Powershell: DCrepaudit.ps1

Automating AD Replication Checks with PowerShell

In this blog post, we'll explore a PowerShell script that helps administrators automate Active Directory (AD) replication checks and provides valuable insights into domain controller performance.

Prerequisites

The Script

This script, named DCrepaudit.ps1, targets domain controllers and retrieves their replication status using Get-ADReplicationFailure and Get-ADReplicationPartnerMetadata cmdlets.

$DCs = Get-ADDomainController -filter * | Select-Object Name, IPv4Address, OperatingSystem, OperationMasterRoles

This line retrieves all domain controllers in the forest and selects their name, IP address, operating system, and operation master roles.

foreach ($dc in $dcs) {
    $dcname = "$($dc.name).$env:USERDNSDOMAIN"
    write-host "processing $dcname"
    Get-ADReplicationFailure -Target $dcname | select *
    Get-ADReplicationPartnerMetadata -Target $($dc.name) | Select Server,@{n="Partner";e={(Resolve-DnsName $_.PartnerAddress).NameHost}},LastReplicationAttempt
}

This block of code loops through each domain controller, constructs a fully qualified domain name (FQDN) using the domain controller's name and the user DNS domain, and then:

How It Works

Getting Domain Controllers

The script starts by retrieving all domain controllers in the forest using Get-ADDomainController. The -filter * parameter retrieves all domain controllers, and the Select-Object cmdlet limits the returned properties to name, IP address, operating system, and operation master roles.

Processing Domain Controllers

The script then loops through each domain controller, constructing a fully qualified domain name (FQDN) using the domain controller's name and the user DNS domain. The write-host cmdlet outputs a message indicating which domain controller is being processed.

Key Code Snippets

$DCs = Get-ADDomainController -filter * | Select-Object Name, IPv4Address, OperatingSystem, OperationMasterRoles

foreach ($dc in $dcs) {
    $dcname = "$($dc.name).$env:USERDNSDOMAIN"
    write-host "processing $dcname"
    Get-ADReplicationFailure -Target $dcname | select *
    Get-ADReplicationPartnerMetadata -Target $($dc.name) | Select Server,@{n="Partner";e={(Resolve-DnsName $_.PartnerAddress).NameHost}},LastReplicationAttempt
}

Usage Examples

To run this script, save it to a file (e.g., DCrepaudit.ps1), navigate to the directory in PowerShell, and execute the script using the .\DCrepaudit.ps1 command.

Conclusion

This script provides a useful starting point for automating AD replication checks and can help administrators identify potential issues with domain controller replication. By incorporating this script into your daily routine, you'll be better equipped to maintain the health and integrity of your Active Directory infrastructure.