Get the domain distinguished name

A comment on my post about finding domain controllers

http://msmvps.com/blogs/richardsiddaway/archive/2012/01/21/1805130.aspx

asked about finding the OU as its always seemed to be hard coded into these scripts.

The reason for the hard coding is to keep down  the script size so that its easier to absorb and we are only concentrating on the working bits of the script. 

Creating some of the OUs in scripts is very possible – but only the ones you know about. For instance all domains have:

  • a Domain Controllers OU
  • a Users container
  • a Computers container

Some of my examples have an England OU – which you might not have. Or you might nested OUs.

We can look at getting the distinguished name of the  Domain  Controllers OU an example

if (-not (Get-Module ActiveDirectory)){            
  Import-Module ActiveDirectory            
}            
            
"`nMicrosoft"            
$domdn = Get-ADDomain | select -ExpandProperty DistinguishedName            
$domdn            
$dcOU = Get-ADDomain | select -ExpandProperty DomainControllersContainer            
$dcOU            
            
"`nAD provider"            
$dom = Get-ChildItem -Path Ad:\ | where {$_.Name -eq "Configuration"}            
$domdn = ($dom.DistinguishedName -split "," ,2)[1]            
$domdn             
            
$dcOU = "OU=Domain Controllers,$domdn"            
$dcOU            
            
"`nQuest"            
$domdn = Get-QADRootDSE | select -ExpandProperty RootDomainNamingContext            
$domdn             
            
$dcOU = "OU=Domain Controllers,$domdn"            
$dcOU            
            
"`nScript"            
$domain = [System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()            
$domdn = $domain.GetDirectoryEntry() | select -ExpandProperty DistinguishedName            
$domdn             
            
$dcOU = "OU=Domain Controllers,$domdn"            
$dcOU

I get results like this

Microsoft
DC=Manticore,DC=org
OU=Domain Controllers,DC=Manticore,DC=org

AD provider
DC=Manticore,DC=org
OU=Domain Controllers,DC=Manticore,DC=org

Quest
DC=Manticore,DC=org
OU=Domain Controllers,DC=Manticore,DC=org

Script
DC=Manticore,DC=org
OU=Domain Controllers,DC=Manticore,DC=org

 

The important part is how we get the root of the domain.  Each of the techniques is different but we get to the same result.

You do this as alternative for the script method

$dom = [adsi]""
$domdn = $dom.distinguishedName

$dcOU = “OU=Domain Controllers,$domdn”

Published Sat, Jan 21 2012 17:50 by RichardSiddaway
Filed under:

Leave a Comment

(required) 
(required) 
(optional)
(required) 
If you can't read this number refresh your screen
Enter the numbers above: