Check if AD Computer is in on of many domains

Tagged: 

This topic contains 4 replies, has 3 voices, and was last updated by Profile photo of Nedelcu Gabriel Nedelcu Gabriel 8 months, 3 weeks ago.

Viewing 5 posts - 1 through 5 (of 5 total)
  • Author
    Posts
  • #33536
    Profile photo of Nedelcu Gabriel
    Nedelcu Gabriel
    Participant

    Hello,

    I try to check if a list of computers are part of one of 4 domains, I receive a list containing 100+ hostnames and see if they are joined to one of the 4 domains.

    The code so far is:

    $ComputerList = Get-Content C:\List.txt
    $ServerList = "DC01","DC02","DC03","DC04"

    Foreach ($Computer in $ComputerList)
    {
    $ComputerCredential = Get-ADComputer -Identity $Computer -Server "DC01"
    if ($? -eq $true){$b = 1}
    Else {
    $ComputerCredential = Get-ADComputer -Identity $Computer -Server "DC02"
    If ($? -eq $true){$b = 2}
    Else {
    $ComputerCredential = Get-ADComputer -Identity $Computer -Server "DC03"
    If ($? -eq $true){$b = 3}
    Else {
    $ComputerCredential = Get-ADComputer -Identity $Computer -Server "DC04"
    If ($? -eq $true){$b = 4}
    Else {$b = 0}}}}

    If($b -eq 0){Write-Output "$Computer – Is not in forest"}
    }

    Computer list contains:

    Computer1
    Computer2
    BogusComputer1
    BogusComputer2
    Computer3
    Computer4

    The BogusComputers are hostnames that are not present in any domain, I want to see what computers are not in any of the domains, I get that, but I receive an error, that the computer is not in all the domain controllers. I want that to be ignored, the only way I found is the $ErrorActionPreference = "SilentlyContinue" but this will not do I want to see if there are other errors.

    #33553
    Profile photo of Dan Potter
    Dan Potter
    Participant

    try{get-adcomputer kfjdkfjd}catch{'computer not in domain'}

    #33554
    Profile photo of Dan Potter
    Dan Potter
    Participant

    get-adobject -Filter "name -eq 'mycomputer' -and objectclass -eq 'computer'" -Server dc:3268

    #33568
    Profile photo of tommymaynard
    tommymaynard
    Participant

    I found this to be an interesting project, so I quickly wrote something out that may be of help. If you find that it's helpful and you opt to use it, please take the time to determine what the script is actually doing, and ask questions.

    Dan is absolutely right, use try-catch individually, as opposed to silencing an entire script. On another note, while the $? automatic variable can be helpful at times, I do my best not to put my faith in it, and instead, write scripts and functions that don't rely it.

    This script only runs against two domains. You'll have to add your others using the structure of the two that are included. Also, you never used $ServerList. I've renamed it to $DCList, and am using the values stored in it as $DCList[i] (i is equal to index of the DC). Another way to handle the various DCs would have been to add a second Foreach, but I didn't bother adding that complexity.

    When you run the script as a .ps1, you can use the -Verbose parameter to display the computers that were found and in what domain they were located. There's plenty of ways to write the same thing, but this is what came out when I started to write a solution. Enjoy!

    [CmdletBinding()]
    Param()
    
    $ComputerList = Get-Content -Path 'C:\List.txt'
    $DCList = 'DC01.mydomain01.com','DC02.mydomain02.com'
    
    Foreach ($Computer in $ComputerList) {
        $ComputerCredential,$Found,$Domain = $null
    
        Switch ($Computer) {
            # First Domain.
            {$_} {try {
                $ComputerCredential = Get-ADComputer -Identity $Computer -Server $DCList[0]
                $Found = $true
                $Domain = ($ComputerCredential.DNSHostName.Split('.',2)[-1]).ToUpper()
                break
            } catch {
                Write-Verbose -Message "$Computer : NOT found on Domain Controller: $($DCList[0].ToUpper())"}
            } # End First Domain.
    
            # Second Domain.
            {$_} {try {
                $ComputerCredential = Get-ADComputer -Identity $Computer -Server $SDCList[1]
                $Found = $true
                $Domain = ($ComputerCredential.DNSHostName.Split('.',2)[-1]).ToUpper()
                break
            } catch {
                Write-Verbose -Message "$Computer : NOT found on Domain Controller: $($DCList[1].ToUpper())"}
            } # End Second Domain.
    
            Default {Write-Warning -Message "Unable to locate $Computer in any domain."}
        } # End Switch.
    
        If ($Found -eq $true) {
            Write-Verbose -Message "$Computer : Found in $Domain."
        } Else {
            Write-Warning -Message "$Computer : NOT found in any domain."
        } # End If.
    } # End Foreach.
    
    #33686
    Profile photo of Nedelcu Gabriel
    Nedelcu Gabriel
    Participant

    Hello,

    I want to thank you for the advice, using Try and Catch really helped me a lot and was able to rethink the script properly.

    Thank you Dan, thanks Tommy.

Viewing 5 posts - 1 through 5 (of 5 total)

You must be logged in to reply to this topic.