Question Gestion du rehost de partition Active Directory

Plus d'informations
il y a 6 ans 10 mois #15740 par nicoh
J'ai créé ce script pour gérer le unhost/rehost d'une partition AD dans toute un forêt. Les détails sont ici http://powershell.nicoh.me/project/rehost-an-active-directory-partition-on-one-or-more-global-catalog-servers .

Voila le script :
[code:1]# VARIABLES
$seq_file=$args[0]
$global:«»scriptpath=$pwd.path.ToString() + \"\\"
$global:file_content = gc $seq_file

#############
# FUNCTIONS #
#############

# ENABLE THE GLOBAL CATALOG
function enable_gc([string]$servername) {
$gcrehostlog=$scriptpath + $servername + \".log\"

Add-Content $gcrehostlog -Value \"[$((Get-Date).DateTime)] : Global catalog rehosting task on the server $servername [MANUAL CHECK OK]\" -Encoding Unicode
start-Sleep -Seconds 1

Add-Content $gcrehostlog -Value \"`n//////////////////////////`n/ Enable Global Catalog /`n//////////////////////////`n\" -Encoding Unicode
Start-Sleep -Seconds 1

Add-Content $gcrehostlog -Value \"[$((Get-Date).DateTime)] : Enabling the Global Catalog on $servername...\" -Encoding Unicode

# CONNECT TO THE SERVER REMOTE REGISTRY
try{
$reg=[Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey('LocalMachine', $servername)
Add-Content $gcrehostlog -Value \"[$((Get-Date).DateTime)] : Connect to the $servername remote registry [SUCCESS]\" -Encoding Unicode
Start-Sleep -Seconds 1
}
catch{
Add-Content $gcrehostlog -Value \"[$((Get-Date).DateTime)] : Connect to the $servername remote registry [ERROR]`n---- EXIT
`n\" -Encoding Unicode
continue
}

# DELETE THE REGISTRY KEY
$regparentkey=$reg.Opensubkey(\"SOFTWARE\\Policies\\Microsoft\",$true)
$regparentkey.deletesubkeytree(\"Netlogon\"«»)

# TEST IF THE NEW PARAM KEY HAS BEEN DELETED SUCCESSFULLY
$ref_param=$reg.Opensubkey(\"SOFTWARE\\Policies\\Microsoft\\Netlogon\\Parameters\",$true)
if (!$ref_param) {
Add-Content $gcrehostlog -Value \"[$((Get-Date).DateTime)] : Remove the registry key HKLM\SOFTWARE\Policies\Microsoft\Netlogon and the subkeys on $servername [SUCCESS]\" -Encoding Unicode
Start-Sleep -Seconds 1
}
else {
Add-Content $gcrehostlog -Value \"[$((Get-Date).DateTime)] : Remove the registry key HKLM\SOFTWARE\Policies\Microsoft\Netlogon and the subkeys on $servername [ERROR]`n---- EXIT
`n\" -Encoding Unicode
continue
}
Start-Sleep -Seconds 1
Add-Content $gcrehostlog -Value \"[$((Get-Date).DateTime)] :
END OF THE SCRIPT
`n\" -Encoding Unicode
}

# RESTART REHOST FUNCTION
function restart_rehost_task($file_content) {
$servername = \"\"
$job_list = get-job -State Completed
if ($job_list){
foreach ($job in $job_list){
$servername = $job.name
$gcrehostlog = $scriptpath + $servername + \".log\"
Get-Job -Name $servername | Receive-Job
Get-Job -Name $servername | Remove-Job
Write-Host \"`n --> Do you want to restart the Global catalog rehosting on $servername ? `n`n`tPress r to restart `n`n`tor `n`n`tany other key to cancel\"
$continue = Read-Host
If ($continue -eq \"r\"«»){
$fc_tmp = $file_content | select-string $servername
$servername_valid_source = $fc_tmp.tostring().split(\";\"«»)[1]
$partition = $fc_tmp.tostring().split(\";\"«»)[2]

# RESTART THE REHOST
Add-Content $gcrehostlog -Value \"[$((Get-Date).DateTime)] : Restarting the GC rehost operation of the partition $partition on the server $servername using the valid source $servername_valid_source...\" -Encoding Unicode
Start-Sleep -Seconds 1
$RESTART_SCRIPT_BLOCK = {
$servername=$args[0]
$servername_valid_source=$args[1]
$partition=$args[2]
$gcrehostlog=$args[3]
$repadmin_rehost_output = @(repadmin /rehost $servername \"$partition\" $servername_valid_source)
$repadmin_rehost_output | Out-File -FilePath $gcrehostlog -Append -Encoding Unicode
}
Start-Job -name $servername -ScriptBlock $RESTART_SCRIPT_BLOCK -ArgumentList $servername,$servername_valid_source,$partition,$gcrehostlog
}
Else {
enable_gc($servername)
}
}
Write-Host \"`n\"
}
}

#####################
#PREREQUESITE CHECKS#
#####################
foreach ($line in $file_content){
$servername = ($line).split(\";\"«»)[0]
$servername_valid_source = ($line).split(\";\"«»)[1]
$partition = ($line).split(\";\"«»)[2]
$temp=\"\"
$script_path = $scriptpath

$SCRIPT_BLOCK = {
$servername=$args[0]
$servername_valid_source=$args[1]
$partition=$args[2]
$temp=$args[3]
$script_path=$args[4]
$gcrehostlog=$script_path + $servername + \".log\"

Add-Content $gcrehostlog -Value \"*********************\" -Encoding Unicode
Add-Content $gcrehostlog -Value \"[$((Get-Date).DateTime)] : Starting the Active Directory Global Catalog Rehosting script\" -Encoding Unicode
Add-Content $gcrehostlog -Value \"//////////////////////`n/ Prerequesite tests /`n//////////////////////`n\" -Encoding Unicode
Start-Sleep -Seconds 1

# PING FUNCTION
function pingtest([string]$MachineName){
$PingStatus = Gwmi Win32_PingStatus -Filter \"Address = '$MachineName'\" | Select-Object StatusCode
If ($PingStatus.StatusCode -eq 0){
Start-Sleep -Seconds 1
Add-Content $gcrehostlog -Value \"[$((Get-Date).DateTime)] : Test network connectivity (ping) > $MachineName [SUCCESS]\" -Encoding Unicode
}
Else {
Start-Sleep -Seconds 1
Add-Content $gcrehostlog -Value \"[$((Get-Date).DateTime)] : Test network connectivity (ping) > $MachineName [ERROR]`n---- EXIT
`n\" -Encoding Unicode
exit
}
}

# TEST PING
pingtest($servername_valid_source)
pingtest($servername)

# TEST REMOTE REGISTRY
try{
$reg=[Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey('LocalMachine', $servername)
Start-Sleep -Seconds 1
Add-Content $gcrehostlog -Value \"[$((Get-Date).DateTime)] : Test remote registry > $servername [SUCCESS]\" -Encoding Unicode
}
catch{
Start-Sleep -Seconds 1
Add-Content $gcrehostlog -Value \"[$((Get-Date).DateTime)] : Test remote registry > $servername [ERROR]`n---- EXIT
`n\" -Encoding Unicode
exit
}

# TEST REMOTE EVENT LOG
try{
$temp = get-eventlog -ComputerName $servername -LogName 'Directory Service' -newest 1 -ErrorAction Stop
Start-Sleep -Seconds 1
Add-Content $gcrehostlog -Value \"[$((Get-Date).DateTime)] : Test remote eventlog (get the last event) > $servername [SUCCESS]\" -Encoding Unicode
}
catch{
Start-Sleep -Seconds 1
Add-Content $gcrehostlog -Value \"[$((Get-Date).DateTime)] : Test remote eventlog (get the last event) > $servername [ERROR]`n---- EXIT
`n\" -Encoding Unicode
exit
}

Start-Sleep -Seconds 1
Add-Content $gcrehostlog -Value \"[$((Get-Date).DateTime)] : Test result [SUCCESS]\" -Encoding Unicode

