2

This self-answered question addresses the following scenario:

How can I write a PowerShell script to check if a computer is a domain controller or not?

mklement0
  • 382,024
  • 64
  • 607
  • 775
Robert Karamagi
  • 91
  • 7

3 Answers3

1

Yes, if you need to check a list then that's fine, but if all you need is a list of DCs, then more efficient to get this directly.

$DomainName = 'MyDomain'

$DomDetail = Get-ADDomain -Identity $DomainName
$DCDetail = Get-ADDomainController -Server $DomDetail.PDCEmulator -Filter *
[pscustomobject]@{Name = $DomDetail.NetBIOSName;FQDN = $DomDetail.DNSRoot;PDC = $DomDetail.PDCEmulator;MemberDCs = $DCDetail}
Scepticalist
  • 3,737
  • 1
  • 13
  • 30
0

The code below can be run on Windows PowerShell. It will take an input list of computers called computers.csv and loop around them to check if it is a domain controller or not and then output the result into check_for_domain_controller.csv

$listofcomputers = Import-CSV -Path "C:\computers_list.csv"

foreach ($computerobject in $listofcomputers)
{
    $computername = $computerobject.Name
    Get-DomainRole -Computername $computername | 
    Export-csv -Path "C:\check_for_domain_controller.csv" -Append -NoTypeInformation
}

Input (computers.csv)

Name  
DC1  
DC2  
DC3  
DC4  
PC1  
PC2

Output (check_for_domain_controller.csv)

"Computer","IPAddress","PCType","DomainRole"  
"DC1","10.10.10.1","Desktop","Domain controller"  
"DC2","110.10.10.2","Desktop","Domain controller"  
"DC3","10.10.10.3","Desktop","Domain controller"  
"DC4","10.10.10.4","Desktop","Domain controller"  
"PC1","10.10.10.5","Desktop","Member server"  
"PC2","10.10.10.6","Desktop","Member server"
mklement0
  • 382,024
  • 64
  • 607
  • 775
Robert Karamagi
  • 91
  • 7
  • 1
    Thanks for sharing. Can you clarify where `Get-DomainRole` comes from? It doesn't appear to be part of the `ActiveDirectory` module. Also, it's better to use a single pipeline that you can pipe to a single `Export-Csv` call, which is not only more efficient, but saves you from having to ensure that the target file doesn't already exist.=: `(Import-CSV -Path "C:\computers_list.csv").Name | ForEach { Get-DomainRole -ComputerName $_ } | Export-csv -Path "C:\check_for_domain_controller.csv" -NoTypeInformation` – mklement0 Oct 28 '22 at 17:27
  • 1
    Where does Get-DomainRole come from? See below - there's easy ways to get current domain controller using the common ActiveDirectory module – Scepticalist Oct 28 '22 at 17:42
  • The Get-DomainRole is run on a Domain Controller specifically for computers that are joined to it's domain – Robert Karamagi Oct 29 '22 at 08:48
  • Thanks, but what I'm asking is where you get that command from? Given that it doesn't appear to be a standard cmdlet, does it come with a third-party module you installed, did you get it from a GitHub project or a Gist, or ...? – mklement0 Oct 29 '22 at 11:40
  • 1
    https://github.com/VernAnderson/PowerShell/blob/master/Get-DomainRole.ps1 – Robert Karamagi Jan 01 '23 at 11:16
0

The Win32_OperatingSystem WMI class property ProductType will tell you if the computer is a workstation, domain controller or server.

$productType = (Get-CimInstance -ClassName Win32_OperatingSystem).ProductType
$compName = $env:COMPUTERNAME
switch ($productType)
{
    1 {"$compName is a workstation."; break}
    2 {"$compName is a domain controller."; break}
    3 {"$compName is a server."; break}
}
Paul π
  • 133
  • 11