Validating Global Catalog Lookup Functionality

I had a co-worker suggest to my boss today that a problem we were having could be due to issues looking up accounts in the Global Catalog.  I’ve had some replication issues related to some lingering objects lately, so I supposed we could be seeing some fallout from that, but I really had no reason to believe that the GC was not responding.  This made me realize that I could use a quick way to prove it out, so I came up with this script to test all my GC nodes:


# Accepts parameter for username

# Create a collection with all my wrieteable Domain Controllers
# I use the PS2.0 AD Module here.
$DomainControllers  = $($(get-addomain sweeneyops.lab).ReplicaDirectoryServers) +
    $($(get-addomain dom1.sweeneyops.lab).ReplicaDirectoryServers) +
    $($(get-addomain dom2.sweeneyops.lab).ReplicaDirectoryServers) +
    $($(get-addomain dom3.sweeneyops.lab).ReplicaDirectoryServers)

# Make a GC Query to each domain in the collection
# I switched to ADSI here because I have not had luck with the AD Module
# in accessing port 3268. If I figure out what I’m doing wrong then I’ll update the script. 
$DomainControllers | %{

    $root = [ADSI]"GC://$_"
    $search = new-Object System.DirectoryServices.DirectorySearcher($root,"(cn=$struser)")
    $result = $search.FindOne()

    if ($result -ne $null)
        $user = $result.GetDirectoryEntry()
        Write-Host "$_ : Success : $($user.distinguishedName)" -foreground green
        Write-Host "$_ : Failed : $struser"  -foreground red

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: