Last active
October 21, 2025 19:03
-
-
Save zjorz/aa9a8d8edc4da25043a0a757aee22006 to your computer and use it in GitHub Desktop.
Displaying The DSRM Sync State Across All DCs In The AD Domain
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # SOURCE: https://gist.github.com/zjorz/aa9a8d8edc4da25043a0a757aee22006/ | |
| Invoke-Command -ScriptBlock { | |
| Clear-Host | |
| $scriptMode = "ADSIorSDSP" # "ADSIorSDSP" Or "ADPoSH" | |
| Write-Host "" | |
| Write-Host "###############################################################################" -Foregroundcolor Yellow | |
| Write-Host "### DISPLAYING THE DSRM SYNC STATE ACROSS ALL DCs IN THE AD DOMAIN ###" -Foregroundcolor Yellow | |
| Write-Host "###############################################################################" -Foregroundcolor Yellow | |
| Write-Host "" | |
| $dateTime = Get-Date -Format "yyyy-MM-dd HH:mm:ss" | |
| Write-Host " > Date/Time.............: $dateTime" -Foregroundcolor Yellow | |
| Write-Host "" | |
| If ($scriptMode -eq "ADSIorSDSP") { | |
| $adDomain = [System.DirectoryServices.ActiveDirectory.Domain]::GetComputerDomain() | |
| $adDomainDN = $adDomain.GetDirectoryEntry().Properties["DistinguishedName"].Value | |
| $rwdcPDCFSMOFQDN = $adDomain.PdcRoleOwner.Name | |
| $adsiSearcher = New-Object DirectoryServices.DirectorySearcher | |
| $adsiSearcher.SearchRoot = [ADSI]"LDAP://$rwdcPDCFSMOFQDN/OU=Domain Controllers,$adDomainDN" | |
| $adsiSearcher.Filter = "(|(primaryGroupID=516)(primaryGroupID=521))" | |
| $adsiSearcher.PropertiesToLoad.Add("distinguishedName") > $null | |
| $adsiSearcher.PropertiesToLoad.Add("sAMAccountName") > $null | |
| $adsiSearcher.PropertiesToLoad.Add("info") > $null | |
| $adsiSearcher.PropertiesToLoad.Add("msDS-isRODC") > $null | |
| $dcComputerAccountObjects = $adsiSearcher.FindAll() | |
| $dsrmResetStateList = @() | |
| $dcComputerAccountObjects | ForEach-Object { | |
| $dcComputerAccountObjectProps = $_.Properties | |
| $dsrmResetStateObj = New-Object -TypeName System.Object | |
| $dsrmResetStateObj | Add-Member -MemberType NoteProperty -Name "DistinguishedName" -Value $($dcComputerAccountObjectProps.distinguishedname[0]) | |
| $dsrmResetStateObj | Add-Member -MemberType NoteProperty -Name "SamAccountName" -Value $($dcComputerAccountObjectProps.samaccountname[0]) | |
| $dsrmResetStateObj | Add-Member -MemberType NoteProperty -Name "DC Type" -Value $(If ([string]::IsNullOrEmpty($dcComputerAccountObjectProps."msds-isrodc")) {"UNKNOWN"} Else {If($dcComputerAccountObjectProps."msds-isrodc"[0] -eq $false) {"RWDC"}; If ($dcComputerAccountObjectProps."msds-isrodc"[0] -eq $true) {"RODC"}}) | |
| $dsrmResetStateObj | Add-Member -MemberType NoteProperty -Name "DSRM Reset State" -Value $(If (-not [string]::IsNullOrEmpty($dcComputerAccountObjectProps.info)) {$dcComputerAccountObjectProps.info[0]} Else {$null}) | |
| $dsrmResetStateList += $dsrmResetStateObj | |
| } | |
| $dsrmResetStateList | Format-Table * -Wrap -Autosize | |
| } | |
| If ($scriptMode -eq "ADPoSH") { | |
| $adDomain = Get-ADdomain -Current LocalComputer | |
| $adDomainDN = $adDomain.DistinguishedName | |
| $rwdcPDCFSMOFQDN = $adDomain.PDCEmulator | |
| $dsrmResetStateList = Get-ADComputer -SearchBase "OU=Domain Controllers,$adDomainDN" -LDAPFilter "(|(primaryGroupID=516)(primaryGroupID=521))" -Properties info,"msDS-isRODC" -Server $rwdcPDCFSMOFQDN | |
| $dsrmResetStateList | Select DistinguishedName,SamAccountName,@{Label = "DC Type";Expression = {If ($_."msDS-isRODC" -eq $true) {"RODC"} ElseIf($_."msDS-isRODC" -eq $false) {"RWDC"} Else {"UNKNOWN"}}},@{Label = "DSRM Reset State";Expression = {$_.info}} | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment