Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

need some help in modifying Powershell script to get the NTP status for all domain controllers

Posted on 2015-02-10
8
Medium Priority
?
279 Views
Last Modified: 2015-02-12
Hi,

Can anyone here please assist me in how to get the NTP configuration setting for all domain controllers uisng Powershell below ?

$DomainControllers = Get-DomainController

Write-Verbose "Check Domain Time Configuration `r"
ForEach ($DC in $DomainControllers) { 
	$ADTimeCheck = w32tm /monitor /computers:$DC
	$ADTimeCheck1 = $ADTimeCheck -split ("ICMP: ")
	$ADTimeCheck2 = $ADTimeCheck1 -split ("NTP: ")
	$ADTimeCheck3 = $ADTimeCheck2 -split ("RefID: ")
	$ADTimeCheckICMP = $ADTimeCheck3[13]
	$ADTimeCheckNTP = $ADTimeCheck3[15]
	[array]$DomainNTPStatus += "$DC,$ADTimeCheckICMP,$ADTimeCheckNTP"
}

$DomainNTPStatus

Open in new window


because when I use the Powershell script above, it failed with no result.

Note: the Get-DomainController cmdlet is from the Exchange Server 2010 powershell.

Thanks in advance.
0
Comment
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 17

Assisted Solution

by:Learnctx
Learnctx earned 200 total points
ID: 40602360
Edit: Sorry I've just realised you're using Get-DomainController and not Get-ADDomainController. Why not use the AD cmdlet instead of the Exchange cmdlet? Surely the Exchange server would have this cmdlet available?

I've edited the below for Get-ADDomainController instead of Get-DomainController.

Import-Module ActiveDirectory
$DomainControllers = Get-ADDomainController -Filter *

Write-Verbose "Check Domain Time Configuration `r"
ForEach ($DC in $DomainControllers) { 
	$ADTimeCheck = w32tm /monitor /computers:$DC.Name
	$ADTimeCheck1 = $ADTimeCheck -split ("ICMP: ")
	$ADTimeCheck2 = $ADTimeCheck1 -split ("NTP: ")
	$ADTimeCheck3 = $ADTimeCheck2 -split ("RefID: ")
	$ADTimeCheckICMP = $ADTimeCheck3[13]
	$ADTimeCheckNTP = $ADTimeCheck3[15]
	[array]$DomainNTPStatus += "$DC.Name,$ADTimeCheckICMP,$ADTimeCheckNTP"
}

$DomainNTPStatus

Open in new window

0
 
LVL 8

Author Comment

by:Senior IT System Engineer
ID: 40602373
Thanks for the quick reply, but somehow i got the following weird result:

,,
domain.com/Configuration/Sites/HQ/Servers/HQDC01,,
domain.com/Configuration/Sites/DataCentre/Servers/DCDC01,,
domain.com/Configuration/Sites/DataCentre/Servers/DCDC02,,
domain.com/Configuration/Sites/DataCentre/Servers/DCDC03,,
domain.com/Configuration/Sites/Branch1/Servers/BRANCH2012DC01,,
Microsoft.ActiveDirectory.Management.ADDomainController.Name,,
Microsoft.ActiveDirectory.Management.ADDomainController.Name,,
Microsoft.ActiveDirectory.Management.ADDomainController.Name,,
Microsoft.ActiveDirectory.Management.ADDomainController.Name,,
Microsoft.ActiveDirectory.Management.ADDomainController.Name,,

0
 
LVL 8

Author Comment

by:Senior IT System Engineer
ID: 40602377
This is the value of the variable:

$ADTimeCheck

{Analyzing Microsoft.ActiveDirectory.Management.ADDomainController.Name (1 of 1)..., error WSAHOST_NOT_FOUND], ,  ,  , Microsoft.ActiveDirectory.Management.ADDomainController.Name [}

Do I have to run it from the Domain Controller or it can be executed from my laptop using the PowerGUI script editor ?

all of the hosts from the previous result are online and ping-able.
0
Introducing the WatchGuard 420 Access Point

WatchGuard's newest access point includes an 802.11ac Wave 2 chipset, providing the fastest speeds for VoIP, video and music streaming, and large data file transfers. Additionally, enjoy the benefits of strong security as the 3rd radio delivers dedicated WIPS protection!

 
LVL 14

Assisted Solution

by:frankhelk
frankhelk earned 200 total points
ID: 40603148
Even while it's a bit off topic ... such woes are one reason for me to avoid W32time whenever I can.

My recommendation:

Use a Windows port of the classic *ix NTP service on your servers. The status could be retrieved remote with a single command (ntpq -p <ip/name>) and the configuration is a very simple plaintext file. The NTP service software is free. Easy to install and configure, works like a charm and is stable as a rock. And it is nicer when it comes to one of the rare cases of troubleshooting.

See this article for the "How To".

The NTP service has a low ressource footprint, therefore the NTP functionality could be hooked onto existing machines or VM's like webservers, ftp servers, mailservers or database hosts - even in a DMZ - without visible performance impact.

If securtity is an issue, you might as well place radio controlled clock appliances into your LAN who serve time very reliable and precise.
0
 
LVL 41

Accepted Solution

by:
footech earned 1600 total points
ID: 40606362
Corrected version of LearnCTX's.  But if you don't have the AD module you'll have to let us know.
Import-Module ActiveDirectory
$DomainControllers = Get-ADDomainController -Filter * | Select -expand Name

Write-Verbose "Check Domain Time Configuration `r"
ForEach ($DC in $DomainControllers) { 
	$ADTimeCheck = w32tm /monitor /computers:$DC
	$ADTimeCheck1 = $ADTimeCheck -split ("ICMP: ")
	$ADTimeCheck2 = $ADTimeCheck1 -split ("NTP: ")
	$ADTimeCheck3 = $ADTimeCheck2 -split ("RefID: ")
	$ADTimeCheckICMP = $ADTimeCheck3[13]
	$ADTimeCheckNTP = $ADTimeCheck3[15]
	[array]$DomainNTPStatus += "$DC,$ADTimeCheckICMP,$ADTimeCheckNTP"
}

$DomainNTPStatus

Open in new window

0
 
LVL 8

Author Comment

by:Senior IT System Engineer
ID: 40606738
Do i have to execute the command above in the domain controller or can I run it on my laptop running with PowerGUI ?
0
 
LVL 41

Expert Comment

by:footech
ID: 40606897
You can run it on a workstation if it has RSAT tools installed so that the ActiveDirectory module is available.  Otherwise, it would have to be done from a domain controller (assuming Server 2008 R2 or newer).
0
 
LVL 8

Author Closing Comment

by:Senior IT System Engineer
ID: 40606992
Thanks, it works.
0

Featured Post

Basic Security of Your VPC

So, you’ve got this shiny new VPC and a fancy new application configured on your EC2 servers ready to go. This application is only accessible from your computer, which is great for security, but you need your users to be able to access it! So, what’s the easiest way to do this?

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There are times when we need to generate a report on the inbox rules, where users have set up forwarding externally in their mailbox. In this article, I will be sharing a script I wrote to generate the report in CSV format.
Microsoft Office 365 is a subscriptions based service which includes services like Exchange Online and Skype for business Online. These services integrate with Microsoft's online version of Active Directory called Azure Active Directory.
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question