PowerShell: Finding the Next Closest Domain Controller
I am currently supporting a bigger enterprise with their Active Directory Migration. A colleague asked me “Could you write a Powershell script to comb the whole AD Forest?”
“Of course”, I said. 😉
And here it is – the script to find the next closest domain controller.
Index
Search Forest with Get-ADForest
Using the Active Directory cmdLets from Microsoft are really comfortable to comb through an AD Forest.
The first step is to get the Forest as an object with the cmdLet Get-ADForest:
|
1 |
$forest = Get-ADForest <forest.com> |
After you got the variable you want to search through all Domains of the Forest.
The Forest object has the attribute “Domains“, which includes a list of domains of the forest.
With a ForEach loop you can easily access each domain of the forest:
|
1 2 3 4 |
ForEach ($Domain in $Forest.Domains) { Write-Host "Current domain name: " $Domain } |
Query DC with Get-ADDomainController
So far so easy. But in a bigger environment with worldwide distributed Domain Controllers, querying a DC at the end of the world doesn’t make sense that much.
I want to find the best and closest DC.
For this task there is a special cmdLet:
Get-ADDomainController
The cmdlet GetADDomainController comes with the parameters -Discover and -NextClosestSite. These use the Active Directory Sites & Services Configuration to find the next closest Domain Controller for my location (my IP subnet).
|
1 2 3 4 5 |
ForEach ($Domain in $Forest.Domains) { Write-Host "Current domain name: " $Domain $DCobj = Get-ADDomaincontroller -DomainName $Domain -Discover -NextClosestSite } |
Read out the DC name
Unfortunately you can’t use the object $DCobj directly to set a DC for other cmdLets. But with a with a little trick you can read out the name of the DC from the attribute HostName of $DCobj. Write it to the variable $DChost as a string value.
|
1 2 3 4 5 6 |
ForEach ($Domain in $Forest.Domains) { Write-Host "Current domain name: " $Domain $DCobj = Get-ADDomaincontroller -DomainName $Domain -Discover -NextClosestSite [string]$DChost = $DCobj.HostName } |
Use the -Server parameter with the DC name
After you found out the Hostname of the next closest Domain Controller, you can use it for most AD cmdLets with -Server parameter to select a specific DC.
|
1 2 3 4 5 6 7 |
ForEach ($Domain in $Forest.Domains) { Write-Host "Current domain name: " $Domain $DCobj = Get-ADDomaincontroller -DomainName $Domain -Discover -NextClosestSite [string]$DChost = $DCobj.HostName $result = Get-ADObject -LDAPFilter "(attribute=value)" -Server $DChost } |
This way the cmdLet Get-ADObject uses the next closest Domain Controller zu query the AD Domain. The DC has been selected with the cmdLet Get-ADDomaincontroller in consideration of the Active Directory Sites & Services Configuration.
This article has been during projects of FirstAttribute AG
AD Software | AD Migration
Want to improve your AD structure and management?
Contact us – We are happy to support you.
Leave a Reply
<p>Your email is safe with us.<br/>Information about our <a href="https://activedirectoryfaq.com/contact-us/">data protection policies</a></p>