PowerShell Scripts

PowerShell Scripts for Dynamic Packs

How to Check Manual Connection Objects in Active Directory

A Manual connection object is indeed a problem in an Active Directory environment. While Microsoft has provided an option to create manual connection objects to allow specific domain controllers to replicate changes from/to specific domain controllers running in local or remote sites, but that doesn't necessarily mean that you should create manual connection objects. It hurts KCC algorithm for sure. We have been doing AD Health Check for several years and found that we should be creating a Dynamic Pack that checks the manual connection objects in an Active Directory environment and report this is as High issue in the Health Profile report.

Item Value Remark
Dynamic Pack AD Manual Replication Connection Objects Test You can use AD Manual Replication Connection Objects Test Dynamic Pack in AD Health Profiler and execute it against multiple Active Directory Forests.
Dynamic Pack Category AD Forest Health Checks This Dynamic Pack is part of AD Forest Health Checks category.
Target An Active Directory Forest You must create a Health Profiler and select Microsoft Active Directory as the Target and a valid registered Active Directory forest.
Severity Reported High AD Health Profiler, if it finds any manual connection objects, reports test as a High severity and provides you a list of manual connection objects that have been created.

Go to Script

How to check Recent Patching Status for Domain Controllers in Active Directory

It is important to note that every domain controller in an Active Directory environment must be patched to avoid any security risks. When we did health check of a customer we found that many domain controllers were not patched since last 45 days. Using "Domain Controller Recent Updates Test" Dynamic Pack, you can check if all domain controllers were patched recently.

Item Value Remark
Dynamic Pack Domain Controller Recent Updates Test You can use Domain Controller Recent Updates Test to check patching status of each domain controller.
Dynamic Pack Category AD Domain Controller Health Checks There are 20 Dynamic Packs available in AD Domain Controller Health Checks category.
Target An Active Directory Forest You must create a Health Profiler and select Microsoft Active Directory as the Target and a valid registered Active Directory forest.
Severity Reported High AD Health Profiler, if it finds any domain controller that has not been patched since last 45 days, reports test as a High severity and provides you a list of domain controllers that have not been patched.

Go to Script

Next Dynamic Pack to explain here

In case you need to know more about DynamicPacks Technologies and have further questions on AD Health Profiler, please send us an email at

Info@ITDynamicPacks.Net

It's only fair to share...Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInShare on Reddit