Skip to main content
Jorge Bernhardt Jorge Bernhardt
  1. Posts/

How to Collect Information from Domain Controllers

·564 words·3 mins· 100 views · 5 likes ·
Active Directory dcdiag.exe Get-ADDomain Get-ADDomainController

Recently I have needed to collect information from domain controllers to generate a pre-migration report. To perform this task, I used different tools available on Windows Server. Today, in this post, I will show you how to collect information from domain controllers using a PowerShell script and command-line tools such as DCDIAG and NLTEST.

PowerShell Workaround>

PowerShell Workaround #

Using the following script, we will obtain the requested information about all domain controllers that are online in our domain. Requirements:

  • PowerShell version 3.0 or higher.
  • PowerShell Active Directory module. To learn how to install this module, see this link.
# Import AD module
Import-Module ActiveDirectory

# Get your ad domain name
$DomainName = (Get-ADDomain).DNSRoot

# Get all Domain Controllers
$DCs = Get-ADDomainController `
    -Filter * `
    -Server $DomainName `
    | Select-Object Hostname,isGlobalCatalog,IsReadOnly,Site,Forest,OperationMasterRoles

# Create empty DataTable object
$DCTable = New-Object System.Data.DataTable


$DCTable.Columns.Add() | Out-Null
$DCTable.Columns[0].Caption = "Hostname"
$DCTable.Columns[0].ColumnName = "Hostname"

$DCTable.Columns.Add() | Out-Null
$DCTable.Columns[1].Caption = "isGlobalCatalog"
$DCTable.Columns[1].ColumnName = "isGlobalCatalog"
$DCTable.Columns[1].DataType = "Boolean"

$DCTable.Columns.Add() | Out-Null
$DCTable.Columns[2].Caption = "IsReadOnly"
$DCTable.Columns[2].ColumnName = "IsReadOnly"
$DCTable.Columns[2].DataType = "Boolean"

$DCTable.Columns.Add() | Out-Null
$DCTable.Columns[3].Caption = "Site"
$DCTable.Columns[3].ColumnName = "Site"

$DCTable.Columns.Add() | Out-Null
$DCTable.Columns[4].Caption = "Forest"
$DCTable.Columns[4].ColumnName = "Forest"

$DCTable.Columns.Add() | Out-Null
$DCTable.Columns[5].Caption = "OperationMasterRoles"
$DCTable.Columns[5].ColumnName = "OperationMasterRoles"
$DCTable.Columns[5].DataType = "Microsoft.ActiveDirectory.Management.ADPropertyValueCollection"


ForEach($DC in $DCs)
{


    $DCTable.Rows.Add(  $DC.Hostname,
                        $DC.isGlobalCatalog,
                        $DC.IsReadOnly,
                        $DC.Site,
                        $DC.Forest,
                        $DC.OperationMasterRoles
                    )| Out-Null
}

# Display results in the console
$DCTable

The information collected is stored in a table and is shown at the end of the execution of the script as shown in the following screenshot.

Get-ADDomanController
If you want to know more about the Get-ADDomainController cmdlet, check out this link: https://docs.microsoft.com/en-us/powershell/module/activedirectory/get-addomaincontroller?view=winserver2012-ps

DCDIAG>

DCDIAG #

The following command will display the list of services a domain controller is advertising.

dcdiag /v /s:<_DomainControllerName_> /test:advertising

Services DC
If you want to know more about dcdiag command-line tool, check out this link: https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/cc731968(v=ws.11)

NLTEST>

NLTEST #

You can also use the nltest command-line tool. By running the following command on a domain controller, you will get the following result:

nltest /server:<_DomainControllerName_> /dsgetdc:<_DomainName_>

Services DC

Flags>

Flags #

The data received from the request contains a set of indicators that describe the domain controller. This can be zero or a combination of one or more of the following values.

  • DS_DNS_CONTROLLER_FLAG: The DomainControllerName member is in DNS format.

  • DS_DNS_DOMAIN_FLAG: The DomainName member is in DNS format.

  • DS_DNS_FOREST_FLAG: The DnsForestName member is in DNS format.

  • DS_CLOSEST_FLAG: The domain controller is on the same site as the client.

  • DS_DS_FLAG: The domain controller is a directory service server for the domain.

  • DS_FULL_SECRET_DOMAIN_6_FLAG: The domain controller is a Windows 2008 or later writable domain controller.

  • DS_GOOD_TIMESERV_FLAG: The domain controller is running a reliable Windows Time Service for the domain.

  • DS_GC_FLAG: The domain controller is a global catalog server for the forest specified by DnsForestName.

  • DS_KDC_FLAG: The domain controller is a Kerberos Key Distribution Center for the domain.

  • DS_LDAP_FLAG: The server is an LDAP server.

  • DS_NDNC_FLAG: The Domain Name is an application (non-domain) naming context.

  • DS_PDC_FLAG: The domain controller is the primary domain controller of the domain.

  • DS_SELECT_SECRET_DOMAIN_6_FLAG: The domain controller is a Windows 2008 or later read-only domain controller.

  • DS_TIMESERV_FLAG: The domain controller is running the Windows Time Service for the domain.

  • DS_WRITABLE_FLAG: The domain controller hosts a writable directory service (or SAM).

Thanks for reading until the end. I hope you find this article useful and share it.

If you want to know more about nltest command-line tool, check out this link.