Querying AD from Powershell

powershell active-directory
18,650

What operating system are your domain controllers? The AD cmdlets have to connect to a domain controller that's running Active Directory Web Services. This is automatic on Windows 2008 R2 and newer domain controllers, but on Windows 2008 and Windows 2003 you need to install it separately. Ideally, you've gotten rid of all of your Windows 2003 DCs because it's out of support. 2008 is getting pretty old too. But if you can't, then you should install ADWS on all of the downlevel DCs so that you can use the AD cmdlets.

You can use Get-ADDomainController-Discover -Service ADWS to find a DC running it. You could use the result of that call in the -Server parameter of the rest of the AD cmdlets (or use $PSDefaultParameterValues to set it once in the script). But if that doesn't return any DCs, then you need to install ADWS.

Share:
18,650
Daniel
Author by

Daniel

Updated on June 04, 2022

Comments

  • Daniel
    Daniel almost 2 years

    I'm new to Powershell and AD. I have troubles using AD module for PS. I get the following error using any command:

    Get-ADDomain : Unable to contact the server. This may be because this server does not exist, it is currently down, or it does not have the Active Directory Web Services 
running.
At line:2 char:1
+ Get-ADDomain -Current LocalComputer
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ResourceUnavailable: (lon.intensive.int:ADDomain) [Get-ADDomain], ADServerDownException
    + FullyQualifiedErrorId : ActiveDirectoryServer:0,Microsoft.ActiveDirectory.Management.Commands.GetADDomain

    What is interesting I'm able to use ADExplorer and see domain, users and all their attributes. How does ADExplorer differ from scripts in Powershell?

  • Daniel
    Daniel over 8 years
    Thanks for the answer. DC is running on Windows Server 2008. What I found out is I should isntall Active Directory Management Gateway Service which is the same as Active Directory Web Services for Windows 2008 ;) I am also wondering how other computers are communicating with DC if this service is not running?
  • briantist
    briantist over 8 years
    @Daniel since AD predates ADWS by at least 8 years or so, there are of course other methods of communicating to AD, but the cmdlets require ADWS.
  • Kiquenet
    Kiquenet almost 8 years
    ADWS is required always for ActiveDirectory module ?
  • briantist
    briantist almost 8 years
    @Kiquenet yes, but you don't need to install it separately in later versions of Windows (starting in 2008 R2 I think?) as it's automatically included as part of AD. technet.microsoft.com/en-us/library/dd391908(v=ws.10).aspx

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Powershell: How do you set the Read/Write Service Principal Name AD Permissions?
Get-ADUser filter by property length
How to copy members from one security group to another security group in AD using PowerShell v4?
Error with Get-ADUser: Invalid enumeration context
Using powershell I'd like to get a list of people who have admin privileges for a domain?
get all ADcontroller of another domain
The Powershell Command "Get-DistributionGroup" doesn't work
Get-ADGroupMembers with User account Enabled status
Get-ADComputer and MemberOf
Is it possible to set a users memberOf property in Active Directory using Powershell