{"id":9624,"date":"2018-04-16T08:24:37","date_gmt":"2018-04-16T15:24:37","guid":{"rendered":"https:\/\/www.zubairalexander.com\/stage\/?p=9624"},"modified":"2022-03-14T11:20:39","modified_gmt":"2022-03-14T18:20:39","slug":"powershell-script-to-monitor-active-directory-health","status":"publish","type":"post","link":"https:\/\/www.zubairalexander.com\/blog\/powershell-script-to-monitor-active-directory-health\/","title":{"rendered":"PowerShell Script to Monitor Active Directory Health"},"content":{"rendered":"<p><span style=\"background-color: #ffff99;\"><em><span style=\"font-size: 14pt; background-color: #ffff99;\">The author of the script has updated the script in 2021. If you&#8217;re using version 1, the new version (ADHealthCheckV2) is available <a style=\"background-color: #ffff99;\" href=\"https:\/\/github.com\/VikasSukhija\/Downloads\/blob\/master\/ADHealthCheckV2\/ADHealthCheckV2.ps1\" target=\"_blank\" rel=\"noopener\">here<\/a>.<\/span><\/em><\/span><\/p>\n<p>I have been using PowerShell to view the status of Active Directory Directory Services (AD DS) components, such as NTDS, Netlogon, DNS, etc. I was looking to automate the process somewhat and get notification if any of these services had stopped. I ran into a handy PowerShell script written by\u00a0Microsoft MVP <a href=\"https:\/\/www.powershellgallery.com\/profiles\/VikasSukhija\" target=\"_blank\" rel=\"noopener\">Sukhija Vikas<\/a> for Microsoft TechNet.<\/p>\n<p>You can find the script in the PowerShell gallery under <a href=\"https:\/\/www.powershellgallery.com\/packages\/ADHealthCheckV2\/1.0\" target=\"_blank\" rel=\"noopener\">Active Directory Health Check<\/a>. If you&#8217;re not interested in the Package Details, File List, and the Version History, you can go directly to the script download <a href=\"https:\/\/github.com\/VikasSukhija\/Downloads\/blob\/master\/ADHealthCheckV2\/ADHealthCheckV2.ps1\" target=\"_blank\" rel=\"noopener\">here<\/a>. The script checks the following AD DS components.<\/p>\n<ul>\n<li>Pings all the Domain Controllers in the forest<\/li>\n<li>Verifies that the <strong>Netlogon<\/strong> service is running<\/li>\n<li>Verifies that the <strong>NTDS<\/strong> service is running<\/li>\n<li>Verifies that the <strong>DNS<\/strong> service is running<\/li>\n<li>Runs the DCdiag <strong>Netlogons<\/strong> test to ensure the appropriate logon privileges allow replication to proceed<\/li>\n<li>Runs the DCdiag\u00a0 <strong>Replications<\/strong> test to check for timely replication between directory servers<\/li>\n<li>Runs the DCdiag <strong>Services<\/strong> test to see if appropriate supporting services are running<\/li>\n<li>Runs the DCdiag <strong>Advertising<\/strong> test to check whether each DSA is advertising itself, and whether it is advertising itself as having the capabilities of a DSA<\/li>\n<li>Runs the DCdiag <strong>FSMOCheck<\/strong> test on the Domain Controllers that hold the FSMO roles and the enterprise tests on the domain itself<\/li>\n<\/ul>\n<h4><strong>Required Modifications<\/strong><\/h4>\n<p>The script requires very little modifications. You only have to change the following entries in red.<\/p>\n<ul>\n<li>$smtphost = &#8220;<span style=\"color: #ff0000;\">smtp.labtest.com<\/span>&#8220;<\/li>\n<li>$from = &#8220;<span style=\"color: #ff0000;\">DoNotReply@labtest.com<\/span>&#8220;<\/li>\n<li>$to = &#8220;<span style=\"color: #ff0000;\">Sukhija@labtest.com<\/span>&#8220;<\/li>\n<\/ul>\n<p>For example, if your domain is Contoso.com, your email is Admin@Contoso.com, and your SMTP host is smtp.contoso.com, you will make the following changes.