none
Checking against multiple domains RRS feed

  • Question

  • Hi all

    The script below works perfectly fine, but I feel there is a better way to write it/condense it. We have a list of nearly 2,800 servers that we have to confirm which of the 8 domains they belong to. When I run this script from the root domain it checks against that domain and, if not a part of the root domain, then moves onto the first child domain, and then the next child domain, and so on.

    -----------------------------------------------------------

    $servers = Get-Content c:\scripts\servers.txt
    foreach ($server in $servers){

      If (test-connection $server){

           write-host "Checking which domain $server is part of..."
           try {
                $a = Get-ADComputer -Identity $server
                Write-Host "$server is member of rootdomain"
               }

           catch [Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException] {

                 try {
                      $a = Get-ADComputer -Identity $server -server childdomain1
                      Write-Host "$server is member of childdomain1"
                     }

                 catch [Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException] {

                      try {
                           $a = Get-ADComputer -Identity $server -server childdomain2
                           Write-Host "$server is member of childdomain2"
                          }

                      catch [Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException]{

                           try {
                                $a = Get-ADComputer -Identity $server -server childdomain3
                                Write-Host "$server is member of childdomain3"
                               }

                           catch [Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException]{

                                   Write-Host "$server not found on any domain"
                               }
                       }
                 } 
           }

      }Else{
            Write-Host "$server not responding"
           }
    }

    -------------------------------------------------------

    That's a lot of Try/Catch when you have 7 child domains, so I was wondering if there was a way to check against multiple domains in a better way.

    ~Rick

    Monday, November 3, 2014 6:15 PM

Answers

  • This gets the computer and the domain from the GC.  Adjust as needed:

    if($c=Get-AdComputer $server -ea 0 -server <GCServer:3268>){
         $x=$c.DistinguishedName.Split(',')
         Write-Host "found $server in $x[-3]" -Fore  green
    }else{
        Write-Host "$server not found"
    }


    ¯\_(ツ)_/¯

    • Marked as answer by Rick Armacost Tuesday, November 4, 2014 7:24 PM
    Monday, November 3, 2014 9:52 PM

All replies

  • You are doing this backwards and it will be very slow.

    Get a list of all computers in the forest and make a simple object list thenmatch it.

    $computers=Get-AdComputer -filter * -server <GC server>|select name, dnsDomain

    Now just check the list against the computer list.

    Simple and much  faster.


    ¯\_(ツ)_/¯

    Monday, November 3, 2014 7:04 PM
  • While the method you suggest is easier if the list was flat, the list I am using is dynamic and the script will run against it every night. Essentially, it pulls from an XLS sheet in column A (hostname), looks to see if column B (domain) is empty, and if it is empty it then runs the script to pull specific details about the server. Once it captures the info it then populates the spreadsheet with the required details (IP, # of CPU cores, memory, storage size, OS, service pack, DNS details, etc...).

    Unfortunately we don't have SCCM to do something like this. The portion I copied above is just a small snip-it from the real script. I was hoping to simplify that portion so I could condense the script a little more.

    Monday, November 3, 2014 9:09 PM
  • Get the server from the global catalog server.  If it is in any domain it will be there.  If it isn't there is  not in any domain.

    if($c=Get-AdComputer $server -ea 0 -server <GCServer:3268>){
         Write-Host 'found server in domain'
    }else{
        Write-Host 'Server not found
    }


    ¯\_(ツ)_/¯




    • Edited by jrv Monday, November 3, 2014 9:42 PM
    Monday, November 3, 2014 9:31 PM
  • Sorry - I hadn't done that for a bit.  The code is fixed.  just get the domain from the DNSHostName


    ¯\_(ツ)_/¯

    Monday, November 3, 2014 9:43 PM
  • This gets the computer and the domain from the GC.  Adjust as needed:

    if($c=Get-AdComputer $server -ea 0 -server <GCServer:3268>){
         $x=$c.DistinguishedName.Split(',')
         Write-Host "found $server in $x[-3]" -Fore  green
    }else{
        Write-Host "$server not found"
    }


    ¯\_(ツ)_/¯

    • Marked as answer by Rick Armacost Tuesday, November 4, 2014 7:24 PM
    Monday, November 3, 2014 9:52 PM
  • Also you method is dog slow because exceptions talk a long time to unwind and you are cascading exception.

    My method only throws an exception for servers that don't exist anywhere in the forest.


    ¯\_(ツ)_/¯

    Monday, November 3, 2014 9:54 PM
  • I'm not sure what the [-3] is supposed to do, but when I remove it I get the results I am looking for.

    Thanks...

    Tuesday, November 4, 2014 7:24 PM
  • I'm not sure what the [-3] is supposed to do, but when I remove it I get the results I am looking for.

    Thanks...

    Third element from the bottom of the array.

    dc=subdomain,dc=domain,dc=com

    If you want all of it then just don't split the string.


    ¯\_(ツ)_/¯

    Tuesday, November 4, 2014 8:20 PM