S.DS.AD – Domain

We looked at AD Forests last time – moving along we come to domains. We can discover the current domain in a similar manner to the forest

$dom = [System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()
$dom

The standard output includes

Forest                  : Manticore.org
DomainControllers       : {CSDC1.Manticore.org, DC02.Manticore.org}
Children                : {}
DomainMode              : Windows2008Domain
Parent                  :
PdcRoleOwner            : DC02.Manticore.org
RidRoleOwner            : DC02.Manticore.org
InfrastructureRoleOwner : DC02.Manticore.org
Name                    : Manticore.org

Notice that this includes the FSMO roles for the domain – just as the forest class reports them at that level.  To see all of the FSMO roles affecting a particular domain try

#create hash table
$roles = @{}

# Get the Forest
$for = [System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest()
$roles["SchemaMaster"] = $for.SchemaRoleOwner
$roles["DomainNamingMaster"] = $for.NamingRoleOwner

# Get the Domain
$dom = [System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()
$roles["PDCEmulator"] = $dom.PdcRoleOwner
$roles["RIDMaster"] = $dom.RidRoleOwner
$roles["InfrastructureMaster"] = $dom.InfrastructureRoleOwner

$roles

Create an empty hash table. Get the current forest and pick off the schema and domain naming roles. Get the current domain and pick off the PDC Emulator, RID and Infrastructure masters

Looking at the domain object we can use it to find the domain controllers in the domain

$dom.FindAllDomainControllers()

will display the following for each domain controller

Forest                     : Manticore.org
CurrentTime                : 14/12/2008 16:56:16
HighestCommittedUsn        : 680096
OSVersion                  : Windows Server® 2008 Standard
Roles                      : {SchemaRole, NamingRole, PdcRole, RidRole…}
Domain                     : Manticore.org
IPAddress                  : fe80::f564:22dd:b7d9:4ea%9
SiteName                   : Site1
SyncFromAllServersCallback :
InboundConnections         : {CSDC1}
OutboundConnections        : {DC02}
Name                       : DC02.Manticore.org
Partitions                 : {DC=Manticore,DC=org, CN=Configuration,DC=Manticore,DC=org, CN=Schema,CN=Configuration,DC=
                             Manticore,DC=org, DC=DomainDnsZones,DC=Manticore,DC=org…}

What it doesn’t show by default is the global catalog status of the domain controllers.  We can discover that by looking at the domaincontrollers property of the domain object.  It actually returns a collection of domain controller objects so all we need to do is

$dom.DomainControllers | foreach { "{0}  Global Catalog = {1}" -f $_.Name, $_.IsGlobalCatalog() }

Take the domain controllers and pipe it into a foreach.  We can then use a fomatted string to display the domain controller and whether is is a global catalog server as well.

Other methods available on the domain object include

CreateLocalSideOfTrustRelationship
CreateTrustRelationship
DeleteLocalSideOfTrustRelationship
DeleteTrustRelationship
FindAllDiscoverableDomainControllers
FindAllDomainControllers
FindDomainController
GetAllTrustRelationships
GetDirectoryEntry
GetSelectiveAuthenticationStatus
GetSidFilteringStatus
GetTrustRelationship
RaiseDomainFunctionality
RepairTrustRelationship
SetSelectiveAuthenticationStatus
SetSidFilteringStatus
UpdateLocalSideOfTrustRelationship
UpdateTrustRelationship
VerifyOutboundTrustRelationship
VerifyTrustRelationship

Notice how many are concerned with trust relationships.  Having dipped into the domain object next up on our tour is the domain controller

 

Technorati Tags: ,

About these ads
This entry was posted in PowerShell and Active Directory. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s