Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

need assistance with this technet script

Posted on 2014-12-25
12
Medium Priority
?
269 Views
Last Modified: 2016-09-07
hoping someone can test this script and let me know if you get the same results.

when I run it, the script immediately exits out. [does nothing]
this is straight off TechNet. I have tried on multiple win2k8 R2 servers:

here is the link: https://gallery.technet.microsoft.com/scriptcenter/AD-Forest-Health-Report-7d144755/view/Discussions#content

here is the code:
########################################
#Get-ADForestHealth V2
#By Winston McMiller
#Synoposis: script leverages Repadmin.exe and DCdiag.exe across the entire forest or domain to help analysis and troubleshooting. 


Param(
  [string]$filePath,
  [string]$Domain,
  [Switch]$Report
    )

$local = $env:Computername + "."+ $env:Userdnsdomain


Function WMIDateStringToDate($Bootup) {  
    [System.Management.ManagementDateTimeconverter]::ToDateTime($Bootup)  
} 

Function Get-ForestDNSAnalysis_Local{

                $adreporttxt = "ADREPORT for" + $domain + (Get-Date -Format M.d.yyyy.hh.mm.ss) +".txt"          
                $Dcdiag= dcdiag /test:DNS /v
                $DNSLog= $dcDiag -like "*invalid DNS server*" 
				$SRVLog= $dcDiag -like "*Missing SRV record*"
				$SRVLog2=$dcDiag -like "*Error details: 9003*"
                $CFLOG= $dcDiag -like "*Missing A record at DNS server*"
				$REP=repadmin /replsummary
                $w32tm = w32tm /monitor /computers:$dc /nowarn
                $icmp = ($w32tm -like "*ICMP*") -replace "ICMP:",""
                
                If($icmp -le "0ms"){$timestatus="Optimal"}
                IF($icmp -gt "300000ms"){$timestatus="Critical. Over 5 mins!"}
                If($icmp -gt "100000ms"){$timestatus="Possible Drift Warning"}
                
                $CPULOAD= Get-WmiObject win32_processor | Measure-Object -property LoadPercentage -Average | Select Average 
                $Systems = Get-WMIObject -class Win32_OperatingSystem -computer $dc  
                $NIC=Get-wmiobject -class Win32_NetworkAdapterConfiguration -filter "IPEnabled=True"
                $ComputerIP = $nic.IPaddress[0] 
				$dnsServers = $nic.dnsserversearchorder 
                              
                                foreach ($system in $Systems) {  
                                   $Bootup = $system.LastBootUpTime  
                                   $LastBootUpTime = WMIDateStringToDate $bootup  
                                   $now = Get-Date
                                   $Uptime = $now - $lastBootUpTime  
                                                               }                                                              
                                                    
                		$unreachableServers = foreach ($d in $dnsServers) {
						    try { 
				        if ((-not (Get-Service -Name Dns -ComputerName  $d -ErrorAction SilentlyContinue))  -as [Bool]) {
						        $d
						}
						    } catch {
						         $d
						    }
						    }

							    $ADreports=New-Object PSObject -Property @{
							    HasInvalidDNSServerIPs = $($unreachableServers -as [bool])
							    MissingSrvRecords = $($srvLog -as [bool])
							    MissingARecord = $($cflog -as [bool])
							    DnsServerSearchOrder= ($dnsServers -join ([Environment]::Newline))
							    Unreachable_DNS_ServersIP = ($unreachableServers -join ([Environment]::Newline))
                                Computer_IP_Address = $ComputerIP
							    ComputerName = $DC
                                Time_Status = $timestatus
                                Time_Sync = $ICMP
                                Last_Bootup = $LastBootUpTime
                                AverageCPULoad= $CPULOAD.Average
                                Replication_Summary= ( $rep -replace "Beginning data collection for replication summary, this may take awhile:" -join ([Environment]::Newline))}                         
                                
