Use powershell to figure out which dpm server is protecting the server RRS feed

  • Question

  • Hello all,

    How can we write powershell script that can retrieve which dpm server is protecting a particular server?


    Thursday, November 21, 2013 4:10 PM

All replies

  • This works for me and should get you started. Substitute the protected server name where you see the XXXX:

    ([ADSI]"WinNT://XXXX/DPMRADmTrustedMachines,group").psbase.Invoke("Members") | ForEach-Object { $_.GetType().InvokeMember("Name", 'GetProperty', $null, $_, $null) }

    Basically this returns the contents of the local security group "DPMRADmTrustedMachines" which should be the DPM server protecting this server.

    There may be a more elegant way to enumerate local security groups of remote servers with powershell but this is the method I've used in the past.

    It wouldn't be too hard to extend this to scan AD for server objects and gather details for all servers in your domain.

    • Proposed as answer by Rod Savard Thursday, November 21, 2013 9:12 PM
    Thursday, November 21, 2013 8:20 PM
  • Hi

    Thank you for the mini challenge.

    There are always more than one way to skin a cat so I decided to retrieve the configuration from the remote registry, convert it to XML and now you can query all configuration nodes.

    $ComputerName = "insert-computer-name"
    $Reg = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey('LocalMachine', $ComputerName)
    $RegKey= $Reg.OpenSubKey("SOFTWARE\\Microsoft\\Microsoft Data Protection Manager\\Agent\\2.0")
    $DPMConfig = $RegKey.GetValue("configuration")
    [xml]$DPMXML = [System.Text.Encoding]::ASCII.GetString($DPMConfig)-replace '\x00',''

    you may need to change the agent value in the $RegKey to reflect your version.


    Don't forget to Vote


    • Proposed as answer by RH Tech Thursday, November 21, 2013 10:32 PM
    Thursday, November 21, 2013 10:29 PM
  • Agree on using registry key, as that local group doesn't help for GC/DC's.

    Seth Cohen

    Friday, November 22, 2013 1:15 PM
  • Very good.  Agree that the Registry is better.  When I saw this question I first looked in the Registry and didn't spot the DPM server name, but I didn't look at the binary values.
    Friday, November 22, 2013 4:58 PM