Wmic tool to check Active Directory replications
Wmic tool to check Active Directory replications

I have written a bash script based on the wmic tool (available here / procedure here) to check the status of the Active Directory replication between my domain controllers. The script performs these steps :

  • list the domain controllers hostname+ip addresses in the DNS zone _msdcs.domain.local
  • request the wmi to get the replication status
  • store the result in a csv file

To be sure the WMI communication is ok between the linux box and the domain controllers, you will need to configure the WMI properties on all the domain controllers :

  • Computer Management > Configuration > WMI Control > Properties
  • Security tab
  • Click on the security button
  • Click the Add button
  • Add the user account that will execute the WMI requests
  • Add the following rights : Execute method, Enable Account, Remote enable and Read security
#!/bin/bash
rm -f /script_folder/*.tmp
echo > /script_folder/dclist.csv.tmp
for i in `dig _msdcs.domain.local ns +noall +answer +short | cut -f5 | awk '{if(NR>1)print}'`
do
        ip_addr=$(dig $i +noall +answer +short |head -n 1)
        echo "$i,$ip_addr" >> /script_folder/dclist.csv.tmp
        wmic_command="/usr/bin/wmic -U DOMAIN/username%password //$ip_addr \"select LastSyncResult,NumConsecutiveSyncFailures,SourceDsaCN,NamingContextDN from MSAD_ReplNeighbor\" --namespace Root/MicrosoftActiveDirectory --delimiter=\";\" 2>&1"
        echo $wmic_command
        domainname=$(echo $i|cut -f2- -d.)
        echo $domainname
        echo $ip_addr
        eval $wmic_command | awk '{if(NR>2)print}' | sed "s/^/$domainname;$i;/" > /script_folder/adrepl.$ip_addr.tmp &
done
sed '/^$/d' /script_folder/dclist.csv.tmp > /script_folder/dclist.csv
wait
cat /script_folder/adrepl.*.tmp > /script_folder/adrepl.csv

With the following php code you can visualize the csv content (jquery is only required to automatically refresh the page):

<html>
<head>
<style type="text/css">
body
   {
    font-family:"Lucida Grande", "Lucida Sans Unicode", "Verdana", "Arial", "Helvetica", "sans-serif";
    font-size:15px;
    color:#274b6d;
    fill:#274b6d;
   }
</style>
<script type="text/javascript" src="jquery.min.js"></script>
<script type="text/JavaScript">
<!--
function timedRefresh(timeoutPeriod) {
        setTimeout("location.reload(true);",timeoutPeriod);
}
$(window).load(function() {
        $(".repl_body_tag").height($("#repl_php_div").height());

});
//   -->
</script>
</head>
<body class="repl_body_tag" onload="JavaScript:timedRefresh(500000);">
<div id="repl_php_div">
<?php
$dc_fil = "./dclist.csv";
$repl_fil = "./adrepl.csv";
?>
<center>Active Directory Replication Status <?php echo " (last scan ".date ("F d Y H:i:s", filemtime($repl_fil)).")"; ?><br>
<?php
$dc_arr = file($dc_fil);
$repl_arr = file($repl_fil);
sort($repl_arr);
sort($dc_arr);
foreach ($dc_arr as $dcinfo) {
        $dcinfo_arr = explode(",",$dcinfo);
        $dcname = $dcinfo_arr[0];
        $sync_flag=0;
        $img_repl_info = "Repl from $dcname:";
        $img_repl_info_pb = "Repl problem from $dcname:";
        $dcname = str_replace("\n", "", $dcname);
        $dcname = str_replace("\r", "", $dcname);
        $result_arr = preg_grep("/{$dcname}/i", $repl_arr);
        foreach ($result_arr as $result_str) {
                $status_arr = explode(";",$result_str);
                $lastsyncresult = $status_arr[2];
                $syncfailures = $status_arr[4];
                if (($syncfailures>0) && ($syncfailures<20) && ($sync_flag<2)) {
                        $sync_flag=1;
                        $img_repl_info_pb .= "\n> ".$status_arr[5]." (".$syncfailures." sync failure(s))";
                }
                elseif ($syncfailures>=20) {
                        $sync_flag=2;
                        $img_repl_info_pb .= "\n> ".$status_arr[5]." (".$syncfailures." sync failure(s))";
                }
                elseif ((strpos($lastsyncresult,'ERROR:') !== false)||(strpos($lastsyncresult,'TIMEOUT') !== false)) {
                        $sync_flag=3;
                        $img_repl_info_pb .= "\n> ".$lastsyncresult;
                }
                else {
                        $img_repl_info .= "\n> ".$status_arr[5]." (".$status_arr[3].")";
                }
        }
        if ($sync_flag==1) {
                echo "<img src='icon-yellow.png' width='15px' title='".$img_repl_info_pb."'>";
        }
        elseif ($sync_flag==2) {
                echo "<img src='icon-red.png' width='15px' title='".$img_repl_info_pb."'>";
        }
        elseif ($sync_flag==3) {
                echo "<img src='icon-gray.png' width='15px' title='".$img_repl_info_pb."'>";
        }
        elseif ($sync_flag==0) {
                echo "<img src='icon-green.png' width='15px' title='".$img_repl_info."'>";
        }
}
?>
<center>
</div>
</body>
</html>

You can download here the icon package. The page looks like that :
adrepl

Wmic tool to check Active Directory replications

Leave a Reply

Your email address will not be published. Required fields are marked *