My approach is to get the latest ModifyTimeStamp
after scanning on all DC's. The scenario in my code is:
First, I scan on the PDC to get the distinguishedName
values, and after that I scan on all DC's also to get distinguishedName
values, if they are -eq
to each other, it will print the ModifyTimeStamp
which means all ModifyTimeStamp
values on each DC's will be stored in an arraylist. The arraylist will print the maximum values then on. As the following:
$TrustedDomain = "test.com"
$context = new-object System.DirectoryServices.ActiveDirectory.DirectoryContext("domain",$TrustedDomain)
$D = [System.DirectoryServices.ActiveDirectory.Domain]::GetDomain($context)
$PDC = $D.PdcRoleOwner
$ADSearch = New-Object System.DirectoryServices.DirectorySearcher
$ADSearch.SearchRoot ="LDAP://$PDC"
$ADSearch.SearchScope = "subtree"
$ADSearch.PageSize = 100
$ADSearch.Filter = "(&(objectCategory=person)(objectClass=user))"
foreach($pro in $properies)
{
$ADSearch.PropertiesToLoad.add($pro)| out-null
}
$userObjects = $ADSearch.FindAll()
$dnarr = New-Object System.Collections.ArrayList
Function modiScan{
$Searcher = New-Object System.DirectoryServices.DirectorySearcher
$Searcher.PageSize = 100
$Searcher.SearchScope = "subtree"
$Searcher.Filter = "(&(objectCategory=person)(objectClass=user))"
$Searcher.PropertiesToLoad.Add("distinguishedName")|Out-Null
$Searcher.PropertiesToLoad.Add("modifyTimeStamp")|Out-Null
forEach ($users In $userObjects)
{
$DN = $users.Properties.Item("distinguishedName")[0]
$dnarr.add($DN)|Out-Null
}
#$dnarr
foreach($dnn in $dnarr){
$lastmd = New-Object System.Collections.ArrayList
ForEach ($DC In $D.DomainControllers){
$Server = $DC.Name
$Base = "LDAP://$Server/"+$dnn
$Searcher.SearchRoot = $Base
$Results2 = $Searcher.FindAll()
ForEach ($Result2 In $Results2)
{
$DN2 = $Result2.Properties.Item("distinguishedName")[0]
if($DN2 -eq $dnn){
$modi = $Result2.Properties.Item("modifyTimeStamp")[0]
$lastmd.Add($modi)|Out-Null
}
}
}
$lastModi = ($lastmd |measure -max).maximum
if($lastModi -ne $null){
$lastModi = $lastModi.ToString("yyyy/MM/dd")
}
else{
$lastModi = "N/A"
}
$lastModi
}
}
modiScan
The error I've got is:
Exception calling "FindAll" with "0" argument(s): "Unknown error (0x80005000)"
At C:\Users\Ender\trustedScan.ps1:40 char:21
+ $Results2 = $Searcher.FindAll()
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : COMException
I have executed on current Domain it worked like a charm. But when I try to put a trusted domain, it throws me that error.