QMM Quest Migration Manager for AD – Checking Directory Synchronization DSA
I was looking for a possibility to check and supervise the synchronization of user-objects with Quest Migration Manager for Active Directory.
In addition, I was missing a good overview to answer the question:
Were new user-accounts created in the target-domain?
Both problems could be solved with a little Powershell script.
Index
QMM Powershell Commandlets – ActiveRoles Management Shell
For support, I installed the freely accessible Powershell Commandlets by Quest: ActiveRoles Management Shell for Active Directory. These provide you with a really good and easy possibility to work with Active Directory. You can download them from the following website: http://www.quest.com/powershell/activeroles-server.aspx
The script step by step with comments
About the script: I followed through with my idea by counting all user objects of the source- and target-domain which were created on a certain day. Naturally, the amount should be the same. To count those user objects you could use the attribute [whenCreated]. It contains the [Creation Date] of the object and is saved in the notation [YYYYMMDDHHMMSS.OZ]. Firstly, I had to convert the date into this notation:
|
1 2 3 4 5 6 |
$today = get-date -format u $date = $today.split(" ")[0] $year= $date.split("-")[0] $month= $date.split("-")[1] $day= $date.split("-")[2] $ldapdate=$year + $month + $day + "000000.0Z" |
Example: $ldapdate=”20110927000000.0Z” With the Quest Commandlet [connect-qadservice] a connection to the Active Directory Domain can be created.
|
1 |
connect-qadservice -service SourceDomain.com |
Into the Quest Commandlet [get-QadUser] user accounts can be read with the help of a [-ldapfilter].
|
1 |
$SRC=get-qaduser -sl 0 -ldapfilter "(whenCreated>=$ldapdate)" |
All user accounts created at daytime [$ldapdate] in the source domain, are listed in the variable $SRC. Do the same with the target domain:
|
1 2 |
connect-qadservice -service TargetDomain.com $TGT=get-qaduser -sl 0 -ldapfilter "(whenCreated>=$ldapdate)" |
You can get the counted amount of objects with the operation [.count].
|
1 2 |
“User accounts in source domain: “ + $SRC.count “User accounts in target domain: “ + $TGT.count |
Powershell: QMM – Directory Synchronization DSA
The complete script:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 |
add-PSSnapin "Quest.ActiveRoles.ADManagement" -ErrorAction:SilentlyContinue $today = get-date -format u $date = $today.split(" ")[0] $year= $date.split("-")[0] $month= $date.split("-")[1] $day= $date.split("-")[2] $ldapdate=$year + $month + $day + "000000.0Z" connect-qadservice -service SourceDomain.com $SRC=get-qaduser -sl 0 -ldapfilter "(whenCreated>=$ldapdate)" connect-qadservice -service TargetDomain.com $TGT=get-qaduser -sl 0 -ldapfilter "(whenCreated>=$ldapdate)" “User accounts in source domain: “ + $SRC.count “User accounts in target domain: “ + $TGT.count |
Leave a Reply
<p>Your email is safe with us.<br/>Information about our <a href="https://activedirectoryfaq.com/contact-us/">data protection policies</a></p>