############################
#DISABLE THE GLOBAL CATALOG#
############################
Add-Content $gcrehostlog -Value \"`n//////////////////////////`n/ Disable Global Catalog /`n//////////////////////////`n\" -Encoding Unicode
Add-Content $gcrehostlog -Value \"[$((Get-Date).DateTime)] : Disabling the Global Catalog on $servername\" -Encoding Unicode
Start-Sleep -Seconds 1
try{
$reg=[Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey('LocalMachine', $servername)
Start-Sleep -Seconds 1
Add-Content $gcrehostlog -Value \"[$((Get-Date).DateTime)] : Connect to the $servername remote registry [SUCCESS]\" -Encoding Unicode
}
catch{
Start-Sleep -Seconds 1
Add-Content $gcrehostlog -Value \"[$((Get-Date).DateTime)] : Connect to the $servername remote registry [ERROR]`n---- EXIT
`n\" -Encoding Unicode
exit
}
$ref=$reg.Opensubkey(\"SOFTWARE\\Policies\\Microsoft\\Netlogon\\Parameters\",$true)
if (!$ref) {
Add-Content $gcrehostlog -Value \"[$((Get-Date).DateTime)] : [WARNING] The registry key HKLM\SOFTWARE\Policies\Microsoft\Netlogon\Parameters does not exist on $servername\" -Encoding Unicode
Add-Content $gcrehostlog -Value \"[$((Get-Date).DateTime)] : [WARNING] Creating the registry key HKLM\SOFTWARE\Policies\Microsoft\Netlogon\Parameters on $servername...\" -Encoding Unicode
$regparentkey=$reg.Opensubkey(\"SOFTWARE\\Policies\\Microsoft\\Netlogon\",$true)
$temp=$regparentkey.createSubKey(\"Parameters\"«»)

# TEST IF THE NEW PARAM KEY HAS BEEN CREATED SUCCESSFULLY
$ref_param=$reg.Opensubkey(\"SOFTWARE\\Policies\\Microsoft\\Netlogon\\Parameters\",$true)
if (!$ref_param) {
Start-Sleep -Seconds 1
Add-Content $gcrehostlog -Value \"[$((Get-Date).DateTime)] : Create the registry key HKLM\SOFTWARE\Policies\Microsoft\Netlogon\Parameters on $servername [ERROR]`n---- EXIT
`n\" -Encoding Unicode
exit
}
else {
Start-Sleep -Seconds 1
Add-Content $gcrehostlog -Value \"[$((Get-Date).DateTime)] : Create the registry key HKLM\SOFTWARE\Policies\Microsoft\Netlogon\Parameters on $servername [SUCCESS]\" -Encoding Unicode
}
}
Add-Content $gcrehostlog -Value \"[$((Get-Date).DateTime)] : Creating the registry value DnsAvoidRegisterRecords on $servername...\" -Encoding Unicode
$regchildkey=$reg.Opensubkey(\"SOFTWARE\\Policies\\Microsoft\\Netlogon\\Parameters\",$true)
$regchildKey.SetValue(\"DnsAvoidRegisterRecords\",\"Gc GcAtSite GcIpAddress GenericGc GenericGcAStSite\",[Microsoft.Win32.RegistryValueKind]::«»String)

# TEST IF THE NEW REGISTRY VALUE HAS BEEN CREATED SUCCESSFULLY
$ref_value=$reg.Opensubkey(\"SOFTWARE\\Policies\\Microsoft\\Netlogon\\Parameters\",$true)
$reg_ref_value = $ref_value.GetValue(\"DnsAvoidRegisterRecords\"«»)
if (!$reg_ref_value) {
Start-Sleep -Seconds 1
Add-Content $gcrehostlog -Value \"[$((Get-Date).DateTime)] : Create the registry value HKLM\SOFTWARE\Policies\Microsoft\Netlogon\Parameters\DnsAvoidRegisterRecords on $servername [ERROR]`n---- EXIT
`n\" -Encoding Unicode
exit
}
else {
Start-Sleep -Seconds 1
Add-Content $gcrehostlog -Value \"[$((Get-Date).DateTime)] : Create the registry value HKLM\SOFTWARE\Policies\Microsoft\Netlogon\Parameters\DnsAvoidRegisterRecords on $servername [SUCCESS]\" -Encoding Unicode
}

