Now that you know the Get-WinADDFSHealth command, I wanted to remind you that this command is used as part of Testimo. If you never heard of Testimo, it's worth to read “What do we say to health checking Active Directory?” blog post. It's not up to date with all the features it currently has, but it should give you an idea of what it is about. In short, with just a single command, it's able to provide a health check of your entire Active Directory. It works on defaults that I've defined, but everyone can modify settings in configuration files to match their environment needs. Testimo is heavy work in progress, and I keep on adding more tests and enhancements.
Why mentioning it now? When you install Testimo, you get a single command called Invoke-Testimo. You can run it without any parameters, which will trigger a full scan and provide you a “quick” overview of potential problems. The word quick is not a good description because if your Forest\Domain has multiple DCs, this is going to take a while. However, Testimo also provides an easy way to pick the tests you want.
As you can see above, there are a lot of defined tests you can use. To execute Get-WinADDFSHealth, but through Invoke-Testimo, you can use the following command:
As you can see, Testimo did a health assessment of your DFS using internally Get-WinADDFSHealth command. You can also use the same command with ShowReport switch, which triggers an HTML summary for DCFS, but also providing details that you can verify.
As you can see, Testimo did a health assessment of your DFS using internally Get-WinADDFSHealth command. You can also use the same command with ShowReport switch, which triggers an HTML summary for DCFS, but also providing details that you can verify. Each report has a diagram, exact code that was used to generate it the results which you can use separately, output table with details from that command and finally results of assessment.
Of course, that's just one test executed on six Domain Controllers. Testimo can be performed without parameters doing 30+ tests in one go, or you can handpick multiple ones that are of interest to you. Do you remember the last articles?
Both of those blog posts covered commands from ADEssentials and Testimo uses them internally to make sure AD is healthy without much effort on the operations. You can schedule it or do adhoc tests. Up to you.
Invoke-Testimo -Sources DCDFS,DCLDAP,DCLDAPInsecureBindings,DomainGroupPolicyMissingPermissions
Whether it's just one source or multiple sources ShowReport switch can be used as well
Invoke-Testimo -Sources DCDFS,DCLDAP,DCLDAPInsecureBindings,DomainGroupPolicyMissingPermissions -ShowReport
Testimo is one of my favorite PowerShell modules that I frequently use for quick or not so quick assessment of Active Directory. I don't have to remember all the commands for testing LDAP, finding whether DFS is functioning correctly or checking if Active Directory replication is working as expected.
