Search Exchange
Search All Sites
Nagios Live Webinars
Let our experts show you how Nagios can help your organization.Login
New ListingsDirectory Tree
Active Directory (AD) Check
Current Version
3.3-20160630
Last Release Date
2016-06-30
Compatible With
- Nagios 3.x
Owner
Hits
200315
Files:
| File | Description |
|---|---|
| Check_AD.vbs | Original Script |
| check_active_directory.vbs | German edition by J.V. |
| check_ad.vbs | Latest version. Merged all changes, fixes and enhancements into this edition |
| check_ad.txt | Daniel Esteves has made some changes |
| check_ad.txt | Phil Randal has made some changes |
| check_ad_french.vbs.txt | French version by Alexandre Rigaud |
| check_ad_french.vbs.txt | Updated version by Alexandre Rigaud |
This is a re-work of a script originally found here: http://felipeferreira.net/?p=315&cpage=1#comments
Only tested with Nagios 3.2.3. It should work on any version which supports reporting back via NRPE etc. Let me know how it works for you and I'll update the listing.
Works on English windows and should / could work on German, French and Spanish (Your milage may vary)
Usage: (with or without //nologo)
cscript Check_AD.vbs //nologo
cscript Check_AD.vbs //nologo /test:advertising
cscript Check_AD.vbs /test:ridmanager,services,fsmocheck
Output examples: (If one or more tests fail, CRITICAL is used as I have no idea which of these should be WARNING vs. CRITICAL. I'm assuming any failure is bad. Very bad)
Sample outputs:
OK - ridmanager: OK. services: OK. fsmocheck: OK.
CRITICAL - ridmanager: OK. services: CRITICAL. fsmocheck: OK.
CRITICAL - services: OK. replications: OK. advertising: OK. fsmocheck: OK. ridmanager: OK. machineaccount: OK. CheckSDRefDom: OK. CheckSecurityError: OK. CheckSDRefDom: OK. CrossRefValidation: OK. CutoffServers: OK. FrsEvent: CRITICAL. DFSREvent: OK. SysVolCheck: OK. LocatorCheck: OK. Intersite: OK. KccEvent: OK. KnowsOfRoleHolders: OK. NetLogons: OK. ObjectsReplicated: OK. OutboundSecureChannels: OK. Topology: OK. VerifyReferences: OK. VerifyReplicas: OK. NCSecDesc: OK.
Use dcdiag.exe /? to find out what checks YOUR version of Windows/dcdiag supports. 5 default checks are hardcoded within the script if no /test parameter is used. I don't claim they all work on all version of windows.
Email me at the address within the script for bug fixes etc. Tested on W2K8 x86 and W2K3 x64 using NSClient++ 0.3.8.75 2010-05-27 and the NRPE module.
Enjoy!
Update: check_active_directory should work on German Windows thanks to the work by Jonathan Vogt.
Update #2: Jonathan Vogt has updated his version to autodetect the Windows language, English or German, and run accordingly.
Update #3: I've merged JV's edition and added support for multipartition checks. I've left the old vbscripts in case of issues.
Update #4: Forgot to turn off verbose logging. Fixed.
Update #5: Daniel Esteves: "Fixed a problem alert for failed status and support for DNS test parameters". Download check_ad.txt file for DE's Version.
Update #6: Phil Randal: Fix multiline parsing. Added connectivity, sysvol, and kccevent tests and "dns /dnsbasic" check on 2008 and later. Tested on Windows 2003, 2008 R2, and 2012 R2 DCs
Update #7: Alexandre Rigaud added support for French OS.
Update #8: Alexandre Rigaud added support for initial Spanish OS ++
Thanks goes to those who provide updates and feedback.
JJ
cscript Check_AD.vbs //nologo
cscript Check_AD.vbs //nologo /test:advertising
cscript Check_AD.vbs /test:ridmanager,services,fsmocheck
Output examples: (If one or more tests fail, CRITICAL is used as I have no idea which of these should be WARNING vs. CRITICAL. I'm assuming any failure is bad. Very bad)
Sample outputs:
OK - ridmanager: OK. services: OK. fsmocheck: OK.
CRITICAL - ridmanager: OK. services: CRITICAL. fsmocheck: OK.
CRITICAL - services: OK. replications: OK. advertising: OK. fsmocheck: OK. ridmanager: OK. machineaccount: OK. CheckSDRefDom: OK. CheckSecurityError: OK. CheckSDRefDom: OK. CrossRefValidation: OK. CutoffServers: OK. FrsEvent: CRITICAL. DFSREvent: OK. SysVolCheck: OK. LocatorCheck: OK. Intersite: OK. KccEvent: OK. KnowsOfRoleHolders: OK. NetLogons: OK. ObjectsReplicated: OK. OutboundSecureChannels: OK. Topology: OK. VerifyReferences: OK. VerifyReplicas: OK. NCSecDesc: OK.
