Check secure channel on multiple servers

Checking secure channel on all machines might be time consuming, especially in large scale environments. Today I will show you how to get that information easily using PowerShell function and additionally check IP addresses.

To get information about secure channel I used the following nltest command:

$DomainName = (Get-ADDomain).DNSRoot
nltest.exe /sc_verify:$DomainName

Usage:

Get-SecureChannel -Servers  DCO1
Get-SecureChannel -Servers  DC01,DC02
Get-SecureChannel -Servers  (Get-Content "C:\Users\$env:username\desktop\Servers.txt")

You can display results in console, pop-up window or save it to CSV file:

# Display results in console
$Results | ft -AutoSize -Wrap
 
# Open results in pop-up window
$Results | Out-GridView -title "Results"
 
# Export CSV
$Results | Export-Csv -Path C:\users\$env:username\desktop\results.csv -NoTypeInformation

Final script:


Function Get-SecureChannel {
    [CmdletBinding()]
            
    # Parameters used in this function
    Param
    (
        [Parameter(Position=0, Mandatory = $True, HelpMessage="Provide server names", ValueFromPipeline = $true)] 
        $Servers
    ) 
    
    $ErrorActionPreference = "Stop"
    $Results = @()
    $ADModule = Get-Module ActiveDirectory

    If($ADModule -eq $null)
    {
        [System.Windows.MessageBox]::Show('AD module not installed, script will be closed','','Ok','Error')
        Break
    }
    
    Import-Module ActiveDirectory
    $DomainName = (Get-ADDomain).DNSRoot

        ForEach($Server in $Servers)
        {
            $Server = $Server.trim()

            Try
            {
                $Check = [System.Net.Dns]::GetHostAddresses($Server) 
            }
            Catch
            {
                $_.Exception.Message
                Continue
            }

            Try
            {
                $SecureChannel = Invoke-Command $Server -ScriptBlock{param($DomainName)nltest.exe /sc_verify:$DomainName | 
                Where-Object {$_ -match "Trusted DC Name"} | ForEach {$_.trim().Substring(18)}} -ArgumentList $DomainName

                $ping = New-Object System.Net.NetworkInformation.Ping
                $ServerIP = ($ping.Send($Server).Address)
                $SCIP = ($ping.Send($SecureChannel).Address)    
            }
            Catch
            {
                $_.Exception.Message
                Continue
            }

                Write-Host Processing $Server -ForegroundColor Yellow

                $Object = New-Object PSObject -Property @{ 
   
                    Servername               = $Server
                    "Server IP"              = $ServerIP
                    SecureChannel            = $SecureChannel  
                    "SecureChannel IP"       = $SCIP            
 
                }

                $Results += $Object  
        }

    If($Results)
    { 
        Write-Host "`nFinal results:" -ForegroundColor Green
        # Display results in console
        $Results | ft -AutoSize -Wrap

        # Open results in pop-up window
        $Results | Out-GridView -title "Results" 

        # Export CSV
        $Results | Export-Csv -Path C:\users\$env:username\desktop\results.csv -NoTypeInformation
    }

}

Check how to test connection on several ports to secure channel – link.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.