Archive for April, 2014

Run DCDiag on all domain controllers using PowerShell script

Since DCDiag is a simple and great way to check the health of a domain controller I have decided to right a simple script in PowerShell that will connect to all domain controllers in a session, run DCDiag, and spit out the results to a text file. The requirements to make this work is that the domain controller must support PowerShell remoting with it enabled on each domain controller you want to run it on. This at least requires that PowerShell V2 is installed on the domain controller. To enable PowerShell remoting, you can either run Enable-PSRemoting from the PowerShell console on each domain controller or create a GPO and apply to the domain controllers OU. PowerShell remoting is enabled by default on Server 2012 and 2012 R2 domain controllers.

Copy the text below and save as a .ps1 file. Remember to run “Set-ExecutionPolicy Unrestricted” on the domain controller you plan on running the script from. The script will only need to be run once.

Import-Module ActiveDirectory
$outdir = “C:\DCDiag”
if(!(test-path $outdir)){ mkdir $outdir }
$DCs = (Get-ADForest).Domains | %{ Get-ADDomainController –Filter * -Server $_ }
foreach ($DC in $DCs){
$sessions = New-PSSession $
$dcoutdir = “$outdir\$($”
New-Item $dcoutdir -ItemType directory | Out-Null
Invoke-Command -Session $sessions {dcdiag} | Out-File $dcoutdir\dcdiag.txt
Remove-PSSession -ComputerName $

Write-Host “”
Write-Host “Output from script will be in ” $outdir

Write-Host “”


Find Current Users using PowerShell

Similar to having to help discover the current workstations in the environment in my previous post, I also helped myself (along with my customer) in generating the list of current users as well for the migration.

Again the variables I needed to consider are that the account has logged in within 3 months from today’s date along with being an enabled account. The command I used to achieve this is:

Get-ADUser -Properties * -Filter * | where {$_.LastLogonDate -gt (get-date).addmonths(-3) -AND $_.enabled -eq “True”} | select -Property Name,SamAccountName,Enabled,LastLogonDate | sort-object Name | Export-Csv C:\Lists\Users.csv -NoTypeInformation

Enjoy (again)

Find Current Workstations in PowerShell

Recently while performing an Active Directory migration for a customer I needed to generate a list of workstations that were currently in use in the environment. Since the customer was extremely busy wrapped up in numerous other projects and I was in a time crunch, I decided to see what PowerShell could do for me. Some of the variables I needed for my list were:

  • Computer is running a client operating system
  • Computer account is enabled
  • Computer had been logged on in the past 3 months

Using those variables, I generated a nice command to find, sort, and output the information in an Excel file so the project could continue to move on at a decent pace without delay. The command I use to achieve this was:

Get-ADComputer -Properties * -Filter * | where {$_.OperatingSystem -notlike “*server*” -AND $_.lastlogondate -gt (get-date).addmonths(-3) -AND $_.enabled -eq “True”} | select -Property Name,OperatingSystem,Enabled,LastLogonDate | sort-object LastLogonDate -descending | Export-Csv c:\Lists\Workstations.csv -NoTypeInformation