none
Finding the DN of the the domain without AD-module in powershell

    Question

  • Hiya!

    I want this script to be compatible with domains that only have 2003 domain controllers, so no AD-modules!

    So i want to find the distinguished name of the domain im logged into, like:

    dc=company,dc=com

    in powershell. i tried googling but everyone is just looking for much more complex stuff so this easy thing is just hard to find. 

    Right now im doing it in batch with

    systeminfo | findstr /B /C:”Domain"

    but handling that string makes my script look like a rollercoaster with the number of loops i have to do.

    Anyone got an easy answer to this?

    Tuesday, April 10, 2012 8:05 AM

Answers

All replies

  • Yes this can be done using the [ADSI] and [ADSISearcher] accelerators in PowerShell:

    $Root = [ADSI]"LDAP://RootDSE"
    $oForestConfig = $Root.Get("configurationNamingContext")
    $oSearchRoot = [ADSI]("LDAP://CN=Partitions," + $oForestConfig)
    $AdSearcher = [adsisearcher]"(&(objectcategory=crossref)(netbiosname=*))"
    $AdSearcher.SearchRoot = $oSearchRoot
    $domains = $AdSearcher.FindAll()
    $domains | select -expandproperty path

    http://blog.tyang.org/2011/08/05/powershell-function-get-alldomains-in-a-forest/

    Tuesday, April 10, 2012 8:47 AM
    Moderator
  • Well... the output is not what i wanted. Why does it add CN's? i only want the DC= output from that.

    If i wanted to do a ldap query and then clean it up i could have, but i want to get the DN of the domain, without cleaning up the output.(if its possible)


    • Edited by Plindgren Tuesday, April 10, 2012 9:16 AM misstype
    Tuesday, April 10, 2012 9:16 AM
  • Found it!

    $Root = [ADSI]"LDAP://RootDSE"
    $Domain = $Root.Get("rootDomainNamingContext")
    $Domain


    Thanks for the help tho! it helped out!

    • Marked as answer by Plindgren Tuesday, April 10, 2012 10:01 AM
    Tuesday, April 10, 2012 10:00 AM
  • how about this?

    $Root = [ADSI]"LDAP://RootDSE"
    $Root.rootDomainNamingContext

    or maybe scripts here could help you

    http://www.windowsitpro.com/article/domains2/how-can-i-determine-which-domain-is-the-forest-root-domain-

    • Marked as answer by Plindgren Tuesday, April 10, 2012 11:12 AM
    Tuesday, April 10, 2012 10:06 AM
  • C'mon everybody.  It is so much easier than all of that,  Remember! This is PowerShell.

    Try this:

    ([adsi]'').distinguishedName

    That's all you need.  Nothing more.

    Just remember that all ADSI in Net Framework is defaulted to teh current domain.  There is never a need to set it  like in VBScript.  Just use the objects and they will all be defualted to the most commong and most useful values.

    [adsi]'' - gets the currect domain root.

    [adsisearcher]'' gets the searcher.

    ([adsisearcher]'objectCategory=user').FindAll()

    ([adsisearcher]'samAccountName=john smith').FindOne()  #search for one user by samname

    Study and learn this as it is very quick and easy to use.


    ¯\_(ツ)_/¯


    Tuesday, April 10, 2012 11:14 AM
  • Cool, I like how short your command is jrv. So going from there if Plindgren is looking for the friendly name you could replace the DC= and commas to get the correct formatting as such:

    ([adsi]'').distinguishedname -replace "DC=","" -replace ",","."
    Or would you convert that another way?

    Tuesday, April 10, 2012 11:28 AM
    Moderator
  • Friendly name is even shorter.

    $env:userdomain

    ([adsi]'').name[0]

    What you have created is called the dnsName which was not what was asked for.

    This: systeminfo | findstr /B /C:"Domain"

    returns the 'friendly' or domain its or its NetBios name.


    ¯\_(ツ)_/¯

    Tuesday, April 10, 2012 2:22 PM
  • Perhaps the simpler:

    <b>(Get-WmiObject Win32_ComputerSystem).Domain</b>

    No conversions or additional parsing necessary. Note this will also return the Workgroup for non-domain joined systems just like the original <b>systeminfo</b> call.

    Tuesday, April 08, 2014 2:26 PM
  • Perhaps the simpler:

    <b>(Get-WmiObject Win32_ComputerSystem).Domain</b>

    No conversions or additional parsing necessary. Note this will also return the Workgroup for non-domain joined systems just like the original <b>systeminfo</b> call.


    The DN of a domain is not the NetBIOS Domain name.  It is the LDAP "DistingioshedName".  WMI does not use this in this class.

    ¯\_(ツ)_/¯

    Tuesday, April 08, 2014 3:57 PM
  • awesome info! but fyi, your last has a type in

    adsiseracher

    should be

    adsisearcher

    example with wildcard:

    ([adsisearcher]'samAccountName=tilo*').FindOne()

    • Edited by TSO Monday, March 19, 2018 8:59 PM add example
    Monday, March 19, 2018 8:58 PM
  • Fixed.  Thank you.

    \_(ツ)_/

    Monday, March 19, 2018 9:28 PM