Cyber Security

PowerShell: Alert me, if a Domain-Controller is down

There is more than enough monitoring software around. Most of them are really helpful and superbly done. For those who don’t have such software at hand, there are only 2 options: to do without it or to create create a script by themselves. If you want to implement monitoring by using ICMP Echo to check for example your Domain Controllers then this article is for you.

The Goal

The goal is to notify the administrator if the ping to one or more Domain Controllers failed. This notification could be done by e-mail, with an entry in the event log or anything else. In this article the administrator will be notified by E-Mail. More specifically, with this:


The Script

For the fast ones among us the full script right at the beginning. We will break down to the details later.

$dcs=(Get-ADDomainController -Filter *).Name
foreach ($item in $dcs) {
 Test-Connection $item -Count 1 -ErrorAction Stop | Out-Null
 $Site=(Get-ADDomainController $item).Site
 $IP= (Get-ADDomainController $item).IPv4Address
 $date=Get-Date -Format F
 Send-MailMessage -From -To -SmtpServer EX01 -Subject "Site: $Site | $item is down" -Body "$IP could not be reached at $date.`n`nIf you receive this message again in 15 minutes, $item is probably down."

The first thing is to retrieve all Domain Controller computernames. Then the Try – Catch statement performs a ping to all DCs with a count of 1 without any output. (which means one ping per dc). Then all potentially faulty DCs are catched and their Site Name and IP Address will be saved. I will spare myself the explanation of $date ;-). After all the administrator is notified by E-Mail with detailed information about the faulty DC.

Note, that your Mailserver must be configured to allow E-Mails from the computer you are running the script.

Make sure that the computer that runs the script has the Remote Server Administration Tools (RSAT) installed. You are gonna need it for the Get-ADDomainController command. Here the command to install it:

Install-WindowsFeature RSAT-ADDS

Create a Scheduled Task that runs every 15 min

Our next task is to implement the script in a Scheduled Task that runs for example every 15 minutes. So, each Domain Controller will be checked in a timespan of 15 min.

Open Windows PowerShell or PowerShell ISE. Run the following Code to create the Scheduled Task (You have to change the script name and location, the name of the Scheduled Task, the timespan and the user account):

$Action=New-ScheduledTaskAction -Execute "powershell -Argument –Noprofile -WindowStyle Hidden -ExecutionPolicy Bypass -File C:\Temp\script.ps1"
$Trigger=New-ScheduledTaskTrigger -Once -At (Get-Date) -RepetitionInterval (New-TimeSpan -Minutes 15)
$Principal=New-ScheduledTaskPrincipal -UserId sid-500\administrator
$Task=New-ScheduledTask -Action $Action -Trigger $Trigger -Settings $Set -Principal $Principal
Register-ScheduledTask -TaskName "Test DCs" -InputObject $Task -Force

Open taskschd.msc and check your settings. Do a test run. The Last Run Result should be 0x0.



Recommended Procedure

For testing I would recommend to disable ICMP Echo on one of the DC’s instead of shutting down the computer  😉



Then wait 15 minutes or run the task immediately.

If you do not receive an E-Mail I would recommend to modify the script and replace the Send-MailMessage Command to exclude that the problem is on then mail server.

You can simply replace Send-Mailmessage for example with Set-Content to store the error in a file.

It could look like this:

Set-Content C:\Temp\Log\log1.txt -Value "$item is down"

Happy monitoring!

3 replies »

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.