Which domain controllers are all computers authenticating to?

This topic contains 5 replies, has 5 voices, and was last updated by  Simon B 1 week, 1 day ago.

  • Author
    Posts
  • #76927

    Kano
    Participant

    I was tasked with writing a script (see below) to determine which domain controllers all computers are using for authentication.

    Get-ADComputer -filter * -Searchbase "OU=ourcomputerOU,DC=domain,DC=AD" | %{Get-WmiObject -Class win32_ntdomain -Filter "DomainName = 'ourdomain'" -ComputerName $_.Name} | Export-csv c:\temp\logon.csv

    After I ran the script and based on how large our organization is and the number of computers that are deployed, I thought I would have seen more computers listed in my output file logon.csv. The following errors below repeat multiple times as the script is running. I ran the script during different hours of the day with the same results. What stands out is "The RPC server is unavailable." Any comments or suggestion will be appreciated.

    Get-WmiObject : The RPC server is unavailable. (Exception from HRESULT: 0x800706BA)
    At line:1 char:79
    + ... ,DC=AD" | %{Get-WmiObject -Class win32_ntdomain -Filter "DomainName = ...
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : InvalidOperation: (:) [Get-WmiObject], COMException
    + FullyQualifiedErrorId : GetWMICOMException,Microsoft.PowerShell.Commands.GetWmiObjectCommand

    Thanks,
    Kano

  • #76930

    Jon
    Participant

    Did you try any of the stuff in the other thread you started about this?

    https://powershell.org/forums/topic/what-domain-controllers-are-computers-authenticating-to/#post-76339

  • #76933

    Simon B
    Participant

    It could be firewall rules on some of your machines

    Have you thought of adding the query to a logon script and have this write to a central file or database ?
    i.e. in dos write the result of
    echo %logonserver%

  • #76953

    Richard Siddaway
    Moderator

    RPC server unavailable means that you can't make a connection to WMI on the remote machine. The commonest cause for this is a firewall is blocking DCOM.

  • #77004

    David Flores
    Participant

    A few things other than firewalls to keep in mind:

    1) You may have a significant number of stale computer objects in your environment. Query all computer objects for password last set and create an input file based only on machine that have changed their passwords in the last 60 days

    2) Take that first list and run a test-connection against the machines. The machines that respond are live in your environment. If you can query them then do so and make note of machines that were down. Remember, unlike servers, workstations are frequently powered down by their owners. Run subsequent queries only against that smaller list from time to time and generate narrower lists as you go.

  • #77007

    Simon B
    Participant

    you could do this from a logon script

    echo %logonserver% >> path to txt file

You must be logged in to reply to this topic.