Change The Domain To Search With Powershell

%3CLINGO-SUB%20id%3D%22lingo-sub-1107978%22%20slang%3D%22en-US%22%3ERe%3A%20Change%20Domain%20To%20Search%20With%20AD%20Module%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1107978%22%20slang%3D%22en-US%22%3E%3CP%3EThat's%20what%20the%20-Server%20parameter%20is%20about.%20Or%20you%20can%20simply%20create%20a%20remote%20session%20to%20the%20corresponding%20DC.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1107716%22%20slang%3D%22en-US%22%3EChange%20The%20Domain%20To%20Search%20With%20Powershell%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1107716%22%20slang%3D%22en-US%22%3E%3CP%3EHow%20can%20I%20change%20the%20domain%20I%20query%20with%20the%20Active%20Directory%20Module%3F%20We%20have%205%20unique%20root%20domains.%20I%20use%20Get-ADuser%2C%20Get-ADcomputer%2C%20Get-ADObject%2C%20Get-ADReplicationSubnet%2C%20but%20I%20can%20only%20search%20within%20the%20domain%20I'm%20joined%20to.%20Ideally%2C%20I'd%20like%20to%20just%20run%20a%20switch%2C%20pipe%2C%20or%20cmdlet.%20Using%20ISE%20or%20ps1%20would%20be%20challenging%2C%20although%2C%20if%20it%20needs%20to%20be%20a%20basic%20script%20I%20could%20try%20it.%20So%2C%26nbsp%3BIs%20there%20a%20way%20for%20me%20to%20run%20%22Get-ADuser%20%22username%22%20-properties%20*%20%22%20against%20a%20different%20domain%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1107716%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EActive%20Directory%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1113425%22%20slang%3D%22en-US%22%3ERe%3A%20Change%20The%20Domain%20To%20Search%20With%20Powershell%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1113425%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F518045%22%20target%3D%22_blank%22%3E%40JimLeary%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHi%20Jim%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI've%20used%20this%20approach%20in%20the%20past%20assuming%20that%20all%20the%20domains%20are%20in%20the%20same%20forest%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EUse%20get-adforest%20to%20retrieve%20list%20of%20domains.%26nbsp%3B%3C%2FP%3E%3CP%3EFor%20each%20domain%20use%20get-addomain%20to%20retrieve%20list%20of%20DC's%20or%20the%20PDCEmulator%20role%20holder.%3C%2FP%3E%3CP%3Efeed%20that%20name%20into%20the%20cmdlet%20using%20the%20-server%20switch..%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI've%20got%20a%20working%20code%20sample%20that%20I%20can%20dig%20out%20and%20send%20to%20you%20if%20you%20would%20like%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%20%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1114141%22%20slang%3D%22en-US%22%3ERe%3A%20Change%20The%20Domain%20To%20Search%20With%20Powershell%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1114141%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F518045%22%20target%3D%22_blank%22%3E%40JimLeary%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHi%3C%2FP%3E%3CP%3ESo%20you%20are%20trying%20do%20dump%20the%20dc%20information%20out%20for%20each%20domain%20in%20the%20forest%20right%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAssuming%20you%20have%20the%20AD%20module%20installed%20and%20are%20on%20a%20domain%20joined%20machine%20then%20the%20code%20looks%20something%20like%20this%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Eimport-module%20ActiveDirectory%20-force%3C%2FP%3E%3CP%3E%24adforest%3Dget-adforest%3C%2FP%3E%3CP%3E%24domainlist%3D%24adforest.domains%3C%2FP%3E%3CP%3Eforeach(%24domain%20in%20%24domainlist)%3C%2FP%3E%3CP%3E%7B%3C%2FP%3E%3CP%3E%24pdc%3D(Get-ADDomain%20-identity%20%24domain).pdcemulator%3C%2FP%3E%3CP%3E%24dclist%3D(get-addomain%20-identity%20%24domain%20-server%20%24pdc%20).replicadirectoryservers%3C%2FP%3E%3CP%3Eforeach(%24dc%20in%20%24dclist)%3C%2FP%3E%3CP%3E%7B%3C%2FP%3E%3CP%3Eget-addomaincontroller%20-identity%20%24dc%20%7C%20export-csv%20-notypeinformation%20-path%20dclist.csv%20-append%3C%2FP%3E%3CP%3E%7D%3C%2FP%3E%3CP%3E%7D%3C%2FP%3E%3CP%3EHope%20this%20helps...%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1114759%22%20slang%3D%22en-US%22%3ERe%3A%20Change%20The%20Domain%20To%20Search%20With%20Powershell%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1114759%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F312381%22%20target%3D%22_blank%22%3E%40PeterJ_Inobits%3C%2FA%3E%26nbsp%3BIt%20does.%20thx.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1108882%22%20slang%3D%22en-US%22%3ERe%3A%20Change%20Domain%20To%20Search%20With%20AD%20Module%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1108882%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F58%22%20target%3D%22_blank%22%3E%40Vasil%20Michev%3C%2FA%3E%26nbsp%3BI%20was%20going%20to%20mention%20both%20of%20those.%20Is%20it%20necessary%20to%20specify%20a%20domain%20controller%3F%20That%20makes%20sense.%20I%20wanted%20to%20be%20sure%20that%20there%20wasn't%20a%20way%20to%20just%20use%20a%20domain%20name.%20I%20was%20having%20a%20tough%20time%20finding%20a%20domain%20controller%20to%20use%2C%20but%20I%20found%20that%20in%20ADUC%20you%20can%20choose%20Roles%20under%20Find.%20You%20can%20get%20the%20list%20of%20DCs%20there.%20So%20then%20-Server%20worked%20without%20it%20being%20difficult.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1113983%22%20slang%3D%22en-US%22%3ERe%3A%20Change%20The%20Domain%20To%20Search%20With%20Powershell%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1113983%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F312381%22%20target%3D%22_blank%22%3E%40PeterJ_Inobits%3C%2FA%3E%2C%20that%20would%20be%20great%20if%20finding%20the%20search%20isn't%20any%20trouble.%20I%20put%20together%20something%20similar.%20After%20I%20realized%20the%20Find%20Role%2C%20I%20had%20to%20export%20the%20DC's.%20Here's%20mine.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%24AsburyDomain%3D%22asbury.localhost%22%3CBR%20%2F%3E%24context%20%3D%20new-object%20System.DirectoryServices.ActiveDirectory.DirectoryContext(%22domain%22%2C%24AsburyDomain)%3CBR%20%2F%3E%5Bsystem.directoryservices.activedirectory.domain%5D%3A%3AGetDomain(%24context).domainControllers%20%7C%20export-csv%20%22c%3A%5Cusers%5CDesktop%5CDomain_Controller_List%5Cdomain.csv%22%20-NoTypeInformation%20-Encoding%20UTF8%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1114858%22%20slang%3D%22en-US%22%3ERe%3A%20Change%20The%20Domain%20To%20Search%20With%20Powershell%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1114858%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F518045%22%20target%3D%22_blank%22%3E%40JimLeary%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECool.%20Just%20a%20quick%20note%20for%20reference.%20The%20following%20snippet%20will%20return%20the%20names%20of%20all%20of%20the%20attributes%20of%20a%20domain%3A%20get-addomain%20%7C%20get-member.%20Once%20you%20have%20done%20that%20and%20you%20know%20what%20attribute%20you%20are%20looking%20for%2C%20and%20what%20type%20it%20is%20then%20you%20can%20retrieve%20it%20using%20object%20notation..%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHere's%20an%20example%3A%3C%2FP%3E%3CP%3E%24addomain%3Dget-addomain%3C%2FP%3E%3CP%3E%24pdc%3D%24addomain.pdcemulator%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20same%20process%20applies%20to%20almost%20any%20object.%20Retrieve%20an%20instance%20and%20get-member%20will%20show%20the%20methods%20and%20properties%20that%20make%20up%20the%20object%20in%20question..%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
New Contributor

