Get an Active Directory forest.
Syntax
Get-ADForest [-Current {LocalComputer | LoggedOnUser}]
[-AuthType {Negotiate | Basic}] [-Credential PSCredential]
[-Server string] [CommonParameters]
Get-ADForest [-Identity] ADForest
[-AuthType {Negotiate | Basic}] [-Credential PSCredential]
[-Server string] [CommonParameters]
Key
-AuthType {Negotiate | Basic}
The authentication method to use: Negotiate (or 0), Basic (or 1)
A Secure Sockets Layer (SSL) connection is required for Basic authentication.
-Credential PSCredential
The user account credentials to use to perform this task.
The default credentials are those of the currently logged on user unless the
cmdlet is run from an Active Directory PowerShell provider drive.
If the cmdlet is run from such a provider drive, the account associated with the drive is the default.
Type a user name, such as "User64" or "Domain64\User64" or specify a
PSCredential object such as one generated by Get-Credential
If a user name is specified, the cmdlet will prompt for a password.
-Current ADCurrentForestType
Whether to return the domain of the local computer or the current logged on user (CLU).
Possible values:
LocalComputer or 0
LoggedOnUser or 1
-Discover
Return a discoverable domain controller that meets the conditions specified by the
cmdlet parameters. To get a domain controller by using the discovery mechanism of
DCLocator, use -Discover. This parameter also requires search criteria to be set by
setting parameters such as Service, SiteName, DomainName, NextClosestSite, AvoidSelf, and ForceDiscover.
e.g. To get a live DC that has Web Services enabled in a specific site with name "RODC-Site"
Get-ADDomainController -Discover -Services ADWS -SiteName RODC-Site
-Identity ADForest
An AD Forest object.
This may be given as:
Fully qualified domain name: corp.SS64.com
GUID (objectGUID): 539c5d2e-e75d-4d20-8a42-033d96465f68
DNS host name: dnsServer.corp.SS64.com
NetBIOS name: SS64
The cmdlet searches the default naming context or partition to find the object.
If two or more objects are found, the cmdlet returns a non-terminating error.
The ADForest object may also be passed through the pipeline or set via a variable.
-Server string
The AD Domain Services instance to connect to, this may be a Fully qualified domain name,
or NetBIOS name, Fully qualified directory server name (with or without port number.)
CommonParameters:
-Verbose, -Debug, -ErrorAction, -ErrorVariable, -WarningAction, -WarningVariable,
-OutBuffer -OutVariable.
Get-ADForest gets the AD forest specified by the -Identity or -Current parameters.
The -Identity parameter specifies the AD forest to get. Identify a forest by its fully qualified domain name (FQDN), DNS host name, or NetBIOS name or set the parameter to a forest object variable or through the pipeline.
When the -Current parameter is set to LocalComputer or LoggedOnUser, the cmdlet can also use the -Server and -Credential parameters to determine the domain of the forest.
If the -Server parameter is specified it must be for a server that resides in the domain of the LocalComputer or LoggedOnUser. By default the domain is set to the domain of the LocalComputer or LoggedOnUser and a server is located in this domain. The credentials of the currently logged on user are used to get the domain.
Examples
Get forest information for the current logged on users forest:
PS C:\> Get-ADForest
Get the forest information of the SS64.com forest:
PS C:\> Get-ADForest SS64.com
Get the forest information of the current local computer's forest:
PS C:\> Get-ADForest -Current LocalComputer
“The world's a forest, in which all lose their way; though by a different path each goes astray” ~ George Villiers
Related PowerShell Cmdlets:
Set-adDomain - Modify an AD domain.
Set-adDomainMode - Set the domain functional level for an AD domain.