                                $adreports                                
                                             
              If($srvlog){
              Write-Host "Repairing Missing SRV record on $DC" -ForegroundColor Green
              nltest /dsregdns
              $Repadmin=Repadmin /syncall
                         }
                         
              $Nltest
              If($Nltest -like "*ERROR_NO_TRUST_SAM_ACCOUNT*"){
              test-computersecurechannel -repair
                                                              } 
                                                              
              If($timestatus = "Critical. Over 5 mins!"){
              w32tm /config /update
              w32tm /resync
              Stop-Service -Name w32time
              Start-Service -Name w32time
              Get-Date -Format hh.mm.ss
              Write-Host "Time Service configured for $DC...." -ForegroundColor Green 
              }                                                
              
              If($unreachableServers){
              Write-Host "Bad DNS IP:$unreachableServers on $DC" -ForegroundColor Green
  
              $title = "Delete the misconfigured IP"
              $message = "Do you want to delete the misconfigured IP from $DC? "

              $yes = New-Object System.Management.Automation.Host.ChoiceDescription "&Yes", `
                     "Deletes the misconfigured IP from the DNS search order."

$no = New-Object System.Management.Automation.Host.ChoiceDescription "&No", `
    "Retains the DNS search order."

$options = [System.Management.Automation.Host.ChoiceDescription[]]($yes, $no)

$result = $host.ui.PromptForChoice($title, $message, $options, 0) 

switch ($result)
    {
        0 {"You selected Yes."}
        1 {"You selected No."}
    }
If($result=0){
              netsh interface ipv4 delete dnsservers "local area Connection" $unreachableServers
              netsh interface ipv4 show dnsservers "local area Connection"
              $Repadmin
              }
                
               Write-Host "_______________________________________________________________________________________________________" -ForegroundColor Blue
               Write-Host " "
  }   
             IF($Report){$adreports >> $adreporttxt}  
  }                     

Function Get-ForestDNSAnalysis{
                
                $adreporttxt= "ADREPORT for" + $domain + (Get-Date -Format M.d.yyyy.hh.mm.ss) +".txt"  
                $Dcdiag = invoke-command -computername $DC -scriptblock {dcdiag /test:DNS /v}
                $DNSLog= $dcDiag -like "*invalid DNS server*" 
				$SRVLog= $dcDiag -like "*Missing SRV record*"
				$SRVLog2=$dcDiag -like "*Error details: 9003*"
				$CFLOG= $dcDiag -like "*Missing A record at DNS server*"
				$REP = invoke-command -computername $DC -scriptblock {repadmin /replsummary | where {$_ -ne ""}}
                $w32tm = invoke-command -computername $DC -scriptblock{w32tm /monitor /computers:$dc /nowarn}
                $icmp = ($w32tm -like "*ICMP*") -replace "ICMP:",""
                
                If($icmp[0] -le "0ms"){$timestatus="Optimal"}
                IF($icmp[0] -gt "300000ms"){$timestatus="Critical. Over 5 mins!"}
                If($icmp[0] -gt "100000ms"){$timestatus="Possible Drift Warning"}
                
                $CPULOAD = invoke-command -computername $DC -scriptblock {Get-WmiObject win32_processor | Measure-Object -property LoadPercentage -Average | Select Average }
                $Systems = invoke-command -computername $DC -scriptblock {Get-WMIObject -class Win32_OperatingSystem}
                $Nic=invoke-command -computername $DC -scriptblock {Get-wmiobject -class Win32_NetworkAdapterConfiguration -filter "IPEnabled=True"}
                $ComputerIP = $nic.IPaddress[0] 
				$dnsServers = $nic.dnsserversearchorder 
                              
                                foreach ($system in $Systems) {  
                                   $Bootup = $system.LastBootUpTime  
                                   $LastBootUpTime = WMIDateStringToDate $bootup  
                                   $now = Get-Date
                                   $Uptime = $now - $lastBootUpTime  
                                   $d = $Uptime.Days  
                                   $h = $Uptime.Hours  
                                   $m = $uptime.Minutes  
                                   $ms= $uptime.Milliseconds  
                                                                 }  
			        
