try {
Import-Module ActiveDirectory -ErrorAction Stop
} catch {
Write-Host "Active Directory module not available. Please install RSAT tools." -ForegroundColor Red
exit
}
$outputFile = "ADHealthCheck_$(Get-Date -Format yyyyMMdd_HHmmss).txt"
$timestamp = Get-Date -Format "yyyy-MM-dd HH:mm:ss"
function Write-OutputBoth {
param([string]$message)
Write-Host $message
Add-Content -Path $outputFile -Value $message
}
Write-OutputBoth "============================================="
Write-OutputBoth " Active Directory Health Check Report"
Write-OutputBoth " Generated on: $timestamp"
Write-OutputBoth "=============================================`n"
Write-OutputBoth "1. DOMAIN CONTROLLER AVAILABILITY"
Write-OutputBoth "---------------------------------"
try {
$domainControllers = Get-ADDomainController -Filter *
foreach ($dc in $domainControllers) {
$pingResult = Test-Connection -ComputerName $dc.HostName -Count 2 -Quiet
Write-OutputBoth "$($dc.HostName): $(if ($pingResult) {'Online'} else {'Offline'})"
}
} catch {
Write-OutputBoth "ERROR: Failed to check domain controllers - $_"
}
Write-OutputBoth ""
Write-OutputBoth "2. REPLICATION STATUS"
Write-OutputBoth "----------------------"
try {
$replStatus = repadmin /replsummary
Write-OutputBoth $replStatus
Write-OutputBoth "`nDetailed Replication Status:"
$replErrors = repadmin /showrepl * /errorsonly
if ($replErrors) {
Write-OutputBoth "Replication errors detected:`n$replErrors" -ForegroundColor Red
} else {
Write-OutputBoth "No replication errors found."
}
} catch {
Write-OutputBoth "ERROR: Failed to check replication status - $_"
}
Write-OutputBoth ""
Write-OutputBoth "3. DNS HEALTH CHECK"
Write-OutputBoth "-------------------"
try {
Write-OutputBoth "DNS Test with DCDiag:"
$dnsTest = dcdiag /test:dns /v
Write-OutputBoth $dnsTest
Write-OutputBoth "`nDNS Forwarders:"
$dnsServers = Get-DnsServerForwarder
if ($dnsServers) {
foreach ($server in $dnsServers.IPAddress) {
Write-OutputBoth "Forwarder: $server"
}
} else {
Write-OutputBoth "No DNS forwarders configured."
}
} catch {
Write-OutputBoth "ERROR: Failed to check DNS health - $_"
}
Write-OutputBoth ""
Write-OutputBoth "4. CRITICAL SERVICES STATUS"
Write-OutputBoth "---------------------------"
$services = @("NTDS", "DNS", "Netlogon", "KDC", "DFS", "ADWS")
foreach ($service in $services) {
try {
$svc = Get-Service -Name $service -ErrorAction SilentlyContinue
if ($svc) {
Write-OutputBoth "$($service): $($svc.Status)"
}
} catch {
Write-OutputBoth "ERROR: Failed to check $service service - $_"
}
}
Write-OutputBoth ""
Write-OutputBoth "5. FSMO ROLES STATUS"
Write-OutputBoth "---------------------"
try {
$forest = Get-ADForest
$domain = Get-ADDomain
Write-OutputBoth "Forest-wide roles:"
Write-OutputBoth " Schema Master: $($forest.SchemaMaster)"
Write-OutputBoth " Domain Naming Master: $($forest.DomainNamingMaster)"
Write-OutputBoth "`nDomain-wide roles:"
Write-OutputBoth " PDC Emulator: $($domain.PDCEmulator)"
Write-OutputBoth " RID Master: $($domain.RIDMaster)"
Write-OutputBoth " Infrastructure Master: $($domain.InfrastructureMaster)"
$allRoles = @($forest.SchemaMaster, $forest.DomainNamingMaster, $domain.PDCEmulator, $domain.RIDMaster, $domain.InfrastructureMaster) | Select-Object -Unique
foreach ($role in $allRoles) {
$online = Test-Connection -ComputerName $role -Count 1 -Quiet
Write-OutputBoth " $role is $(if ($online) {'online'} else {'offline'})"
}
} catch {
Write-OutputBoth "ERROR: Failed to check FSMO roles - $_"
}
Write-OutputBoth ""
Write-OutputBoth "6. TIME SYNCHRONIZATION"
Write-OutputBoth "-----------------------"
try {
$timeSource = w32tm /query /source
$timeConfig = w32tm /query /configuration
$timeStatus = w32tm /query /status
Write-OutputBoth "Time source: $timeSource"
Write-OutputBoth "`nTime configuration:`n$timeConfig"
Write-OutputBoth "`nTime status:`n$timeStatus"
} catch {
Write-OutputBoth "ERROR: Failed to check time synchronization - $_"
}
Write-OutputBoth ""
Write-OutputBoth "7. RECENT CRITICAL EVENTS"
Write-OutputBoth "-------------------------"
try {
$events = Get-EventLog -LogName "Directory Service" -EntryType Error,Warning -After (Get-Date).AddDays(-1) -ErrorAction SilentlyContinue
if ($events) {
$events | Select-Object -First 10 -Property TimeGenerated, EntryType, EventID, Message | Format-Table -AutoSize | Out-String -Width 4096 | Write-OutputBoth
} else {
Write-OutputBoth "No critical Directory Service events in the last 24 hours."
}
$systemEvents = Get-EventLog -LogName "System" -EntryType Error,Warning -After (Get-Date).AddDays(-1) -ErrorAction SilentlyContinue | Where-Object {
$_.Source -like "*Active Directory*" -or $_.Source -like "*DNS*" -or $_.Source -like "*KDC*"
}
if ($systemEvents) {
Write-OutputBoth "`nRelevant System events:"
$systemEvents | Select-Object -First 10 -Property TimeGenerated, EntryType, EventID, Message | Format-Table -AutoSize | Out-String -Width 4096 | Write-OutputBoth
}
} catch {
Write-OutputBoth "ERROR: Failed to check event logs - $_"
}
Write-OutputBoth "`n8. DATABASE AND DISK SPACE"
Write-OutputBoth "--------------------------"
try {
$ntdsPath = (Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Services\NTDS\Parameters")."DSA Database file"
$ntdsDrive = $ntdsPath.Split('\')[0]
$diskInfo = Get-WmiObject Win32_LogicalDisk -Filter "DeviceID='$ntdsDrive'"
$freeSpaceGB = [math]::Round($diskInfo.FreeSpace / 1GB, 2)
$totalSpaceGB = [math]::Round($diskInfo.Size / 1GB, 2)
$percentFree = [math]::Round(($freeSpaceGB / $totalSpaceGB) * 100, 2)
Write-OutputBoth "NTDS Database location: $ntdsPath"
Write-OutputBoth "Disk $ntdsDrive free space: $freeSpaceGB GB of $totalSpaceGB GB ($percentFree%)"
if ($percentFree -lt 15) {
Write-OutputBoth "WARNING: Low disk space on $ntdsDrive!" -ForegroundColor Red
}
} catch {
Write-OutputBoth "ERROR: Failed to check database and disk space - $_"
}
Write-OutputBoth "`n============================================="
Write-OutputBoth " Active Directory Health Check Completed"
Write-OutputBoth " Report saved to: $outputFile"
Write-OutputBoth "============================================="
Invoke-Item $outputFile