<\/p>\n<ul>\n<li>$smtphost = &#8220;<span style=\"color: #ff0000;\">smtp.contoso.com<\/span>&#8220;<\/li>\n<li>$from = &#8220;<span style=\"color: #ff0000;\">DoNotReply@contoso.com<\/span>&#8220;<\/li>\n<li>$to = &#8220;<span style=\"color: #ff0000;\">Admin@contoso.com<\/span>&#8220;<\/li>\n<\/ul>\n<p>You can also change the timeout if it&#8217;s necessary. The script is set to time out in 60 seconds. It can be downloaded free of charge, and you can pretty much do anything with it, subject to the inclusion of the following notice in all copies of the software.<\/p>\n<p><a href=\"https:\/\/www.zubairalexander.com\/blog\/wp-content\/uploads\/2018\/04\/MIT-License.png\"><img decoding=\"async\" class=\"alignnone size-full wp-image-9625\" src=\"https:\/\/www.zubairalexander.com\/blog\/wp-content\/uploads\/2018\/04\/MIT-License.png\" alt=\"\" width=\"1038\" height=\"426\" srcset=\"https:\/\/www.zubairalexander.com\/blog\/wp-content\/uploads\/2018\/04\/MIT-License.png 1038w, https:\/\/www.zubairalexander.com\/blog\/wp-content\/uploads\/2018\/04\/MIT-License-300x123.png 300w, https:\/\/www.zubairalexander.com\/blog\/wp-content\/uploads\/2018\/04\/MIT-License-768x315.png 768w, https:\/\/www.zubairalexander.com\/blog\/wp-content\/uploads\/2018\/04\/MIT-License-1024x420.png 1024w\" sizes=\"(max-width: 1038px) 100vw, 1038px\" \/><\/a><\/p>\n<h4><strong>Step-by-Step Instructions<\/strong><\/h4>\n<p>The script is really easy to run, but if you don&#8217;t have much experience with PowerShell, or scripts in general, then here are the steps you can use to run this Active Directory Health Check script.<\/p>\n<ol>\n<li>Download the <a href=\"https:\/\/www.powershellgallery.com\/packages\/ADHealthCheckV2\/1.0\" target=\"_blank\" rel=\"noopener\">Active Directory Health Check<\/a> PowerShell script.<\/li>\n<li>Extract the zip file.<\/li>\n<li>Edit the ADHealthCheckV2.ps1 file in Notepad and replace the three parameters listed in red with your own domain parameters in the <em>Required Modifications<\/em> section above.<\/li>\n<li>Run the tests from a computer that is not a Domain Controller. Make sure that any tools that are used in the script are installed on that computer (e.g., <a href=\"https:\/\/www.microsoft.com\/en-us\/download\/details.aspx?id=31063\" target=\"_blank\" rel=\"noopener noreferrer\">DCdiag<\/a>).<\/li>\n<li>Login to a Windows computer with Domain Admin credentials (or use <em>Run As<\/em> command).<\/li>\n<li>Start PowerShell command prompt with administrative credentials.<\/li>\n<li>Run the ADHealthCheckV2.bat batch file.<\/li>\n<li>You will see the report generated as an HMTL file in the same directory where you copied the batch file and the PowerShell script.<\/li>\n<\/ol>\n<p><span style=\"text-decoration: underline;\">NOTE<\/span>: You can schedule the batch file (ADHealthCheckV2.bat) to run daily (or on a different schedule) and get regular emails to make sure the AD DS is healthy. You can also customize the script to add additional tests to fit your needs.<\/p>\n<p>Here&#8217;s what an Active Directory Health Check sample report looks like.