Confirming computer exists under all domain controllers in a domain?

Christopher Compton 1 Reputation point
2023-01-05T23:37:59.48+00:00

I am trying to create a PowerShell script that will confirm what domain controllers are seeing a computer that I am joining to the domain. The reason being is I would like it as a tool to troubleshoot trust relationship issues with computers that are having difficulty joining the domain. I'm unsure how I would go about checking. Obviously I could use something like:

get-addomaincontroller -filter * | Select name

This could be run from the target computer to see all listed domain controllers. But I would more so like to be able to search domain controllers filtering by the computer name of the computer in question because I am mostly troubleshooting the trust issues remotely.

Anybody have any ideas?

Windows for business | Windows Client for IT Pros | Directory services | Active Directory
Windows for business | Windows Server | User experience | PowerShell
{count} votes

3 answers

Sort by: Most helpful
  1. Andreas Baumgarten 123.4K Reputation points MVP Volunteer Moderator
    2023-01-06T00:10:19.013+00:00

    Hi @Christopher Compton ,

    maybe something like this helps to get started:

    $computer = "test1"  
    Get-ADDomainController | ForEach-Object {  
      try {  
        $compObj = Get-AdComputer -Identity $computer -Server $_.Name -ErrorAction SilentlyContinue  
        if ($compObj) {  
          Write-Host "Computer $computer found on DC $_" -ForegroundColor Green  
        }  
      }  
      catch {    
        Write-Host "($_)" -ForegroundColor Red  
      }  
    }  
    

    (If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)

    Regards
    Andreas Baumgarten

    1 person found this answer helpful.

  2. Rich Matheisen 47,901 Reputation points
    2023-01-05T23:52:34.133+00:00

    Get a list of all DCs and use that in a ForEach-Object loop. Use the Get-ADComputer cmdlet to look for the computer name in the filter and add the "-Server" parameter using the name of the DC in the iteration of the loop.

    But this isn't going to help you troubleshoot trusts, or replication. There are GUI and command line tools for that. Here's one of each:

    get-use-active-directory-replication-status-tool
    repadmin-how-to-check-active-directory-replication

    If you want to use PowerShell, there are ways to do that, too: 326364

    0 comments No comments

  3. Rich Matheisen 47,901 Reputation points
    2024-12-05T16:02:02.91+00:00

    Neither my earlier answer, nor Andreas' answer, handled the task of getting all Domain Controllers in a forest.

    function Get-AllDCs {
        [CmdletBinding()]
        param(
            [Parameter(Mandatory = $true)
            [string]$DCName = $ForestName
        )
     
        $Forest = Get-ADForest -Server $ForestName
        foreach($Domain in $Forest.Domains) {    # get each domain in forest
            Get-ADDomainController -Filter * -Server $Domain |  # for each domain get DCs
                Select-Object Domain,HostName,Site
        } 
    }
    

    You can expand on that to check each DC in each domain and verify that each DC in a domain returns the same list.

    To be through you should probably verify that each Global Catalog server in each domain contains the same list for each domain.

    I still think you should verify that AD replication is functioning properly.

    You can verify trusts, too:

    https://serverfault.com/questions/509965/how-can-i-verify-the-trust-between-2-domains-in-windows-server-2008r2-active-dir

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.