`Get-AdDomainController` active directory cmdlet gets one or more active directory domain controllers based on specified domain controller identifier or search criteria, discoverable services criteria.
You can get domain controller information using Identity, filter, or discover parameters in PowerShell Get-AdDomainController cmdlet.
In this article, I will explain how to use PowerShell Get-AdDomainController in Active Directory to get available domain controller in current domain using discovery, get domain controllers in a given domain, and get a global catalog in the current forest using discovery.
Get-AdDomainController Syntax and Parameters
The PowerShell Get-AdDomainController command gets one or more domain controller information using filter, discover or identity parameter.
Syntax:
Get-ADDomainController [[-Identity] ADDomainController]
[-Credential PSCredential] [-Server string]
[-AuthType {Negotiate | Basic}] [CommonParameters]
Get-ADDomainController -Discover [-AvoidSelf] [-DomainName string]
[-ForceDiscover] [-MinimumDirectoryServiceVersion {Windows2000 | Windows2008}]
[-NextClosestSite string] [-Service ADDiscoverableService[]]
[-SiteName string] [-Writable ][-AuthType {Negotiate | Basic}] [CommonParameters]
Get-ADDomainController -Filter string [-Credential PSCredential]
[-Server string] [-AuthType {Negotiate | Basic}] [CommonParameters]
Parameters:
–AuthType – It specifies the authentication method to use. AuthType parameter accepts either Basic (or 1) or Negotiate (or 0). It has Negotiate default authentication method.
SSL (Secure Socket Layer) connection is required to use the Basic Authentication method.
–Credential PSCredential – It specifies user credentials required to perform Get-AdDomainController. It default accepts the credentials of logged-on users.
To use the Credential parameter, use username as User1 or domain\User1 or you can create and use PSCredential object by using Get-Credential cmdlet.
-Identity – It specifies Active Directory domain controller object using the distinguished name, GUID, security identifier, or SAMAccountName
–Filter – It specifies a query string (PowerShell Expression Language Syntax) to retrieve Active Directory objects. PowerShell wildcards other * are not supported by filter syntax.
-AvoidSelf – It specifies not to return a self-computer or current computer as a domain controller. If the current computer is not a domain controller, this parameter will be ignored.
-Discover – Gets domain controller that meets the conditions specified by the parameter.
-DomainName – Specified domain to search. Get-AdDomainController cmdlet locates a discoverable domain controller in the specified domain name.
Let’s understand the PowerShell Get-AdDomainController cmdlet with examples to get domain controller using filter, identity, or discover search criteria.
Get Domain Controller in Current User Session
You can get available domain controller information in the current user session using Get-AdDomainController cmdlet as below
Get-AdDomainController
The output of the above PowerShell script, returns the available domain controller in current user session, output as below
PS C:\Windows\system32> Get-ADDomainController
ComputerObjectDN : CN=ENGG-PRO,OU=Domain Controllers,DC=SHELLPRO,DC=LOCAL
DefaultPartition : DC=SHELLPRO,DC=LOCAL
Domain : SHELLPRO.LOCAL
Enabled : True
Forest : SHELLPRO.LOCAL
HostName : ENGG-PRO.SHELLPRO.LOCAL
InvocationId : c955b45a-090a-42b7-aef9-4490b0d2b5d1
IPv4Address : 1.1.1.1
IPv6Address :
IsGlobalCatalog : True
IsReadOnly : False
LdapPort : 389
Name : ENGG-PRO
NTDSSettingsObjectDN : CN=NTDS Settings,CN=ENGG-PRO,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SHELLPRO,DC=LOCAL
OperatingSystem : Windows Server 2019 Datacenter
OperatingSystemHotfix :
OperatingSystemServicePack :
OperatingSystemVersion : 10.0 (17763)
OperationMasterRoles : {SchemaMaster, DomainNamingMaster, PDCEmulator, RIDMaster...}
Partitions : {DC=ForestDnsZones,DC=SHELLPRO,DC=LOCAL, DC=DomainDnsZones,DC=SHELLPRO,DC=LOCAL, CN=Schema,CN=Configuration,DC=SHELLPRO,DC=LOCAL,
CN=Configuration,DC=SHELLPRO,DC=LOCAL...}
ServerObjectDN : CN=ENGG-PRO,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SHELLPRO,DC=LOCAL
ServerObjectGuid : e6071fc7-2c78-4fcc-ac81-022db678615a
Site : Default-First-Site-Name
SslPort : 636Cool Tip: How to get an aduser employeeid in PowerShell!
