Listing all domain controllers in a forest
AskDS put up a post the other day which included a question about getting all DCs in a forest. I wrote a little powershell script a while back to do this, using System.DirectoryServices.ActiveDirectory. It doesn’t need ADWS so will run against 2003 DCs too 🙂
Save the following as List-ADDomainControllers.ps1. It supports the standard powershell help format so from a PS prompt type:
get-help .\List-AdDomainControllers.ps1 -detailed
This will enumerate DCs in a domain or forest, and optionally allows you to enter a user/pass combo to use.
<# .SYNOPSIS Takes a domain or forest name and enumerates domain controllers. .DESCRIPTION Takes a domain or forest name in FQDN or X500 format and enumerates domain controllers. Will work with 2003 AD onwards as it does not require AD Web Services to run (uses System.DirectoryServices.ActiveDirectory namespace). .PARAMETER domain Domain or forest for which to enumerate domain controllers, in FQDN or X500 format. .PARAMETER user User credentials with which to bind (if not specified use the currently logged on user). .PARAMETER pass Password for account above. .PARAMETER forest If this is specified List-ADDomainControllers assumes the domain listed above is a forest root and enumerates DCs for all domains in the forest. .EXAMPLE C:\PS> .\List-ADDomainControllers.ps1 -domain corp.contoso.com Enumerate all domain controllers for corp.contoso.com domain .EXAMPLE C:\PS> .\List-ADDomainControllers.ps1 -domain contoso.com -user 'CONTOSO\admin' -pass 'Password123' Enumerate all domain controllers for contoso.com domain using the specified credentials .EXAMPLE C:\PS> .\List-ADDomainControllers.ps1 -domain contoso.com -forest Enumerate all domain controllers for all domains in the contoso.com forest .NOTES AUTHOR: Dan Johnson (dan@djjconsulting.com) UPDATED: 12/07/2012 .LINK http://msdn.microsoft.com/en-us/library/system.directoryservices.activedirectory.aspx #> param ( [Parameter(Position=0,Mandatory=$true,HelpMessage="Please enter domain/forest name in FQDN or X500 format")] [string]$domain, [string]$user, [string]$pass, [switch]$forest ) # convert to FQDN if necessary $domain = $domain.toLower() if($domain.contains("=")) { $domain = $domain.trimstart("dc=").replace(",dc=",".") } if (!$forest) { if ($user -eq "") { $context = new-object System.DirectoryServices.ActiveDirectory.DirectoryContext("Domain",$domain) } else { $context = new-object System.DirectoryServices.ActiveDirectory.DirectoryContext("Domain",$domain,$user,$pass) } try { $collDcs = [System.DirectoryServices.ActiveDirectory.DomainController]::findAll($context) } catch { write-host "Logon failure, did you specify a valid username/password for this domain/forest?" -foregroundcolor red break } $collDcs | select name,sitename,domain | ft } else { if ($user -eq "") { $context = new-object System.DirectoryServices.ActiveDirectory.DirectoryContext("Forest",$domain) } else { $context = new-object System.DirectoryServices.ActiveDirectory.DirectoryContext("Forest",$domain,$user,$pass) } try { $oForest = [System.DirectoryServices.ActiveDirectory.Forest]::getForest($context) } catch { write-host "Logon failure, did you specify a valid username/password for this domain/forest?" -foregroundcolor red break } $collDomains = $oForest.domains foreach ($domain in $colldomains) { $collDcs = $domain.domaincontrollers $collDcs | select name,sitename,domain | ft } }
Leave a Comment