						$unreachableServers = foreach ($d in $dnsServers) {
						    try { 
				            if ((-not (Get-Service -Name Dns -ComputerName  $d -ErrorAction SilentlyContinue))  -as [Bool]) {
						        $d
						}
						    } catch {
						         $d
						    }
						    }

							    $adreports=New-Object PSObject -Property @{
							    HasInvalidDNSServerIPs = $($unreachableServers -as [bool])
							    MissingSrvRecords = $($srvLog -as [bool])
							    MissingARecord = $($cflog -as [bool])
							    DnsServerSearchOrder= ($dnsServers -join ([Environment]::Newline))
							    Unreachable_DNS_ServersIP = ($unreachableServers -join ([Environment]::Newline))
                                Computer_IP_Address = $ComputerIP
							    ComputerName = $DC
                                Time_Status = $timestatus
                                Time_Sync = $ICMP
                                Last_Bootup = $LastBootUpTime
                                AverageCPULoad= $CPULOAD.Average
                                Replication_Summary= ( $rep -replace "Beginning data collection for replication summary, this may take awhile:" -join ([Environment]::Newline))}                         
                   
                   $adreports
                   
                                             
              If($srvlog){
              Write-Host "Repairing Missing SRV record on $DC" -ForegroundColor Green
              $Nltest=invoke-command -computername $DC -scriptblock {nltest /dsregdns}
              $Repadmin=invoke-command -computername $DC -scriptblock {Repadmin /syncall}
                         }
                         
              $Nltest
              If($Nltest -like "*ERROR_NO_TRUST_SAM_ACCOUNT*"){
              invoke-command -computername $DC -scriptblock {test-computersecurechannel -repair}

              If($timestatus = "Critical. Over 5 mins!"){
              invoke-command -computername $DC -scriptblock {w32tm /config /update}
              invoke-command -computername $DC -scriptblock {Stop-Service -Name w32time}
              invoke-command -computername $DC -scriptblock {Start-Service -Name w32time}
              invoke-command -ComputerName $DC -ScriptBlock {w32tm /resync}
              invoke-command -computername $DC -scriptblock {Get-Date -Format hh.mm.ss}
              Write-Host "Time Service configured for $DC...." -ForegroundColor Green 
              }
                                                              }   
              
              If($unreachableServers){
              Write-Host "Bad DNS IP:$unreachableServers on $DC" -ForegroundColor Green
  
              $title = "Delete the misconfigured IP"
              $message = "Do you want to delete the misconfigured IP from $DC? "

              $yes = New-Object System.Management.Automation.Host.ChoiceDescription "&Yes", `
                     "Deletes the misconfigured IP from the DNS search order."

$no = New-Object System.Management.Automation.Host.ChoiceDescription "&No", `
    "Retains the DNS search order."

$options = [System.Management.Automation.Host.ChoiceDescription[]]($yes, $no)

$result = $host.ui.PromptForChoice($title, $message, $options, 0) 

switch ($result)
    {
        0 {"You selected Yes."}
        1 {"You selected No."}
    }
If($result=0){
              invoke-command -computername $DC -scriptblock {netsh interface ipv4 delete dnsservers "local area Connection" $args[0] } -Args $unreachableServers
              invoke-command -computername $DC -scriptblock {netsh interface ipv4 show dnsservers "local area Connection"}
              $Repadmin
              }
                IF($Report){$adreports >> $adreporttxt}
  
  }
                Write-Host "_______________________________________________________________________________________________________" -ForegroundColor Blue
               Write-Host " "
  }
              
If($Domain){
Write-Host "Enumerating $Domain Domain...." -ForegroundColor Green
  ipmo activedirectory
                $DCS=(get-addomain $domain).ReplicaDirectoryServers
                Foreach($DC in $DCS){
                If($local -eq $DC){Get-ForestDNSAnalysis_Local}
                If($local -ne $DC){Get-ForestDNSAnalysis}
} 
}
    
If($filePath){
$Domains=Get-Content $filepath
ForEach($Domain in $Domains){
Write-Host "Enumerating $Domain Domain...." -ForegroundColor Green
$DCS=(get-addomain $domain).ReplicaDirectoryServers
                Foreach($DC in $DCS){
                If($local -eq $DC){Get-ForestDNSAnalysis_Local}
                If($local -ne $DC){Get-ForestDNSAnalysis}
                            }
            }
            }

Open in new window

0
Comment
Question by:siber1
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
  • 2
  • +1
12 Comments
 
LVL 17

Expert Comment

by:bigeven2002
ID: 40517693
Hello,
I did some quick research on the issue.  Since this is a remote script, it requires changing powershell's execution policy.  First, make sure you are logged in as an administrator account and that no other users are logged into the machine (fast user switching).

Next, right-click on the ps1 script and choose properties.  Then click Unblock at the bottom of the General tab.  Then apply, OK.

Then, right-c;lick the file and choose Edit.  This should open the file with powershell_ise.exe.  In the bottom pane, type in
get-executionpolicy

Open in new window


This will probably return Restricted.  So type this to change it:
set-executionpolicy remotesigned

Open in new window

Click Yes to the prompt indicating you are sure to change it.  Then run the get-executionpolicy again to verify it has changed.  Then try executing the script by clicking the green arrow button at the top.
0
 

Author Comment

by:siber1
ID: 40517697
hi, I just unblocked and ran the execution policy command and same result. it immediately exits out when running it. does it run for you?
0
 
LVL 17

Expert Comment

by:bigeven2002
ID: 40517699
Upon further inspection, I got the same result as you, the script exits with no output.  My AD functional level is still Windows 2000.  Perhaps it needs to be a later level.  Is yours a 2003 or higher?

Also, are you running the script from a workstation or a server?
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 

Author Comment

by:siber1
ID: 40517700
functional level is win2008 / running directly from a server [have tried multiple same result]
0
 
LVL 17

Expert Comment

by:bigeven2002
ID: 40517712
ok thanks for letting me know.  what version of powershell are you running?
0
 

Author Comment

by:siber1
ID: 40517716
v2   [win2k8 R2 server]
0
 
LVL 17

Expert Comment

by:bigeven2002
ID: 40517739
Well, I tried updating to PS v4 but that didn't help.  I'm afraid I am stumped on this one.  You can try this too if preferred but it may not have any effect:
One the Windows 2008 R2 server:
Install .Net Framework 4.5.1
Install Windows Management Framework 4.0
Reboot the server.
Open PowerShell as administrator
powershell -version 4.0
$psversiontable

Open in new window

According to the PS1 script download page, no further items are needed with the latest code available.  So at this point, someone else will have to chime in.  Sorry I could not be of more help.
0
 

Author Comment

by:siber1
ID: 40517742
thanks, I did try installing the latest version of .net framework and same result. immediately exits / zero results. you'd think a script posted on TechNet would actually work  ; )
0
 
LVL 40

Accepted Solution

by:
Subsun earned 2000 total points
ID: 40517751
Try running it with domain parameter..
.\get-ADForestHealthV2.ps1 -Domain Domain.com

Open in new window

As per the article the script leverages Repadmin.exe and DCdiag.exe, you you need to have the Support Tools installed on the computer which you run the script and also the PowerShell AD module..
0
 

Author Closing Comment

by:siber1
ID: 40517757
thank you Subsun, that worked!   :)
0
 
LVL 40

Expert Comment

by:Subsun
ID: 40517760
Nice..:-)
0
 
LVL 8

Expert Comment

by:Senior IT System Engineer
ID: 41788965
Hi siber1,

Does the script only performs read only test or modify something in the AD domain ?
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
Know the reasons and solutions to move/import EDB to New Exchange Server. Also, find out how to recover an Exchange .edb file and to restore the file back.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
Suggested Courses

704 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question