Powershell Script to get Active Directory information and health check after upgrade to Windows Server 2019

With my Cloud environment almost completely done, I decided to go ahead and upgrade my current Domain Controllers from Windows Server 2016 to Windows Server 2019. Currently I have 2 Domain controllers, they are also my DNS servers. I thought it best to do a in-place upgrade to server 2019 to keep from having to change my static DNS settings everywhere.

Over all the process was really easy. Only one major thing to do first. Be sure to Forest and domain prep for the 2019 server coming into the environment. This process was also pretty easy. Sorry for not having pictures of this part. Once the 2019 ISO is mounted, open file explorer and then the ISO. You will see a Support Folder. Inside there you will find a adprep folder. Hold the shift key down and right click this folder. Select  "Open Command Prompt Here". Once the command prompt opens run the command adprep /forestprep, I believe it will ask you to enter a "C" then press enter to run. Once it finishes run adprep /domainprep, after that is complete go back to the root of the ISO and launch the setup.exe.

The rest of the upgrade went as planned no issues. In this post I will not go through the upgrade process. I just wanted to be sure to call out the forest and domain prep before beginning the upgrade process. Lets get in to the script.

I needed a script to give me some basic info about my AD and then run a quick health check after my upgrades.

So first thing first I have to set some variables

After the variables were set I need to do a quick conversion of the AD Schema version to the corresponding Windows Server Version.

Next was the screen output of all the AD info we gathered so far.

For the Next section I wanted to do a Health Check. I found this online https://gallery.technet.microsoft.com/scriptcenter/Active-Directory-Health-709336cd

While this was a great script I didn't need the HTML output. I stripped the script down and used just what I needed. This part of the script was a little long so I broke it down into several pictures. The first part of the Health check gathers all the DC's up and does a Foreach loop through them. In my case just two.

On this part we are going some quick ping tests along with checking the Netlogon and NTDS services are running.

The next section checks the DNS service and does a quick Netlogon test

The next section does a replication and DCdiag test

Then the last section tests advertising and verify FSMO roles

I left this script pretty wide open to run in any environment. Be sure of a couple things.

  1. Open powershell as an Administrator.
  2. Be sure to run this from a domain connected computer. I ran mine from one of my DC's
  3. Run this with an account with Domain Admin rights.
  4. Be sure the Active Directory Module is install in you powershell session.

The final screenshot is of the screen output. I blurred out the server names to protect the innocent.

If you would like to download a copy of the script, it can be found here. https://github.com/shanermoore/scripts/blob/master/ADinfo.ps1

Thanks for reading!