Active Directory vCheck
April 16, 2013When I was a Systems Administrator, one of the things we wanted to know was if there were issues with our Active Directory environment. Things like directory health, stale computers, and if someone had modified the domain admins group were at the top of that list.
The scripts below were built in an attempt to give a quick overview of the Active Directory. These plugins were built on top of Alan Renouf’s vCheck (@alanrenouf) which provides a great framework for the building of your own scripts. Check out his site if you haven’t already!
To install the vCheck, simply extract the contents of the zip file to a directory on your computer. If you are running this against a Server 2008 R2 server you’ll need to enable WinRM and install the AD Web Services. I ran my tests against a Server 2012 domain controller with no issues.
If you haven’t modified your signing settings, you may need to change your powershell options to “RemoteSigned. http://technet.microsoft.com/library/hh847748.aspx
Set-ExecutionPolicy -ExecutionPolicy RemoteSigned
Once you’ve extracted the components, simple run the vcheck.ps1 script which will ask you some questions to customize the script for your own environment.
The following items will be checked and give you a report:
- The Current Flexible Single Master Operators Role locations
- Any user accounts that are currently locked out
- A quick count of Users and Computers
- The list of users in the Domain Admins group
- User accounts that are set with “Account does not expire”
- Stale Computers
- DCDiag
That’s it! You can then sit back and run your report anytime you want need an update, or schedule the script and run it daily! Here is an example report.
Download the Active Directory vCheck Plugin here: ADvCheck.zip
It’s pretty easy to add additional plugins to suit your own needs as well, just write your PowerShell scripts and throw them in the plugins directory.
Thanks to Alan Renouf as well as PowerCLI man (@PowerCliMan) for the tool!
This is by far the best script i’ve seen! Keep up the good work 🙂
Thank you! vCheck is all Alan Renouf, but hopefully the AD plugin parts are useful as well.
Thanks for reading.
it’s is a useful script, I have had to modify the Global and FSMO to add $ADForest and $Forest = Get-ADForest -Server $ADForest as a child domain that was the only way to get it to show the Schema and Domain Naming servers.
Nice article, i will add this to my blog as im writing an article about Active Directory vCheck – http://www.networkangel.net/active-directory-health-check-tools
Active Directory Health Profiler is a tool that in my view is one of the very best in Active Directory Health management. I think we should give this one a try?
http://adhealthprof.itdynamicpacks.net/
Best,
Nick