Can i find the Windows AD level in case i am no administrator

Question

When i am an ordinary user in an active directory domain on a windows client. Is there a way to get to know the domain level for e.g Windows Server 2008/2012/2019/.. and so on without being administrator?

I ask because i am new to my company, almost every part of infrastructure is outsourced and i figured out we are using Exchange 2010!! I am responsible in the future and maybe we want to bring it back inhouse. Thats why i want to determinate the domain level.

The only way seems to trust nmap output using -A option which is not really trustworthy

If you are (to be) responsible for that you need to be an admin yourself or at least have one on your hand to ask. — Zac67, Jun 15 '22 at 10:56
The question should not be voted down, I see no reason for it. Answer: open ldp.exe (built-in), it shows the forest and domain functional levels. See this table for a number to OS translation: https://serverfault.com/questions/512228/how-to-check-ad-ds-domain-forest-functional-level-from-domain-joined-workstation — Bernd Schwanenmeister, Jun 22 '22 at 14:00

score 2 · Answer 1 · answered Jun 10 '22 at 12:05

2

Run Active Directory Users and Computers (dsa.msc)

Right-click the domain, select Properties

The domain and forest functional level are displayed.

PowerShell:

Import-Module ActiveDirectory  
Get-ADDomain | fl Name,DomainMode  
Get-ADForest | fl Name,ForestMode

answered Jun 10 '22 at 12:05

Greg Askew

35,880
5
54
82

I dont know why someone is voting my question down but this answer up. I explicitely stated i am not an administrator so there is no sense to show an image of a windows server or some powershell modules i have no access to. Thank you anyway for your effort. – gbl Jun 15 '22 at 09:59
@lbg: The ActiveDirectory module is one of the more common modules. As stated in the documentation, if the module is not present, the Remote Server Administration Tools needs to be installed. https://docs.microsoft.com/en-us/powershell/module/activedirectory/?view=windowsserver2022-ps – Greg Askew Jun 15 '22 at 10:05
Because it is a good answer and most probably the only answer. Why people have been voting your question down, most probably because it shows absolutely no research effort from your end. – Gerald Schneider Jun 15 '22 at 10:06

score 0 · Answer 2 · answered Jun 10 '22 at 12:03

0

As documented, you can use these Cmdlets on every machine that is joined to the Active Directory where Active Directory Cmdlets are installed, no admin permissions necessary.

get-addomain | format-list domainmode
get-adforest | format-list forestmode

answered Jun 10 '22 at 12:03

Gerald Schneider

23,274
8
57
89

As written i am on a simple client machine. – gbl Jun 13 '22 at 06:42
You can run these on every client machine as long as the Cmdlets are installed. – Gerald Schneider Jun 13 '22 at 08:43
Ok, i am on a client machine without cmdlets. – gbl Jun 14 '22 at 13:58
So, install them. – Gerald Schneider Jun 14 '22 at 14:03
Dear Gerald, you can read the question again - carefully. You will recognize my statement that i am not an administrator thats why i am asking! – gbl Jun 15 '22 at 10:01
If you need software to do your work have someone install it for you. – Gerald Schneider Jun 15 '22 at 10:04
1

@lbg: this is a site for administrators. If you need something installed and you are not the administrator, you need to contact the administrator. – Greg Askew Jun 15 '22 at 10:07

Can i find the Windows AD level in case i am no administrator

2 Answers2