Solved

Powershell: Check if AD account exist in all the DC

Posted on 2016-09-30
5
137 Views
Last Modified: 2016-10-05
Hello Experts,

I found the script that is attached. It checks the sysvol replication. I would like to add the AD account check as well. Could you please assist, It should create an account on a DC and checks to see if it has replicated across all the domain controllers. I like the output the attached file provides for sysvol check, would like to get a similar out along with sysvol for account checks as well.

Your assistance is appreciated.
sysvol_check.txt
0
Comment
Question by:Parity123
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 6

Expert Comment

by:sAMAccountName
ID: 41823846
You dont really need to create a new account...

I did a similar exercise to check replication and did it this way:

On the PDC, a script called a function that wrote $(Get-Date -f o) to 'extensionattribute1' on the PDCe object

On all other DCs, the script called a function that evaluated the difference between $(Get-Date -f o) and what its copy of the PDC object's 'extensionattribute1' property was

The script reported this delta to a database which I could query to graph replication latency over time.  It worked like a charm.
0
 
LVL 16

Expert Comment

by:Todd Nelson
ID: 41823847
That's quite the eloborate script to check AD replication ... doesn't "repadmin /replsummary" do the trick?

Anyway, for AD account replication you can try CSVDE from an elevated command prompt ... https://technet.microsoft.com/en-us/library/cc732101(v=ws.11).aspx

csvde.exe -f export.csv -s DC-NAME -r "(&(objectClass=user)(sn=USER-LASTNAME))"

Open in new window


Run the command against each DC you have.
0
 
LVL 6

Expert Comment

by:sAMAccountName
ID: 41823853
replsum tells a different story...  It really speaks to how far from convergence you are across your target DCs.

What this script does is measure how fast a low priority change is replicated globally, which was insanely useful to illustrate I met a replication SLA of 10 minutes.  I had 380+ sites and 340+ DCs and was able to maintain a 2.1 minute replication average across all sites/dcs.  

That story cannot be told by /replsum.
0
 
LVL 13

Accepted Solution

by:
Dustin Saunders earned 500 total points
ID: 41824091
You can check replication times on objects with code like this.  Here's an example to check for replication of an object $u which is a saMAccountName.  You can capture start and end times, do the math; or if you need to wait for replication before moving on in a powershell script this will hold up the script until the replication finishes.
$DCs = Get-ADDomainController -Filter *

Write-Host "Waiting for replication of $u on all domain controllers." -ForegroundColor Yellow -BackgroundColor Blue
foreach ($DC in $DCs)
{
    $DCName = $DC.Name
    $result = Get-ADUser -Filter {samaccountname -eq $u} -Server $DCName
    while (!($result))
    {
        Write-Host "Waiting for replication of $u on $DCName." -ForegroundColor Yellow -BackgroundColor Blue
        Start-Sleep -s 2
        $result = Get-ADUser -Filter {samaccountname -eq $u} -Server $DCName
    }
}
WriteLog("Replication for $u complete on all domain controllers.")

Open in new window

1
 

Author Closing Comment

by:Parity123
ID: 41830722
Thanks
0

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Previously, on our Nano Server Deployment series, we've created a new nano server image and deployed it on a physical server in part 2. Now we will go through configuration.
Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question