Use dcdiag.exe /? to find out what checks YOUR version of Windows/dcdiag supports. 5 default checks are hardcoded within the script if no /test parameter is used. I don't claim they all work on all version of windows.
Email me at the address within the script for bug fixes etc. Tested on W2K8 x86 and W2K3 x64 using NSClient++ 0.3.8.75 2010-05-27 and the NRPE module.
Enjoy!
Update: check_active_directory should work on German Windows thanks to the work by Jonathan Vogt.
Update #2: Jonathan Vogt has updated his version to autodetect the Windows language, English or German, and run accordingly.
Update #3: I've merged JV's edition and added support for multipartition checks. I've left the old vbscripts in case of issues.
Update #4: Forgot to turn off verbose logging. Fixed.
Update #5: Daniel Esteves: "Fixed a problem alert for failed status and support for DNS test parameters". Download check_ad.txt file for DE's Version.
Update #6: Phil Randal: Fix multiline parsing. Added connectivity, sysvol, and kccevent tests and "dns /dnsbasic" check on 2008 and later. Tested on Windows 2003, 2008 R2, and 2012 R2 DCs
Update #7: Alexandre Rigaud added support for French OS.
Update #8: Alexandre Rigaud added support for initial Spanish OS ++
Thanks goes to those who provide updates and feedback.
JJ
Reviews (24)
I use it to check an AD 2012 forest (W2008R2 and W2012 servers) and it works. But I needed to edit the script in order it works properly: "dcdiag.exe" output is not always on 1 line and the script doesn't handle it correctly.
Ex: dcdiag.exe /test:VerifyEnterpriseReferences
Will have these two lines for test result
......................... SRVXXX-XXX passed test
VerifyEnterpriseReferences
The script will find the "passed" word, but won't be able to associate it with the test name.
I solve it by using dcdiag output file and parse it instead of parsing directly the command output.
Ex: dcdiag.exe /test:VerifyEnterpriseReferences
Will have these two lines for test result
......................... SRVXXX-XXX passed test
VerifyEnterpriseReferences
The script will find the "passed" word, but won't be able to associate it with the test name.
I solve it by using dcdiag output file and parse it instead of parsing directly the command output.
bythamildct, January 21, 2013
This script is working on my server with out any problem and it is gives the output.
Kindly help to configure the service description for this service on Nagios server?
Kindly help to configure the service description for this service on Nagios server?
bypablo.garciaa, December 1, 2011
If you have NSClient++ instead NRPE_NT, follow this instructions:
-Edit NSC.ini at nsclient folder.
-Below the line [NRPE Handlers] add this:
command[check_activedir]=cscript "C:Program FilesNagios
sclientscriptsCheck_AD.vbs" //nologo /test:$ARG1$
where "check_activedir" is the parameter that you pass from nagios with -c option, and "$ARG1$" are the services that you want check with -a option (separated by commas).
In Nagios, inside commands.cfg, you must put:
/usr/local/nagios/libexec/check_nrpe -H $HOSTNAME$ -c check_activedir -t TIMEOUT -a Replications,NetLogons,.....
Bye!
-Edit NSC.ini at nsclient folder.
-Below the line [NRPE Handlers] add this:
command[check_activedir]=cscript "C:Program FilesNagios
sclientscriptsCheck_AD.vbs" //nologo /test:$ARG1$
where "check_activedir" is the parameter that you pass from nagios with -c option, and "$ARG1$" are the services that you want check with -a option (separated by commas).
In Nagios, inside commands.cfg, you must put:
/usr/local/nagios/libexec/check_nrpe -H $HOSTNAME$ -c check_activedir -t TIMEOUT -a Replications,NetLogons,.....
Bye!
byqk4l, November 29, 2010
Hi, I test your script under w2k8 x64 (RUS) and it don`t work correctly. Script always return CRITICAL.
When I run 'dcdiag /test:services' (for example) always OK.
I try increase verbose mode in your script but it didn`t get anything usefull.
What addition information can I get to you for find and replace this bug?
Thank you.
When I run 'dcdiag /test:services' (for example) always OK.
I try increase verbose mode in your script but it didn`t get anything usefull.
What addition information can I get to you for find and replace this bug?
Thank you.
Owner's reply
Hi! sorry for not getting back to you, I was expecting Nagios Exchange to email me when this page was updated.
Can you email me the output of dcdiag as well as the output from my script? My email address is j-o-h-n@j-o-r-e.n-o (Remove the -)
JJ
Page 2 of 2
