PowerShell Health-Check Pack for Active Directory, DNS, DHCP, and Certificate Expiration
Create a PowerShell health-check pack for Active Directory, DNS, DHCP, and certificate checks in a small Windows network.
Expected Outcome
A working PowerShell script that can be scheduled to run regularly, providing alerts for any issues with Active Directory, DNS, DHCP, and certificate expiration.
Assumptions
- Basic knowledge of PowerShell scripting
- Access to a Windows Server with Active Directory, DNS, and DHCP roles installed
- Administrative privileges on the server
Bill of Materials
- Windows Server with PowerShell
- Active Directory module for Windows PowerShell
- DNS and DHCP management tools
- SSL certificate management tools
Build Steps
- Set Up PowerShell Environment
Ensure that the required modules for Active Directory, DNS, and DHCP are installed and available in PowerShell.
Example pattern only. Adjust for your environment before running.
Import-Module ActiveDirectory Import-Module DnsServer Import-Module DhcpServer
- Create Active Directory Health Check
Write a PowerShell function to check the health of Active Directory. Manual action: $adHealth = Get-ADDomainController -Filter * | Select-Object Name, Status.
Example pattern only. Adjust for your environment before running.
If ($adHealth.Status -ne 'Up') { Write-Output 'AD Health Check Failed' } - Create DNS Health Check
Write a PowerShell function to verify DNS server responsiveness and record integrity. Manual action: $dnsServers = Get-DnsServer | Select-Object Name.
Example pattern only. Adjust for your environment before running.
ForEach ($server in $dnsServers) { Test-Connection -ComputerName $server.Name -Count 2 } - Create DHCP Health Check
Write a PowerShell function to check the status of DHCP servers and address pools. Manual action: $dhcpScopes = Get-DhcpServerv4Scope | Select-Object ScopeId, State.
Example pattern only. Adjust for your environment before running.
If ($dhcpScopes.State -ne 'Active') { Write-Output 'DHCP Health Check Failed' } - Check Certificate Expiration
Write a PowerShell function to check for SSL certificate expiration dates.
Safe to run: read-only
$certs = Get-ChildItem Cert:\LocalMachine\My | Where-Object { $_.NotAfter -lt (Get-Date).AddDays(30) } If ($certs) { Write-Output 'Certificates nearing expiration:'; $certs } - Combine Health Checks into a Script
Combine all the individual health check functions into a single PowerShell script.
Example pattern only. Adjust for your environment before running.
Function Check-Health { # Call all health check functions here Check-ADHealth Check-DNSHealth Check-DHCPHealth Check-CertificateExpiration } Check-Health - Schedule the Script
Use Task Scheduler to run the health check script at regular intervals.
Changes system state: review before running
schtasks /create /tn 'AD_DNS_DHCP_HealthCheck' /tr 'powershell.exe -File C:\Path\To\YourScript.ps1' /sc daily /st 09:00
Validation
- Run the PowerShell script manually to ensure it returns the expected results.
- Check the Task Scheduler history to confirm that the script runs as scheduled.
Troubleshooting
- Check service logs before changing the design.
- Confirm ports, paths, credentials, DNS names, and container names match the guide assumptions.
Cleanup or Rollback
- Stop test services you no longer need and keep a copy of working configuration before deleting volumes or data directories.
Next Improvements
- Set up email notifications for health check failures.
- Integrate with monitoring tools for centralized logging.
- Expand the script to include additional services as needed.