Active Directory (AD) Check

When running the VB script, dcdiag /test:fsmocheck on long domain name, the vbscript get the result "passed test FsmoCheck" on multiple lines, and the script is getting a false error. For example: Running enterprise tests on : verylong.sub.topdomaine.com ------------------------------------ Starting test: FsmoCheck ......................... verylong.sub.topdomaine.com passed test FsmoCheck ------------------------------------ The FsmoCheck appears on the line after "passed test". The fix when a line end with "passed test", then add the next line at the end if this line. The code fix is available at: https://github.com/mst-amour/nagios/blob/main/check_ad.vbs Here is the updated function to update: -------------------------------- 'call dcdiag and parse the output sub exec(strCmd) 'Declare variables dim objShell : Set objShell = WScript.CreateObject("WScript.Shell") dim objExecObject, lineout, tmpline, tmpline_no_cr_lf, end_passed_str, tmpline_next lineout = "" 'Command line options we're using ' pt strCmd Set objExecObject = objShell.Exec(strCmd) 'Loop until end of output from dcdiag do While not objExecObject.StdOut.AtEndOfStream tmpline = lcase(objExecObject.StdOut.ReadLine()) tmpline_no_cr_lf = Replace(tmpline,chr(10),"") ' Newline tmpline_no_cr_lf = Replace(tmpline,chr(13),"") ' CR call parselang(tmpline_no_cr_lf) lineout = lineout + tmpline if (instr(tmpline_no_cr_lf, ".....")) then 'testresults start with a couple of dots, so lets reset the lineout buffer lineout= tmpline if (len(tmpline_no_cr_lf) > 13) then end_passed_str = Mid(tmpline_no_cr_lf, Len(tmpline_no_cr_lf) - 10, 11) if(StrComp(end_passed_str, "passed test") = 0) then tmpline_next = lcase(objExecObject.StdOut.ReadLine()) tmpline_next = Replace(tmpline_next,chr(10),"") ' Newline tmpline_next = Replace(tmpline_next,chr(13),"") ' CR tmpline_no_cr_lf = tmpline_no_cr_lf + tmpline_next end if end if end if if instr(tmpline_no_cr_lf, lcase(strOK)) then 'we have a strOK String which means we have reached the end of a result output (maybe on newline) call parse(tmpline_no_cr_lf) lineout = "" end if loop ' Catch the very last test (may be in the lineout buffer but not yet processed) if instr(lineout, lcase(strOK) & " test") OR instr(lineout, lcase(strNotOK) & " test") then 'we have a strOK String which means we have reached the end of a result output (maybe on newline) call parse(lineout) end if end sub

https://github.com/TheInfectedFetus/nagios-plugins/blob/patch-1/check_ad.vbs This should solve the fsmo false positive for long domain names tested on server 2019

I use this check but I have problem with operating system in Italian. I add a modify on the script and it's work on Italian too. Could I send the new version? Bye Franco

Hi! Thanks for the script. I am getting the error with FSMO check C:Program FilesNSClient++scripts>cscript.exe //NoLogo check_ad.vbs CRITICAL - services: OK. replications: OK. advertising: OK. fsmocheck: CRITICAL. ridmanager: OK. machineaccount: OK. If I run dcdiag /test:fsmocheck then my test is passed. Any tip to fix this? Thanks

Hi all, we tested the bug-Fix from itnate but the error with the missing ridmanager still occures. Could you please provide anothjer solution? Thanks in advance.

The script was flawless for DCs from 2003 to 2016. However I also have a Read Only 2012 R2 DC and the DCDiag does not check or output RIDManger. So I made a slight modification to line 237: 'Set default status for each named test for loop1 = 0 to (ubound(name)-1) status(loop1) = "CRITICAL" lock(loop1) = FALSE cmd = cmd & "/test:" & name(loop1) & " " next 'Set default status for each named test for loop1 = 0 to (ubound(name)-1) status(loop1) = "Not Checked" lock(loop1) = FALSE cmd = cmd & "/test:" & name(loop1) & " " next This will allow the check to return OK if the keyword of the check is not found. However labeling that check as "Not Checked" in the service text.

https://github.com/arigaud/nagios-plugins/blob/master/check_ad.vbs

Hello, tirst of all thank you for your job, this script is perfect to check every domain controller in our network There is only one small problem with ReadOnly Domain COntrolelrs, because the test RidManager should be skipped in this case. Dcdiag does not output anything for the test RidManager when is executed on a RDOC, so the script should detect this condition and skip the test. Thanks Best regards Luca

In response to: I have the same problem than Jeremy B, dcdiag result is on 2 line instead of 1 and I have a critical error for fsmo check. Change the default values for the English language (unless you want to test other languages): 'Lang dependend. Default is english dim strOK : strOK = "?????? ???????? " dim strNotOK : strNotOk = "?? ?????? ???????? " The only remark, these values must be saved in the editor encoded OEM 866 and then we obtain the following: 'Lang dependend. Default is english dim strOK : strOK = "??®©¤?­ ??®???? " dim strNotOK : strNotOk = "­? ??®©¤?­ ??®???? " In the end is required to type in a space, otherwise in the case of a long domain name ( in my case it’s 16 characters) will occur a line break and FsmoCheck will process incorrectly. More exactly works correctly, but will process the result of incorrect. This is clearly evident when you start c verbose = 1 and uncomment fields (remove in front quotes): ‘pt "lineout buffer '" & lineout & "'" ‘pt "lineout buffer appended '" & lineout & "'"

