Listing all domain controllers in a forest

AskDS put up a post the other day which included a question about getting all DCs in a forest. I wrote a little powershell script a while back to do this, using System.DirectoryServices.ActiveDirectory. It doesn’t need ADWS so will run against 2003 DCs too 🙂

Save the following as List-ADDomainControllers.ps1. It supports the standard powershell help format so from a PS prompt type:

get-help .\List-AdDomainControllers.ps1 -detailed

This will enumerate DCs in a domain or forest, and optionally allows you to enter a user/pass combo to use.

<#
   .SYNOPSIS
   Takes a domain or forest name and enumerates domain controllers.
   .DESCRIPTION 
   Takes a domain or forest name in FQDN or X500 format and enumerates domain controllers.
   Will work with 2003 AD onwards as it does not require AD Web Services to run (uses
   System.DirectoryServices.ActiveDirectory namespace).
   .PARAMETER domain
   Domain or forest for which to enumerate domain controllers, in FQDN or X500 format.
   .PARAMETER user
   User credentials with which to bind (if not specified use the currently logged on user).
   .PARAMETER pass
   Password for account above.
   .PARAMETER forest
   If this is specified List-ADDomainControllers assumes the domain listed above is a forest
   root and enumerates DCs for all domains in  the forest.
   .EXAMPLE
   C:\PS> .\List-ADDomainControllers.ps1 -domain corp.contoso.com
   Enumerate all domain controllers for corp.contoso.com domain
   .EXAMPLE 
   C:\PS> .\List-ADDomainControllers.ps1 -domain contoso.com -user 'CONTOSO\admin' -pass 'Password123'
   Enumerate all domain controllers for contoso.com domain using the specified credentials
   .EXAMPLE
   C:\PS> .\List-ADDomainControllers.ps1 -domain contoso.com -forest
   Enumerate all domain controllers for all domains in the contoso.com forest        
   .NOTES
   AUTHOR: Dan Johnson (dan@djjconsulting.com)
   UPDATED: 12/07/2012
   .LINK
   http://msdn.microsoft.com/en-us/library/system.directoryservices.activedirectory.aspx
#>

param (
    [Parameter(Position=0,Mandatory=$true,HelpMessage="Please enter domain/forest name in FQDN or X500 format")]
    [string]$domain,
    [string]$user,
    [string]$pass,
    [switch]$forest
)

# convert to FQDN if necessary
$domain = $domain.toLower()
if($domain.contains("="))
{
    $domain = $domain.trimstart("dc=").replace(",dc=",".")
}

if (!$forest)
{
    if ($user -eq "")
    {
        $context = new-object System.DirectoryServices.ActiveDirectory.DirectoryContext("Domain",$domain)
    }
    else
    {
        $context = new-object System.DirectoryServices.ActiveDirectory.DirectoryContext("Domain",$domain,$user,$pass)
    }

    try
    {
        $collDcs = [System.DirectoryServices.ActiveDirectory.DomainController]::findAll($context)
    }
    catch
    {
        write-host "Logon failure, did you specify a valid username/password for this domain/forest?" -foregroundcolor red
        break
    }
    
    $collDcs | select name,sitename,domain | ft
   
}
else 
{
    if ($user -eq "")
    {
        $context = new-object System.DirectoryServices.ActiveDirectory.DirectoryContext("Forest",$domain)
    }
    else
    {
        $context = new-object System.DirectoryServices.ActiveDirectory.DirectoryContext("Forest",$domain,$user,$pass)
    }
    
    try
    {
        $oForest = [System.DirectoryServices.ActiveDirectory.Forest]::getForest($context)
    }
    catch
    {
        write-host "Logon failure, did you specify a valid username/password for this domain/forest?" -foregroundcolor red
        break
    }
    
    $collDomains = $oForest.domains
    
    foreach ($domain in $colldomains)
    {
        $collDcs = $domain.domaincontrollers
    
        $collDcs | select name,sitename,domain | ft
    }    
}