Tuesday, April 21, 2015

Active Directory ntds.dit database file size checking

This script will check the dit size, dit freespace and the drive size/freespace information on the disk that is hosting the file. It assumes that garbage collection debug logging is turned on, so that 1646 events can be read to find out how much free space is in the DIT file on each machine.

import-module activedirectory
$domaindetail = get-addomain
$domaincontrollers = $domaindetail.ReplicaDirectoryServers + $domaindetail.ReadOnlyReplicaDirectoryServers
out-default -inp ("Computername,DITsizeGB,FreespaceGB,DBDriveSize,DBDriveFreespace")
foreach ($dc in $domaincontrollers) {
 #assumes that NTDS diags for Garbage collections are set to 1
 try {
 $DITfreespace = get-winevent -FilterHashtable @{
  ID=1646;logname="Directory Service"
 } -max 1 -computername $dc |
  select -exp properties
 #value from the event log is in mb, not bytes, so we divide by kb to get gb
 $DITfreespace = $DITfreespace[0].value /1kb
 $DITfreespace = "{0:N3}" -f $DITfreespace

 #get DB location
 $RegObj = [microsoft.win32.registrykey]::openremotebasekey('LocalMachine',$dc)
 $regkey = $regobj.opensubkey("SYSTEM\\CurrentControlSet\\Services\\NTDS\\Parameters")
 $val = $regkey.getvalue("DSA Database file")
 $driveletter = $val[0] + $val[1]
 $val= $val.replace(":","$")
 $val = "\\" + $dc + "\" + $val
 #get size of dit
 $len = (dir \\$dc\e$\ntds\ntds.dit|select length).length /1gb
 $len = "{0:N2}" -f $len

 #get drive details
 $driveinformation = Get-WmiObject Win32_logicaldisk  -computer $dc -filter ("DeviceID = '" + $driveletter + "'")|select size,freespace
 $size = "{0:N2}" -f ($driveinformation.size /1gb)
 $freespace = "{0:N2}" -f ($driveinformation.freespace /1gb)
 out-default -inp ("$dc,$len,$DITfreespace,$size,$freespace")

 } catch {
  out-default -inp ("$dc,Failedtoconnect")

Wednesday, April 15, 2015

Checking to see if AD Helper object has been installed

This script will check all of the domain controllers in the current domain for the presence of oomads (AD Helper Object). It uses jobs to help speed things up as the WMI product query is very slow. Once all jobs finish it will dump the results in csv type format.

$domaindetail = get-addomain
$domaincontrollers = $domaindetail.ReplicaDirectoryServers + $domaindetail.ReadOnlyReplicaDirectoryServers
foreach ($dc in $domaincontrollers) {
 invoke-command -computer $dc -scriptblock {
  $oomads = gwmi -query "select caption from win32_product where identifyingnumber='{3696BAB3  -3B1B-42C3-8D46-1898E59E7C84}'"|select caption
  if ($oomads -ne $null) {
   write-output -input ($env:computername + ",INSTALLED")
  } else {
   write-output -input ($env:computername + ",NOTINSTALLED")
 } -asjob -jobname ("$dc-oomads")
#these queries are slow, so we need to wait on the jobs to finish
while ( (get-job |where {$_.name -match "oomad" -and $_.state -eq "Running"}) -ne $null) {
 sleep 30
get-job |where {$_.name -match "oomad"} |Receive-Job
get-job |where {$_.name -match "oomad"} |Remove-Job