locked
Finding the DN of the the domain without AD-module in powershell RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    1
    Sign in to vote

    Hiya!

    I want this script to be compatible with domains that only have 2003 domain controllers, so no AD-modules!

    So i want to find the distinguished name of the domain im logged into, like:

    dc=company,dc=com

    in powershell. i tried googling but everyone is just looking for much more complex stuff so this easy thing is just hard to find. 

    Right now im doing it in batch with 

    systeminfo | findstr /B /C:”Domain"

    but handling that string makes my script look like a rollercoaster with the number of loops i have to do.

    Anyone got an easy answer to this?

    Tuesday, April 10, 2012 8:05 AM

Answers

All replies

  • Question
    Sign in to vote
    2
    Sign in to vote

    Yes this can be done using the [ADSI] and [ADSISearcher] accelerators in PowerShell:

    $Root = [ADSI]"LDAP://RootDSE"
$oForestConfig = $Root.Get("configurationNamingContext")
$oSearchRoot = [ADSI]("LDAP://CN=Partitions," + $oForestConfig)
$AdSearcher = [adsisearcher]"(&(objectcategory=crossref)(netbiosname=*))"
$AdSearcher.SearchRoot = $oSearchRoot
$domains = $AdSearcher.FindAll()
$domains | select -expandproperty path

    http://blog.tyang.org/2011/08/05/powershell-function-get-alldomains-in-a-forest/

    Tuesday, April 10, 2012 8:47 AM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Well... the output is not what i wanted. Why does it add CN's? i only want the DC= output from that.

    If i wanted to do a ldap query and then clean it up i could have, but i want to get the DN of the domain, without cleaning up the output.(if its possible)


    • Edited by Plindgren Tuesday, April 10, 2012 9:16 AM misstype
    Tuesday, April 10, 2012 9:16 AM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Found it!

    $Root = [ADSI]"LDAP://RootDSE"
    $Domain = $Root.Get("rootDomainNamingContext")
    $Domain

    Thanks for the help tho! it helped out!

    • Marked as answer by Plindgren Tuesday, April 10, 2012 10:01 AM
    Tuesday, April 10, 2012 10:00 AM
  • Question
    Sign in to vote
    1
    Sign in to vote

    how about this?

    $Root = [ADSI]"LDAP://RootDSE"
$Root.rootDomainNamingContext

    or maybe scripts here could help you

    http://www.windowsitpro.com/article/domains2/how-can-i-determine-which-domain-is-the-forest-root-domain-

    • Marked as answer by Plindgren Tuesday, April 10, 2012 11:12 AM
    Tuesday, April 10, 2012 10:06 AM
  • Question
    Sign in to vote
    4
    Sign in to vote

    C'mon everybody.  It is so much easier than all of that,  Remember! This is PowerShell.

    Try this:

    ([adsi]'').distinguishedName

    That's all you need.  Nothing more.

    Just remember that all ADSI in Net Framework is defaulted to teh current domain.  There is never a need to set it  like in VBScript.  Just use the objects and they will all be defualted to the most commong and most useful values.

    [adsi]'' - gets the currect domain root.

    [adsisearcher]'' gets the searcher.

    ([adsisearcher]'objectCategory=user').FindAll()

    ([adsisearcher]'samAccountName=john smith').FindOne()  #search for one user by samname

    Study and learn this as it is very quick and easy to use.

    ¯\_(ツ)_/¯


    • Proposed as answer by Jaap BrasserMVP Tuesday, April 10, 2012 11:28 AM
    • Edited by jrv Monday, March 19, 2018 9:28 PM
    Tuesday, April 10, 2012 11:14 AM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Cool, I like how short your command is jrv. So going from there if Plindgren is looking for the friendly name you could replace the DC= and commas to get the correct formatting as such:

    ([adsi]'').distinguishedname -replace "DC=","" -replace ",","."
    Or would you convert that another way?

    Tuesday, April 10, 2012 11:28 AM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Friendly name is even shorter.

    $env:userdomain

    ([adsi]'').name[0]

    What you have created is called the dnsName which was not what was asked for.

    This: systeminfo | findstr /B /C:"Domain"

    returns the 'friendly' or domain its or its NetBios name.

    ¯\_(ツ)_/¯

    Tuesday, April 10, 2012 2:22 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Perhaps the simpler:

    <b>(Get-WmiObject Win32_ComputerSystem).Domain</b>

    No conversions or additional parsing necessary. Note this will also return the Workgroup for non-domain joined systems just like the original <b>systeminfo</b> call.

    Tuesday, April 8, 2014 2:26 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Perhaps the simpler:

    <b>(Get-WmiObject Win32_ComputerSystem).Domain</b>

    No conversions or additional parsing necessary. Note this will also return the Workgroup for non-domain joined systems just like the original <b>systeminfo</b> call.


    The DN of a domain is not the NetBIOS Domain name.  It is the LDAP "DistingioshedName".  WMI does not use this in this class.

    ¯\_(ツ)_/¯

    Tuesday, April 8, 2014 3:57 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    awesome info! but fyi, your last has a type in

    adsiseracher

    should be

    adsisearcher

    example with wildcard:

    ([adsisearcher]'samAccountName=tilo*').FindOne()

    • Edited by TSO Monday, March 19, 2018 8:59 PM add example
    Monday, March 19, 2018 8:58 PM
  • Question
    Sign in to vote
    0
    Sign in to vote
    Fixed.  Thank you.

    \_(ツ)_/

    Monday, March 19, 2018 9:28 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Instead of parsing the distinguished name, you can just add one more line to @Jaap reply:

    ($domains | select -expandproperty Properties).dnsroot

    Study all of the Properties, and pick the one you want:

    $domains | select -expandproperty Properties
    <pre><br>
Name                           Value
----                           -----
objectversion                  {2}
usnchanged                     {18550}
showinadvancedviewonly         {True}
whencreated                    {12/25/1864 3:55:35 AM}
msds-behavior-version          {6}
instancetype                   {4}
dnsroot                        {somedomain.com}
netbiosname                    {SOMEDOMAIN}
ntmixeddomain                  {0}
objectclass                    {top, crossRef}
whenchanged                    {12/4/2019 12:52:38 PM}
objectguid                     {12 123 123 1 12 123 123 12 123 12 123 12 12 123 12 123}
cn                             {SOMEDOMAIN}
adspath                        {LDAP://CN=SOMEDOMAIN,CN=Partitions,CN=Configuration,DC=somedomain,DC=com}
usncreated                     {18550}
distinguishedname              {CN=SOMEDOMAIN,CN=Partitions,CN=Configuration,DC=somedomain,DC=com}
objectcategory                 {CN=Cross-Ref,CN=Schema,CN=Configuration,DC=somedomain,DC=com}
ncname                         {DC=SOMEDOMAIN,DC=com}
systemflags                    {3}
dscorepropagationdata          {4/4/1492 9:38:31 AM, 1/1/1601 12:00:00 AM}
name                           {SOMEDOMAIN}
<br>
</pre>


    • Edited by Phreud Wednesday, April 24, 2019 10:40 PM
    Wednesday, April 24, 2019 10:29 PM
  • Question
    Sign in to vote
    0
    Sign in to vote
    Perfect!

    Ashok

    • Proposed as answer by Ashok Gopalan Monday, September 30, 2019 11:25 PM
    Monday, September 30, 2019 11:25 PM