How Active Directory PowerShell CMDLETS find a DC running Active Directory Web Services
If you have been playing with the the AD PowerShell cmdlets you know that it requires a few things to run, first Windows Server 2008 R2 or Windows 7, the .NET Framework 3.5.1 and of course if you want to manage an AD domain you need Active Directory Web Services (ADWS) installed on at least one domain controller.
By the way ADWS requires TCP port 9389
So how in the world does a Windows 7 system know how to find a DC running ADWS? Well your client running PowerShell will use the normal DC locator process. First the client will determine which site it is in nltest /dsgetsite and then it will determine the closest DC nltest /dsgetdc:<FQDN Domain>. It is looking at the DC for the following flag:
More info on that flag can be found here.
Now what if you don’t have Server 2008 R2 DCs? With Server 2003 and Server 2008 a problem occurs because the Net Logon service of those domain controllers does not recognize the DS_WEB_SERVICE_REQUIRED flag. There are two hotfixes (one for what ever version of AD you are running) available to fix that in those environments. Server 2003 and Server 2008
After you install this hotfix the AD PowerShell module and Active Directory Administrative Center will be able to locate DCs that have Active Directory Management Gateway Service installed, similar to Active Directory Web Services (ADWS) on a Windows Server 2008 R2-based computer.