How to Collect Information from Domain Controllers

November 10, 2019 2020

Recently I have needed to collect information from domain controllers to generate a pre-migration report. To perform this task, I used different tools available on Windows Server. Today, in this post, I will show you how to collect information from domain controllers using a PowerShell script and command-line tools such as DCDIAG and NLTEST.

PowerShell Workaround

Using the following script, we will obtain requested information about all domain controllers that are online in our domain.

Requirements:

PowerShell version 3.0 or higher.
PowerShell Active Directory module. To learn how to install this module, see this link.


# Import AD module
Import-Module ActiveDirectory
 
# Get your ad domain name
$DomainName = (Get-ADDomain).DNSRoot
 
# Get all Domain Controllers
$DCs = Get-ADDomainController -Filter * -Server $DomainName | Select-Object Hostname,isGlobalCatalog,IsReadOnly,Site,Forest,OperationMasterRoles
  
# Create empty DataTable object
$DCTable = New-Object System.Data.DataTable
      

$DCTable.Columns.Add() | Out-Null
$DCTable.Columns[0].Caption = "Hostname"
$DCTable.Columns[0].ColumnName = "Hostname"
  
$DCTable.Columns.Add() | Out-Null
$DCTable.Columns[1].Caption = "isGlobalCatalog"
$DCTable.Columns[1].ColumnName = "isGlobalCatalog"
$DCTable.Columns[1].DataType = "Boolean"

$DCTable.Columns.Add() | Out-Null
$DCTable.Columns[2].Caption = "IsReadOnly"
$DCTable.Columns[2].ColumnName = "IsReadOnly"
$DCTable.Columns[2].DataType = "Boolean"
  
$DCTable.Columns.Add() | Out-Null
$DCTable.Columns[3].Caption = "Site"
$DCTable.Columns[3].ColumnName = "Site"
  
$DCTable.Columns.Add() | Out-Null
$DCTable.Columns[4].Caption = "Forest"
$DCTable.Columns[4].ColumnName = "Forest"
  
$DCTable.Columns.Add() | Out-Null
$DCTable.Columns[5].Caption = "OperationMasterRoles"
$DCTable.Columns[5].ColumnName = "OperationMasterRoles"
$DCTable.Columns[5].DataType = "Microsoft.ActiveDirectory.Management.ADPropertyValueCollection"
 
                     
ForEach($DC in $DCs)
{  
    
          
    $DCTable.Rows.Add(  $DC.Hostname,
                        $DC.isGlobalCatalog,
                        $DC.IsReadOnly,
                        $DC.Site,
                        $DC.Forest,
                        $DC.OperationMasterRoles          
                    )| Out-Null                          
}
 
# Display results in the console
$DCTable

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

# Import AD module

Import-Module ActiveDirectory

# Get your ad domain name

$DomainName = (Get-ADDomain).DNSRoot

# Get all Domain Controllers

$DCs = Get-ADDomainController -Filter * -Server $DomainName | Select-Object Hostname,isGlobalCatalog,IsReadOnly,Site,Forest,OperationMasterRoles

# Create empty DataTable object

$DCTable = New-Object System.Data.DataTable

$DCTable.Columns.Add() | Out-Null

$DCTable.Columns[0].Caption = "Hostname"

$DCTable.Columns[0].ColumnName = "Hostname"

$DCTable.Columns.Add() | Out-Null

$DCTable.Columns[1].Caption = "isGlobalCatalog"

$DCTable.Columns[1].ColumnName = "isGlobalCatalog"

$DCTable.Columns[1].DataType = "Boolean"

$DCTable.Columns.Add() | Out-Null

$DCTable.Columns[2].Caption = "IsReadOnly"

$DCTable.Columns[2].ColumnName = "IsReadOnly"

$DCTable.Columns[2].DataType = "Boolean"

$DCTable.Columns.Add() | Out-Null

$DCTable.Columns[3].Caption = "Site"

$DCTable.Columns[3].ColumnName = "Site"

$DCTable.Columns.Add() | Out-Null

$DCTable.Columns[4].Caption = "Forest"

$DCTable.Columns[4].ColumnName = "Forest"

$DCTable.Columns.Add() | Out-Null

$DCTable.Columns[5].Caption = "OperationMasterRoles"

$DCTable.Columns[5].ColumnName = "OperationMasterRoles"

$DCTable.Columns[5].DataType = "Microsoft.ActiveDirectory.Management.ADPropertyValueCollection"

ForEach($DC in $DCs)

{

$DCTable.Rows.Add( $DC.Hostname,

$DC.isGlobalCatalog,

$DC.IsReadOnly,

$DC.Site,

$DC.Forest,

$DC.OperationMasterRoles

)| Out-Null

}

# Display results in the console

$DCTable

The information collected is stored in a table and is shown at the end of the execution of the script as shown in the following screenshot.

If you want to know more about the Get-ADDomainController cmdlet, check out this link: https://docs.microsoft.com/en-us/powershell/module/activedirectory/get-addomaincontroller?view=winserver2012-ps

DCDIAG

The following command will display the list of services a domain controller is advertising.


dcdiag /v /s:<<em>DomainControllerName</em>> /test:advertising

1

2

3

dcdiag /v /s:<<em>DomainControllerName</em>> /test:advertising

If you want to know more about dcdiag command-line tool, check out this link: https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/cc731968(v=ws.11)

NLTEST

You can also use the nltest command-line tool. By running the following command on a domain controller, you will get the following result:


nltest /server:<<em>DomainControllerName</em>> /dsgetdc:<<em>DomainName</em>>

1

2

3

nltest /server:<<em>DomainControllerName</em>> /dsgetdc:<<em>DomainName</em>>

Flags

The data received from the request contains a set of indicators that describe the domain controller. This can be zero or a combination of one or more of the following values.

DS_DNS_CONTROLLER_FLAG: The DomainControllerName member is in DNS format.

DS_DNS_DOMAIN_FLAG: The DomainName member is in DNS format.

DS_DNS_FOREST_FLAG: The DnsForestName member is in DNS format.

DS_CLOSEST_FLAG: The domain controller is on the same site as the client.

DS_DS_FLAG: The domain controller is a directory service server for the domain.

DS_FULL_SECRET_DOMAIN_6_FLAG: The domain controller is a Windows 2008 or later writable domain controller.

DS_GOOD_TIMESERV_FLAG: The domain controller is running a reliable Windows Time Service for the domain.

DS_GC_FLAG: The domain controller is a global catalog server for the forest specified by DnsForestName.

DS_KDC_FLAG: The domain controller is a Kerberos Key Distribution Center for the domain.

DS_LDAP_FLAG: The server is an LDAP server.

DS_NDNC_FLAG: The Domain Name is an application (non-domain) naming context.

DS_PDC_FLAG: The domain controller is the primary domain controller of the domain.

DS_SELECT_SECRET_DOMAIN_6_FLAG: The domain controller is a Windows 2008 or later read-only domain controller.

DS_TIMESERV_FLAG: The domain controller is running the Windows Time Service for the domain.

DS_WRITABLE_FLAG: The domain controller hosts a writable directory service (or SAM).

If you want to know more about nltest command-line tool, check out this link: https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/cc731935(v=ws.11)

Thanks for reading until the end. I hope you find this article useful and share it.

Was this article useful? Support my work!

Tags:

Active Directory dcdiag.exe Get-ADDomain Get-ADDomainController Microsoft nltest.exe PowerShell Windows Server Windows Server 2008 Windows Server 2012 Windows Server 2016 Windows Server 2019

Jorge Bernhardt