Get Available Domain Controller in Given Domain
You can get available domain controller in a given domain name using the discovery below.
Get-ADDomainController -Discover -Domain "SHELLPRO.LOCAL"
The above command uses the PowerShell Get-AdDomainController command to get the available domain name specified by the Domain parameter named “SHELLPRO.LOCAL” and uses the Discover parameter to return the domain controller that meets the conditions specified.
Get Available Domain Controller in Current Domain
You can get available domain controller information in current domain using the Discovery criteria below
Get-AdDomainController -Discover
Get Domain Controller using NetBIOS name
If you want to get the available domain controller using its NetBIOS name, use Get-AdDomainController with the Identity parameter below.
Get-ADDomainController -Identity "ENGG-PRO"
In the above get ad domain controller example, the Get-AdDomainController uses the Identity parameter to specify the domain controller object using the Identity parameter, in this case named “ENGG-PRO” and returns available domain controller information.
Get Domain Controller using IP Address
If you want to get domain controller using an IP address, specify the IP address using Identity parameter in Get-AdDomainController command to return the available domain controller information as below.
Get-ADDomainController -Identity "10.1.0.5"
Cool Tip: How to get a list of ad groups for user in PowerShell!
Get a Domain Controller on Site
You can get domain controller information available on the specified site using the Site parameter in Get-AdDomainController active directory cmdlet as below.
Get-AdDomainController -Discover -Site "Default-First-Site-Name"
In the above PowerShell script, the Get-AdDomainController command uses the Discover parameter to specify the condition and returns available domain controller information in the site specified by the Site parameter, output as below.
PS C:\Windows\system32> Get-ADDomainController -Discover -Site "Default-First-Site-name"
Domain : SHELLPRO.LOCAL
Forest : SHELLPRO.LOCAL
HostName : {ENGG-PRO.SHELLPRO.LOCAL}
IPv4Address : 1.1.1.1
IPv6Address :
Name : ENGG-PRO
Site : Default-First-Site-NameIf you have a requirement to get an available domain controller in the given site using Force discovery, run the below command with the ForceDiscover parameter
Get-ADDomainController -Discover -Site "Default-First-Site-name" -ForceDiscover
Get Global Catalog in the Current Forest
You can get global catalog in the current forest using the discovery below.
Get-ADDomainController -Discover GlobalCatalog
Cool Tip: How to get aduser in the multi-domain forest in PowerShell!
Get Domain Controller using DNS HostName
If you want to get available domain controller using its DNS Host Name, run the below command
Get-ADDomainController -Identity "ENGG-PRO.SHELLPRO.LOCAL"
In the above command, the DNS Host Name is specified by Identity parameter and it returns domain controller information.
Cool Tip: How to get adcomputer operating system in PowerShell!
Get a List of Read Only Domain Controllers (RODC)
To display a list of read-only domain controllers, use the below command
Get-ADDomainController -Filter {IsReadOnly -eq $true} | Select Name, Domain,IsReadOnly
In the above PowerShell command, Get-AdDomainController active directory cmdlet uses the Filter parameter to get a list of read-only domain controllers where the attribute IsReadOnly is equal to $true.
It displays a list of read-only domain controllers name, domain, and IsReadOnly on the console.
Get Domain Controller in Site where the name starts with
If you want to get a list of domain controllers on the site where Site name starts with SHELL*, run the below command to display a list of DC
Get-ADDomainController -Filter {Site -like 'Default*'} | Select Name, Domain,Site
In the above PowerShell script, Get-AdDomainController active directory cmdlet uses the Filter parameter to specify the condition to filter DC where the site name begins with Default * and select the Name, Domain and Site properties.
It displays a list of domain controllers on the site as below.
PS C:\Windows\system32> Get-ADDomainController -Filter {Site -like 'Default*'} | Select Name, Domain,Site
Name Domain Site
---- ------ ----
ENGG-PRO SHELLPRO.LOCAL Default-First-Site-NameCool Tip: How to get computer name and domain name in PowerShell!
Conclusion
I hope the details article on using PowerShell Get-AdDomainController with different examples is helpful to you.
You can use Get-AdDomainController to find domain controllers by certain criteria or to find the availability of domain controllers.
You can find more topics about PowerShell Active Directory commands and PowerShell basics on the ShellGeek home page.