Solved

Powershell: Check if AD account exist in all the DC

Posted on 2016-09-30
5
55 Views
Last Modified: 2016-10-05
Hello Experts,

I found the script that is attached. It checks the sysvol replication. I would like to add the AD account check as well. Could you please assist, It should create an account on a DC and checks to see if it has replicated across all the domain controllers. I like the output the attached file provides for sysvol check, would like to get a similar out along with sysvol for account checks as well.

Your assistance is appreciated.
sysvol_check.txt
0
Comment
Question by:Parity123
5 Comments
 
LVL 5

Expert Comment

by:sAMAccountName
ID: 41823846
You dont really need to create a new account...

I did a similar exercise to check replication and did it this way:

On the PDC, a script called a function that wrote $(Get-Date -f o) to 'extensionattribute1' on the PDCe object

On all other DCs, the script called a function that evaluated the difference between $(Get-Date -f o) and what its copy of the PDC object's 'extensionattribute1' property was

The script reported this delta to a database which I could query to graph replication latency over time.  It worked like a charm.
0
 
LVL 14

Expert Comment

by:Todd Nelson
ID: 41823847
That's quite the eloborate script to check AD replication ... doesn't "repadmin /replsummary" do the trick?

Anyway, for AD account replication you can try CSVDE from an elevated command prompt ... https://technet.microsoft.com/en-us/library/cc732101(v=ws.11).aspx

csvde.exe -f export.csv -s DC-NAME -r "(&(objectClass=user)(sn=USER-LASTNAME))"

Open in new window


Run the command against each DC you have.
0
 
LVL 5

Expert Comment

by:sAMAccountName
ID: 41823853
replsum tells a different story...  It really speaks to how far from convergence you are across your target DCs.

What this script does is measure how fast a low priority change is replicated globally, which was insanely useful to illustrate I met a replication SLA of 10 minutes.  I had 380+ sites and 340+ DCs and was able to maintain a 2.1 minute replication average across all sites/dcs.  

That story cannot be told by /replsum.
0
 
LVL 12

Accepted Solution

by:
Dustin Saunders earned 500 total points
ID: 41824091
You can check replication times on objects with code like this.  Here's an example to check for replication of an object $u which is a saMAccountName.  You can capture start and end times, do the math; or if you need to wait for replication before moving on in a powershell script this will hold up the script until the replication finishes.
$DCs = Get-ADDomainController -Filter *

Write-Host "Waiting for replication of $u on all domain controllers." -ForegroundColor Yellow -BackgroundColor Blue
foreach ($DC in $DCs)
{
    $DCName = $DC.Name
    $result = Get-ADUser -Filter {samaccountname -eq $u} -Server $DCName
    while (!($result))
    {
        Write-Host "Waiting for replication of $u on $DCName." -ForegroundColor Yellow -BackgroundColor Blue
        Start-Sleep -s 2
        $result = Get-ADUser -Filter {samaccountname -eq $u} -Server $DCName
    }
}
WriteLog("Replication for $u complete on all domain controllers.")

Open in new window

1
 

Author Closing Comment

by:Parity123
ID: 41830722
Thanks
0

Join & Write a Comment

This article will help you understand what HashTables are and how to use them in PowerShell.
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now