Powershell and DFSR
Sorry for the long delay between posts, but work has been absolutely crazy.
Anyway, one of the recent tasks I have been working on is to find a way to check DFSR to make sure that our remote sites are properly replicating data back to our corporate datacenter. Part of this new infrastructure relies heavily on Microsoft DFSR and all the cool stuff it brings (in 2003 R2).
Our support teams have been asking for ways to ensure that data has completely synchronized to our corporate datacenter every night. Unfortunately there isn’t an easy way to determine this scriptomatically. Well leave it to me to try some different things and attempt to put SOMETHING in place to do this.
Basically we have remote sites replicating during non-business-hours back to a central “hub” DFSR server. We would then backup this “hub” server with our corporate backup infrastructure. This is a WHOLE lot easier than getting users in remote sites to swap tapes or whatever and send them offsite, etc.
The only way I have been able to determine the state of replication is to query the “backlog” of the remote site DFSR servers. This should tell us how many files are sitting there awaiting replication. DFSRDIAG is a tool that can help us enumerate these files, but then we have to parse out the data. We also need to know which replication partner, which replicated folder, and which replication group these remote sites belong to.
One way to enumerate that info is through a WMI query. From the DFSR “hub” server you can enumerate all DFSR connections, groups, folders, etc. by running some queries against the “MicrosoftDFS” namespace. This is different from standard WMI queries because the default namespace (cimv2) does not contain any DFSR configuruations.
Once we connect to this namespace, it is a fairly trivial task to cycle through all the connection partners, replication groups, and replicated folders.
We can then run the “DFSRDIAG” tool to see how many files are in the backlog.
Once we have determine how many files are out there for each replicated folder, we then write a custom event log entry and have our monitoring tools pick those up.
For this script I have set a threshold of 10 files before writing an “error” event log. This can easily be changed based on your specific needs, though.
You should also be able to easily customize the eventIDs and source information by modifying the values assigned to those variables.
For actually writing to the event log, I am “borrowing” some code my colleauge Mike put together.
Anyway, I think the script is fairly self explanitory. If you need additionaly info or have questions, please let me know.
Thanks and happy scripting…
– Mark
## Check-DFSR.ps1 script ## Written by: Mark A. Weaver ## Site: http://www.vmweaver.com ## Version: 2.0 ## Date: 5/7/2009 ## Purpose: This script will query the local WMI root for DFS replication groups and folders. ## It will then run DFS utilities to determine the number of files in the backlog on the ## destination partners in the replication group. ## ## This script was written for the spefic use of being run on a centralized DFSR server ## which acts as the HUB for remote office backups. ## ## ## Monitoring Rules can be setup to collect and report on the events being generated. ## ## Event information is written to the Application log using the EventIDs at the bottom. ## Input: None ############################# ## Updates: ## 20090408 Weaver: Fixed issue where multiple events are generated throughout the execution ## 20090408 Weaver: Added BacklogFileCount to event message ## 20090409 Weaver: Fixed list of replication connections issue due to change in replication topology ## 20090507 Weaver: Added functionality to return results from all partners in the replication ## ## ###################################################################### ###################################################################### # Write-Event powershell function # Written by Mike Hays # http://blog.mike-hays.net # # function Write-Event( [string]$Source = $(throw "An event Source must be specified."), [int]$EventId = $(throw "An Event ID must be specified."), [System.Diagnostics.EventLogEntryType] $EventType = $(throw "Event EventType must be specified. (Error, Warning, Information, SuccessAudit, FailureAudit)"), [string]$Message = $(throw "An event Message must be specified."), $EventLog ) { #Uncommon event logs can be specified (even custom ones), but since that isn't generally #the desired result, I prevent that here $acceptedEventLogs = "Application", "System" if ($eventEventLog -eq $null) { $eventEventLog = "Application" } elseif (!($acceptedEventLogs -icontains $eventEventLog)) { Write-Host "This function supports writing to the following event logs:" $acceptedEventLogs Write-Host "Defaulting to Application Eventlog" $eventEventLog = "Application" } #Create a .NET object that is connected to the Eventlog $event = New-Object -type System.Diagnostics.Eventlog -argumentlist $EventLog #Define the Source property $event.Source = $Source #Write the event to the log $event.WriteEntry($Message, $EventType, $EventId) } ###################################################################### ###################################################################### ## Main ## Errors written: ## Log File: Application ## Source: Check-DFSR Script ## ID: 9500 - Lists fully replicated replication folders ## ID: 9501 - Lists replication folders with less than the $BacklogErrorLevel files waiting ## ID: 9502 - Lists replication folders with more than the $BacklogErrorLevel files waiting ## ID: 9503 - If a connection is not pingable, this event is written. $BacklogErrorLevel = 10 $ComputerName = $env:ComputerName ## Query DFSR groups from the local MicrosftDFS WMI namespace. $DFSRGroupWMIQuery = "SELECT * FROM DfsrReplicationGroupConfig" $RGroups = Get-WmiObject -Namespace "root\MicrosoftDFS" -Query $DFSRGroupWMIQuery ## Setup my variables $ping = New-Object System.Net.NetworkInformation.Ping $SuccessAudit = $Null $WarningAudit = $Null $ErrorAudit = $Null $EventSource = "Check-DFSR Script" $SuccessEventID = 9500 $WarningEventID = 9501 $ErrorEventID = 9502 $NoPingEventID = 9503 foreach ($Group in $RGroups) { ## Cycle through all Replication groups found $DFSRGFoldersWMIQuery = "SELECT * FROM DfsrReplicatedFolderConfig WHERE ReplicationGroupGUID='" + $Group.ReplicationGroupGUID + "'" $RGFolders = Get-WmiObject -Namespace "root\MicrosoftDFS" -Query $DFSRGFoldersWMIQuery ## Grab all connections associated with a Replication Group $DFSRConnectionWMIQuery = "SELECT * FROM DfsrConnectionConfig WHERE ReplicationGroupGUID='" + $Group.ReplicationGroupGUID + "'" $RGConnections = Get-WmiObject -Namespace "root\MicrosoftDFS" -Query $DFSRConnectionWMIQuery foreach ($Connection in $RGConnections) { $ConnectionName = $Connection.PartnerName.Trim() $IsInBound = $Connection.Inbound $IsEnabled = $Connection.Enabled ## Do not attempt to look at connections that are Disabled if ($IsEnabled -eq $True) { ## If the connection is not ping-able, do not attempt to query it for Backlog info $Reply = $ping.send("$ConnectionName") if ($reply.Status -eq "Success") { ## Cycle through the Replication Folders that are part of the replication group and run DFSRDIAG tool to determine the backlog on the connection partners. foreach ($Folder in $RGFolders) { $RGName = $Group.ReplicationGroupName $RFName = $Folder.ReplicatedFolderName ## Determine if current connect is an inbound connection or not, set send/receive members accordingly if ($IsInBound -eq $True) { $SendingMember = $ConnectionName $ReceivingMember = $ComputerName } else { $SendingMember = $ComputerName $ReceivingMember = $ConnectionName } $Out = $RGName + ":" + $RFName + " - S:"+$SendingMember + " R:" + $ReceivingMember Write-Host $Out ## Execute the dfsrdiag command and get results back in the $Backlog variable $BLCommand = "dfsrdiag Backlog /RGName:'" + $RGName + "' /RFName:'" + $RFName + "' /SendingMember:" + $SendingMember + " /ReceivingMember:" + $ReceivingMember $Backlog = Invoke-Expression -Command $BLCommand $BackLogFilecount = 0 foreach ($item in $Backlog) { if ($item -ilike "*Backlog File count*") { $BacklogFileCount = [int]$Item.Split(":")[1].Trim() } } if ($BacklogFileCount -eq 0) { #Update Success Audit $SuccessAudit += $RGName + ":" + $RFName + " is in sync with 0 files in the backlog from "+ $SendingMember + " to " + $ReceivingMember +".