Active Directory domain controllers are the backbone of the Active Directory subsystem. Any failure to an Active Directory domain controller could result in impacting the authentication and authorization services to the users, computers, and applications running in your production environment. Microsoft has put in a lot of efforts in PowerShell scripting. Nowadays, PowerShell is the first choice for Active Directory administrators who perform daily tasks related to Active Directory. PowerShell can reduce the time it takes to perform tasks using the GUI. In this article, we will provide some Active Directory PowerShell commands and tiny PowerShell scripts that you can use to find information about the domain controllers quickly.
PowerShell cmdlets to use
While you can use traditional ways such as DSQuery Server command-line tool or WMI classes to query information about the Domain Controllers, but Active Directory PowerShell modules provide a PowerShell cmdlet that we can use to get all the information about the Domain Controllers in an Active Directory forest as well as all Active Directory external forests. We can use Get-ADDomainController PowerShell cmdlet that is explained as part of this article.
Checking which domain controllers are global catalog servers
In case you need to check if a specific or all domain controllers in an Active Directory forest are global catalog servers, you can use Get-ADDomainController with below command:
$DCStatus = Get-ADDomainController -Identity DC1.TechGenix.com $DCStatus.IsGlobalCatalog
The above command returns global catalog status for domain controller named DC1.TechGenix.com. As you can see it’s very easy to know whether a particular domain controller is a global catalog server or not. If you would like to check global catalog status for all domain controllers, you can execute these PowerShell commands:
$DCList = “C:\Temp\DCList.TXT”
ForEach ($Item in GC $DCList)
{
$DCStatus = Get-ADDomainController -Identity $Item
$DCStatus.IsGlobalCatalog
}
The above PowerShell commands need to be executed after creating a DCList.TXT file that contains the list of domain controllers to be checked. There is another way to get the list of domain controllers and then check the global catalog status. You can use “-Filter” parameter in the Get-ADDomainController cmdlet as shown in the command below:
$DCStatus = Get-ADDomainController -Filter * $DCStatus.IsGlobalCatalog
As you can see we used the “-Filter *” parameter in above PowerShell commands to get all domain controllers, store all domain controllers information in the $DCStatus variable and then by using the IsGlobalCatalog property we are querying the global catalog status. However, one problem with the above commands is that it doesn’t show the name of the domain controller. To list the domain controller name along with the global catalog status you can use this PowerShell script:
$DCStatus = Get-ADDomainController -Filter *
ForEach ($Item in $DCStatus)
{
$STR = $DCStatus.HostName+ " : "+$DCStatus.IsGlobalCatalog
Write-host $STR
}
Domain controllers in a given Active Directory site
If you would like to know how many domain controllers exist in an Active Directory site, you can use Get-ADDomainController PowerShell cmdlet. Get-ADDomainController implements “site” property for each domain controller object. You can easily see which Active Directory site a particular domain controller is associated with. To check Active Directory site name for a single domain controller, execute below PowerShell commands:
$DCStatus = Get-ADDomainController -Identity TechGenix.com
$DCStatus.Site
While the above PowerShell commands show the site name of a single Active Directory domain controller, the PowerShell script below can be used to see Active Directory site name for all domain controllers in an Active Directory Forest:
$DCStatus = Get-ADDomainController -Filter *
ForEach ($Item in $DCStatus)
{
$STR = $DCStatus.HostName+ " : "+$DCStatus.Site
Write-host $STR
}
In case you need to store the output to a CSV file, just add “Export-CSV <Path to CSV file>” command in the above PowerShell script.
Check operating system of domain controllers
Checking operating system version manually of domain controllers in a large environment is a cumbersome task as it requires checking some of the attributes of each domain controller object by using Active Directory Users and Computers snap-in. What you can do is to use the Get-ADDomainController cmdlet and check two attributes that store the operating system version information. The properties are OperatingSystem and OperatingSystemVersion. To check the operating system version of a single domain controller you can type below PowerShell command:
$DCStatus = Get-ADDomainController -Identity Ossisto365.com $DCStatus.OperatingSystem $DCStatus.OperatingSystemVersion
To check operating system version of multiple domain controllers, the PowerShell script below will work.
$DCStatus = Get-ADDomainController -Filter *
ForEach ($Item in $DCStatus)
{
$STR = $DCStatus. OperatingSystem + " : "+$DCStatus. OperatingSystemVersion
Write-host $STR
}
As part of this article, we provided some PowerShell commands and saw how using Get-ADDomainController PowerShell cmdlet the information about the Active Directory domain controllers can be obtained. Though there are many other ways such as using DSQuery Server and ADSI Object, Get-ADDomainController PowerShell cmdlet has been written specifically to get information about the domain controller and it is much easier than any other methods.
