PowerShell Code

FSMO Role Validation and Transfer Support

View-only PowerShell code for review.

<#
.SYNOPSIS
    This script will test user to ensure replication is working to all the domain controllers on the domain.
.DESCRIPTION
    This script creates a test user in Active Directory, enables the user, forces replication across all domain controllers, and checks for the user's existence on each domain controller.
.EXAMPLE
    Test-Replication
    This example runs the script to create a test user, enable it, force replication across all domain controllers, and check for the new user on each domain controller.
.EXAMPLE
    Test-Replication -Username "TestUser01" -Password "<enteryourpassword>" -OU "OU=TestAccounts,DC=yourdomain,DC=net" -DisplayName "Test User 01".
    !!!!!!These are not actual user accounts or passwords and I stringly recommend you don't use them. This example runs the script with specified parameters to create a test user with the given username, password, organizational unit, and display name, then proceeds with replication testing as described in the first example.
.INPUTS
    The script does not take any inputs directly, but you can modify the variables at the beginning of the script to change the test user's details.
    - Username: The username for the test user.
    - Password: The password for the test user (must be secure).
    - OU: The organizational unit where the test user will be created.
    - DisplayName: The display name for the test user.
.OUTPUTS
    The script outputs the status of the test user creation, replication status, and whether the user was found on each domain controller.
    It will display messages indicating success or failure for each domain controller.
.NOTES
    This script is used for testing Active Directory replication by creating a test user and checking its presence across all domain controllers.
    Ensure you have the necessary permissions to create users in Active Directory.
    The script will force replication and check for the user's existence on each domain controller.
#>
# Import the AD module
Import-Module ActiveDirectory

# Define new test user details
$Username = "TestUser1"
$Password = ConvertTo-SecureString "<enteryourpassword>" -AsPlainText -Force #Again, don't use this password. I'm just tryint to make a point with the complexity requirements. Use a secure password that meets your organization's policies.
$OU = "OU=Staff,DC=yourdomain,DC=net"
$DisplayName = "Test User for DC Cutover"

# Create the new AD user
Write-Host "Creating AD user $Username..."
New-ADUser -Name $DisplayName `
    -SamAccountName $Username `
    -UserPrincipalName "$Username@yourdomain.net" `
    -AccountPassword $Password `
    -Path $OU `
    -Enabled $true `
    -PasswordNeverExpires $true `
    -ChangePasswordAtLogon $false
Enable-ADAccount -Identity $Username
Write-Host "User $Username created and enabled.`n"

# Force AD replication
Write-Host "Triggering AD replication between all domain controllers..."
Get-ADDomainController -Filter * | ForEach-Object {
    $source = $_.Name
    Get-ADDomainController -Filter * | ForEach-Object {
        $target = $_.Name
        if ($source -ne $target) {
            Write-Host "Replicating from $source to $target..."
            repadmin /replicate $target $source (Get-ADDomain).DistinguishedName
        }
    }
}

# Countdown timer function
function Start-Countdown {
    param ($Minutes)
    for ($i = $Minutes; $i -gt 0; $i--) {
        Write-Host "Waiting... $i minute(s) remaining." -ForegroundColor Yellow
        Start-Sleep -Seconds 60
    }
    Write-Host "Proceeding with verification..." -ForegroundColor Green
}

# Wait 5 minutes before checking (adjust if needed)
$WaitMinutes = 5
Start-Countdown -Minutes $WaitMinutes

# Verify the user on each domain controller
Write-Host "`nVerifying replication of user $Username to each domain controller..."
Get-ADDomainController -Filter * | ForEach-Object {
    $dc = $_.Name
    Write-Host "Checking $dc..."
    $user = Get-ADUser -Identity $Username -Server $dc -ErrorAction SilentlyContinue
    if ($user) {
        Write-Host "✅ Found $Username on $dc"
    } else {
        Write-Host "❌ $Username not found on $dc" -ForegroundColor Red
    }
}