月度归档: 2017 年 10 月

AD 巡检(3) 域控角色检查

Netdom Query Fsmo

NETDOM [ ADD | COMPUTERNAME | HELP | JOIN | MOVE | QUERY | REMOVE |
MOVENT4BDC | RENAMECOMPUTER | RESET | TRUST | VERIFY | RESETPWD ]

可以通过 netdom help 查看各个子命令的用法

GC 全局编录检查

  1. Get-ADDomainController -Discover -Domain ‘ab.com’ | ft Name,IsGlobalCatalog
  2. nltest /dsgetdc:DomainName 查询GC
  3. Get-ADDomainController-Filter {Site-eq ‘Default-First-Site-Name’}} | FT Name,IsGlobalCatalog
  4. Get-ADForest meraki.edu | FL GlobalCatalogs

AD 巡检(2)网络连通性检查

  1. 获取当前网卡配置
    • get-NetIpConfiguration -All
  2. 网络连通性及端口检查 端口 主要有88,3268,3269,389
    • Test-NetConnection -Port 389 -ComputerName pdc.abc.com
  3. DNS 别名连通性检查
    • Get-DnsServerResourceRecord -ZoneName ‘abc.com’  -ComputerName ‘abc-dc01′  -RRType “CName” | select HostName,RecordType,@{Name=’RecordData’;Expression={$_.RecordData.HostNameAlias.ToString()}} | Where {$_.RecordData -match $ComputerName}
    • 上述命令获得主机的dns Cname
    • 检查 各dns 主机别名连通性 :Test-NetConnection -ComputerName 0e109edb-6d9e-4543-9e95-46992b1cd19d._msdcs.abc.com
  4. 网络连接状态检查
    • Get-NetTCPConnection -LocalAddress ‘10.100.10.2’
    • Get-NetUDPEndpoint -LocalAddress ‘10.100.10.2’

AD 巡检(1)域环境检查

  • 域环境的检查
    1. 域名检查
      • Get-WmiObject -Namespace root\cimv2 -Class Win32_ComputerSystem | Select Name, Domain
    2. 域功能级别,林功能级别
      • Get-ADDomain -Current LocalComputer | Select-Object ‘DomainMode’
      • Get-ADForest -Current LocalComputer | Select-Object ‘ForestMode’
    3. 域控的数量,系统,Fsmo,站点,是否为GC
      • Get-ADDomainController -Filter * | Select-Object Name,OperatingSystem,OperationMasterRoles,Site,IsGlobalCatalog
    4. 是否有其它的角色安装
      • get-WindowsFeature | where InstallState -eq ‘Installed’
      • Get-WindowsFeature | Where-Object {$.InstallState -EQ ‘Installed’} 执行报错