Maintenance Scripts
Get-RODCPasswordRPs.ps1
something exciting
Some information about the exciting thing
Table of contents generated with markdown-toc
Script
<#
This script will find all Read-Only Domain Controllers (RODCs) and report
on the Allowed and Denied Password Replication Policies (PRPs) on each one.
Script Name: Get-RODCPRPs.ps1
Release 1.0
Written by [email protected] 29/1/2014
References:
- http://technet.microsoft.com/en-us/library/cc730883(v=ws.10).aspx
- http://blogs.technet.com/b/heyscriptingguy/archive/2013/12/17/use-powershell-to-work-with-rodc-accounts.aspx
- http://gallery.technet.microsoft.com/scriptcenter/Get-ADRodcAuthenticatedNotR-daf51490
- http://gunnalag.com/2011/12/25/rodc-filtered-attribute-set-credential-caching-and-the-authentication-process-with-an-rodc/
- http://blogs.dirteam.com/blogs/paulbergson/archive/2010/09/22/rodc-password-replication-group-management.aspx
- http://technet.microsoft.com/nl-nl/library/cc835090(v=ws.10).aspx
- http://blogs.metcorpconsulting.com/tech/?p=1096
- Refer to the section on Password Replication Policies in chapter 9 of the
O'Reilly Active Directoy 5th Edition book under the Read-Only Domain
Controllers section.
#>
#-------------------------------------------------------------
# Import the Active Directory Module
Import-Module ActiveDirectory -WarningAction SilentlyContinue
if ($Error.Count -eq 0) {
#Write-Host "Successfully loaded Active Directory Powershell's module`n" -ForeGroundColor Green
}
else {
Write-Host "Error while loading Active Directory Powershell's module : $Error`n" -ForeGroundColor Red
exit
}
#-------------------------------------------------------------
# Get the script path
$ScriptPath = { Split-Path $MyInvocation.ScriptName }
$ReferenceFile = $(&$ScriptPath) + "\RODCPRPReport.csv"
$array = @()
$RODCs = Get-ADDomainController -Filter { IsReadOnly -eq $true }
foreach ($RODC in $RODCs) {
$Allowed = Get-ADDomainControllerPasswordReplicationPolicy -Allowed -Identity $RODC
$Denied = Get-ADDomainControllerPasswordReplicationPolicy -Denied -Identity $RODC
$AllowArray = @()
$DeniedArray = @()
foreach ($Allow in $Allowed) {
$AllowArray += $Allow.Name
}
foreach ($Deny in $Denied) {
$DeniedArray += $Deny.Name
}
$output = New-Object PSObject
$output | Add-Member NoteProperty -Name "RODC" $RODC.Name
$output | Add-Member NoteProperty -Name "Allowed" ($AllowArray -join "|")
$output | Add-Member NoteProperty -Name "Denied" ($DeniedArray -join "|")
$array += $output
}
# Write-Output $array | Format-Table
$array | Export-Csv -notype -path "$ReferenceFile"
# Remove the quotes
(Get-Content "$ReferenceFile") | ForEach-Object { $_ -replace '"', "" } | Out-File "$ReferenceFile" -Force -Encoding ascii
Download
Please feel free to copy parts of the script or if you would like to download the entire script, simple click the download button. You can download the complete repository in a zip file by clicking the Download link in the menu bar on the left hand side of the page.
Report Issues
You can report an issue or contribute to this site on GitHub. Simply click the button below and add any relevant notes. I will attempt to respond to all issues as soon as possible.