Import-Module ActiveDirectory <# .SYNOPSIS Sync all DC in a Forest .DESCRIOTION Sync all sites and services in a domain .INPUTS No Input needed .OUTPUTS Return a list of last sync elements .EXAMPLE PS> Replicate-ADSitesAndServices Server LastReplicationSuccess ------ ---------------------- DC01.dev.intra 14.02.2022 09:07:48 DC01.dev.intra 14.02.2022 09:07:47 DC02.dev.intra 14.02.2022 09:07:53 DC02.dev.intra 14.02.2022 09:07:44 DC03.dev.intra 14.02.2022 09:07:41 DC03.dev.intra 14.02.2022 09:07:56 #> function Replicate-ADSitesAndServices { (Get-ADDomainController -Filter *).Name | ForEach-Object { repadmin /syscall $_ (Get-ADDomain).DistinguishedName /e /A | Out-Null } Start-Sleep 10; Get-ADReplicationPartnerMetadata -Target "$env:USERDNSDOMAIN" -Scope Domain | Select-Object Server,LastReplicationSuccess } function Get-ADObjectTypeGUID{ param( [Parameter( Mandatory = $true, ParameterSetName="ObjectType", Position = 0, ValueFromPipeline = $true )] [string]$GUID ) if($Global:adObjectTypeGUID -eq $null){ $ObjectTypeGUID = @{} $GetADObjectParameter=@{ SearchBase=(Get-ADRootDSE).SchemaNamingContext LDAPFilter='(SchemaIDGUID=*)' Properties=@("Name", "SchemaIDGUID") } $SchGUID=Get-ADObject @GetADObjectParameter Foreach ($SchemaItem in $SchGUID){ $ObjectTypeGUID.Add([GUID]$SchemaItem.SchemaIDGUID,$SchemaItem.Name) } $ADObjExtPar=@{ SearchBase="CN=Extended-Rights,$((Get-ADRootDSE).ConfigurationNamingContext)" LDAPFilter='(ObjectClass=ControlAccessRight)' Properties=@("Name", "RightsGUID") } $SchExtGUID=Get-ADObject @ADObjExtPar ForEach($SchExtItem in $SchExtGUID){ $ObjectTypeGUID.Add([GUID]$SchExtItem.RightsGUID,$SchExtItem.Name) } $Global:adObjectTypeGUID=$ObjectTypeGUID } return $Global:adObjectTypeGUID[[GUID]$($GUID)] } function Get-ADObjectPermission{ param( [Parameter( Mandatory = $true, ParameterSetName="Identity", Position = 0, ValueFromPipeline = $true )] [string]$Identity, [string]$Reference ="*" ) (Get-Acl "AD:$($Identity)").access | Where-Object IdentityReference -Like $Reference | ForEach-Object{ $object=$_ switch($object.InheritanceType) { "None" {$object | Add-Member -Force -NotePropertyName InheritanceTypeName -NotePropertyValue "This Object Only"} "All" {$object | Add-Member -Force -NotePropertyName InheritanceTypeName -NotePropertyValue "This object and all descendant objects"} "Descendents" {$object | Add-Member -Force -NotePropertyName InheritanceTypeName -NotePropertyValue "All descendant objects"} "Children" {$object | Add-Member -Force -NotePropertyName InheritanceTypeName -NotePropertyValue "Only apply this permission to objects and/or containers within this container"} "SelfAndChildren" {$object | Add-Member -Force -NotePropertyName InheritanceTypeName -NotePropertyValue "Only apply this permission to objects and/or containers within this container"} } switch($object.PropagationFlags ) { "None" {$object | Add-Member -Force -NotePropertyName PropagationFlags -NotePropertyValue "no inheritance"} "InheritOnly" {$object | Add-Member -Force -NotePropertyName PropagationFlags -NotePropertyValue "inheritance child items only"} "NoPropagateInherit" {$object | Add-Member -Force -NotePropertyName PropagationFlags -NotePropertyValue "Only Apply this permission to objects and/or containers within this container is selected"} } if( $object.ObjectType -eq [GUID]"00000000-0000-0000-0000-000000000000"){ $objectTypeName="all properties" }else{ $objectTypeName= Get-ADObjectTypeGUID -GUID $object.ObjectType } $object | Add-Member -Force -NotePropertyName ObjectTypeName -NotePropertyValue $objectTypeName if( $object.InheritedObjectType -eq [GUID]"00000000-0000-0000-0000-000000000000"){ $InheritedObjectType="all objects" }else{ $InheritedObjectType= Get-ADObjectTypeGUID -GUID $object.InheritedObjectType } $object | Add-Member -Force -NotePropertyName InheritedObjectTypeName -NotePropertyValue $InheritedObjectType Write-Output $object } } Export-ModuleMember -Function Replicate-ADSitesAndServices,Get-ADObjectPermission