Which domain controllers are all computers authenticating to?

Welcome Forums General PowerShell Q&A Which domain controllers are all computers authenticating to?

This topic contains 5 replies, has 5 voices, and was last updated by

 
Participant
1 year, 8 months ago.

  • Author
    Posts
  • #76927

    Participant
    Topics: 2
    Replies: 1
    Points: 0
    Rank: Member

    I was tasked with writing a script (see below) to determine which domain controllers all computers are using for authentication.

    Get-ADComputer -filter * -Searchbase "OU=ourcomputerOU,DC=domain,DC=AD" | %{Get-WmiObject -Class win32_ntdomain -Filter "DomainName = 'ourdomain'" -ComputerName $_.Name} | Export-csv c:\temp\logon.csv

    After I ran the script and based on how large our organization is and the number of computers that are deployed, I thought I would have seen more computers listed in my output file logon.csv. The following errors below repeat multiple times as the script is running. I ran the script during different hours of the day with the same results. What stands out is "The RPC server is unavailable." Any comments or suggestion will be appreciated.

    Get-WmiObject : The RPC server is unavailable. (Exception from HRESULT: 0x800706BA)
    At line:1 char:79
    + ... ,DC=AD" | %{Get-WmiObject -Class win32_ntdomain -Filter "DomainName = ...
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : InvalidOperation: (:) [Get-WmiObject], COMException
    + FullyQualifiedErrorId : GetWMICOMException,Microsoft.PowerShell.Commands.GetWmiObjectCommand

    Thanks,
    Kano

  • #76930
    Jon

    Participant
    Topics: 13
    Replies: 219
    Points: 89
    Rank: Member

    Did you try any of the stuff in the other thread you started about this?

    https://powershell.org/forums/topic/what-domain-controllers-are-computers-authenticating-to/#post-76339

  • #76933

    Participant
    Topics: 17
    Replies: 241
    Points: 82
    Rank: Member

    It could be firewall rules on some of your machines

    Troubleshooting 'RPC server unavailable' 0x800706BA

    Have you thought of adding the query to a logon script and have this write to a central file or database ?
    i.e. in dos write the result of
    echo %logonserver%

  • #76953

    Participant
    Topics: 0
    Replies: 669
    Points: 0
    Rank: Member

    RPC server unavailable means that you can't make a connection to WMI on the remote machine. The commonest cause for this is a firewall is blocking DCOM.

  • #77004

    Participant
    Topics: 2
    Replies: 17
    Points: 0
    Rank: Member

    A few things other than firewalls to keep in mind:

    1) You may have a significant number of stale computer objects in your environment. Query all computer objects for password last set and create an input file based only on machine that have changed their passwords in the last 60 days

    2) Take that first list and run a test-connection against the machines. The machines that respond are live in your environment. If you can query them then do so and make note of machines that were down. Remember, unlike servers, workstations are frequently powered down by their owners. Run subsequent queries only against that smaller list from time to time and generate narrower lists as you go.

  • #77007

    Participant
    Topics: 17
    Replies: 241
    Points: 82
    Rank: Member

    you could do this from a logon script

    echo %logonserver% >> path to txt file

The topic ‘Which domain controllers are all computers authenticating to?’ is closed to new replies.

denizli escort samsun escort muğla escort ataşehir escort kuşadası escort