Sep 23 2014

PowerShell Code: Active Directory Domain Controller Discovery

There are several different ways to find AD Domain Controllers (DCs).

Here are a few:

AD PowerShell Module: Discover the closest Domain Controller running the AD web services (support PowerShell AD cmdlets):

import-module activedirectory
Get-ADDomainController -discover -forcediscover -nextclosestsite -service ADWS

  • discover – find a DC
  • forcediscover – re-discover a DC and not use a cached DC
  • nextclosestsite – if there is no DC discovered in the local site, use the AD topology to find the closest DC in another site.
  • service – the DC must support these services.


AD PowerShell Module: Discover all Domain Controller in the domain:

import-module activedirectory
Get-ADDomainController -filter *

  • filter * – find all Domain Controllers


Discover all Domain Controller in the domain using ADSI:

[System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain().DomainControllers

 

Discover all Global Catalogs in the forest using ADSI:

[System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest().GlobalCatalogs

 

You can also use the Active Directory cmdlets to get computer information about Domain Controllers:

import-module activedirectory
get-ADComputer -filter { PrimaryGroupID -eq “516” } -properties PrimaryGroupID

 

 

 

(Visited 7,602 times, 1 visits today)

Sean Metcalf

I improve security for enterprises around the world working for TrimarcSecurity.com
Read the About page (top left) for information about me. :)
https://adsecurity.org/?page_id=8