Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 283
  • Last Modified:

need some help in modifying Powershell script to get the NTP status for all domain controllers

Hi,

Can anyone here please assist me in how to get the NTP configuration setting for all domain controllers uisng Powershell below ?

$DomainControllers = Get-DomainController

Write-Verbose "Check Domain Time Configuration `r"
ForEach ($DC in $DomainControllers) { 
	$ADTimeCheck = w32tm /monitor /computers:$DC
	$ADTimeCheck1 = $ADTimeCheck -split ("ICMP: ")
	$ADTimeCheck2 = $ADTimeCheck1 -split ("NTP: ")
	$ADTimeCheck3 = $ADTimeCheck2 -split ("RefID: ")
	$ADTimeCheckICMP = $ADTimeCheck3[13]
	$ADTimeCheckNTP = $ADTimeCheck3[15]
	[array]$DomainNTPStatus += "$DC,$ADTimeCheckICMP,$ADTimeCheckNTP"
}

$DomainNTPStatus

Open in new window


because when I use the Powershell script above, it failed with no result.

Note: the Get-DomainController cmdlet is from the Exchange Server 2010 powershell.

Thanks in advance.
0
Senior IT System Engineer
Asked:
Senior IT System Engineer
3 Solutions
 
LearnctxEngineerCommented:
Edit: Sorry I've just realised you're using Get-DomainController and not Get-ADDomainController. Why not use the AD cmdlet instead of the Exchange cmdlet? Surely the Exchange server would have this cmdlet available?

I've edited the below for Get-ADDomainController instead of Get-DomainController.

Import-Module ActiveDirectory
$DomainControllers = Get-ADDomainController -Filter *

Write-Verbose "Check Domain Time Configuration `r"
ForEach ($DC in $DomainControllers) { 
	$ADTimeCheck = w32tm /monitor /computers:$DC.Name
	$ADTimeCheck1 = $ADTimeCheck -split ("ICMP: ")
	$ADTimeCheck2 = $ADTimeCheck1 -split ("NTP: ")
	$ADTimeCheck3 = $ADTimeCheck2 -split ("RefID: ")
	$ADTimeCheckICMP = $ADTimeCheck3[13]
	$ADTimeCheckNTP = $ADTimeCheck3[15]
	[array]$DomainNTPStatus += "$DC.Name,$ADTimeCheckICMP,$ADTimeCheckNTP"
}

$DomainNTPStatus

Open in new window

0
 
Senior IT System EngineerIT ProfessionalAuthor Commented:
Thanks for the quick reply, but somehow i got the following weird result:

,,
domain.com/Configuration/Sites/HQ/Servers/HQDC01,,
domain.com/Configuration/Sites/DataCentre/Servers/DCDC01,,
domain.com/Configuration/Sites/DataCentre/Servers/DCDC02,,
domain.com/Configuration/Sites/DataCentre/Servers/DCDC03,,
domain.com/Configuration/Sites/Branch1/Servers/BRANCH2012DC01,,
Microsoft.ActiveDirectory.Management.ADDomainController.Name,,
Microsoft.ActiveDirectory.Management.ADDomainController.Name,,
Microsoft.ActiveDirectory.Management.ADDomainController.Name,,
Microsoft.ActiveDirectory.Management.ADDomainController.Name,,
Microsoft.ActiveDirectory.Management.ADDomainController.Name,,

0
 
Senior IT System EngineerIT ProfessionalAuthor Commented:
This is the value of the variable:

$ADTimeCheck

{Analyzing Microsoft.ActiveDirectory.Management.ADDomainController.Name (1 of 1)..., error WSAHOST_NOT_FOUND], ,  ,  , Microsoft.ActiveDirectory.Management.ADDomainController.Name [}

Do I have to run it from the Domain Controller or it can be executed from my laptop using the PowerGUI script editor ?

all of the hosts from the previous result are online and ping-able.
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
frankhelkCommented:
Even while it's a bit off topic ... such woes are one reason for me to avoid W32time whenever I can.

My recommendation:

Use a Windows port of the classic *ix NTP service on your servers. The status could be retrieved remote with a single command (ntpq -p <ip/name>) and the configuration is a very simple plaintext file. The NTP service software is free. Easy to install and configure, works like a charm and is stable as a rock. And it is nicer when it comes to one of the rare cases of troubleshooting.

See this article for the "How To".

The NTP service has a low ressource footprint, therefore the NTP functionality could be hooked onto existing machines or VM's like webservers, ftp servers, mailservers or database hosts - even in a DMZ - without visible performance impact.

If securtity is an issue, you might as well place radio controlled clock appliances into your LAN who serve time very reliable and precise.
0
 
footechCommented:
Corrected version of LearnCTX's.  But if you don't have the AD module you'll have to let us know.
Import-Module ActiveDirectory
$DomainControllers = Get-ADDomainController -Filter * | Select -expand Name

Write-Verbose "Check Domain Time Configuration `r"
ForEach ($DC in $DomainControllers) { 
	$ADTimeCheck = w32tm /monitor /computers:$DC
	$ADTimeCheck1 = $ADTimeCheck -split ("ICMP: ")
	$ADTimeCheck2 = $ADTimeCheck1 -split ("NTP: ")
	$ADTimeCheck3 = $ADTimeCheck2 -split ("RefID: ")
	$ADTimeCheckICMP = $ADTimeCheck3[13]
	$ADTimeCheckNTP = $ADTimeCheck3[15]
	[array]$DomainNTPStatus += "$DC,$ADTimeCheckICMP,$ADTimeCheckNTP"
}

$DomainNTPStatus

Open in new window

0
 
Senior IT System EngineerIT ProfessionalAuthor Commented:
Do i have to execute the command above in the domain controller or can I run it on my laptop running with PowerGUI ?
0
 
footechCommented:
You can run it on a workstation if it has RSAT tools installed so that the ActiveDirectory module is available.  Otherwise, it would have to be done from a domain controller (assuming Server 2008 R2 or newer).
0
 
Senior IT System EngineerIT ProfessionalAuthor Commented:
Thanks, it works.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now