Get-ItemProperty of reg value in all DCs all Domains

This topic contains 5 replies, has 5 voices, and was last updated by  postanote 7 months, 2 weeks ago.

  • Author
  • #81767

    Jeff Taylor

    I have my variable populated correctly and have hostnames for all of my DCs but my forEach isn't working...

    $DCs = foreach ($domain in (get-adforest -Identity { get-addomaincontroller -filter * -server $domain | select hostname}
    foreach( $dc in $DCs )
    { invoke-command -computername $dc -command {Get-ItemProperty -path hklm:\System\CurrentControlSet\Services\NTDS\Parameters -Name "Strict Replication Consistency" | Select-Object "Strict Replication Consistency"}}

    What is incorrect here?

    thank you

  • #81769

    Don Jones

    What isn't working? It's a little hard to just cold-read code written by someone else ;).

  • #81772

    Cyril Muffat

    I dont recall a -command parameter
    Invoke-command -scriptblock {}

    Try to run ur invoke against one of ur dc

  • #81776

    Jeremy Murrah

    looks like you need to expand your hostname property, rather than just selecting it:

    ... get-addomaincontroller -filter * -server $domain | select hostname}

    change to:

    ... get-addomaincontroller -filter * -server $domain | select -ExpandProperty hostname}

    without the -expandproperty switch what you are actually creating is an array of objects with a hostname property, rather than a simple string list. So when you run that through your foreach, instead of passing a string value with the DC name to the invoke-command, you're actually passing it a psobject with a hostname property. invoke-command has no idea what to do with that. You could also give invoke-command what it wants by using:

    invoke-command -computername $DC.hostname ...


    foreach($dc in $DCs.hostname)

    Those two options aren't as straightforward as the first one though, but should illustrate how to navigate around the objects you've created. Best bet is to do the first option and make sure the value in $DCs looks the way you want it.

    • #81823

      Jeff Taylor


      thanks this really helped me see the contents of what I was sending over the forEach. I looked at gm for my original $DCs and then did it for the expandedProperty one and saw what you were talking about.

      Appreciate the lesson and I see the values now across all my DCs


  • #81865


    # Or, you could tighten this up to, say...

    (Get-ADForest -Identity $env:USERDNSDOMAIN).domains `
    | % {(Get-ADDomainController -filter * -Server $_).HostName} `
    | % {invoke-command -computername $_ `
    -ScriptBlock {Get-ItemProperty `
    -path 'hklm:\System\CurrentControlSet\Services\NTDS\Parameters' `
    -Name "Strict Replication Consistency" `
    | Select-Object "Strict Replication Consistency"
    } | Format-Table -AutoSize

    # Results

    Strict Replication Consistency PSComputerName RunspaceId
    —————————— ————– ———-
    1 c96bb82c-...

You must be logged in to reply to this topic.