##################
#WAIT REPLICATION#
##################
Add-Content $gcrehostlog -Value \"`n[$((Get-Date).DateTime)] : Waiting for replication...\" -Encoding Unicode
Start-Sleep -Seconds 1800
Add-Content $gcrehostlog -Value \"[$((Get-Date).DateTime)] : End of replication timeout\" -Encoding Unicode
Start-Sleep -Seconds 1

###########################
#UNHOST/QUERY EVENT/REHOST#
###########################
Add-Content $gcrehostlog -Value \"//////////////////////////////`n/ Unhost/Rehost AD partition /`n//////////////////////////////`n\" -Encoding Unicode
Add-Content $gcrehostlog -Value \"[$((Get-Date).DateTime)] : Unhosting the partition $partition on the server $servername...\" -Encoding Unicode
Start-Sleep -Seconds 1

# UNHOST GC
$repadmin_unhost_output = @(repadmin /unhost $servername \"$partition\"«»)
$repadmin_unhost_output | Out-File -FilePath $gcrehostlog -Append -Encoding Unicode

$eventfound = \"false\"
$inc=1
while($eventfound -eq \"false\"«»){
try{
# UNHOST EVENT CHECK (EVENT 1660 / INSTANCEID 1073743484)
$temp = get-eventlog -ComputerName $servername -LogName 'Directory Service' -InstanceId 1073743484 -newest 1 -ErrorAction Stop -after (get-date).addminutes(-120)
$eventfound = \"true\"
Add-Content $gcrehostlog -Value \"[$((Get-Date).DateTime)] : GC unhosting check on $servername (event 1660) [SUCCESS]\" -Encoding Unicode
Start-Sleep -Seconds 1

# REHOST GC
Add-Content $gcrehostlog -Value \"[$((Get-Date).DateTime)] : Rehosting the partition $partition on the server $servername using the valid source $servername_valid_source...\" -Encoding Unicode
Start-Sleep -Seconds 1
$repadmin_rehost_output = @(repadmin /rehost $servername \"$partition\" $servername_valid_source)
$repadmin_rehost_output | Out-File -FilePath $gcrehostlog -Append -Encoding Unicode
}
catch{
# WAIT WHILE EVENT 1660 NOT REGISTERED
$string = $error[0].Exception.message.Tostring()
if (($string -eq \"No matches found\"«») -and ($inc -le 6)){
Add-Content $gcrehostlog -Value \"[$((Get-Date).DateTime)] : GC unhosting check on $servername (event 1660). Next retry in 10 seconds... [WARNING]\" -Encoding Unicode
Start-Sleep -Seconds 10
$inc++
}
else {
Add-Content $gcrehostlog -Value \"[$((Get-Date).DateTime)] : Cannot find event 1660. GC unhosting process fails on $servername [ERROR]`n---- EXIT
`n\" -Encoding Unicode
exit
}
}
}
Write-Host \"`n
`n\"
}
Start-Job -name $servername -ScriptBlock $SCRIPT_BLOCK -ArgumentList $servername,$servername_valid_source,$partition,$temp,$script_path
}

# WAIT FOR IT ALL TO COMPLETE
While (Get-Job -State \"Running\"«»)
{
Write-Host \".\" -NoNewline
Start-Sleep -Seconds 5
if (Get-Job -State Completed) {
restart_rehost_task($file_content)
}
}

restart_rehost_task($file_content)

Write-Host \"`n\"

# GETTING THE INFORMATION BACK FROM THE JOBS
Get-Job | Receive-Job
Get-Job | Remove-Job[/code:1]

My Powershell IT Script Library http://powershell.nicoh.me

Connexion ou Créer un compte pour participer à la conversation.

Temps de génération de la page : 0.189 secondes
Propulsé par Kunena