Active Directory Functional Domain level check

This script will help you to check the Active Directory domain functional level. First the script asks for the domain name (fqdn). Then, the domain controllers names of this domain are queried to get the value of the AD attribute called msDS-Behavior-Version.

The meaning of the retrieved values is described in the following Microsoft MSDN article:

0=Windows 2000
2=Windows Server 2003, Windows Server 2003 R2
3=Windows Server 2008
4=Windows Server 2008 R2
5=Windows Server 2012
6=Windows Server 2012 R2
7=Windows Server 2016

if (Get-Module -ListAvailable -Name ActiveDirectory) {
	if ( ! (Get-module ActiveDirectory )) {
		Import-Module ActiveDirectory
	}

	$domain = read-host -prompt 'domain fqdn (e.g. domain.local)'
	try {
		$dominfo = get-addomain $domain
	}
	catch {
		$excepMsg = $_.Exception.Message
		Write-Output "Problem: $excepMsg"
	}
	if ($dominfo) {
		if ($domain -match "."){
			$domDN = ($domain.split(".") | % { "DC=$_"}) -join ","
		}	
		else {
			$domDN = "DC=$domain"
		}
		
		$domLevel_ht = @{
			0 = "Windows 2000 Server"
			2 = "Windows Server 2003, Windows Server 2003 R2"
			3 = "Windows Server 2008"
			4 = "Windows Server 2008 R2"
			5 = "Windows Server 2012"
			6 = "Windows Server 2012 R2"
			7 = "Windows Server 2016"
		}
		
		(Get-ADforest).GlobalCatalogs | ? { (($_.split(".")[1..($_.split(".").length-1)]) -join ".") -eq $domain } | % {
			$dcname = $_
			Get-ADObject -Identity $domDN -Properties * -Server $dcname | select @{n='DCName';e={$dcname}}, @{n='DomainFunctionalLevel';e={$domLevel_ht[$_.'msDS-Behavior-Version']}}
		}
	}
} else {
	Write-Host "ActiveDirectory Module does not exist. Please install it and run the script again"
}

My Powershell script categories

Active Directory Functional Domain level check

Leave a Reply Cancel reply