PowerShell, Office 365, Azure and automation
AD DC replication test using PowerShell
PowerShell / Scripts

AD DC replication test using PowerShell

your gravatar alt for the rest of the pages

I believe that every server, and a Domain Controller especially, should be tested after a restart or another kind of maintenance job. The task to test AD DC replication test using PowerShell needs to be executed on each DC in AD. My team asked me if there is a way to automate Active Directory domain controllers replication test. I think it is good idea to automate that task and do that kind of checks regularly to confirm that your environment is healthy. My tools of choice is PowerShell. Looks like PowerShell fits well here as a tool, because It can be used almost anywhere and natively support all the tasks required to do the checks.

It took me a few minutes to write the PowerShell script to do AD replication test. Hope that might help you one day to get your routine tasks automated.

Param(  
    [Parameter(Mandatory = $False, Position = 1)]  [string]$serverName, 
    [Parameter(Mandatory = $False, Position = 2)]  [int]$waitingTime = 600, 
    [Parameter(Mandatory = $False, Position = 3)]  [string]$testOU = 'OU=People,OU=Test,DC=domain,DC=local'
)

## Init section
    Clear-HostWrite-Host "Start DC server sync test"
    if (!$serverName) {
        $serverName = hostname
    }
    Write-Host "DC name: " $serverName
    $dCList =((Get-ADForest).Domains | %{ Get-ADDomainController -Filter * -Server $_ }).name
    if ( $dCList -notcontains $servername) {
        Write-Host "The server $serverName is not a Domain Controller" -ForegroundColor Red
        Break
    }
        
    $testUserName = "DC_" + $servername + "_test"
    $randomDC = $dCList | ? {$_ -ne $servername} | Get-Random
## End of init section
        
# Script body
    Write-Host "The test user name is $testUserName"
    New-AdUser -Name $testUserName -Server $randomDC -path $testOU
    if (Get-AdUser $testUserName -server $randomDC) {
        Write-Host "test user $testUserName successfully created" -ForegroundColor Green
    }
    else {
        Write-Host "There is an issue with the test account $testUserName creation on $serverName" -ForegroundColor Red
        Break
    }
    Get-DateWrite-Host "Waiting for $waitingtime seconds for sync"
    Start-sleep -Seconds $waitingtime
    Get-date
    if (Get-AdUser $testUserName -server $servername) {
        Write-host "$serverName test successful. Deleting the test user $testUserName"  -ForegroundColor Green
        Remove-ADUser $testUserName -Confirm:$false
        if (Get-AdUser $testUserName -server $servername) {
            Write-Host -ForegroundColor Red "There is an issue with deleting the test user. Please check manually."	}
        else {
            Write-Host "The $testUserName have been successfully deleted" -ForegroundColor Green
        }
    }
    else {
            Write-Host "Cant find the test user $testUserName. There might be AD sync issue" -ForegroundColor Red
    }

That small script helped my team to simplify patching routine and save time for other important tasks,

You might want to improve the script and add some new features described at the following articles:

powershell-basics-how-to-check-active-directory-replication

Building an Active Directory Health Check Tool

Leave a Reply

Your email address will not be published. Required fields are marked *