`n" } elseif ($BacklogFilecount -lt $BacklogErrorLevel) { #Update Warning Audit $WarningAudit += $RGName + ":" + $RFName + " has " + $BacklogFileCount + " files in the backlog from " + $SendingMember + " to " + $ReceivingMember + ".`n" } else { #Update Error Audit $ErrorAudit += $RGName + ":" + $RFName + " has " + $BacklogFilecount + " files in the backlog from " + $SendingMember + " to " + $ReceivingMember + ".`n" } #Write-Host + $Folder.ReplicatedFolderName "- " $BackLogFilecount -foregroundcolor $FGColor } } else { Write-Host $ConnectionName "is not pingable" $NoPingMessage = "Server """ + $ConnectionName + """ could not be reached.`nPlease verify it is on the network and pingable." Write-Event $EventSource $NoPingEventID "Warning" $NoPingMessage "Application" } } } } ## Write my events to the local Application log. if ($SuccessAudit -ne $Null) { Write-Event $EventSource $SuccessEventID "Information" $SuccessAudit "Application" } if ($WarningAudit -ne $Null) { Write-Event $EventSource $WarningEventID "Warning" $WarningAudit "Application" } if ($ErrorAudit -ne $Null) { Write-Event $EventSource $ErrorEventID "Error" $ErrorAudit "Application" }
Hi! There is a message: “Exception calling” WriteEntry “with” 3 “argument (s):” Log entry string is too long. A string written to the event log cannot exceed 32766 characters. “”
Show you how to fix this situation? Or how can I redirect log to a text file?
Serge,
Yikes! Sorry to hear about the issue you are having and thanks for all the info you provided. Right now I am buried at work, but I will need to come back and revist your reply…
— Mark
Alex,
sounds like you are hitting a windows limit on eventlog entry size.
One way I think I will approach this is to re-write the eventlog functions to split out messages longer than the limit and create mulitple entries. This may take me some time as I am quite swamped at work right now.
The other thing you ask is redirecting to a log file. This should be fairly simple.
This (basically) specifies where you want your logs to be written and sticks a timestamp in front of it.
i haven’t tested these changes, so let me know if you run into issues..
Just replace the last part of the script with this instead..
################################
$LogDate=Get-Date -Format “yyyyMMddhhmm”
$SuccessLog = “C:\” +$logDate + “-Success.log”
$WarningLog = “C:\” +$logDate + “-Warning.log”
$ErrorLog = “C:\” +$logDate + “-Error.log”
if ($SuccessAudit -ne $Null)
{
#Write-Event $EventSource $SuccessEventID “Information” $SuccessAudit “Application”
Out-File -InputObject $SuccessAudit -FilePath $SuccessLog -Append
}
if ($WarningAudit -ne $Null)
{
#Write-Event $EventSource $WarningEventID “Warning” $WarningAudit “Application”
Out-File -InputObject $WarningAudit -FilePath $WarningLog -Append
}
if ($ErrorAudit -ne $Null)
{
#Write-Event $EventSource $ErrorEventID “Error” $ErrorAudit “Application”
Out-File -InputObject $ErrorAudit -FilePath $ErrorLog -Append
}
########################################
— Mark
Mark,
I was very pleased to find this script and see others have had success in its implementation. I have scheduled this script to run on our hub dfsr servers and I see the check-dfsr events in the eventlog. I have left the backlogerrorlevel at the default value of 10. The problem I am having is it is only reporting 9500 events and indicating all of the replication group connections are in sync with 0 backlog even when there are really backlogs greater than 100 (verified by running the dfsrdiag backlog manually). Do you have any ideas of what could cause the script to report incorrectly?
