[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

Powershell: Check if AD account exist in all the DC

Posted on 2016-09-30
5
Medium Priority
?
273 Views
Last Modified: 2016-10-05
Hello Experts,

I found the script that is attached. It checks the sysvol replication. I would like to add the AD account check as well. Could you please assist, It should create an account on a DC and checks to see if it has replicated across all the domain controllers. I like the output the attached file provides for sysvol check, would like to get a similar out along with sysvol for account checks as well.

Your assistance is appreciated.
sysvol_check.txt
0
Comment
Question by:Parity123
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 6

Expert Comment

by:sAMAccountName
ID: 41823846
You dont really need to create a new account...

I did a similar exercise to check replication and did it this way:

On the PDC, a script called a function that wrote $(Get-Date -f o) to 'extensionattribute1' on the PDCe object

On all other DCs, the script called a function that evaluated the difference between $(Get-Date -f o) and what its copy of the PDC object's 'extensionattribute1' property was

The script reported this delta to a database which I could query to graph replication latency over time.  It worked like a charm.
0
 
LVL 16

Expert Comment

by:Todd Nelson
ID: 41823847
That's quite the eloborate script to check AD replication ... doesn't "repadmin /replsummary" do the trick?

Anyway, for AD account replication you can try CSVDE from an elevated command prompt ... https://technet.microsoft.com/en-us/library/cc732101(v=ws.11).aspx

csvde.exe -f export.csv -s DC-NAME -r "(&(objectClass=user)(sn=USER-LASTNAME))"

Open in new window


Run the command against each DC you have.
0
 
LVL 6

Expert Comment

by:sAMAccountName
ID: 41823853
replsum tells a different story...  It really speaks to how far from convergence you are across your target DCs.

What this script does is measure how fast a low priority change is replicated globally, which was insanely useful to illustrate I met a replication SLA of 10 minutes.  I had 380+ sites and 340+ DCs and was able to maintain a 2.1 minute replication average across all sites/dcs.  

That story cannot be told by /replsum.
0
 
LVL 13

Accepted Solution

by:
Dustin Saunders earned 2000 total points
ID: 41824091
You can check replication times on objects with code like this.  Here's an example to check for replication of an object $u which is a saMAccountName.  You can capture start and end times, do the math; or if you need to wait for replication before moving on in a powershell script this will hold up the script until the replication finishes.
$DCs = Get-ADDomainController -Filter *

Write-Host "Waiting for replication of $u on all domain controllers." -ForegroundColor Yellow -BackgroundColor Blue
foreach ($DC in $DCs)
{
    $DCName = $DC.Name
    $result = Get-ADUser -Filter {samaccountname -eq $u} -Server $DCName
    while (!($result))
    {
        Write-Host "Waiting for replication of $u on $DCName." -ForegroundColor Yellow -BackgroundColor Blue
        Start-Sleep -s 2
        $result = Get-ADUser -Filter {samaccountname -eq $u} -Server $DCName
    }
}
WriteLog("Replication for $u complete on all domain controllers.")

Open in new window

1
 

Author Closing Comment

by:Parity123
ID: 41830722
Thanks
0

Featured Post

Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Here's a look at newsworthy articles and community happenings during the last month.
It’s time for spooky stories and consuming way too much sugar, including the many treats we’ve whipped for you in the world of tech. Check it out!
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Suggested Courses

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question