<\/p>\n<p><a href=\"https:\/\/www.zubairalexander.com\/blog\/wp-content\/uploads\/2018\/04\/ADHealthCheck-sample-report.png\"><img decoding=\"async\" class=\"alignnone size-full wp-image-9626\" src=\"https:\/\/www.zubairalexander.com\/blog\/wp-content\/uploads\/2018\/04\/ADHealthCheck-sample-report.png\" alt=\"Active Directory Health Check Sample Report\" width=\"1126\" height=\"91\" srcset=\"https:\/\/www.zubairalexander.com\/blog\/wp-content\/uploads\/2018\/04\/ADHealthCheck-sample-report.png 1126w, https:\/\/www.zubairalexander.com\/blog\/wp-content\/uploads\/2018\/04\/ADHealthCheck-sample-report-300x24.png 300w, https:\/\/www.zubairalexander.com\/blog\/wp-content\/uploads\/2018\/04\/ADHealthCheck-sample-report-768x62.png 768w, https:\/\/www.zubairalexander.com\/blog\/wp-content\/uploads\/2018\/04\/ADHealthCheck-sample-report-1024x83.png 1024w\" sizes=\"(max-width: 1126px) 100vw, 1126px\" \/><\/a><\/p>\n<p>As you can see in the sample report, NTDS is not running on DC2 in the Contoso domain and some of the DCdiag tests have failed. Obviously, this requires troubleshooting the issues on DC2.<\/p>\n<p><em><span style=\"font-size: 14pt;\">Updated: September 2, 2021<\/span><\/em><\/p>\n<p>I &#8216;ve updated the article with links to the new version (ADHealthCheckV2) of the script.<\/p>\n<table>\n<tbody>\n<tr>\n<td style=\"background-color: #e3e3e3; text-align: left;\">Thanks for reading my article. If you are interested in IT training &amp; consulting services, please reach out to me. Visit <a href=\"https:\/\/www.zubairalexander.com\/\" target=\"_blank\" rel=\"noopener noreferrer\">ZubairAlexander.com<\/a> for information on my professional background.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<hr \/>\n<p><span style=\"font-size: xx-small; font-family: Verdana;\">Copyright \u00a9 2018 <a href=\"https:\/\/www.seattlepro.com\/\" target=\"_blank\" rel=\"noopener noreferrer\">SeattlePro Enterprises, LLC<\/a>. All rights reserved.<br \/>\n<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The author of the script has updated the script in 2021. If you&#8217;re using version 1, the new version (ADHealthCheckV2) is available here. I have been using PowerShell to view the status of Active Directory Directory Services (AD DS) components, such as NTDS, Netlogon, DNS, etc. I was looking to automate the process somewhat and [&hellip;]<\/p>\n","protected":false},"author":7,"featured_media":9815,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[6,43,57,11,45,66,76,38,30,65,80],"tags":[],"class_list":["post-9624","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-active-directory","category-articles","category-scripting","category-tips-tricks","category-toolsutils","category-troubleshooting","category-windows-10","category-windows-2003","category-longhorn-server","category-windows-2012","category-windows-2016"],"aioseo_notices":[],"jetpack_featured_media_url":"https:\/\/www.zubairalexander.com\/blog\/wp-content\/uploads\/2018\/05\/AD_logo_featured_3300x1920.png","_links":{"self":[{"href":"https:\/\/www.zubairalexander.com\/blog\/wp-json\/wp\/v2\/posts\/9624","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.zubairalexander.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.zubairalexander.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.zubairalexander.com\/blog\/wp-json\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"https:\/\/www.zubairalexander.com\/blog\/wp-json\/wp\/v2\/comments?post=9624"}],"version-history":[{"count":0,"href":"https:\/\/www.zubairalexander.com\/blog\/wp-json\/wp\/v2\/posts\/9624\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.zubairalexander.com\/blog\/wp-json\/wp\/v2\/media\/9815"}],"wp:attachment":[{"href":"https:\/\/www.zubairalexander.com\/blog\/wp-json\/wp\/v2\/media?parent=9624"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.zubairalexander.com\/blog\/wp-json\/wp\/v2\/categories?post=9624"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.zubairalexander.com\/blog\/wp-json\/wp\/v2\/tags?post=9624"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}