Using PowerShell to create a BPA Problem Report

  • Article

In Microsoft Global Business Support we have a number of proactive health and risk assessments available to Microsoft Premier Support customers. These invaluable, technology-specific assessments are known as RAP as a Service (RaaS).

If you don't have access to a Microsoft Premier Support contract you can still proactively assess your environment yourself, but in much less detail and without access to a Microsoft accredited Jedi or our excellent Remediation Planning Services. Despite these limitations when compared to a RaaS, the PowerShell-based Best Practice Analyzer (BPA) can help bring your environment in line with currently accepted wisdom to avoid problems or outages. The BPA has been included with products such as Active Directory since Windows Server 2008 R2.

Here's how to use PowerShell to run a BPA check against a domain controller and then produce a report of any problems found.

#Import BPA module for PS v2

Import-module BestPractices

 

#Define BPA to use (AD)

$BPA = "Microsoft/Windows/DirectoryServices"

 

#Kick-off BPA scan

Invoke-BPAModel -BestPracticesModelId $BPA -ErrorAction SilentlyContinue

 

First off, if you're not running PS v3 or above you will need to import the BestPractice PowerShell module. Next, we define which BPA model to run - in this instance, DirectoryServices (Active DIrectory). Then we kick off a scan with Invoke-BPAModel.

Once we have the scan findings, we can use PowerShell to look at the results and then filter them for problems:

#Get BPA results, filter and export

Get-BPAResult -ModelID $BPA -ErrorAction SilentlyContinue |

Where-Object {$_.Problem -ne $Null} |

Select-Object ResultNumber,Severity,Category,Title,Problem,Impact,Resolution |

Export-Csv "ADDS_BPA.csv" -NoTypeInformation -Encoding UTF8

 

Explanation:

  1. Use the Get-BPAResult cmdlet to get the findings of our last best practice scan against the DIrectoryServices model.
  2. Pipe each test finding into a Where-Object to filter out problem items (warning or non-compliant).
  3. Select specific properties of each problem finding with Select-Object.
  4. Write the specific properties to a CSV file for each problem finding with Export-CSV.

 

What does such a report look like? Take a look-see at a sample:

 

 

For DNS, use this BPA model - "Microsoft/Windows/DNSServer". For a list of available BPA models, just run Get-BPAModel.

Why not create a scheduled BPA task or a remote BPA kick-off and collection script? Happy optimising!