search

EvotecIT / ADEssentials

PowerShell Active Directory helper functions to manage healthy Active Directory
MIT License
429 stars 51 forks source link

Tombstone lifetime not defaulting to 60 #40

Closed bstets1 closed 7 months ago

bstets1 commented 7 months ago

For the function Get-WinADTombstoneLifetime, when the property tombstoneLifetime does not exist the existing function code does not catch it in the if statement and therefore the result is $null in the returned value from the function. The code should be altered slightly to look for $output.tombstoneLifetime, not just $output

existing code: `function Get-WinADTomebstoneLifetime { [Alias('Get-WinADForestTomebstoneLifetime')] [CmdletBinding()] param( [alias('ForestName')][string] $Forest, [System.Collections.IDictionary] $ExtendedForestInformation ) $ForestInformation = Get-WinADForestDetails -Forest $Forest -ExtendedForestInformation $ExtendedForestInformation

Check tombstone lifetime (if blank value is 60)

# Recommended value 720
# Minimum value 180
$QueryServer = $ForestInformation.QueryServers[$($ForestInformation.Forest.Name)]['HostName'][0]
$RootDSE = Get-ADRootDSE -Server $QueryServer
$Output = (Get-ADObject -Server $QueryServer -Identity "CN=Directory Service,CN=Windows NT,CN=Services,$(($RootDSE).configurationNamingContext)" -Properties tombstoneLifetime)
if ($null -eq $Output) {
    [PSCustomObject] @{
        TombstoneLifeTime = 60
    }
} else {
    [PSCustomObject] @{
        TombstoneLifeTime = $Output.tombstoneLifetime
    }
}

}`

proposed code change: if ($null -eq $Output.tombstoneLifetime) { [PSCustomObject] @{ TombstoneLifeTime = 60 } } else { [PSCustomObject] @{ TombstoneLifeTime = $Output.tombstoneLifetime }

PrzemyslawKlys commented 7 months ago

Updated and pushed new version that should work properly.