I can see what the script does when I run it manually, however when executed by nagios is it supposed to show more than OK space and a dash? I would think since the script spits out the status of each item being checked it would show those results in the Status Information. How I'm configured: In NSClient.ini under external scripts: actived=cscript.exe //T:30 //NoLogo scripts\check_ad.vbs $ARG1 In commands.cfg: define command{ command_name check_nrpe command_line /usr/local/nagios/libexec/check_nrpe -H $HOSTADDRESS$ -c $ARG1$ } in windows.cfg: define service{ use generic-service host homeserver service_description AD check_command check_nrpe!actived } Thoughts?

First of all...thank you for this nice script. But I have a small problem. Running the script from the cli works fine: cscript //nologo .check_ad.vbs OK - services: OK. replications: OK. advertising: OK. fsmocheck: OK. ridmanager: OK. machineaccount: OK. But when i execute the script with "nscp test" the output is cropped D ext-script Command line: cscript.exe //T:30 //NoLogo scriptslibwrapper.vbs check_ad.vbs L cli OK: OK - NSClient++ Version is 0.4.3.143 Can you help me with this problem? Thank you in advance.

Hi, i have my domain controllers running on Windows Server 2012 in spanish versión, and not found, the check status is "unknown", somebody can help me please? Thanks,

Hi, I tried to figure out how to use the script in french version for Windows server 2012 but nothing works. I changed the variables in french which are "réussi" when it's ok and "échoué" when it failed. But I'm not sure... When I use dcdiag, all is ok and with the plugin all is critical. Thank you

it doesn't work on windows 2008 r2 x64 domain controller because it require elevation. it is a way to fix the code to make it work? Thanks

doesn't work on French system with accented characters but I have solve this problem and add /help arguments. You can found the code on https://github.com/Guiona/NagiosPlugins/blob/master/check_ad.vbs

Hi i'm having a hard time setting up check_ad on my nagios server returns an error on nagios return code of 127 is out of bounds - plugin may be missing in nagios i get a no handler for commmand. Please help. This is what I've done so far on the host: In nsclient-full.ini I enabled external scripts allowed agruments and nasty characters and added [/settings/external scripts/scripts] command[check_activedir]=cscript "C:Program FilesNSClient++scriptsCheck_AD.vbs" //nologo /test:$ARG1$ also tried [NRPE Handlers] command[check_activedir]=cscript "C:Program FilesNSClient++scriptsCheck_AD.vbs" //nologo /test:$ARG1$ on nagios server in the commands.cfg added define command{ command_name check_nrpe command_line $users1$/checknrpe -H $HOSTNAME$ -c check_activedir -t TIMEOUT -a Replications } in the machine settings file in nagios define service { use generic-service hostgroup phx-dc service_description active directory health check_command Check_nrpe!check_activedir} plug-in http://exchange.nagios.org/directory/Plugins/Operating-Systems/Windows/Active-Directory-(AD)-Check/details email me @ vitaly-23@yahoo.com (remove - between name and number) thank you

Script works fine most of the time but sometimes exits with error code -1073741819 Resulting in an unknown state for Nagios Anyone got any suggestions for this ? I don't seem to be the only person running in to this problem http://www.nsclient.org/nscp/ticket/602

Hi, I have the same problem than Jeremy B, dcdiag result is on 2 line instead of 1 and I have a critical error for fsmo check. how can I fix that ? Thanks

...as it should! Thanks a lot!

Works like a charm on Windows Server 2012

I use it to check an AD 2012 forest (W2008R2 and W2012 servers) and it works. But I needed to edit the script in order it works properly: "dcdiag.exe" output is not always on 1 line and the script doesn't handle it correctly. Ex: dcdiag.exe /test:VerifyEnterpriseReferences Will have these two lines for test result ......................... SRVXXX-XXX passed test VerifyEnterpriseReferences The script will find the "passed" word, but won't be able to associate it with the test name. I solve it by using dcdiag output file and parse it instead of parsing directly the command output.

This script is working on my server with out any problem and it is gives the output. Kindly help to configure the service description for this service on Nagios server?

If you have NSClient++ instead NRPE_NT, follow this instructions: -Edit NSC.ini at nsclient folder. -Below the line [NRPE Handlers] add this: command[check_activedir]=cscript "C:Program FilesNagios sclientscriptsCheck_AD.vbs" //nologo /test:$ARG1$ where "check_activedir" is the parameter that you pass from nagios with -c option, and "$ARG1$" are the services that you want check with -a option (separated by commas). In Nagios, inside commands.cfg, you must put: /usr/local/nagios/libexec/check_nrpe -H $HOSTNAME$ -c check_activedir -t TIMEOUT -a Replications,NetLogons,..... Bye!

Hi, I test your script under w2k8 x64 (RUS) and it don`t work correctly. Script always return CRITICAL. When I run 'dcdiag /test:services' (for example) always OK. I try increase verbose mode in your script but it didn`t get anything usefull. What addition information can I get to you for find and replace this bug? Thank you.