Get list of AD bridgehead servers remotely from a non-domain joined workstation RRS feed

  • Question

  • So I'm working on a powershell script that can be a discovery method to assist small business, etc.

    If I'm on a domain joined PC, I know I can do the following to get a list of the bridgehead servers:

    $Sites = [System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest().Sites            

    But if I'm on a non-domain joined PC, I'm having a hard time figuring out how I can run this command and be able to specify credentials, forest/domain name, etc.  I can't seem to find a way of using Get-ADForest, etc to get this data either.

    Wednesday, March 20, 2019 9:50 PM


  • You can't if the system you are on is not allowed to connect to AD using other than Kerberos.

    This is how to use your command.


    This command only uses the current AD authentication available.

    You can also do this:

    $forest = Get-AdForest -Server <adserver> -Credential <yourid>


    Wednesday, March 20, 2019 10:33 PM