?
Solved

Powershell: Check if AD account exist in all the DC

Posted on 2016-09-30
5
Medium Priority
?
195 Views
Last Modified: 2016-10-05
Hello Experts,

I found the script that is attached. It checks the sysvol replication. I would like to add the AD account check as well. Could you please assist, It should create an account on a DC and checks to see if it has replicated across all the domain controllers. I like the output the attached file provides for sysvol check, would like to get a similar out along with sysvol for account checks as well.

Your assistance is appreciated.
sysvol_check.txt
0
Comment
Question by:Parity123
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 6

Expert Comment

by:sAMAccountName
ID: 41823846
You dont really need to create a new account...

I did a similar exercise to check replication and did it this way:

On the PDC, a script called a function that wrote $(Get-Date -f o) to 'extensionattribute1' on the PDCe object

On all other DCs, the script called a function that evaluated the difference between $(Get-Date -f o) and what its copy of the PDC object's 'extensionattribute1' property was

The script reported this delta to a database which I could query to graph replication latency over time.  It worked like a charm.
0
 
LVL 16

Expert Comment

by:Todd Nelson
ID: 41823847
That's quite the eloborate script to check AD replication ... doesn't "repadmin /replsummary" do the trick?

Anyway, for AD account replication you can try CSVDE from an elevated command prompt ... https://technet.microsoft.com/en-us/library/cc732101(v=ws.11).aspx

csvde.exe -f export.csv -s DC-NAME -r "(&(objectClass=user)(sn=USER-LASTNAME))"

Open in new window


Run the command against each DC you have.
0
 
LVL 6

Expert Comment

by:sAMAccountName
ID: 41823853
replsum tells a different story...  It really speaks to how far from convergence you are across your target DCs.

What this script does is measure how fast a low priority change is replicated globally, which was insanely useful to illustrate I met a replication SLA of 10 minutes.  I had 380+ sites and 340+ DCs and was able to maintain a 2.1 minute replication average across all sites/dcs.  

That story cannot be told by /replsum.
0
 
LVL 13

Accepted Solution

by:
Dustin Saunders earned 2000 total points
ID: 41824091
You can check replication times on objects with code like this.  Here's an example to check for replication of an object $u which is a saMAccountName.  You can capture start and end times, do the math; or if you need to wait for replication before moving on in a powershell script this will hold up the script until the replication finishes.
$DCs = Get-ADDomainController -Filter *

Write-Host "Waiting for replication of $u on all domain controllers." -ForegroundColor Yellow -BackgroundColor Blue
foreach ($DC in $DCs)
{
    $DCName = $DC.Name
    $result = Get-ADUser -Filter {samaccountname -eq $u} -Server $DCName
    while (!($result))
    {
        Write-Host "Waiting for replication of $u on $DCName." -ForegroundColor Yellow -BackgroundColor Blue
        Start-Sleep -s 2
        $result = Get-ADUser -Filter {samaccountname -eq $u} -Server $DCName
    }
}
WriteLog("Replication for $u complete on all domain controllers.")

Open in new window

1
 

Author Closing Comment

by:Parity123
ID: 41830722
Thanks
0

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
There are times when we need to generate a report on the inbox rules, where users have set up forwarding externally in their mailbox. In this article, I will be sharing a script I wrote to generate the report in CSV format.
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
Suggested Courses

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question