get all ADcontroller of another domain
Solution 1
One way without using AD module:
$a = new-object 'System.DirectoryServices.ActiveDirectory.DirectoryContext'("domain", "other.domain.local" )
[System.DirectoryServices.ActiveDirectory.DomainController]::FindAll($a)
You need to be an 'authenticated user' in the remote domain or add username and password parameter to the DirectoryContext
object
Solution 2
Can't test this due to lack of AD, but you could try the -Server
option with the FQDN of the trusted domain:
Get-ADDomainController -Filter * -Server trusted.example.com
Solution 3
I've come across the same problem as I work regularly with multiple domains. I was hoping for a more elegant solution, but so far the best I've come up with is to take your work one step further.
if Get-ADDomainController -domain MyTrustedDomain -Discover
gives you one server in the target domain, you can feed that to the -server parameter to query that one DC. You do need to provide credentials to query a DC from a different domain than your login session if a trust DOES NOT exist (in a trust, the trusting domain considers you to be 'authenticated').
$targetdcname = (Get-ADDomainController -DomainName <MyTrustedDomain> -Discover).hostname
Get-ADDomainController -Filter * `
-Server $targetdcname `
-Credential (Get-Credential MyTrustedDomain\username) | ft HostName
or
Get-ADDomainController -Filter * `
-Server $((Get-ADDomainController -DomainName <MyTrustedDomain> -Discover).hostname) `
-Credential (Get-Credential MyTrustedDomain\username) | ft HostName
If you do this sort of thing alot, you can always store your credentials in a variable for reuse, $cred = Get-Credential MyTrustedDomain\username)
and save the repeated prompts. The password is stored as a System.Security.SecureString and will be secure as long as you keep it within your session.
Until the Get-ADDomainController cmdlet is updated to allow both the -filter parameter AND the Domainname parameter, we're stuck with a workaround.
Solution 4
This command will list all domain controllers in the forest for each domain
(get-adforest).domains |%{get-addomaincontrollers -filter * -server $_}
Naigel
I've always had a passion for IT related stuffs. Suddenly I found myself as a computer engineering student, then I accidentally started my career as system engineer, then evolved into a data analyst and finally reached the status of computer scientist. What does this exactly mean? Well... not sure yet, I guess it's like being a software engineer who understand some theoretical computer science.
Updated on July 21, 2022Comments
-
Naigel almost 2 years
I'm stuck in a stupid problem that I can't figure out how to solve.
I need to get all domain controllers of a trusted domain.With this piece of code I get all DC in the current domain
Get-ADDomainController -Filter *
With this I get one DC from target domainGet-ADDomainController -domain MyTrustedDomain -Discover
But how can I get all DC in target domain?