I have written a bash script based on the wmic tool (available here / procedure here) to check the status of the Active Directory replication between my domain controllers. The script performs these steps :
- list the domain controllers hostname+ip addresses in the DNS zone _msdcs.domain.local
- request the wmi to get the replication status
- store the result in a csv file
To be sure the WMI communication is ok between the linux box and the domain controllers, you will need to configure the WMI properties on all the domain controllers :
- Computer Management > Configuration > WMI Control > Properties
- Security tab
- Click on the security button
- Click the Add button
- Add the user account that will execute the WMI requests
- Add the following rights : Execute method, Enable Account, Remote enable and Read security
#!/bin/bash rm -f /script_folder/*.tmp echo > /script_folder/dclist.csv.tmp for i in `dig _msdcs.domain.local ns +noall +answer +short | cut -f5 | awk '{if(NR>1)print}'` do ip_addr=$(dig $i +noall +answer +short |head -n 1) echo "$i,$ip_addr" >> /script_folder/dclist.csv.tmp wmic_command="/usr/bin/wmic -U DOMAIN/username%password //$ip_addr \"select LastSyncResult,NumConsecutiveSyncFailures,SourceDsaCN,NamingContextDN from MSAD_ReplNeighbor\" --namespace Root/MicrosoftActiveDirectory --delimiter=\";\" 2>&1" echo $wmic_command domainname=$(echo $i|cut -f2- -d.) echo $domainname echo $ip_addr eval $wmic_command | awk '{if(NR>2)print}' | sed "s/^/$domainname;$i;/" > /script_folder/adrepl.$ip_addr.tmp & done sed '/^$/d' /script_folder/dclist.csv.tmp > /script_folder/dclist.csv wait cat /script_folder/adrepl.*.tmp > /script_folder/adrepl.csv
With the following php code you can visualize the csv content (jquery is only required to automatically refresh the page):
<html> <head> <style type="text/css"> body { font-family:"Lucida Grande", "Lucida Sans Unicode", "Verdana", "Arial", "Helvetica", "sans-serif"; font-size:15px; color:#274b6d; fill:#274b6d; } </style> <script type="text/javascript" src="jquery.min.js"></script> <script type="text/JavaScript"> <!-- function timedRefresh(timeoutPeriod) { setTimeout("location.reload(true);",timeoutPeriod); } $(window).load(function() { $(".repl_body_tag").height($("#repl_php_div").height()); }); // --> </script> </head> <body class="repl_body_tag" onload="JavaScript:timedRefresh(500000);"> <div id="repl_php_div"> <?php $dc_fil = "./dclist.csv"; $repl_fil = "./adrepl.csv"; ?> <center>Active Directory Replication Status <?php echo " (last scan ".date ("F d Y H:i:s", filemtime($repl_fil)).")"; ?><br> <?php $dc_arr = file($dc_fil); $repl_arr = file($repl_fil); sort($repl_arr); sort($dc_arr); foreach ($dc_arr as $dcinfo) { $dcinfo_arr = explode(",",$dcinfo); $dcname = $dcinfo_arr[0]; $sync_flag=0; $img_repl_info = "Repl from $dcname:"; $img_repl_info_pb = "Repl problem from $dcname:"; $dcname = str_replace("\n", "", $dcname); $dcname = str_replace("\r", "", $dcname); $result_arr = preg_grep("/{$dcname}/i", $repl_arr); foreach ($result_arr as $result_str) { $status_arr = explode(";",$result_str); $lastsyncresult = $status_arr[2]; $syncfailures = $status_arr[4]; if (($syncfailures>0) && ($syncfailures<20) && ($sync_flag<2)) { $sync_flag=1; $img_repl_info_pb .= "\n> ".$status_arr[5]." (".$syncfailures." sync failure(s))"; } elseif ($syncfailures>=20) { $sync_flag=2; $img_repl_info_pb .= "\n> ".$status_arr[5]." (".$syncfailures." sync failure(s))"; } elseif ((strpos($lastsyncresult,'ERROR:') !== false)||(strpos($lastsyncresult,'TIMEOUT') !== false)) { $sync_flag=3; $img_repl_info_pb .= "\n> ".$lastsyncresult; } else { $img_repl_info .= "\n> ".$status_arr[5]." (".$status_arr[3].")"; } } if ($sync_flag==1) { echo "<img src='icon-yellow.png' width='15px' title='".$img_repl_info_pb."'>"; } elseif ($sync_flag==2) { echo "<img src='icon-red.png' width='15px' title='".$img_repl_info_pb."'>"; } elseif ($sync_flag==3) { echo "<img src='icon-gray.png' width='15px' title='".$img_repl_info_pb."'>"; } elseif ($sync_flag==0) { echo "<img src='icon-green.png' width='15px' title='".$img_repl_info."'>"; } } ?> <center> </div> </body> </html>
You can download here the icon package. The page looks like that :
Wmic tool to check Active Directory replications