how to determine what forest a domain is in
PowerShell Pipeline
Exploring the Active Directory Wood and Domain
Use the Active Directory Module to run available cmdlets and automate many of your daily tasks.
Back in the day, we would be using ADSI to connect to our Active Directory woods/domain to assemble information about a diverseness of things. Today I will completely ignore ADSI and focus solely on the Active Directory module to evidence how to leverage the available cmdlets to not only explore your surroundings, only also to perform various tasks that y'all may come across in your day-to-day activities.
Note: I will be running PowerShell V5 on Windows 10 for today's commodity. Some commands may not be available in older versions.
One of the many jobs of a arrangement administrator is working with Agile Directory and making sure that they know what is going on in their environs. A great way to better understand how things work is by exploring the environs and taking notation of what your forest and domains are and how they are configured. Fortunately for united states of america, we accept the ActiveDirectory module available to assist in viewing everything.
If you lot are missing the ActiveDirectory module, then you will need to ensure that you have information technology bachelor. In the case of Windows 10, yous tin can download the Remote Server Administation Tools (RSAT) and and then run the installer to make the module bachelor to yous.
At present we can verify that we are ready to get started on our adventure with Agile Directory!
For those of you running this on a server, the process is actually easier than this! All you take to do is run the following command to install the module and then you lot too tin get started too.
Install-WindowsFeature -Name RSAT-AD-PowerShell
Checking out the Forest
The first thing that I am going to exercise is take a look at the Active Directory wood and see how information technology is configured. To do that, I will use the Become-ADForest cmdlet and come across what information technology returns. Get-go affair to do though is to cheque out the help just to see what is bachelor. This is useful whenever you are working with cmdlets that yous are not certain well-nigh or merely need a refresher on what is available.
Get-Help Get-ADForest
I don't really need to do anything special other than merely calling the cmdlet.
Get-ADForest
From hither we can meet that my wood, rohan.local has the post-obit:
- Ane Domain in the forest
- The wood functional level is Windows2012R2
- I take two Global Catalogs
- My Woods level FSMO roles (Domain Naming Master and Schema Chief) are split betwixt two Domain Controllers
- I accept one site
Now that nosotros know what the forest looks similar, let'southward accept a look at the domain using Get-ADDomain.
Go-ADDomain
Here we tin come across the post-obit in the domain:
- The default location where computers that are joined to the domain are automatically placed
- The location of the Domain Controllers when promoted in a domain
- The current domain functional level
- The domain FSMO roles, which are spread between two domain controllers
- The default location of new users created in the domain
So, nosotros accept information near the wood and from the domain. What is next on the list?
If you lot answered the Domain Controller, then you lot would be correct! Nosotros can view the domain controller information by using the Become-ADDomainController cmdlet.
Get-ADDomainController
- Shows that this domain controller is a global itemize
- Shows the FSMO roles which are hosted on this domain controller
This cmdlet has some other nice parameters such equally –AvoidSelf (does not include itself if run on a domain controller) along with –Discover (shows another discoverable domain controller).
We can besides view the trust of the forest using the Get-ADTrust cmdlet and take note of any possible trust configurations.
Become-ADTrust –Filter *
Continuing on with the replication exploration, I will use Get-ADReplicationSite to view the Active Directory Site replication.
Go –ADReplicationSite
In this case, I only have one site in my environment and can find out more well-nigh this site using Get-ADSiteReplicationLink.
Get-ADReplicationSiteLink –Filter *
So with that, we have gone through our forest and domain and learned more than near the environs using just a modest set of PowerShell cmdlets available from the Active Directory module. Only don't terminate exploring at present that this article has finished! Keep charging forrad and before y'all know, yous will accept some nice documentation nigh your Agile Directory environment in no time!
About the Author
Boe Prox is a Microsoft MVP in Windows PowerShell and a Senior Windows System Ambassador. He has worked in the Information technology field since 2003, and he supports a variety of different platforms. He is a contributing author in PowerShell Deep Dives with chapters about WSUS and TCP communication. He is a moderator on the Hey, Scripting Guy! forum, and he has been a judge for the Scripting Games. He has presented talks on the topics of WSUS and PowerShell as well as runspaces to PowerShell user groups. He is an Honorary Scripting Guy, and he has submitted a number of posts as a to Microsoft'southward Hey, Scripting Guy! He also has a number of open source projects bachelor on Codeplex and GitHub. His personal blog is at http://larn-powershell.net.
Source: https://mcpmag.com/articles/2016/03/24/active-directory-forest-and-domain.aspx
0 Response to "how to determine what forest a domain is in"
Yorum Gönder