How can I change the domain I query with the Active Directory Module? We have 5 unique root domains. I use Get-ADuser, Get-ADcomputer, Get-ADObject, Get-ADReplicationSubnet, but I can only search within the domain I'm joined to. Ideally, I'd like to just run a switch, pipe, or cmdlet. Using ISE or ps1 would be challenging, although, if it needs to be a basic script I could try it. So, Is there a way for me to run "Get-ADuser "username" -properties * " against a different domain?

7 Replies
Highlighted

That's what the -Server parameter is about. Or you can simply create a remote session to the corresponding DC.

Highlighted

@Vasil Michev I was going to mention both of those. Is it necessary to specify a domain controller? That makes sense. I wanted to be sure that there wasn't a way to just use a domain name. I was having a tough time finding a domain controller to use, but I found that in ADUC you can choose Roles under Find. You can get the list of DCs there. So then -Server worked without it being difficult.

Highlighted

@JimLeary 

 

Hi Jim

 

I've used this approach in the past assuming that all the domains are in the same forest

 

Use get-adforest to retrieve list of domains. 

For each domain use get-addomain to retrieve list of DC's or the PDCEmulator role holder.

feed that name into the cmdlet using the -server switch..

 

I've got a working code sample that I can dig out and send to you if you would like

 

 

   

Highlighted

@PeterJ_Inobits, that would be great if finding the search isn't any trouble. I put together something similar. After I realized the Find Role, I had to export the DC's. Here's mine. 

 

$AsburyDomain="asbury.localhost"
$context = new-object System.DirectoryServices.ActiveDirectory.DirectoryContext("domain",$AsburyDomain)
[system.directoryservices.activedirectory.domain]::GetDomain($context).domainControllers | export-csv "c:\users\Desktop\Domain_Controller_List\domain.csv" -NoTypeInformation -Encoding UTF8

Highlighted

@JimLeary

 

Hi

So you are trying do dump the dc information out for each domain in the forest right?

 

Assuming you have the AD module installed and are on a domain joined machine then the code looks something like this:

 

import-module ActiveDirectory -force

$adforest=get-adforest

$domainlist=$adforest.domains

foreach($domain in $domainlist)

{

$pdc=(Get-ADDomain -identity $domain).pdcemulator

$dclist=(get-addomain -identity $domain -server $pdc ).replicadirectoryservers

foreach($dc in $dclist)

{

get-addomaincontroller -identity $dc | export-csv -notypeinformation -path dclist.csv -append

}

}

Hope this helps...

 

Highlighted
Highlighted

@JimLeary 

 

Cool. Just a quick note for reference. The following snippet will return the names of all of the attributes of a domain: get-addomain | get-member. Once you have done that and you know what attribute you are looking for, and what type it is then you can retrieve it using object notation..

 

Here's an example:

$addomain=get-addomain

$pdc=$addomain.pdcemulator

 

The same process applies to almost any object. Retrieve an instance and get-member will show the methods and properties that make up the object in question..