This script will allow you to check the Active Directory backup date on all the domains of your forest.
Each domain is checked by selecting a domain controller that is running the service ADWS (Active Directory Web Services).
You can adjust the variable $backup_age_threshold if you want a different backup age threshold.
$myForest = [System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest() $forestDN = (($myforest.Name).split(".")|%{"DC=$_"}) -join "," $domain_list = $myForest.Domains.Name $domainControllers = $myForest.GlobalCatalogs.Name $array = @() $backup_age_threshold = 2 $domain_list | % { $domain_fqdn = $_ $dcname = Get-ADDomainController -Discover -Service ADWS -DomainName $domain_fqdn | select Hostname -first 1 | % { $_.Hostname } $Partitions = (Get-ADRootDSE -Server $domain_fqdn).namingContexts $Partitions | % { $Partition = $_ $object = Get-ADObject -Identity $Partition -Properties msDS-ReplAttributeMetaData -Server $dcname $Object."msDS-ReplAttributeMetaData" | ForEach-Object { $MetaData = [XML]$_.Replace("`0","") $MetaData.DS_REPL_ATTR_META_DATA | ForEach-Object { If ($_.pszAttributeName -eq "dSASignature") { $backup_date = Get-Date $_.ftimeLastOriginatingChange -format "yyyy.MM.dd HH:mm:ss" $backup_age = ((Get-date) - (Get-Date $_.ftimeLastOriginatingChange)).TotalDays $Properties = @{domain=$domain_fqdn;dc=$dcname;partition=$Partition;backup_date=$backup_date;backup_age=$backup_age} $Newobject = New-Object PSObject -Property $Properties $array += $Newobject } } } } } $array | % { if ($_.backup_age -gt $backup_age_threshold) { write-host $_.domain ($_.dc) / Partition $_.partition / Backup is older than the configured threshold ($backup_age_threshold days) (last backup occured on $_.backup_date) -foregroundcolor red } else { write-host $_.domain ($_.dc) / Partition $_.partition / Backup is OK (last backup occured on $_.backup_date) -foregroundcolor green } }
Active Directory backup check