Any ideas would really be appreciated,
Thank you,
Sharon
Sharon,
Do your replication groups or replicated folder names have spaces in them?
There was a change made that put quotes around the replication groups and folder names. Please see the previous comments to make sure you have this.
I probably need to do some more error checking to make sure no false-positives are generated.
– Mark
For anyone that wants emails sent out I have updated the script to include HTML emails with formatting. (Added by Moderator from previous post)
Moderator please remove all other comments from me.. This should work now:
$SuccessAuditHTML = “HTML”
$SuccessAuditHTML += “BODY”
$WarningAuditHTML = “HTML”
$WarningAuditHTML += “BODY”
$ErrorAuditHTML = “HTML”
$ErrorAuditHTML += “BODY”
foreach ($Group in $RGroups)
{
## Cycle through all Replication groups found
$DFSRGFoldersWMIQuery = “SELECT * FROM DfsrReplicatedFolderConfig WHERE ReplicationGroupGUID=’” + $Group.ReplicationGroupGUID + “‘”
$RGFolders = Get-WmiObject -Namespace “root\MicrosoftDFS” -Query $DFSRGFoldersWMIQuery
## Grab all connections associated with a Replication Group
$DFSRConnectionWMIQuery = “SELECT * FROM DfsrConnectionConfig WHERE ReplicationGroupGUID=’” + $Group.ReplicationGroupGUID + “‘”
$RGConnections = Get-WmiObject -Namespace “root\MicrosoftDFS” -Query $DFSRConnectionWMIQuery
foreach ($Connection in $RGConnections)
{
$ConnectionName = $Connection.PartnerName.Trim()
$IsInBound = $Connection.Inbound
$IsEnabled = $Connection.Enabled
## Do not attempt to look at connections that are Disabled
if ($IsEnabled -eq $True)
{
## If the connection is not ping-able, do not attempt to query it for Backlog info
$Reply = $ping.send(“$ConnectionName”)
if ($reply.Status -eq “Success”)
{
## Cycle through the Replication Folders that are part of the replication group and run DFSRDIAG tool to determine the backlog on the connection partners.
foreach ($Folder in $RGFolders)
{
$RGName = $Group.ReplicationGroupName
$RFName = $Folder.ReplicatedFolderName
## Determine if current connect is an inbound connection or not, set send/receive members accordingly
if ($IsInBound -eq $True)
{
$SendingMember = $ConnectionName
$ReceivingMember = $ComputerName
}
else
{
$SendingMember = $ComputerName
$ReceivingMember = $ConnectionName
}
$Out = $RFName + ” – S:”+$SendingMember + ” R:” + $ReceivingMember
Write-Host $Out
## Execute the dfsrdiag command and get results back in the $Backlog variable
$BLCommand = “dfsrdiag Backlog /RGName:’” + $RGName + “‘ /RFName:’” + $RFName + “‘ /SendingMember:” + $SendingMember + ” /ReceivingMember:” + $ReceivingMember
$Backlog = Invoke-Expression -Command $BLCommand
$BackLogFilecount = 0
foreach ($item in $Backlog)
{
if ($item -ilike “*Backlog File count*”)
{
$BacklogFileCount = [int]$Item.Split(“:”)[1].Trim()
}
}
if ($BacklogFileCount -eq 0)
{
#Update Success Audit
$SuccessAudit += $RFName + ” : 0 files backlogged from “+ $SendingMember + ” to ” + $ReceivingMember +”.`n`r”
$SuccessAuditHTML += $RFName + ” : 0 files backlogged from “+ $SendingMember + ” to ” + $ReceivingMember + “BR”
}
elseif ($BacklogFilecount -lt $BacklogErrorLevel)
{
#Update Warning Audit
$WarningAudit += $RFName + ” ” + $BacklogFileCount + ” backlogged files from ” + $SendingMember + ” to ” + $ReceivingMember + “.`n`r”
$WarningAuditHTML += $RFName + ” ” + $BacklogFileCount + ” backlogged files from ” + $SendingMember + ” to ” + $ReceivingMember + “BR”
}
else
{
#Update Error Audit
$ErrorAudit += $RFName + ” ” + $BacklogFilecount + ” backlogged files from ” + $SendingMember + ” to ” + $ReceivingMember + “.`n`r”
$ErrorAuditHTML += $RFName + ” ” + $BacklogFileCount + ” backlogged files from ” + $SendingMember + ” to ” + $ReceivingMember + “BR”
}
#Write-Host + $Folder.ReplicatedFolderName “- ” $BackLogFilecount -foregroundcolor $FGColor
}
}
else
{
Write-Host $ConnectionName “is not pingable”
$NoPingMessage = “Server “”" + $ConnectionName + “”" could not be reached.`nPlease verify it is on the network and pingable.”
Write-Event $EventSource $NoPingEventID “Warning” $NoPingMessage “Application”
}
}
}
$SuccessAuditHTML += “BR”
$WarningAuditHTML += “BR”
$ErrorAuditHTML += “BR”
}
## Write my events to the local Application log.
$SuccessAuditHTML += “/BODY”
$SuccessAuditHTML += “/HTML”
$WarningAuditHTML += “/BODY”
$WarningAuditHTML += “/HTML”
$ErrorAuditHTML += “/BODY”
$ErrorAuditHTML += “/HTML”
Write-Host $SuccessAuditHTML
if ($SuccessAudit -ne $Null)
{
Write-Event $EventSource $SuccessEventID “Information” $SuccessAudit “Application”
}
if ($WarningAudit -ne $Null)
{
Write-Event $EventSource $WarningEventID “Warning” $WarningAudit “Application”
}
if ($ErrorAudit -ne $Null)
{
Write-Event $EventSource $ErrorEventID “Error” $ErrorAudit “Application”
}
## This is to create an email content
$Mail = New-Object System.Net.Mail.MailMessage($Sender,$Recipient)
$Mail.IsBodyHTML = $True
## Setup SMTP Mail Server info
$MailClient = New-Object System.Net.Mail.SmtpClient
$MailClient.Host = $Mailserver
if ($SuccessAudit -ne $NULL)
{
$MailTxt = “Information ”
$Mail.Subject = $MailTxt + “: DFS-R Report on ” + (Get-Date)
$Mail.Body = $SuccessAuditHTML
# Send the message
$MailClient.Send($Mail)
}
if ($WarningAudit -ne $NULL)
{
$MailTxt = “Warning ”
$Mail.Subject = $MailTxt + “: DFS-R Report on ” + (Get-Date)
$Mail.Body = $WarningAuditHTML
# Send the message
$MailClient.Send($Mail)
}
if ($ErrorAudit -ne $NULL)
{
$MailTxt = “Error ”
$Mail.Subject = $MailTxt + “: DFS-R Report on ” + (Get-Date)
$Mail.Body = $ErrorAuditHTML
# Send the message
$MailClient.Send($Mail)
}
You will need to add the HTML Tags “” to HTML, BODY, and BR within the script.
Sorry for the multiple comments
Steve,
Wow! Thanks for the update. I am sure that will help a bunch of folks out. I appreciate the effort on this.
— Mark
@Steve
What do you mean by this because my emails have no formatting:
You will need to add the HTML Tags “” to HTML, BODY, and BR within the script.
N/M I hadn’t had my coffee for the morning yet =)
Fantastic script, it was exactly what I needed. Thanks!
Glad it worked out for you! Let me know if you have suggestions on how to improve it.
– Mark
I love the additions of having email notification sent out and that’s scheduled once per day so thank you for that piece!!
I’ve also updated your script to run on my desktop and query the remote hub server so i can easily run it on the fly and without having to be logged in locally on the hub.