Pre-Demotion Health Check Script

Bas

Voordat je een oude domain controller wil demoten, wil je graag op op safe spelen. Dit script draai je op je nieuwe domain controller waarbij je controleert dat deze alle rollen heeft en alles succesvol gesynchroniseerd heeft.

<# 
    Pre-Demotion Health Check Script
    Run on: your NEW DC)
    Purpose: Verify readiness before demoting your OLD DC)
#>

$OldDC = "DC01"
$NewDC = $env:COMPUTERNAME
Write-Host "==== PRE-DEMOTION CHECK for $OldDC ====" -ForegroundColor Cyan

### 1️⃣ FSMO Role Ownership
Write-Host "`n[1/4] Checking FSMO Roles..." -ForegroundColor Yellow
$FSMO = (netdom query fsmo) -join "`n"
if ($FSMO -match $NewDC) { 
    Write-Host "✅ FSMO roles are owned by $NewDC" -ForegroundColor Green 
} else { 
    Write-Host "❌ FSMO roles are NOT all on $NewDC — fix before demotion!" -ForegroundColor Red
    $FSMO
}

### 2️⃣ AD Replication Health
Write-Host "`n[2/4] Checking AD Replication Health..." -ForegroundColor Yellow
$Repl = (repadmin /replsummary)
if ($Repl -match "0\s*/\s*\d+\s*0") {
    Write-Host "✅ AD replication is healthy (no failures)" -ForegroundColor Green
} else {
    Write-Host "❌ Replication issues detected!" -ForegroundColor Red
    $Repl
}

### 3️⃣ DFSR SYSVOL Replication
Write-Host "`n[3/4] Checking DFSR (SYSVOL) replication..." -ForegroundColor Yellow
$Poll = (dfsrdiag pollad 2>$null)
$Backlog = (dfsrdiag backlog /rgname:"Domain System Volume" /rfname:"SYSVOL Share" /smem:$NewDC /rmem:$OldDC)
if ($Backlog -match "No Backlog") {
    Write-Host "✅ SYSVOL replication in sync between $NewDC and $OldDC" -ForegroundColor Green
} else {
    Write-Host "❌ SYSVOL replication backlog detected!" -ForegroundColor Red
    $Backlog
}

### 4️⃣ DNS Diagnostic
Write-Host "`n[4/4] Checking DNS..." -ForegroundColor Yellow
$DnsTest = (dcdiag /test:dns)
if ($DnsTest -notmatch "fail|error") {
    Write-Host "✅ DNS tests passed" -ForegroundColor Green
} else {
    Write-Host "⚠️ DNS warnings or errors found — review output below" -ForegroundColor Yellow
    $DnsTest | Select-String "fail|error" -Context 2
}

Write-Host "`n==== CHECK COMPLETE ====" -ForegroundColor Cyan
Write-Host "If all items show ✅, it is safe to demote $OldDC." -ForegroundColor White