Gets one or more AD domain controllers based on discoverable services criteria, search parameters or by providing a domain controller identifier.
Syntax
Get-ADDomainController [[-Identity] ADDomainController]
[-Credential PSCredential] [-Server string]
[-AuthType {Negotiate | Basic}] [CommonParameters]
Get-ADDomainController -Discover [-AvoidSelf] [-DomainName string]
[-ForceDiscover] [-MinimumDirectoryServiceVersion {Windows2000 | Windows2008}]
[-NextClosestSite string] [-Service ADDiscoverableService[]]
[-SiteName string] [-Writable ]
[-AuthType {Negotiate | Basic}] [CommonParameters]
Get-ADDomainController -Filter string [-Credential PSCredential]
[-Server string] [-AuthType {Negotiate | Basic}] [CommonParameters]
Key
-AuthType {Negotiate | Basic}
The authentication method to use: Negotiate (or 0), Basic (or 1)
A Secure Sockets Layer (SSL) connection is required for Basic authentication.
-AvoidSelf
Don't return the current computer as a domain controller.
If the current computer is not a domain controller, this parameter is ignored.
Specify this parameter to get the name of another domain controller in the domain.
-Credential PSCredential
The user account credentials to use to perform this task.
The default credentials are those of the currently logged on user unless the
cmdlet is run from an Active Directory PowerShell provider drive.
If the cmdlet is run from such a provider drive, the account associated with the drive is the default.
Type a user name, such as "User64" or "Domain64\User64" or specify a
PSCredential object such as one generated by Get-Credential
If a user name is specified, the cmdlet will prompt for a password.
-Discover
Return a discoverable domain controller that meets the conditions specified by the
cmdlet parameters. To get a domain controller by using the discovery mechanism of
DCLocator, use -Discover. This parameter also requires search criteria to be set by
setting parameters such as Service, SiteName, DomainName, NextClosestSite, AvoidSelf, and ForceDiscover.
e.g. To get a live DC that has Web Services enabled in a specific site with name "RODC-Site"
Get-ADDomainController -Discover -Services ADWS -SiteName RODC-Site
-DomainName string
The domain to search.
The cmdlet locates a discoverable domain controller in this domain.
Specify the domain with the NetBIOS name or Fully Qualified Domain Name (FQDN) of the domain.
-Filter string
A query string that retrieves Active Directory objects.
This string uses the PowerShell Expression Language syntax:
filter ::= "{" FilterComponentList"}"
FilterComponentList ::= FilterComponent | FilterComponent JoinOperator FilterComponent | NotOperator FilterComponent
FilterComponent ::= attr FilterOperator value | "(" FilterComponent")"
FilterOperator ::= "-eq" | "-le" | "-ge" | "-ne" | "-lt" | "-gt"| "-approx" | "-bor" | "-band" | "-recursivematch" | "-like" | "-notlike"
JoinOperator ::= "-and" | "-or"
NotOperator ::= "-not"
attr ::= PropertyName | LDAPDisplayName_of_the_attribute
value::= <compare this value with an attr by using the specified FilterOperator>
-ForceDiscover
Force the cmdlet to clear any cached domain controller information and perform a new discovery.
If this parameter is not specified the cmdlet may return cached domain controller information.
-Identity ADDomainController
An AD Domain Controller object.
The identity may also be given as a DNS Host Name, GUID, IPV4Address, Global IPV6Address,
Name of the server object or DN of the NTDS Settings object.
The cmdlet searches the default naming context or partition to find the object.
If two or more objects are found, the cmdlet returns a non-terminating error.
The ADDomainController object may also be passed through the pipeline or set via a variable.
-MinimumDirectoryServiceVersion ADMinimumDirectoryServiceVersion
When getting a DC using -Discover, only return DCs that are are running this OS or later:
Possible values:
Windows2000 or 1
Windows2008 or 2
-NextClosestSite
Return a domain controller in the next closest site when a domain controller is not found
in the site that contains the client. The next closest site is the site with the lowest site
link cost with respect to the current site.
Costs between sites are based on factors such as bandwidth, as well as physical proximity.
-Server string
The AD Domain Services instance to connect to, this may be a Fully qualified domain name,
NetBIOS name, Fully qualified directory server name (with or without port number)
-Service ADDiscoverableService[]
The types of domain controllers to get.
More than one type may be specified by using a comma-separated list.
Possible values:
PrimaryDC or 1
GlobalCatalog or 2
KDC or 3
TimeService or 4
ReliableTimeService or 5
ADWS or 6
Example showing how to get a live DC that has Web Services enabled:
Get-ADDomainController -Discover -Services ADWS
-SiteName string
The name of a site to search in to find the domain controller.
If this parameter is not set, the cmdlet searches for domain controllers in the
same site as the client. The name of the site is defined by the Name property of the site object.
The following example shows how to use this parameter to specify a site.
-SiteName "SS64"
-Writable
Return only read/write domain controllers.
CommonParameters:
-Verbose, -Debug, -ErrorAction, -ErrorVariable, -WarningAction, -WarningVariable,
-OutBuffer -OutVariable.
Get-ADDomainController gets the domain controllers specified by the -Identity, -Filter or -Discover parameters.
The -Identity parameter specifies the domain controller to get. Identify a domain controller by its GUID, IP
V4Address, global IPV6Address, or DNS host name. You can also identify a domain controller by the name of the server object that represents the domain controller, the Distinguished Name (DN) of the NTDS settings object or the server object, the GUID of the NTDS settings object or the server object under the configuration partition, or the DN of the computer object that represents the domain controller. You can also set the Identity parameter to an object variable or through the pipeline.
To search for and retrieve more than one domain controller, use the -Filter parameter. The Filter parameter uses the
PowerShell Expression Language to write query strings for Active Directory. For more information see about_ActiveDirectory_Filter.
You cannot use an LDAP query string with this cmdlet.
To get a domain controller by using the discovery mechanism of DCLocator, use the -Discover parameter.
Examples
Get the domain controller in the user's current session (the current default).
PS C:\> Get-ADDomainController
Get a domain controller using its IP address:
PS C:\> Get-ADDomainController -Identity "10.5.12.64"
Get one available DC in a given site using Discovery:
PS C:\> Get-ADDomainController -Discover -Site "SS64"
Get a global catalog in the current forest using Discovery:
PS C:\> Get-ADDomainController -Discover -Service "GlobalCatalog"
Get all read only DC's:
PS C:\> Get-ADDomainController -filter {isreadonly -eq $true}
Get all ROGCs in the child domain to which the client is connected:
PS C:\> Get-ADDomainController -Server "research.SS64.com" -Filter { isGlobalCatalog -eq $true -and isReadOnly -eq $true }
“Being powerful is like being a lady. If you have to tell people you are, you aren't” ~ Margaret Thatcher
Related PowerShell Cmdlets:
Set-adDomain - Modify an AD domain.
Set-adDomainMode - Set the domain functional level for an AD domain.