In our earlier Server Tutorial, we explained why it’s necessary to reboot your production domain controllers monthly and provided a PowerShell script that will help you collect domain controllers uptime information.
In today’s Server Tutorial we are going to go into more detail on the domain controller health check front, but this time our focus will be geared primarily towards domain controller storage health checks. We’ll explain the location of storing OS and Active Directory files and how you can use a free PowerShell script to report on your domain controller storage configuration and to ensure none of your domain controllers are running low on disk space.
When it comes to performing storage health check of production domain controllers, you need to take the following two important health check items into consideration:
- It is always recommended to store Operating System files like NTDS.DIT (main Active Directory database), the SYSVOL folder, and NTDS log files onto separate storage spindles. For example, if you plan to build a production domain controller, keep your OS files on the C: drive, NTDS.DIT on the D: drive, SYSVOL on the E: drive and reserve the F: drive for storing NTDS log files. The objective for storing these files on separate storage spindles is to reduce the I/O operations performed by the OS and Active Directory processes.
- Domain Controllers should always have at least 10 GB of free space available on volumes where Active Directory database files are stored. While this is not a hard recommendation, you’ll want to keep your future business growth in mind and ensure your domain controllers run with sufficient disk space. That said, you may find it a bit challenging when it comes to extending the volume that hosts Active Directory files.
While you might have designed a standard procedure for allocating storage when building production domain controllers, do you have a standard operating manual or procedure to ensure your domain controller’s storage is configured as per the standards defined and that your domain controllers are not running low on disk space?
This is where the following PowerShell script comes in very handy. This PowerShell script collects all the domain controllers in an Active Directory environment and then does the following:
- Collect and report disk volumes on each domain controller.
- Identify how disk volumes are partitioned to store the OS and Active Directory files.
- Report remaining free disk space on each volume for each domain controller.
The steps for using the below script are quite simple. All you need to do is change the “ITDynamicPacks.Net” forest name to your Active Directory forest name, copy the entire script to a .PS1 file and then execute the script from an elevated PowerShell window.
Note: The script does not perform any write operations to the Active Directory environment.
$GDCList = “C:TempDCList.TXT”
Remove-item $GDCList
DSQuery Server –o RDN > $GDCList
$TestCSVFile = “C:TempDCDiskInfo.CSV”
Remove-item $TestCSVFile
$ThisStr=“Domain Controller, Number of Volumes, Volume, Capacity in GB, Free Space in GB, Enough Free Space on Volume?, Number of Volumes Ok?”
Add-Content “$TestCSVFile“ $ThisStr
$CurForestName = “ITDynamicPacks.Net”
$NumberOfDisksRem = “Ok”
Foreach ($ItemName in Get-Content “$GDCList“)
{
$disk = Get-WmiObject Win32_LogicalDisk -ComputerName $ItemName
IF ($Error.count -eq 0)
{
$ThisSTR = $ItemName+“,Error Connecting”
$ErrorOrNot = “Yes”
Add-Content “$TestCSVFile“ $ThisStr
}
else
{
$TotDisksNow=0
ForEach ($R in $disk)
{
$ThisDriveType = $R.DriveType
IF ($ThisDriveType -eq 3 -and $RFreeSpace -lt 10)
{
$TotDisksNow++
}
}
IF ($TotDisksNow -le 3)
{
$NumberOfDisksRem = “There are less than three volumes configured in the domain controller.”
}
$STRNew = $ItemName+“,”+$TotDisksNow+“,,,,,”+$NumberOfDisksRem
Add-Content “$TestCSVFile“ $STRNew
ForEach ($R in $disk)
{
$SizeOk = “”
$RSize = $R.Size / 1024/1024/1024
$RFreeSpace = $R.Freespace/1024/1024/1024
$ThisDriveType = $R.DriveType
IF ($ThisDriveType -eq 3 -and $RFreeSpace -lt 40)
{
$SizeOk = “WARNING:10 GB or less disk space available”
}
IF ($ThisDriveType -eq 3)
{
$ThisStr=“,,”+$R.DeviceID+“,”+$RSize+“,”+$RFreeSpace+“,”+$SizeOk
Add-Content “$TestCSVFile“ $ThisStr
}
#Add-Content “$TestCSVFile” $ThisStr
}
}
}
Once the script has finished executing for all domain controllers, a report will be generated in the DCDiskInfo.CSV file in the C:Temp folder as shown in the screenshot below:
As you can see in the report above, the script collects the volumes created on each domain controller specified in the C:TempDCList.TXT file and then reports the status for each domain controller.
By just looking at the report above, you can easily identify the domain controllers that are running low on disk space and how many domain controllers are not following standard disk partitioning procedure. For example, since this script found only one volume on Server1, it reported “There are less than four volumes configured in the domain controller” message in the “Number of Volumes Ok” column.
This clearly indicates that Server1 is hosting OS and Active Directory files on a single volume, which is not recommended for production domain controllers. Similarly, for Server2 and Server3, the script reported a “WARNING: 10 GB or less disk space available” message. This is because the C: drive of Server2 and Server3 have less the 10 GB of disk space available.
Tip: If you would like to change the 10 GB disk space check in the above script, specify a value of your choice in the “$RFreeSpace -lt 10” line in the script. For example, if you would like the script to check for domain controllers that have less than 5 GB disk space, you will modify it from “$RFreeSpace -lt 10” to “$RFreeSpace -lt 5“.
The above PowerShell script is part of the “Domain Controller Local Disks Test” Dynamic Pack, which is available for use with the Active Directory Health Profiler. The Active Directory Health Profiler allows you to run 67 Active Directory heath checks and can be executed for the entire Active Directory forest, for individual domains or for individual domain controllers.
Conclusion
Performing a health check of your domain controller storage requires that you check to ensure your Operating System and Active Directory files are stored onto separate storage spindles and your domain controllers are not running low on disk space. The PowerShell script provide above can be added to your standard Active Directory Health Check procedure to report on domain controller storage health checks in a CSV file.
Nirmal Sharma is a MCSEx3, MCITP and Microsoft MVP in Directory Services. He specializes in directory services, Microsoft Azure, Failover clusters, Hyper-V, System Center and Exchange Servers, and has been involved with Microsoft technologies since 1994. In his spare time, he likes to help others and share some of his knowledge by writing tips and articles on various sites and contributing to Health Packs for ADHealthProf.ITDynamicPacks.Net solutions. Nirmal can be reached at nirmal_sharma@mvps.org.