Windows OS Hub
  • Windows
    • Windows 11
    • Windows Server 2022
    • Windows 10
    • Windows Server 2019
    • Windows Server 2016
  • Microsoft
    • Active Directory (AD DS)
    • Group Policies (GPOs)
    • Exchange Server
    • Azure and Microsoft 365
    • Microsoft Office
  • Virtualization
    • VMware
    • Hyper-V
  • PowerShell
  • Linux
  • Home
  • About

Windows OS Hub

  • Windows
    • Windows 11
    • Windows Server 2022
    • Windows 10
    • Windows Server 2019
    • Windows Server 2016
  • Microsoft
    • Active Directory (AD DS)
    • Group Policies (GPOs)
    • Exchange Server
    • Azure and Microsoft 365
    • Microsoft Office
  • Virtualization
    • VMware
    • Hyper-V
  • PowerShell
  • Linux

 Windows OS Hub / Active Directory / Get-ADDomainController: Getting Domain Controllers Info via PowerShell

July 8, 2022

Get-ADDomainController: Getting Domain Controllers Info via PowerShell

You can use the Get-ADDomainController PowerShell cmdlet to get information about the domain controllers in Active Directory. This cmdlet is a part of PowerShell Active Directory module and requires RSAT installation (onWindows 10 1809 and newer RSAT is installed in a different way).

Contents:
  • Get-ADDomainController Cmdlet
  • Using Get-ADDomainController to Find Domain Controllers By Certain Criteria
  • PowerShell Script to Check Availability of All Domain Controllers

Get-ADDomainController Cmdlet

When running Get-ADDomainController without any parameters, the cmdlet displays the information about the current domain controller (LogonServer) used by this computer to get authenticated (the DC is selected according to the AD site an IP subnets topology).

Get-ADDomainController - get full DC info via powershell

The cmdlet returned all fields with the information about the domain controller available in Active Directory database.

ComputerObjectDN : CN=MunDC01,OU=Domain Controllers,DC=corp,DC=woshub,DC=com
DefaultPartition : DC=corp,DC= woshub,DC=com
Domain : corp.woshub.com
Enabled : True
Forest : woshub.com
HostName : MunDC01.corp.woshub.com
InvocationId : 921234a-2a32-4312-9e12-3b32343ab4ad
IPv4Address : 192.168.1.6
IPv6Address :
IsGlobalCatalog : True
IsReadOnly : False
LdapPort : 389
Name : MunDC01
NTDSSettingsObjectDN : CN=NTDS Settings,CN=MunDC01,CN=Servers,CN=DE,CN=Sites,CN=Configuration,DC=woshub,DC=com
OperatingSystem : Windows Server 2012 R2 Standard
OperatingSystemHotfix :
OperatingSystemServicePack :
OperatingSystemVersion : 6.3 (9600)
OperationMasterRoles : {}
Partitions : {DC=ForestDnsZones,DC=woshub,DC=com, DC=DomainDnsZones,DC=corp,DC=woshub,DC=com, CN=Schema,CN=Configuration,DC=woshub,DC=com...}
ServerObjectDN : CN=MunDC01,CN=Servers,CN=DE,CN=Sites,CN=Configuration,DC=woshub,DC=com
ServerObjectGuid : 8123453-e294-1234-a987-1234535432d6
Site : DE
SslPort : 636

Also, you can find the domain controller, to which your computer should belong via the DCLocator service:

Get-ADDomainController –Discover

You can find the closest available DC with the active AD Web Services role:

Get-ADDomainController –ForceDiscover -Discover -Service ADWS

You can use the Service parameter to find the PDC (or other FSMO role) in your domain:

Get-ADDomainController -Discover -Service PrimaryDC

If your domain controller is not found or not responding, you can find the domain controller on the closest AD site (determined by the weight of intersite links):

Get-ADDomainController –Discover –ForceDiscover -NextClosestSite

To display the list of all domain controllers in the current domain, run this command:

Get-ADDomainController -Filter * | ft

list all DCs in AD using powershell

Using this command, you can count the number of domain controllers in AD:

Get-ADDomainController -Filter * | Measure-Object

get domain controller number in ad

You can display a more convenient table showing all domain controllers, their host names, IP addresses, OS versions and AD site names:

Get-ADDomainController -Filter *| Select Name, ipv4Address, OperatingSystem, site | Sort-Object name

Get-ADDomainController list all domain controllers with operation system info

If you want to get some information about a DC from another domain, specify the name of any available DC in another domain using the –Server parameter (it is possible in case of enabling trust relationships between the domains).

Get-ADDomainController -Filter * -server dc01.test.com | Select Name, ipv4Address, IsGlobalCatalog, Site

get DC info from another domain

Using Get-ADDomainController to Find Domain Controllers By Certain Criteria

Let’s consider some useful commands you can use to get the list of domain controllers in AD according to certain criteria.

