Recently I have needed to collect information from domain controllers to generate a pre-migration report. To perform this task, I used different tools available on Windows Server. Today, in this post, I will show you how to collect information from domain controllers using a PowerShell script and command-line tools such as DCDIAG and NLTEST.
PowerShell Workaround
Using the following script, we will obtain requested information about all domain controllers that are online in our domain.
Requirements:
- PowerShell version 3.0 or higher.
- PowerShell Active Directory module. To learn how to install this module, see this link.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 | # Import AD module Import-Module ActiveDirectory # Get your ad domain name $DomainName = (Get-ADDomain).DNSRoot # Get all Domain Controllers $DCs = Get-ADDomainController -Filter * -Server $DomainName | Select-Object Hostname,isGlobalCatalog,IsReadOnly,Site,Forest,OperationMasterRoles # Create empty DataTable object $DCTable = New-Object System.Data.DataTable $DCTable.Columns.Add() | Out-Null $DCTable.Columns[0].Caption = "Hostname" $DCTable.Columns[0].ColumnName = "Hostname" $DCTable.Columns.Add() | Out-Null $DCTable.Columns[1].Caption = "isGlobalCatalog" $DCTable.Columns[1].ColumnName = "isGlobalCatalog" $DCTable.Columns[1].DataType = "Boolean" $DCTable.Columns.Add() | Out-Null $DCTable.Columns[2].Caption = "IsReadOnly" $DCTable.Columns[2].ColumnName = "IsReadOnly" $DCTable.Columns[2].DataType = "Boolean" $DCTable.Columns.Add() | Out-Null $DCTable.Columns[3].Caption = "Site" $DCTable.Columns[3].ColumnName = "Site" $DCTable.Columns.Add() | Out-Null $DCTable.Columns[4].Caption = "Forest" $DCTable.Columns[4].ColumnName = "Forest" $DCTable.Columns.Add() | Out-Null $DCTable.Columns[5].Caption = "OperationMasterRoles" $DCTable.Columns[5].ColumnName = "OperationMasterRoles" $DCTable.Columns[5].DataType = "Microsoft.ActiveDirectory.Management.ADPropertyValueCollection" ForEach($DC in $DCs) { $DCTable.Rows.Add( $DC.Hostname, $DC.isGlobalCatalog, $DC.IsReadOnly, $DC.Site, $DC.Forest, $DC.OperationMasterRoles )| Out-Null } # Display results in the console $DCTable |
If you want to know more about the Get-ADDomainController cmdlet, check out this link: https://docs.microsoft.com/en-us/powershell/module/activedirectory/get-addomaincontroller?view=winserver2012-ps
DCDIAG
The following command will display the list of services a domain controller is advertising.
1 2 3 | dcdiag /v /s:<<em>DomainControllerName</em>> /test:advertising |
If you want to know more about dcdiag command-line tool, check out this link: https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/cc731968(v=ws.11)
NLTEST
You can also use the nltest command-line tool. By running the following command on a domain controller, you will get the following result:
1 2 3 | nltest /server:<<em>DomainControllerName</em>> /dsgetdc:<<em>DomainName</em>> |
Flags
The data received from the request contains a set of indicators that describe the domain controller. This can be zero or a combination of one or more of the following values.
DS_DNS_CONTROLLER_FLAG: The DomainControllerName member is in DNS format.
DS_DNS_DOMAIN_FLAG: The DomainName member is in DNS format.
DS_DNS_FOREST_FLAG: The DnsForestName member is in DNS format.
DS_CLOSEST_FLAG: The domain controller is on the same site as the client.
DS_DS_FLAG: The domain controller is a directory service server for the domain.
DS_FULL_SECRET_DOMAIN_6_FLAG: The domain controller is a Windows 2008 or later writable domain controller.
DS_GOOD_TIMESERV_FLAG: The domain controller is running a reliable Windows Time Service for the domain.
DS_GC_FLAG: The domain controller is a global catalog server for the forest specified by DnsForestName.
DS_KDC_FLAG: The domain controller is a Kerberos Key Distribution Center for the domain.
DS_LDAP_FLAG: The server is an LDAP server.
DS_NDNC_FLAG: The Domain Name is an application (non-domain) naming context.
DS_PDC_FLAG: The domain controller is the primary domain controller of the domain.
DS_SELECT_SECRET_DOMAIN_6_FLAG: The domain controller is a Windows 2008 or later read-only domain controller.
DS_TIMESERV_FLAG: The domain controller is running the Windows Time Service for the domain.
DS_WRITABLE_FLAG: The domain controller hosts a writable directory service (or SAM).
If you want to know more about nltest command-line tool, check out this link: https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/cc731935(v=ws.11)
Thanks for reading until the end. I hope you find this article useful and share it.