Finding Domain Controllers

Domain Controllers are the keys to the kingdom as far as AD is concerned. Once we can find them we can do all sorts of stuff. So how do we find them?

if (-not (Get-Module ActiveDirectory)){            
  Import-Module ActiveDirectory            
}            
            
$ou = "OU=Domain Controllers,DC=Manticore,DC=org"            
            
"`nMicrosoft"            
Get-ADDomainController -Filter * | Format-Table Name, ComputerObjectDN            
            
"`nAD provider"            
Get-ChildItem -Path Ad:\$ou | Format-table            
            
"`nQuest"            
Get-QADComputer -ComputerRole "DomainController"            
            
"`nScript"            
$domain = [System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()            
$domain.FindAllDomainControllers() | select Name

The code using the provider assumes that the domain controllers have been left in the default location – you shouldn’t move them – otherwise the the techniques will retrieve them based on AD information

Published Fri, Jan 20 2012 19:58 by RichardSiddaway

Filed under: PowerShell and Active Directory

Comments

# re: Finding Domain Controllers

I of course know my OU's DC=xyz,DC=com" values for my domain, but in these kinds of scripts they always seem to have to be hard coded. Is there a way for the script to determine the OU data based on the logged in entity running the script so they don't have to be hard coded?

Saturday, January 21, 2012 10:14 AM by Robert

# re: Finding Domain Controllers

Thank you for taking the time to comment.

I've shown how to get the distinguished name of the domain in this post

msmvps.com/.../get-the-domain-distinguished-name.aspx

Any OU can then be built on to that

Saturday, January 21, 2012 11:52 AM by RichardSiddaway

# re: Finding Domain Controllers

Hi, I hope this question is not too much off topic.

If use a directory searcher like this:

$root = [adsi] "LDAP://$DnsDomainName"

$searcher = [adsisearcher] $root

...

$searcher.FindAll() | ForEach-Object { ... } | Export-Csv $filepath

Do you know if there is a way to determine which domain controller is actually servicing the FindAll() request?

Some background information: I have been using this logic for many months and with many domains. Recently I have seen the occasional 'More data is available' error with one of the domains, and this causes the process to fail. I would like to record the actual domain controller being used, just in case.

I am using PowerShell v2.0 on Windows Server 2003 SP2.

Any help would be welcome

Sunday, December 30, 2012 1:51 PM by Maria Rutgers

# re: Finding Domain Controllers

You are using the domain controller against which you authenticated. I explain how find that DC in this post

msmvps.com/.../finding-the-domain-controller-that-authenticated-you.aspx

Friday, January 04, 2013 12:01 PM by RichardSiddaway

# re: Finding Domain Controllers

Thank you Richard, for replying in such an old thread; very much appreciated!

I will definitely start logging the DC against which I authenticated in my "local" domain. Your function makes it so easy that there is no excuse not to use it.

However I am afraid that I may not have put my original question very well. In the statement

$root = [adsi] "LDAP://$DnsDomainName"

The $DnsDomainName is always in the form domain1.net or domain2.corp, domain3.co.uk, domain4.sub.co.uk and so on. My script has been happily gathering data every day for almost a year against a dozen different remote domains, one domain at a time. The number of records varies, with a few dozen in the smallest domain and many thousands in the largest one.

Now one of the medium-size domains is returning the occasional "more data is available" error, always on what I suspect is the very last page of data. The error cannot be reproduced on demand so I wanted to log a little additional information about each run if possible, in the hope that it would shed some light on the situation. To begin with I thought it would be useful to know the name of the DC in the remote domain that is servicing the request. Is this at all possible? or am I asking the wrong question?

Monday, January 07, 2013 3:50 PM by Maria Rutgers

# re: Finding Domain Controllers

In case it helps someone else, I figured out how to record the DC that is used by a DirectorySearcher. Don't let the searcher connect to the remote domain but instead connect to the remote domain *before* creating the searcher, like this:

$rootDSE = [ADSI] "LDAP://$DnsDomainName/RootDSE"

$defaultDC = $rootDSE.PSBase.Properties.dnsHostName.Value.ToString()

Write-Host "DC used by the searcher: $defaultDC"

$searcher = [adsisearcher] $root

etc.

If the default DC happens to be the one that keeps failing with "more data is available" errors, it is now possible to get the list of DCs for the remote domain and pick a different one for use by the searcher.

$context = new-object System.DirectoryServices.ActiveDirectory.DirectoryContext('domain', $DnsDomainName)

$domain = [system.directoryservices.activedirectory.Domain]::GetDomain($context)

$DCs = $domain.DomainControllers

etc.

Sunday, March 24, 2013 12:52 PM by Maria

Title (required)
Name: (required)
Website: (optional)
Comments (required)
Remember Me?
Enter the numbers above:

Richard Siddaway's Blog

This Blog

Syndication

Search

Tags

Community

Email Notifications

Archives