Microsoft Windows Windows PowerShell

How to Collect Information from Domain Controllers

Jorge Bernhardt November 10, 2019 Comments (0)

Recently I have needed to collect information from domain controllers to generate a pre-migration report. To perform this task, I used different tools available on Windows Server. Today, in this post, I will show you how to collect information from domain controllers using a PowerShell script and command-line tools such as DCDIAG and NLTEST.

PowerShell Workaround

Using the following script, we will obtain requested information about all domain controllers that are online in our domain.

Requirements:

PowerShell version 3.0 or higher.
PowerShell Active Directory module. To learn how to install this module, see this link.

www.jorgebernhardt.com

PowerShell


# Import AD module
Import-Module ActiveDirectory
 
# Get your ad domain name
$DomainName = (Get-ADDomain).DNSRoot
 
# Get all Domain Controllers
$DCs = Get-ADDomainController -Filter * -Server $DomainName | Select-Object Hostname,isGlobalCatalog,IsReadOnly,Site,Forest,OperationMasterRoles
  
# Create empty DataTable object
$DCTable = New-Object System.Data.DataTable
      

$DCTable.Columns.Add() | Out-Null
$DCTable.Columns[0].Caption = "Hostname"
$DCTable.Columns[0].ColumnName = "Hostname"
  
$DCTable.Columns.Add() | Out-Null
$DCTable.Columns[1].Caption = "isGlobalCatalog"
$DCTable.Columns[1].ColumnName = "isGlobalCatalog"
$DCTable.Columns[1].DataType = "Boolean"

$DCTable.Columns.Add() | Out-Null
$DCTable.Columns[2].Caption = "IsReadOnly"
$DCTable.Columns[2].ColumnName = "IsReadOnly"
$DCTable.Columns[2].DataType = "Boolean"
  
$DCTable.Columns.Add() | Out-Null
$DCTable.Columns[3].Caption = "Site"
$DCTable.Columns[3].ColumnName = "Site"
  
$DCTable.Columns.Add() | Out-Null
$DCTable.Columns[4].Caption = "Forest"
$DCTable.Columns[4].ColumnName = "Forest"
  
$DCTable.Columns.Add() | Out-Null
$DCTable.Columns[5].Caption = "OperationMasterRoles"
$DCTable.Columns[5].ColumnName = "OperationMasterRoles"
$DCTable.Columns[5].DataType = "Microsoft.ActiveDirectory.Management.ADPropertyValueCollection"
 
                     
ForEach($DC in $DCs)
{  
    
          
    $DCTable.Rows.Add(  $DC.Hostname,
                        $DC.isGlobalCatalog,
                        $DC.IsReadOnly,
                        $DC.Site,
                        $DC.Forest,
                        $DC.OperationMasterRoles          
                    )| Out-Null                          
}
 
# Display results in the console
$DCTable

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

# Import AD module

Import-Module ActiveDirectory

# Get your ad domain name

$DomainName = (Get-ADDomain).DNSRoot

# Get all Domain Controllers

$DCs = Get-ADDomainController -Filter * -Server $DomainName | Select-Object Hostname,isGlobalCatalog,IsReadOnly,Site,Forest,OperationMasterRoles

# Create empty DataTable object

$DCTable = New-Object System.Data.DataTable

$DCTable.Columns.Add() | Out-Null

$DCTable.Columns[0].Caption = "Hostname"

$DCTable.Columns[0].ColumnName = "Hostname"

$DCTable.Columns.Add() | Out-Null

$DCTable.Columns[1].Caption = "isGlobalCatalog"

$DCTable.Columns[1].ColumnName = "isGlobalCatalog"

$DCTable.Columns[1].DataType = "Boolean"

$DCTable.Columns.Add() | Out-Null

$DCTable.Columns[2].Caption = "IsReadOnly"

$DCTable.Columns[2].ColumnName = "IsReadOnly"

$DCTable.Columns[2].DataType = "Boolean"

