question

PeterRietmann-0218 avatar image
0 Votes"
PeterRietmann-0218 asked RichMatheisen-8856 commented

How a computer in a Workgroup can detect if a Domain Controller exists ?

I have a script that will run on multiple Servers that start out as Windows Server 2016 in a workgroup

If a Domain controller doesn't exists (ABC.COM) Then Promote the Server to Primary Domain Controller creating ABC.COM
If a Domain controller does exist then Promote the Server to Domain Controller joining ABC.COM

If a server is in a workgroup the command Get-ADDomain -Identity "DC=ABC,dc=com" does not return the PDC if it exists.

So what would my powershell function have to be ?
DoesPDCExist
{
#return true if PDC exists
#return false if PDS does not exist
}

windows-server-powershell
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

3 Answers

yagmoth555 avatar image
0 Votes"
yagmoth555 answered yagmoth555 edited

There isnt much way, Get-ADDomainController -Discover is the comdlet you would need to use, it use the DCLocator method to find a Domain Controller, but how you will manage the -Credential part ? as you can't run the powerscript against a DC from a workgroup computer as the process is run within the netlogon's process.

You would maybe need to try to join the domain if it fail, then act accordingly.

$result = Add-Computer -DomainName "myDomain" -ErrorAction SilentlyContinue -ErrorVariable ComputerError
Write-Host $ComputerError[0]

Your script might need a lot of work as for other computer you need to point the DNS's server of the other server to that newly DC to have the Get-ADDomainController & Add-Computer cmdlet to work out.

Be aware that you can have multiple DC in the same LAN, the only difference to what DC answer what workstation is the DNS set inside the network adapter of the workstation to be able to use the correct's one.

5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

RichMatheisen-8856 avatar image
0 Votes"
RichMatheisen-8856 answered

I'm going to assume that "ABC.COM" is the name of the domain and not the name of the machine, AND that you know which DNS servers IN YOUR LAN to use (you better not find this information in publicly available DNS)!

 Get-DnsServerResourceRecord -ComputerName <A-DNS-SERVER> -Type SRV  -Name ABC.COM -Zone _ldap._tcp.pdc

That should get you the PDC address.

5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

LimitlessTechnology-2700 avatar image
0 Votes"
LimitlessTechnology-2700 answered RichMatheisen-8856 commented

Hi PeterRietmann-0218,

You can use PowerShell to find FSMO roles in an Active Directory using Get-AdForest cmdlet to get Schema master and Domain Name master roles. and using Get-AdDomain cmdlet to get PDCEmulator, RIDMaster, InfrastructureMaster roles. This may achieve what you're looking for in a different way.

You can find FSMO roles in an Active Directory forest using the below command:

Get-ADForest | Select-Object DomainNamingMaster, SchemaMaster
Get-AdForest command gets Domain name master and schema master FSMO roles in active directory forest.

To get domain FSMO roles, use the below command

Get-ADDomain | Select-Object InfrastructureMaster, RIDMaster, PDCEmulator
Get-AdDomain command gets domain FSMO roles like RID master, PCD emulator, and Infrastructure master.



--If the reply is helpful, please Upvote and Accept as answer--

· 1
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

RichMatheisen-8856 avatar image RichMatheisen-8856 ·

How will any of that work if the machine running the cmdlets isn't a domain member and the account running the cmdlets is a local computer account?

0 Votes 0 ·