Listing all domain controllers in a forest
AskDS put up a post the other day which included a question about getting all DCs in a forest. I wrote a little powershell script a while back to do this, using System.DirectoryServices.ActiveDirectory. It doesn’t need ADWS so will run against 2003 DCs too 🙂
Save the following as List-ADDomainControllers.ps1. It supports the standard powershell help format so from a PS prompt type:
get-help .\List-AdDomainControllers.ps1 -detailed
This will enumerate DCs in a domain or forest, and optionally allows you to enter a user/pass combo to use.
<#
.SYNOPSIS
Takes a domain or forest name and enumerates domain controllers.
.DESCRIPTION
Takes a domain or forest name in FQDN or X500 format and enumerates domain controllers.
Will work with 2003 AD onwards as it does not require AD Web Services to run (uses
System.DirectoryServices.ActiveDirectory namespace).
.PARAMETER domain
Domain or forest for which to enumerate domain controllers, in FQDN or X500 format.
.PARAMETER user
User credentials with which to bind (if not specified use the currently logged on user).
.PARAMETER pass
Password for account above.
.PARAMETER forest
If this is specified List-ADDomainControllers assumes the domain listed above is a forest
root and enumerates DCs for all domains in the forest.
.EXAMPLE
C:\PS> .\List-ADDomainControllers.ps1 -domain corp.contoso.com
Enumerate all domain controllers for corp.contoso.com domain
.EXAMPLE
C:\PS> .\List-ADDomainControllers.ps1 -domain contoso.com -user 'CONTOSO\admin' -pass 'Password123'
Enumerate all domain controllers for contoso.com domain using the specified credentials
.EXAMPLE
C:\PS> .\List-ADDomainControllers.ps1 -domain contoso.com -forest
Enumerate all domain controllers for all domains in the contoso.com forest
.NOTES
AUTHOR: Dan Johnson (dan@djjconsulting.com)
UPDATED: 12/07/2012
.LINK
http://msdn.microsoft.com/en-us/library/system.directoryservices.activedirectory.aspx
#>
param (
[Parameter(Position=0,Mandatory=$true,HelpMessage="Please enter domain/forest name in FQDN or X500 format")]
[string]$domain,
[string]$user,
[string]$pass,
[switch]$forest
)
# convert to FQDN if necessary
$domain = $domain.toLower()
if($domain.contains("="))
{
$domain = $domain.trimstart("dc=").replace(",dc=",".")
}
if (!$forest)
{
if ($user -eq "")
{
$context = new-object System.DirectoryServices.ActiveDirectory.DirectoryContext("Domain",$domain)
}
else
{
$context = new-object System.DirectoryServices.ActiveDirectory.DirectoryContext("Domain",$domain,$user,$pass)
}
try
{
$collDcs = [System.DirectoryServices.ActiveDirectory.DomainController]::findAll($context)
}
catch
{
write-host "Logon failure, did you specify a valid username/password for this domain/forest?" -foregroundcolor red
break
}
$collDcs | select name,sitename,domain | ft
}
else
{
if ($user -eq "")
{
$context = new-object System.DirectoryServices.ActiveDirectory.DirectoryContext("Forest",$domain)
}
else
{
$context = new-object System.DirectoryServices.ActiveDirectory.DirectoryContext("Forest",$domain,$user,$pass)
}
try
{
$oForest = [System.DirectoryServices.ActiveDirectory.Forest]::getForest($context)
}
catch
{
write-host "Logon failure, did you specify a valid username/password for this domain/forest?" -foregroundcolor red
break
}
$collDomains = $oForest.domains
foreach ($domain in $colldomains)
{
$collDcs = $domain.domaincontrollers
$collDcs | select name,sitename,domain | ft
}
}
Leave a Comment
