diff --git a/Setup/SetupAssist/.gitignore b/Setup/SetupAssist/.gitignore index 8f586c56a1..2996438c93 100644 --- a/Setup/SetupAssist/.gitignore +++ b/Setup/SetupAssist/.gitignore @@ -1,2 +1,3 @@ *.config *.txt +*.log diff --git a/Setup/SetupAssist/Checks/Test-ReadOnlyDomainControllerLocation.ps1 b/Setup/SetupAssist/Checks/Test-ReadOnlyDomainControllerLocation.ps1 new file mode 100644 index 0000000000..1c9dcc6847 --- /dev/null +++ b/Setup/SetupAssist/Checks/Test-ReadOnlyDomainControllerLocation.ps1 @@ -0,0 +1,23 @@ +# Copyright (c) Microsoft Corporation. +# Licensed under the MIT License. + +Function Test-ReadOnlyDomainControllerLocation { + $forest = [System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest() + foreach ($domain in $forest.Domains) { + foreach ($dc in $domain.DomainControllers) { + $cn = $dc.Name.Substring(0, $dc.Name.IndexOf(".")) + $filter = "(&(objectClass=computer)(cn=$cn))" + $searcher = New-Object System.DirectoryServices.DirectorySearcher + $searcher.Filter = $filter + foreach ($result in $searcher.FindAll()) { + if ($result.Properties["primaryGroupID"][0] -eq 521) { + $dn = $result.Properties["distinguishedName"][0].ToString() + if (-not $dn.StartsWith("CN=$cn,OU=Domain Controllers,DC=")) { + ("Domain Controller $cn appears to be in a container other than Domain Controllers. " + + "This will cause /PrepareAd to fail in some scenarios. Please see https://support.microsoft.com/help/5005319 for details.") | Receive-Output -IsWarning + } + } + } + } + } +} diff --git a/Setup/SetupAssist/SetupAssist.ps1 b/Setup/SetupAssist/SetupAssist.ps1 index 70d317ef57..31f096e757 100644 --- a/Setup/SetupAssist/SetupAssist.ps1 +++ b/Setup/SetupAssist/SetupAssist.ps1 @@ -16,6 +16,7 @@ param( . .\Checks\Test-CriticalService.ps1 . .\Checks\Test-ExchangeAdLevel.ps1 . .\Checks\Test-ComputersContainerExists.ps1 +. .\Checks\Test-ReadOnlyDomainControllerLocation.ps1 . .\Checks\Test-MissingDirectory.ps1 . .\Checks\Test-MissingMsiFiles.ps1 . .\Checks\Test-OtherWellKnownObjects.ps1 @@ -126,6 +127,7 @@ Function MainUse { Test-MissingDirectory Test-ExchangeAdSetupObjects Test-ComputersContainerExists + Test-ReadOnlyDomainControllerLocation Confirm-VirtualDirectoryConfiguration $exSetupLog = "$($env:HOMEDRIVE)\ExchangeSetupLogs\ExchangeSetup.log"