<# .SYNOPSIS This script will test user to ensure replication is working to all the domain controllers on the domain. .DESCRIPTION This script creates a test user in Active Directory, enables the user, forces replication across all domain controllers, and checks for the user's existence on each domain controller. .EXAMPLE Test-Replication This example runs the script to create a test user, enable it, force replication across all domain controllers, and check for the new user on each domain controller. .EXAMPLE Test-Replication -Username "TestUser01" -Password "" -OU "OU=TestAccounts,DC=yourdomain,DC=net" -DisplayName "Test User 01". !!!!!!These are not actual user accounts or passwords and I stringly recommend you don't use them. This example runs the script with specified parameters to create a test user with the given username, password, organizational unit, and display name, then proceeds with replication testing as described in the first example. .INPUTS The script does not take any inputs directly, but you can modify the variables at the beginning of the script to change the test user's details. - Username: The username for the test user. - Password: The password for the test user (must be secure). - OU: The organizational unit where the test user will be created. - DisplayName: The display name for the test user. .OUTPUTS The script outputs the status of the test user creation, replication status, and whether the user was found on each domain controller. It will display messages indicating success or failure for each domain controller. .NOTES This script is used for testing Active Directory replication by creating a test user and checking its presence across all domain controllers. Ensure you have the necessary permissions to create users in Active Directory. The script will force replication and check for the user's existence on each domain controller. #> # Import the AD module Import-Module ActiveDirectory # Define new test user details $Username = "TestUser1" $Password = ConvertTo-SecureString "" -AsPlainText -Force #Again, don't use this password. I'm just tryint to make a point with the complexity requirements. Use a secure password that meets your organization's policies. $OU = "OU=Staff,DC=yourdomain,DC=net" $DisplayName = "Test User for DC Cutover" # Create the new AD user Write-Host "Creating AD user $Username..." New-ADUser -Name $DisplayName ` -SamAccountName $Username ` -UserPrincipalName "$Username@yourdomain.net" ` -AccountPassword $Password ` -Path $OU ` -Enabled $true ` -PasswordNeverExpires $true ` -ChangePasswordAtLogon $false Enable-ADAccount -Identity $Username Write-Host "User $Username created and enabled.`n" # Force AD replication Write-Host "Triggering AD replication between all domain controllers..." Get-ADDomainController -Filter * | ForEach-Object { $source = $_.Name Get-ADDomainController -Filter * | ForEach-Object { $target = $_.Name if ($source -ne $target) { Write-Host "Replicating from $source to $target..." repadmin /replicate $target $source (Get-ADDomain).DistinguishedName } } } # Countdown timer function function Start-Countdown { param ($Minutes) for ($i = $Minutes; $i -gt 0; $i--) { Write-Host "Waiting... $i minute(s) remaining." -ForegroundColor Yellow Start-Sleep -Seconds 60 } Write-Host "Proceeding with verification..." -ForegroundColor Green } # Wait 5 minutes before checking (adjust if needed) $WaitMinutes = 5 Start-Countdown -Minutes $WaitMinutes # Verify the user on each domain controller Write-Host "`nVerifying replication of user $Username to each domain controller..." Get-ADDomainController -Filter * | ForEach-Object { $dc = $_.Name Write-Host "Checking $dc..." $user = Get-ADUser -Identity $Username -Server $dc -ErrorAction SilentlyContinue if ($user) { Write-Host "✅ Found $Username on $dc" } else { Write-Host "❌ $Username not found on $dc" -ForegroundColor Red } }