PowerShell DC Health Status – Ping, Hard Drive Space, Replication

There is an updated version of this DC Health Check PowerShell script that is much simpler and does not require the Quest add-in.

We kept getting reports that DC issues (replication to begin with) were preventing a solution from being implemented. I was tasked with determining the root cause of these issues, and this PowerShell script was born from that effort. This script will pull the DCs from several domains (using the Quest Active Directory add-in), check the connectivity of the DCs, calculate their free space using WMI-Object, run Repadmin, and display the results in the console and an HTML file.

You will need to install the Quest AD add-in, customize the domain list (this script was for a multi-domain environment, thus uses an array to store the domains), and modify the login credentials by creating a password file (or simply modify the command with a hard-coded username/password).

Import-Module (get-pssnapin Quest.ActiveRoles.ADManagement -Registered).ModuleName

$username = "domain\username"
$Password = gc C:\password.txt | ConvertTo-SecureString
$DomainList = @(`

#Routine to highlight errors in the script
filter colorize-row{
    [string]$prop="Free Space (%)") #Property of the table to highlight; must be exactly the same as defined in the hashtable below

    $fgc=[console]::ForegroundColor; #Save current console color

    #test to see if the drive free space is below 20%
    if ($_.$prop -lt 20) { [console]::ForegroundColor=$color; $_ } #Set the color to $color; then output the property string
    else{ $_ } #otherwise, just output the property string

    [console]::ForegroundColor=$fgc; # revert to saved console colors

$DCs = $null #Initialize the DC array

#Using the Quest AD plugin, connect to each of the domains defined in the $DomainList array; assure that the $username and $Password are correct
$domainList | % {
  Connect-QADService $_ -ConnectionAccount $username -ConnectionPassword $Password > $null
  #Add the FQDN of the DCs from each domain into the $DCs array
  $DCs += Get-QADComputer -computerrole DomainController | select @{n="Name";e={$_.dnsname}}


$DCs | % { 

  $Name = $_.name
  $PingHost = Test-Connection -computername $Name -quiet

  echo "DC Name: $Name"
  if (!$Pinghost) { write-host "Return Ping: $Pinghost" -foreground Red } else { echo "Return Ping: $Pinghost" }

  try {
    $ErrorActionPreference = "Stop"; #Throw a terminating error for a non-terminating error (can't contact server)
    Get-WmiObject win32_logicaldisk -computername $Name | Where-Object { $_.DriveType -eq 3 } | select @{label="Drive";expression={$_.deviceid}}, @{label="Free Space (%)";expression={[Math]::Round(($_.FreeSpace/$_.Size)*100, 0)}} | colorize-row | fl
  catch { #write the error message to the console
    'Error: {0}' -f $_.Exception.Message
  finally { #reset the error action back to continue to keep running the script
    $ErrorActionPreference = "Continue"; #Reset the error action pref to default

$workfile = repadmin.exe /showrepl * /csv 
$results = ConvertFrom-Csv -InputObject $workfile | where {$_.'Number of Failures' -ge 1}

#Here you set the tolerance level for the report
$results = $results | where {$_.'Number of Failures' -gt 1 }

if ($results -ne $null ) {
    $results = $results | select "Source DSA", "Naming Context", "Destination DSA" ,"Number of Failures", "Last Failure Time", "Last Success Time", "Last Failure Status" | ConvertTo-Html
    } else {
    $results = "There were no Replication Errors"

$results | out-file repl.html



One Comment

Leave a Reply