Could someone explain to me why this does not work?
Import-Module ActiveDirectory
$dcs = Get-ADComputer -Filter {DistinguishedName -Like "*Domain Controllers*"}
I get no results for this query.
Alternatively, could someone suggest a way using the module above that I can generate a list of systems on my domain that are NOT Domain Controllers (which is what I'm eventually trying to achieve).
Cheers
-
As all Domain Controllers should end up in the "Domain Controller" OU in AD when you promote the server, why not try:
$dcs = Get-ADComputer -SearchRoot "MYDOMAIN/Domain Controllers" -SearchScope onelevelI think this is what you were trying to do above. Also be aware this is not a definitive way to find a Domain controller. Ideally you should search by member type.
$dcs = get-ADComputer -SearchRoot "MYDOMAIN" -SearchScope subtree -filter {ComputerRole -eq "DomainController" }That should find any wayward DC's :)
As an aside, I unsuccessfully spent 30 mins trying to get the AD Module installed - its apparently a "New in 2008 R2" thing, and is a complete PITA if you don't have a 2008R2 machine handy :) I've used Quest AD Management Tools to devise the answer - the arguments are the same...
From Ben Short -
It looks like a bug to me. -like operator doesn't work with all properties. It doesn't work with DistinguishedName, SID, ObjectClass, but it works with Name, DSNHostName, SamAccountName...
The following command will give you all domain controllers:
PS C:> Get-ADComputer -SearchBase "OU=Domain Controllers,DC=test,DC=local" -Filter *
This command will give you all computers that are NOT domain controllers:
PS C:> Get-ADComputer -LDAPfilter "(&(objectCategory=Computer)(!userAccountControl:1.2.840.113556.1.4.803:=8192))"
From aleksandar
0 comments:
Post a Comment