It’s important to run some Active Directory Health checks on your domain. To that end, I thought it would be great to generate a weekly report that contained a DCdiag, a Repadmin and Best Practice Analyzer report. This could be done via a Scheduled task. It could then run once a week and then email you with any issues. A great way to keep on top of the health of your environment and to make sure no little niggling errors are hiding just under the covers, waiting to destroy your environment.
The hardest part of the script was executing the cmd prompt command via the script. Passing in arguments is messy in Powershell at the best of times, but passing in arguments with spaces and having to escape the correct characters etc is very tedious. So, as a disclaimer, this script is a work in progress. It works, but by no means is it an example of Powershell Best Practice. (I’ll keep a tinkering on it, and if anyone has any suggestions please leave a comment.) Hopefully, though, someone other then me may find this useful.
There are also a few caveats to be aware of. This script, the way it is presented here, will only work on Powershell v3. I found this out because in an effort to get the BPA cmdlets working, I realized that the syntax for the commands are different in the different versions of Powershell. If you would like to get this to work on Powershell v2, you just need to change the -ModelID parameters to -ID. A quick “Get-Help Invoke-BPAModel” should sort that out pretty swiftly. Also, the file locations are hard coded at this point.
#Written by Craig Dempsey, 19/03/2013
# ** NOTE ** This script will only work if the folder C:\admin\Scripts is present.
# ** NOTE ** This script will only work with Powershell v3.
# ** NOTE ** To adapt this to work with Powershell v2, you will need to change BPA cmdlets parameters, because the names of the parameters are different from v2 to v3.
# ** NOTE ** This script needs to be run on a domain controller.
#Import Module Best Practices for Powershell v2. In v3 the module gets automatically loaded.
Import-Module BestPractices
#Set Variables
$date = get-date -UFormat "%Y%m%d%H%M%S"
$date2 = get-date
$dcdiagcom = "dcdiag"
$dcdiaglog = "C:\Admin\Scripts\adchex\dcdiag$date.log"
$dcdiagargs = @('/a', '/c', '/v', "/f:$dcdiaglog ")
$repadmincom = "repadmin"
$repadminargs = @('/showrepl', '*', '/verbose', '/all', '/intersite')
$repadminlog = "C:\admin\scripts\adchex\repl$date.log"
$ADbparesultcsv = "C:\Admin\Scripts\adchex\ADBpaResult$date.csv"
#Run the cmd commands calling the args.
&cmd /c $dcdiagcom $dcdiagargs
&cmd /c $repadmincom $repadminargs > $repadminlog
#Run the Best Practice Analayser
invoke-bpamodel -ModelId Microsoft/Windows/DirectoryServices
#Format the results
get-bparesult -ModelID Microsoft/Windows/DirectoryServices | Where { $_Severity -ne "Information" } | Set-BpaResult -Exclude $true| Export-CSV -Path $ADbparesultcsv
#Set email variables
$EmailFrom = "powershell@yourdomain.com"
$EmailTo = "whoeveruare@yourdomain.com"
$Subject = "AD CHEX!"
$Body = "Attached is a set of automated reports for your perusal. The reports contain a DCDiag report, a Repadmin report and Best Practice Analyser Report."
$SMTPServer = "YourSMTPserver"
#Email the log files.
Send-MailMessage -Subject $Subject -Body $body -SmtpServer $SMTPServer -Priority High -To $EmailTo -From $EmailFrom -Attachments $dcdiaglog, $repadminlog, $ADbparesultcsv
You can find some more information about DCDiag command here.
You can find some more information about the Repadmin command here.
Here is some information aswell about running the BPA via Powershell