Solved

Powershell: Check if AD account exist in all the DC

Posted on 2016-09-30
5
98 Views
Last Modified: 2016-10-05
Hello Experts,

I found the script that is attached. It checks the sysvol replication. I would like to add the AD account check as well. Could you please assist, It should create an account on a DC and checks to see if it has replicated across all the domain controllers. I like the output the attached file provides for sysvol check, would like to get a similar out along with sysvol for account checks as well.

Your assistance is appreciated.
sysvol_check.txt
0
Comment
Question by:Parity123
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 6

Expert Comment

by:sAMAccountName
ID: 41823846
You dont really need to create a new account...

I did a similar exercise to check replication and did it this way:

On the PDC, a script called a function that wrote $(Get-Date -f o) to 'extensionattribute1' on the PDCe object

On all other DCs, the script called a function that evaluated the difference between $(Get-Date -f o) and what its copy of the PDC object's 'extensionattribute1' property was

The script reported this delta to a database which I could query to graph replication latency over time.  It worked like a charm.
0
 
LVL 15

Expert Comment

by:Todd Nelson
ID: 41823847
That's quite the eloborate script to check AD replication ... doesn't "repadmin /replsummary" do the trick?

Anyway, for AD account replication you can try CSVDE from an elevated command prompt ... https://technet.microsoft.com/en-us/library/cc732101(v=ws.11).aspx

csvde.exe -f export.csv -s DC-NAME -r "(&(objectClass=user)(sn=USER-LASTNAME))"

Open in new window


Run the command against each DC you have.
0
 
LVL 6

Expert Comment

by:sAMAccountName
ID: 41823853
replsum tells a different story...  It really speaks to how far from convergence you are across your target DCs.

What this script does is measure how fast a low priority change is replicated globally, which was insanely useful to illustrate I met a replication SLA of 10 minutes.  I had 380+ sites and 340+ DCs and was able to maintain a 2.1 minute replication average across all sites/dcs.  

That story cannot be told by /replsum.
0
 
LVL 12

Accepted Solution

by:
Dustin Saunders earned 500 total points
ID: 41824091
You can check replication times on objects with code like this.  Here's an example to check for replication of an object $u which is a saMAccountName.  You can capture start and end times, do the math; or if you need to wait for replication before moving on in a powershell script this will hold up the script until the replication finishes.
$DCs = Get-ADDomainController -Filter *

Write-Host "Waiting for replication of $u on all domain controllers." -ForegroundColor Yellow -BackgroundColor Blue
foreach ($DC in $DCs)
{
    $DCName = $DC.Name
    $result = Get-ADUser -Filter {samaccountname -eq $u} -Server $DCName
    while (!($result))
    {
        Write-Host "Waiting for replication of $u on $DCName." -ForegroundColor Yellow -BackgroundColor Blue
        Start-Sleep -s 2
        $result = Get-ADUser -Filter {samaccountname -eq $u} -Server $DCName
    }
}
WriteLog("Replication for $u complete on all domain controllers.")

Open in new window

1
 

Author Closing Comment

by:Parity123
ID: 41830722
Thanks
0

Featured Post

Online Training Solution

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action. Forget about retraining and skyrocket knowledge retention rates.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
This article shows the method of using the Resultant Set of Policy Tool to locate Group Policy that applies a particular setting.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question