AD querying, without AD Module

This topic contains 2 replies, has 3 voices, and was last updated by  Richard Siddaway 3 years ago.

  • Author
  • #27529



    I'm trying to find a way to find out the distinguished name of remote servers. I found this string on the web:

    $filter = "(&(objectCategory=computer)(objectClass=computer)(cn=$env:COMPUTERNAME))"

    It works really well locally, I'm trying to get something like this to run on remote servers and return information. I tried using

    invoke-command -cn "whatever" -scriptblock {

    $filter = "(&(objectCategory=computer)(objectClass=computer)(cn=$env:COMPUTERNAME))"


    But it came back with..."Exception calling "FindOne" with "0" argument(s): "The search filter is invalid." "

    I'm unsure what I'm doing wrong here

  • #27530

    Warren Frame


    I typically end up wrapping ADSI calls in a function, e.g. Get-ADSIObject – there are many others out there.

    In this particular case, you are using PowerShell remoting with the default authentication, Kerberos. This means in your remote session, they trust that you are you, but they can't delegate that out to anything that requires AD access.

    The simplest solution, assuming it fits your use case, would be to simply replace $env:computername with the account you want to query for.


  • #27537

    Richard Siddaway

    This is absolute bare bones function

    function get-computerDN {
    param ($computername)
    $filter = "(&(objectCategory=computer)(objectClass=computer)(cn=$computername))"


    Use it like this

    £> get-computerDN -computername server02
    CN=SERVER02,OU=Domain Controllers,DC=Manticore,DC=org

    You can run scripts to work with AD from any machine in the domain – assuming you have permissions to perform those actions. You don't have to remote onto a machine to do that. As Warren said with remoting you're attempting to delegate your Kerberos credentials and that isn't allowed by default remoting configuration

You must be logged in to reply to this topic.