Active Directory backup check
Active Directory backup check

This script will allow you to check the Active Directory backup date on all the domains of your forest.
Each domain is checked by selecting a domain controller that is running the service ADWS (Active Directory Web Services).

You can adjust the variable $backup_age_threshold if you want a different backup age threshold.

$myForest = [System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest()
$forestDN = (($myforest.Name).split(".")|%{"DC=$_"}) -join ","

$domain_list = $myForest.Domains.Name
$domainControllers = $myForest.GlobalCatalogs.Name

$array = @()
$backup_age_threshold = 2

$domain_list | % {
    $domain_fqdn = $_
    $dcname = Get-ADDomainController -Discover -Service ADWS -DomainName $domain_fqdn | select Hostname -first 1 | % { $_.Hostname }
    $Partitions = (Get-ADRootDSE -Server $domain_fqdn).namingContexts
    $Partitions | % {
        $Partition = $_
        $object = Get-ADObject -Identity $Partition -Properties msDS-ReplAttributeMetaData -Server $dcname
        $Object."msDS-ReplAttributeMetaData" | ForEach-Object {
            $MetaData = [XML]$_.Replace("`0","")
            $MetaData.DS_REPL_ATTR_META_DATA | ForEach-Object {
                If ($_.pszAttributeName -eq "dSASignature") {
                    $backup_date = Get-Date $_.ftimeLastOriginatingChange -format "yyyy.MM.dd HH:mm:ss"
                    $backup_age = ((Get-date) - (Get-Date $_.ftimeLastOriginatingChange)).TotalDays
                    $Properties = @{domain=$domain_fqdn;dc=$dcname;partition=$Partition;backup_date=$backup_date;backup_age=$backup_age}
                    $Newobject = New-Object PSObject -Property $Properties
                    $array += $Newobject
                }
            }
        }
    }
}
$array | % {
	if ($_.backup_age -gt $backup_age_threshold) {
		write-host $_.domain ($_.dc) / Partition $_.partition / Backup is older than the configured threshold ($backup_age_threshold days) (last backup occured on $_.backup_date) -foregroundcolor red
	}
	else {
		write-host $_.domain ($_.dc) / Partition $_.partition / Backup is OK (last backup occured on $_.backup_date) -foregroundcolor green
	}
}
<>
Active Directory backup check

Leave a Reply

Your email address will not be published.