Forum Discussion
Change The Domain To Search With Powershell
How can I change the domain I query with the Active Directory Module? We have 5 unique root domains. I use Get-ADuser, Get-ADcomputer, Get-ADObject, Get-ADReplicationSubnet, but I can only search within the domain I'm joined to. Ideally, I'd like to just run a switch, pipe, or cmdlet. Using ISE or ps1 would be challenging, although, if it needs to be a basic script I could try it. So, Is there a way for me to run "Get-ADuser "username" -properties * " against a different domain?
That's what the -Server parameter is about. Or you can simply create a remote session to the corresponding DC.
- JimLearyCopper Contributor
VasilMichev I was going to mention both of those. Is it necessary to specify a domain controller? That makes sense. I wanted to be sure that there wasn't a way to just use a domain name. I was having a tough time finding a domain controller to use, but I found that in ADUC you can choose Roles under Find. You can get the list of DCs there. So then -Server worked without it being difficult.
- PeterJ_InobitsIron Contributor
Hi Jim
I've used this approach in the past assuming that all the domains are in the same forest
Use get-adforest to retrieve list of domains.
For each domain use get-addomain to retrieve list of DC's or the PDCEmulator role holder.
feed that name into the cmdlet using the -server switch..
I've got a working code sample that I can dig out and send to you if you would like
- JimLearyCopper Contributor
PeterJ_Inobits, that would be great if finding the search isn't any trouble. I put together something similar. After I realized the Find Role, I had to export the DC's. Here's mine.
$AsburyDomain="asbury.localhost"
$context = new-object System.DirectoryServices.ActiveDirectory.DirectoryContext("domain",$AsburyDomain)
[system.directoryservices.activedirectory.domain]::GetDomain($context).domainControllers | export-csv "c:\users\Desktop\Domain_Controller_List\domain.csv" -NoTypeInformation -Encoding UTF8- PeterJ_InobitsIron Contributor
Hi
So you are trying do dump the dc information out for each domain in the forest right?
Assuming you have the AD module installed and are on a domain joined machine then the code looks something like this:
import-module ActiveDirectory -force
$adforest=get-adforest
$domainlist=$adforest.domains
foreach($domain in $domainlist)
{
$pdc=(Get-ADDomain -identity $domain).pdcemulator
$dclist=(get-addomain -identity $domain -server $pdc ).replicadirectoryservers
foreach($dc in $dclist)
{
get-addomaincontroller -identity $dc | export-csv -notypeinformation -path dclist.csv -append
}
}
Hope this helps...