Change The Domain To Search With Powershell

JimLeary · ‎Jan 14 2020

How can I change the domain I query with the Active Directory Module? We have 5 unique root domains. I use Get-ADuser, Get-ADcomputer, Get-ADObject, Get-ADReplicationSubnet, but I can only search within the domain I'm joined to. Ideally, I'd like to just run a switch, pipe, or cmdlet. Using ISE or ps1 would be challenging, although, if it needs to be a basic script I could try it. So, Is there a way for me to run "Get-ADuser "username" -properties * " against a different domain?

Vasil Michev · ‎Jan 14 2020

That's what the -Server parameter is about. Or you can simply create a remote session to the corresponding DC.

JimLeary · ‎Jan 14 2020

@Vasil Michev I was going to mention both of those. Is it necessary to specify a domain controller? That makes sense. I wanted to be sure that there wasn't a way to just use a domain name. I was having a tough time finding a domain controller to use, but I found that in ADUC you can choose Roles under Find. You can get the list of DCs there. So then -Server worked without it being difficult.

PeterJ_Inobits · ‎Jan 16 2020

@JimLeary

Hi Jim

I've used this approach in the past assuming that all the domains are in the same forest

Use get-adforest to retrieve list of domains.

For each domain use get-addomain to retrieve list of DC's or the PDCEmulator role holder.

feed that name into the cmdlet using the -server switch..

I've got a working code sample that I can dig out and send to you if you would like

JimLeary · ‎Jan 16 2020

@PeterJ_Inobits, that would be great if finding the search isn't any trouble. I put together something similar. After I realized the Find Role, I had to export the DC's. Here's mine.

$AsburyDomain="asbury.localhost"
$context = new-object System.DirectoryServices.ActiveDirectory.DirectoryContext("domain",$AsburyDomain)
[system.directoryservices.activedirectory.domain]::GetDomain($context).domainControllers | export-csv "c:\users\Desktop\Domain_Controller_List\domain.csv" -NoTypeInformation -Encoding UTF8

PeterJ_Inobits · ‎Jan 16 2020

@JimLeary

Hi

So you are trying do dump the dc information out for each domain in the forest right?

Assuming you have the AD module installed and are on a domain joined machine then the code looks something like this:

import-module ActiveDirectory -force

$adforest=get-adforest

$domainlist=$adforest.domains

foreach($domain in $domainlist)

{

$pdc=(Get-ADDomain -identity $domain).pdcemulator

$dclist=(get-addomain -identity $domain -server $pdc ).replicadirectoryservers

foreach($dc in $dclist)

{

get-addomaincontroller -identity $dc | export-csv -notypeinformation -path dclist.csv -append

}

Hope this helps...

JimLeary · ‎Jan 17 2020

@PeterJ_Inobits It does. thx.

PeterJ_Inobits · ‎Jan 17 2020

@JimLeary

Cool. Just a quick note for reference. The following snippet will return the names of all of the attributes of a domain: get-addomain | get-member. Once you have done that and you know what attribute you are looking for, and what type it is then you can retrieve it using object notation..

Here's an example:

$addomain=get-addomain

$pdc=$addomain.pdcemulator

The same process applies to almost any object. Retrieve an instance and get-member will show the methods and properties that make up the object in question..

Change The Domain To Search With Powershell

Change The Domain To Search With Powershell

Re: Change Domain To Search With AD Module

Re: Change Domain To Search With AD Module

Re: Change The Domain To Search With Powershell

Re: Change The Domain To Search With Powershell

Re: Change The Domain To Search With Powershell

Re: Change The Domain To Search With Powershell

Re: Change The Domain To Search With Powershell

Products (50)

Special Topics (27)

Video Hub (462)

Most Active Hubs

Most Active Hubs

Video Hub

Change The Domain To Search With Powershell