‘Sup PSHomies,
Last blog I demonstrated how to create a HTML report from the Active Directory configuration snapshot. Here’s yet another way to get more use out of the Active Directory configuration snapshot.
I started out with the intention of reporting, then it hit me, why not use the snapshot for Operation readiness? Let’s dive in, I’ll explain as we go along…
Before we get started, you’ll need to have your Active Directory specification at hand. Modify $ADConfiguration according to your specifications.
#region Active Directory configuration as you expect it to be. Modify to reflect your Active Directory
$ADConfiguration = @{
Forest = @{
FQDN = 'pshirwin.local'
ForestMode = 'Windows2012R2Forest'
GlobalCatalogs = @(
'DC-DSC-01.pshirwin.local'
)
SchemaMaster = 'DC-DSC-01.pshirwin.local'
DomainNamingMaster = 'DC-DSC-01.pshirwin.local'
}
Domain = @{
NetBIOSName = 'PSHIRWIN'
DomainMode = 'Windows2012R2Domain'
RIDMaster = 'DC-DSC-01.pshirwin.local'
PDCEmulator = 'DC-DSC-01.pshirwin.local'
InfrastructureMaster = 'DC-DSC-01.pshirwin.local'
DistinguishedName = 'DC=pshirwin,DC=local'
DNSRoot = 'pshirwin.local'
DomainControllers = @(
'DC-DSC-01'
)
}
PasswordPolicy = @{
PasswordHistoryCount = 24
LockoutThreshold = 0
LockoutDuration = '00:30:00'
LockoutObservationWindow = '00:30:00'
MaxPasswordAge = '42.00:00:00'
MinPasswordAge = '1.00:00:00'
MinPasswordLength = 8
ComplexityEnabled = $true
}
Sites = @('Default-First-Site-Name')
SiteLinks = @(
@{
Name = 'DEFAULTIPSITELINK'
Cost = 100
ReplicationFrequencyInMinutes = 180
}
)
SubNets = @()
}
#endregion
Quick sidestep, we’re in the middle of implementing a new Infrastructure for a customer. Some post configuration had to be done, FSMO roles rearranged, Global catalogs etc. etc., you know the drill. I got my hand on the Active Directory specifications and filled it in. I did a AD configuration snapshot and was now ready to compare. My colleagues were in the middle of post configuring Active Directory. I noticed that the FSMO roles weren’t as expected. I was missing a Domain Controller and some Sites, subnets and sitelinks. I did a AD snapshot the next day, ran my operation readiness test and surprise, everything was as expected! It wasn’t my intention to supervise my colleagues, but I could give them the good news that the Active Directory is configured as specified.
To give you an idea of what to expect, I did the operation readiness test on my lab. Here’s the script:
And here’s the result:

My testlab is quite simple.
Validating operation readiness will definitely help you keep things in check! No second guessing: “Did I configure server x as a Global catalog? With the AD Configuration snapshot you can be certain how you left things! “I know for a fact I configured the server as a Global catalog last week.” Compare your past snapshot to what you’re expecting. Create a new snaphot and compare again. If it’s different… Well… Sometimes colleagues forget to communicate changes that have been made… At least you don’t have to second guess yourself 😉 As an OPS guys Operation readiness has my vote!
Hope it’s worth something to you
Ttyl,
Urv

Hey Irwin – thanks for the great post. One of my listeners over on RunAs Radio mentioned (show 469) it as a clever example of Configuration-as-Code and I agree! I read his comment on episode 472 and I’ll include a link in the show notes. Thanks!
LikeLiked by 1 person
Wow!!! I’m honored!
LikeLike
Pingback: Some Pester Tests for SQL Defaults – SQL DBA with A Beard
Pingback: Continuously Testing your Infrastructure with OVF and Microsoft Operations Management Suite | PowerShell, Programming and DevOps
Pingback: Active Directory Operational Testing « The Surly Admin
Pingback: AD Operation Validation class | pshirwin
Pingback: Episode 319 - PowerScripting Podcast - MVPs Don Jones and Adam Bertram on Pester
Pingback: Episode 319 - PowerScripting Podcast - MVPs Don Jones and Adam Bertram on Pester | PowerShell.org