Jan 14 2020 07:57 AM - edited Jan 15 2020 06:34 PM
How can I change the domain I query with the Active Directory Module? We have 5 unique root domains. I use Get-ADuser, Get-ADcomputer, Get-ADObject, Get-ADReplicationSubnet, but I can only search within the domain I'm joined to. Ideally, I'd like to just run a switch, pipe, or cmdlet. Using ISE or ps1 would be challenging, although, if it needs to be a basic script I could try it. So, Is there a way for me to run "Get-ADuser "username" -properties * " against a different domain?
Jan 14 2020 09:39 AM
That's what the -Server parameter is about. Or you can simply create a remote session to the corresponding DC.
Jan 14 2020 01:24 PM - edited Jan 17 2020 05:21 AM
@VasilMichev I was going to mention both of those. Is it necessary to specify a domain controller? That makes sense. I wanted to be sure that there wasn't a way to just use a domain name. I was having a tough time finding a domain controller to use, but I found that in ADUC you can choose Roles under Find. You can get the list of DCs there. So then -Server worked without it being difficult.
Jan 16 2020 11:26 AM
Hi Jim
I've used this approach in the past assuming that all the domains are in the same forest
Use get-adforest to retrieve list of domains.
For each domain use get-addomain to retrieve list of DC's or the PDCEmulator role holder.
feed that name into the cmdlet using the -server switch..
I've got a working code sample that I can dig out and send to you if you would like
Jan 16 2020 04:53 PM - edited Jan 17 2020 05:22 AM
@PeterJ_Inobits, that would be great if finding the search isn't any trouble. I put together something similar. After I realized the Find Role, I had to export the DC's. Here's mine.
$AsburyDomain="asbury.localhost"
$context = new-object System.DirectoryServices.ActiveDirectory.DirectoryContext("domain",$AsburyDomain)
[system.directoryservices.activedirectory.domain]::GetDomain($context).domainControllers | export-csv "c:\users\Desktop\Domain_Controller_List\domain.csv" -NoTypeInformation -Encoding UTF8
Jan 16 2020 08:55 PM
Hi
So you are trying do dump the dc information out for each domain in the forest right?
Assuming you have the AD module installed and are on a domain joined machine then the code looks something like this:
import-module ActiveDirectory -force
$adforest=get-adforest
$domainlist=$adforest.domains
foreach($domain in $domainlist)
{
$pdc=(Get-ADDomain -identity $domain).pdcemulator
$dclist=(get-addomain -identity $domain -server $pdc ).replicadirectoryservers
foreach($dc in $dclist)
{
get-addomaincontroller -identity $dc | export-csv -notypeinformation -path dclist.csv -append
}
}
Hope this helps...
Jan 17 2020 05:59 AM
Cool. Just a quick note for reference. The following snippet will return the names of all of the attributes of a domain: get-addomain | get-member. Once you have done that and you know what attribute you are looking for, and what type it is then you can retrieve it using object notation..
Here's an example:
$addomain=get-addomain
$pdc=$addomain.pdcemulator
The same process applies to almost any object. Retrieve an instance and get-member will show the methods and properties that make up the object in question..