Forum Discussion

JimLeary's avatar
JimLeary
Copper Contributor
Jan 14, 2020

Change The Domain To Search With Powershell

How can I change the domain I query with the Active Directory Module? We have 5 unique root domains. I use Get-ADuser, Get-ADcomputer, Get-ADObject, Get-ADReplicationSubnet, but I can only search within the domain I'm joined to. Ideally, I'd like to just run a switch, pipe, or cmdlet. Using ISE or ps1 would be challenging, although, if it needs to be a basic script I could try it. So, Is there a way for me to run "Get-ADuser "username" -properties * " against a different domain?

  • That's what the -Server parameter is about. Or you can simply create a remote session to the corresponding DC.

    • JimLeary's avatar
      JimLeary
      Copper Contributor

      VasilMichev I was going to mention both of those. Is it necessary to specify a domain controller? That makes sense. I wanted to be sure that there wasn't a way to just use a domain name. I was having a tough time finding a domain controller to use, but I found that in ADUC you can choose Roles under Find. You can get the list of DCs there. So then -Server worked without it being difficult.

  • JimLeary 

     

    Hi Jim

     

    I've used this approach in the past assuming that all the domains are in the same forest

     

    Use get-adforest to retrieve list of domains. 

    For each domain use get-addomain to retrieve list of DC's or the PDCEmulator role holder.

    feed that name into the cmdlet using the -server switch..

     

    I've got a working code sample that I can dig out and send to you if you would like

     

     

       

    • JimLeary's avatar
      JimLeary
      Copper Contributor

      PeterJ_Inobits, that would be great if finding the search isn't any trouble. I put together something similar. After I realized the Find Role, I had to export the DC's. Here's mine. 

       

      $AsburyDomain="asbury.localhost"
      $context = new-object System.DirectoryServices.ActiveDirectory.DirectoryContext("domain",$AsburyDomain)
      [system.directoryservices.activedirectory.domain]::GetDomain($context).domainControllers | export-csv "c:\users\Desktop\Domain_Controller_List\domain.csv" -NoTypeInformation -Encoding UTF8

      • PeterJ_Inobits's avatar
        PeterJ_Inobits
        Iron Contributor

        JimLeary

         

        Hi

        So you are trying do dump the dc information out for each domain in the forest right?

         

        Assuming you have the AD module installed and are on a domain joined machine then the code looks something like this:

         

        import-module ActiveDirectory -force

        $adforest=get-adforest

        $domainlist=$adforest.domains

        foreach($domain in $domainlist)

        {

        $pdc=(Get-ADDomain -identity $domain).pdcemulator

        $dclist=(get-addomain -identity $domain -server $pdc ).replicadirectoryservers

        foreach($dc in $dclist)

        {

        get-addomaincontroller -identity $dc | export-csv -notypeinformation -path dclist.csv -append

        }

        }

        Hope this helps...

         

Resources