This script will allow you to check the Active Directory backup date on all the domains of your forest.
Each domain is checked by selecting a domain controller that is running the service ADWS (Active Directory Web Services).
You can adjust the variable $backup_age_threshold if you want a different backup age threshold.
$myForest = [System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest()
$forestDN = (($myforest.Name).split(".")|%{"DC=$_"}) -join ","
$domain_list = $myForest.Domains.Name
$domainControllers = $myForest.GlobalCatalogs.Name
$array = @()
$backup_age_threshold = 2
$domain_list | % {
$domain_fqdn = $_
$dcname = Get-ADDomainController -Discover -Service ADWS -DomainName $domain_fqdn | select Hostname -first 1 | % { $_.Hostname }
$Partitions = (Get-ADRootDSE -Server $domain_fqdn).namingContexts
$Partitions | % {
$Partition = $_
$object = Get-ADObject -Identity $Partition -Properties msDS-ReplAttributeMetaData -Server $dcname
$Object."msDS-ReplAttributeMetaData" | ForEach-Object {
$MetaData = [XML]$_.Replace("`0","")
$MetaData.DS_REPL_ATTR_META_DATA | ForEach-Object {
If ($_.pszAttributeName -eq "dSASignature") {
$backup_date = Get-Date $_.ftimeLastOriginatingChange -format "yyyy.MM.dd HH:mm:ss"
$backup_age = ((Get-date) - (Get-Date $_.ftimeLastOriginatingChange)).TotalDays
$Properties = @{domain=$domain_fqdn;dc=$dcname;partition=$Partition;backup_date=$backup_date;backup_age=$backup_age}
$Newobject = New-Object PSObject -Property $Properties
$array += $Newobject
}
}
}
}
}
$array | % {
if ($_.backup_age -gt $backup_age_threshold) {
write-host $_.domain ($_.dc) / Partition $_.partition / Backup is older than the configured threshold ($backup_age_threshold days) (last backup occured on $_.backup_date) -foregroundcolor red
}
else {
write-host $_.domain ($_.dc) / Partition $_.partition / Backup is OK (last backup occured on $_.backup_date) -foregroundcolor green
}
}
Active Directory backup check