices Analyzer Log: $LogPath\BestPracticesWarnings.log"
Write-Output ""
Write-Output "DCDiag Log: $LogPath\DCDiag.log"
Write-Output ""
Write-Output "Replication Log: $LogPath\Replication.log"

 

1 Comment

Leave a Reply

Your email address will not be published.


*