X

Using PowerShell to query Active Directory Site information

Many Active Directory admins use PowerShell to query information from Active Directory. Microsoft provides enough PowerShell cmdlets to manage Active Directory operations. For example, you can use Get-ADUser PowerShell cmdlet to query user information from Active Directory. You can use other Active Directory PowerShell cmdlets such as Get-ADComputer to query computer information from Active Directory, and so on. Apart from querying user and computer information, you may want to collect information such as AD Sites created in Active Directory, collecting AD Site links and querying information as to know how many AD Sites are not associated with any Active Directory Site links.

To query AD Sites in an Active Directory forest, create a new PowerShell object that accesses the System.DirectoryServices.ActiveDirectory.DirectoryContext object. By executing the below PowerShell commands, you are gathering Active Directory Sites in $ADSites variable. Once all Active Directory Site information has been stored in the $ADSites variable, you can access the information by using a PowerShell ForEach loop.


$CurForestName=”TechGenix.com”
$a = new-object System.DirectoryServices.ActiveDirectory.DirectoryContext(“Forest”, $CurForestName)
[array]$ADSites=[System.DirectoryServices.ActiveDirectory.Forest]::GetForest($a).sites


The first line in above PowerShell commands stores the Active Directory forest in which you want to query the Active Directory Sites. The second PowerShell command creates a new object that connects to System.DirectoryServices.ActiveDirectory.DirectoryContext, which, in turn, connects to the Active Directory forest name specified in the $CurForestName variable. The PowerShell command gathers the Active Directory Site information in an array variable called $ADSites. Once Active Directory Site information has been collected in the $ADSites variable, you can access the information by using the PowerShell “ForEach” loop as shown below:


ForEach ($Site in $ADSites)
{
$SiteName = $Site.Name
$SiteLocation = $Site.Location
$SiteName
$SiteLocation
}


The above PowerShell commands, when executed, return the Active Directory Site name and its location text. In case you wish to store the output to a CSV file, execute the below PowerShell commands:


$ADSiteInfo = “C:\Temp\ADSiteInfo.CSV”
$STR=”AD Site Name, Location”
Add-Content $ADSiteInfo $STR
ForEach ($Site in $ADSites)
{
$SiteName = $Site.Name
$SiteLocation = $Site.Location
$STRNew = $SiteName+”,”+$SiteLocation
Add-Content $ADSiteInfo $STRNew
}


Once you have executed the above PowerShell script, the end result is that you have a report file generated under the C:\Temp folder that contains Active Directory name and its location description text. Note that we are accessing only two properties of the Active Directory Site from $ADSites variable. There are several properties available that you can access using the ForEach loop.

Let’s take a look at the next example, which helps you collect the Active Directory Sites that have been created in the Active Directory forest but have not been assigned to an AD Site link. It is important to understand that every AD Site must be assigned to an AD Site link so the Active Directory KCC component can create necessary connection objects between domain controllers. To query the list of Active Directory Sites not present in an AD Site link, execute the PowerShell script below:


$ADSiteInfo = “C:\Temp\ADSiteInfo.CSV”
$STR=”AD Site Name, Location, Is Present in a Site Link?”
Add-Content $ADSiteInfo $STR
ForEach ($Site in $ADSites)
{
$SiteName = $Site.Name
$SiteLocation = $Site.Location
[array] $SiteLinks = $Site.SiteLinks
$IsPresentInSiteLink=”Yes”
IF (!$SiteLinks)
{
$IsPresentInSiteLink=”No”
$ThisStr=$SiteName+”,”+'”‘+$SiteLocation+'”‘+$IsPresentInSiteLink
Add-Content “$ADSiteInfo” $ThisStr
}
}


The above PowerShell script checks to see if $SiteLinks variable contains any value for current AD Site. If the $SiteLinks variable does not contain any value in it, that AD Site is considered as an empty site. The script stores output in the C:\Temp\ADSiteInfo.CSV” file. The CSV report contains AD Site Name, AD Site location and whether the AD Site is associated with any AD Site link or not as shown in the screenshot below:

As you can see in the output above, SiteC is not associated with any Active Directory Site link. You must review the complete output and make sure all AD Sites are associated with an AD Site link. If an AD Site does not have any role in the Active Directory forest, you must remove it. In the case where user subnets are associated with the AD Site, you must ensure that you associate AD Site with an AD Site link.

You can see how easy it is to collect the information about the Active Directory Sites from an Active Directory forest by creating a PowerShell object that connects System.DirectoryServices.ActiveDirectory.DirectoryContext. The PowerShell ForEach loop provides you the ability to access the information stored in a variable. We also explained how easy it is to collect a list of AD Sites that are not associated with any AD Site links.