To find a domain controller by its IP address:

Get-ADDomainController -Identity "192.168.100.6"

To find all DCs that have DC02 in their names:

Get-ADDomainController -Filter {name -like "*dc02*"} | Select Name, ipv4Address, OperatingSystem, site

To find all available DCs on the specific site:

Get-ADDomainController -Discover -ForceDiscover -Site "Site-Name"

To display the list of DCs on the sites, which names begin from Mun*:

Get-ADDomainController -Filter {site -like "Mun*"} | Select Name, ipv4Address, OperatingSystem, site

To display the list of all Read Only domain controllers (RODCs):

Get-ADDomainController -Filter {IsReadOnly -eq $true} | Select Name, ipv4Address, OperatingSystem, site

To find DCs on the “Rome” site with the Global Catalog role enabled:

Get-ADDomainController -Filter {site -eq "Rome" -and IsGlobalCatalog -eq $true} | Select Name, ipv4Address, OperatingSystem, site

PowerShell Script to Check Availability of All Domain Controllers

The next PowerShell script allows to check your domain controllers one-by-one and perform the specific action for each of them:

$DCs = Get-ADDomainController -Filter *
ForEach($DC in $DCs)
{
do something
}

Here is an example of a simple PowerShell script that checks the availability of the LDAPS port (TCP 636) on each DC in your domain using the Test-NetConnection cmdlet. If the LDAPS port is not available, a warning will appear.

$DCs = Get-ADDomainController -Filter * | Select-Object Hostname,Ipv4address,isGlobalCatalog,Site,Forest,OperatingSystem
ForEach($DC in $DCs)
{
$PortResult=Test-NetConnection -ComputerName $DC.Hostname -Port 636 -InformationLevel Quiet
if ($PortResult -ne "$True"){
write-host $DC.Hostname " not available" -BackgroundColor Red -ForegroundColor White
}else {
write-host $DC.Hostname " available" -BackgroundColor Green -ForegroundColor White}
}

powershell script to check the reachability of all Domain Controllers

We have got a simple script to monitor all DCs availability in your domain.

There are also different scenarios to check all DCs in the domain one-by-one. In previous articles we have shown how to use Get-ADDomainController cmdlet to find the specific event in the logs on all domain controllers. For example, to find a user account lockout events, NTLMv1 authentication events, events of adding a user to an AD security group, etc.

1 comment
12
Facebook Twitter Google + Pinterest
Active DirectoryPowerShell
previous post
How to Configure MariaDB Master-Master/Slave Replication
next post
Managing Windows Server Roles & Features with PowerShell

Related Reading

How to Refresh (Update) Group Policy Settings on...

August 13, 2024

Repairing the Domain Trust Relationship Between Workstation and...

May 16, 2024

Backing Up Active Directory with Windows Server Backup

November 26, 2024

Unable to Access SYSVOL and NETLOGON folders from...

May 10, 2023

Configuring Password Policy in Active Directory Domain

March 12, 2024

Generating Strong Random Password with PowerShell

January 31, 2020

Configuring Proxy Settings on Windows Using Group Policy...

February 27, 2023

How to Find Inactive Computers and Users in...

March 11, 2024

1 comment

Jumar Picardal May 18, 2021 - 9:58 am

Hi Admin,

Thanks a lot for this. Finally, I get the code I needed to check if the status of the Domain Controller is Active or Unavailable. I can only see that thru AD “Change Domain Server” but now with this “Test-NetConnection -ComputerName $DC.Hostname -Port 636” I can check the status via powershell. Thank you so much!

Reply

Leave a Comment Cancel Reply

join us telegram channel https://t.me/woshub
Join WindowsHub Telegram channel to get the latest updates!

Recent Posts

  • Map a Network Drive over SSH (SSHFS) in Windows

    May 13, 2025
  • Configure NTP Time Source for Active Directory Domain

    May 6, 2025
  • Cannot Install Network Adapter Drivers on Windows Server

    April 29, 2025
  • Change BIOS from Legacy to UEFI without Reinstalling Windows

    April 21, 2025
  • How to Prefer IPv4 over IPv6 in Windows Networks

    April 9, 2025
  • Load Drivers from WinPE or Recovery CMD

    March 26, 2025
  • How to Block Common (Weak) Passwords in Active Directory

    March 25, 2025
  • Fix: The referenced assembly could not be found error (0x80073701) on Windows

    March 17, 2025
  • Exclude a Specific User or Computer from Group Policy

    March 12, 2025
  • AD Domain Join: Computer Account Re-use Blocked

    March 11, 2025

Follow us

  • Facebook
  • Twitter
  • Telegram
Popular Posts
  • Get-ADUser: Find Active Directory User Info with PowerShell
  • Configuring Proxy Settings on Windows Using Group Policy Preferences
  • Using WMI Filters to Target Group Policies in Active Directory
  • Set Desktop Wallpaper and Logon Screen Background via Group Policy
  • Using Managed Service Accounts (MSA and gMSA) in Active Directory
  • How to Set a User Thumbnail Photo in Active Directory
  • Restoring Active Directory Domain Controller from a Backup
Footer Logo

@2014 - 2024 - Windows OS Hub. All about operating systems for sysadmins


Back To Top