$DCTable.Columns.Add() | Out-Null

$DCTable.Columns[3].Caption = "Site"

$DCTable.Columns[3].ColumnName = "Site"

$DCTable.Columns.Add() | Out-Null

$DCTable.Columns[4].Caption = "Forest"

$DCTable.Columns[4].ColumnName = "Forest"

$DCTable.Columns.Add() | Out-Null

$DCTable.Columns[5].Caption = "OperationMasterRoles"

$DCTable.Columns[5].ColumnName = "OperationMasterRoles"

$DCTable.Columns[5].DataType = "Microsoft.ActiveDirectory.Management.ADPropertyValueCollection"

ForEach($DC in $DCs)

{

$DCTable.Rows.Add( $DC.Hostname,

$DC.isGlobalCatalog,

$DC.IsReadOnly,

$DC.Site,

$DC.Forest,

$DC.OperationMasterRoles

)| Out-Null

}

# Display results in the console

$DCTable

The information collected is stored in a table and is shown at the end of the execution of the script as shown in the following screenshot.

If you want to know more about the Get-ADDomainController cmdlet, check out this link: https://docs.microsoft.com/en-us/powershell/module/activedirectory/get-addomaincontroller?view=winserver2012-ps

DCDIAG

The following command will display the list of services a domain controller is advertising.

www.jorgebernhardt.com

MS DOS


dcdiag /v /s:<<em>DomainControllerName</em>> /test:advertising

1

2

3

dcdiag /v /s:<<em>DomainControllerName</em>> /test:advertising

If you want to know more about dcdiag command-line tool, check out this link: https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/cc731968(v=ws.11)

NLTEST

You can also use the nltest command-line tool. By running the following command on a domain controller, you will get the following result:

www.jorgebernhardt.com

MS DOS


nltest /server:<<em>DomainControllerName</em>> /dsgetdc:<<em>DomainName</em>>

1

2

3

nltest /server:<<em>DomainControllerName</em>> /dsgetdc:<<em>DomainName</em>>

Flags

The data received from the request contains a set of indicators that describe the domain controller. This can be zero or a combination of one or more of the following values.

DS_DNS_CONTROLLER_FLAG: The DomainControllerName member is in DNS format.

DS_DNS_DOMAIN_FLAG: The DomainName member is in DNS format.

DS_DNS_FOREST_FLAG: The DnsForestName member is in DNS format.

DS_CLOSEST_FLAG: The domain controller is on the same site as the client.

DS_DS_FLAG: The domain controller is a directory service server for the domain.

DS_FULL_SECRET_DOMAIN_6_FLAG: The domain controller is a Windows 2008 or later writable domain controller.

DS_GOOD_TIMESERV_FLAG: The domain controller is running a reliable Windows Time Service for the domain.

DS_GC_FLAG: The domain controller is a global catalog server for the forest specified by DnsForestName.

DS_KDC_FLAG: The domain controller is a Kerberos Key Distribution Center for the domain.

DS_LDAP_FLAG: The server is an LDAP server.

DS_NDNC_FLAG: The Domain Name is an application (non-domain) naming context.

DS_PDC_FLAG: The domain controller is the primary domain controller of the domain.

DS_SELECT_SECRET_DOMAIN_6_FLAG: The domain controller is a Windows 2008 or later read-only domain controller.

DS_TIMESERV_FLAG: The domain controller is running the Windows Time Service for the domain.

DS_WRITABLE_FLAG: The domain controller hosts a writable directory service (or SAM).

If you want to know more about nltest command-line tool, check out this link: https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/cc731935(v=ws.11)

Thanks for reading until the end. I hope you find this article useful and share it.

Active Directorydcdiag.exeGet-ADDomainGet-ADDomainControllerMicrosoftnltest.exePowerShellWindows ServerWindows Server 2008Windows Server 2012Windows Server 2016Windows Server 2019

Previous How to generate an Azure VM RDP file

Next How to Create an Azure File Share

Start typing and press Enter to search