Please update to 2.8

[Spartan-196]

This appears to be a script originally maintained by MVP Jorge de Almeida Pinto.

This script is on v2.5 where Jorge's has been updated to v.2.8 almost a year ago. Please consider pulling it and integrating the changes.

List of changes since v2.5

v2.8, 2020-04-02, Jorge de Almeida Pinto [MVP-EMS]:

• Fixed an issue when the RODC itself is not reachable/available, whereas in that case, the source should be the RWDC with the PDC FSMO
• Checks to make sure both the RWDC with the PDC FSMO role and the nearest RWDC are available. If either one is not available, the script will abort

v2.7, 2020-04-02, Jorge de Almeida Pinto [MVP-EMS]:

• Added DNS name resolution check to the portConnectionCheck function
• To test membership of the administrators group in a remote AD forest the "title" attribute is now used instead of the "displayName" attribute to try to write to it
• Removed usage of $remoteADforest variable and only use the $localADforest variable
• Removed usage of $remoteCredsUsed variable and only use the $adminCrds variable (Was $adminCreds)
• Added a warning if the special purpose krbtgt account 'Krbtgt_AzureAD' is discovered in the AD domain
• If the number of RODCs in the AD domain is 0, then it will not present the options for RODCs
• If the number of RODCs in the AD domain is 1 of more, amd you chose to manually specify the FQDN of RODCs to process, it will present a list of RODCs to choose from
• Operational modes have been changed (WARNING: pay attention to what you choose!). The following modes are the new modes
  • 1 - Informational Mode (No Changes At All)
  • 2 - Simulation Mode | Temporary Canary Object Created To Test Replication Convergence!
  • 3 - Simulation Mode | Use KrbTgt TEST/BOGUS Accounts - No Password Reset/WhatIf Mode!
  • 4 - Real Reset Mode | Use KrbTgt TEST/BOGUS Accounts - Password Will Be Reset Once!
  • 5 - Simulation Mode | Use KrbTgt PROD/REAL Accounts - No Password Reset/WhatIf Mode!
  • 6 - Real Reset Mode | Use KrbTgt PROD/REAL Accounts - Password Will Be Reset Once!
• When choosing RODC Krb Tgt Account scope the following will now occur:
  • If the RODC is not reachable, the real source RWDC of the RODC cannot be determined. In that case, the RWDC with the PDC FSMO role is used as the source for the change and replication
  • If the RODC is reachable, but the real source RWDC of the RODC is not reachable it cannot be used as the source for the change and replication. In that case, the RWDC with the PDC FSMO role is used as the source for the change and replication
• Sections with '#XXX' have been removed
• Calls using the CMDlet 'Get-ADReplicationAttributeMetadata' (W2K12 and higher) have been replaced with .NET calls to support older OS'es such as W2K8 and W2K8R2. A function has been created to retrieve metadata
• Some parts were rewritten/optimized

v2.6, 2020-02-25, Jorge de Almeida Pinto [MVP-EMS]:

• Removed code that was commented out
• Logging where the script is being executed from
• Updated the function 'createTestKrbTgtADAccount' to also include the FQDN of the RODC for which the Test KrbTgt account is created for better recognition
• In addition to the port 135 (RPC Endpoint Mapper) and 389 (LDAP), the script will also check for port 9389 (AD Web Service) which is used by the ADDS PoSH CMDlets
• Updated script to included more 'try/catch' and more (error) logging, incl. line where it fails, when things go wrong to make troubleshooting easier