This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(169.60000000000002, 17%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPR%3C/text%3E%3C/svg%3E)
I have a script that will run on multiple Servers that start out as Windows Server 2016 in a workgroup
If a Domain controller doesn't exists (ABC.COM) Then Promote the Server to Primary Domain Controller creating ABC.COM
If a Domain controller does exist then Promote the Server to Domain Controller joining ABC.COM
If a server is in a workgroup the command Get-ADDomain -Identity "DC=ABC,dc=com" does not return the PDC if it exists.
So what would my powershell function have to be ?
DoesPDCExist
{
}
There isnt much way, Get-ADDomainController -Discover is the comdlet you would need to use, it use the DCLocator method to find a Domain Controller, but how you will manage the -Credential part ? as you can't run the powerscript against a DC from a workgroup computer as the process is run within the netlogon's process.
You would maybe need to try to join the domain if it fail, then act accordingly.
$result = Add-Computer -DomainName "myDomain" -ErrorAction SilentlyContinue -ErrorVariable ComputerError
Write-Host $ComputerError[0]
Your script might need a lot of work as for other computer you need to point the DNS's server of the other server to that newly DC to have the Get-ADDomainController & Add-Computer cmdlet to work out.
Be aware that you can have multiple DC in the same LAN, the only difference to what DC answer what workstation is the DNS set inside the network adapter of the workstation to be able to use the correct's one.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(256, 74%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERM%3C/text%3E%3C/svg%3E)
I'm going to assume that "ABC.COM" is the name of the domain and not the name of the machine, AND that you know which DNS servers IN YOUR LAN to use (you better not find this information in publicly available DNS)!
Get-DnsServerResourceRecord -ComputerName <A-DNS-SERVER> -Type SRV -Name ABC.COM -Zone _ldap._tcp.pdc
That should get you the PDC address.
Hi PeterRietmann-0218,
You can use PowerShell to find FSMO roles in an Active Directory using Get-AdForest cmdlet to get Schema master and Domain Name master roles. and using Get-AdDomain cmdlet to get PDCEmulator, RIDMaster, InfrastructureMaster roles. This may achieve what you're looking for in a different way.
You can find FSMO roles in an Active Directory forest using the below command:
Get-ADForest | Select-Object DomainNamingMaster, SchemaMaster
Get-AdForest command gets Domain name master and schema master FSMO roles in active directory forest.
To get domain FSMO roles, use the below command
Get-ADDomain | Select-Object InfrastructureMaster, RIDMaster, PDCEmulator
Get-AdDomain command gets domain FSMO roles like RID master, PCD emulator, and Infrastructure master.
--If the reply is helpful, please Upvote and Accept as answer--
How will any of that work if the machine running the cmdlets isn't a domain member and the account running the cmdlets is a local computer account?