AD querying, without AD Module


I’m trying to find a way to find out the distinguished name of remote servers. I found this string on the web:

$filter = “(&(objectCategory=computer)(objectClass=computer)(cn=$env:COMPUTERNAME))”

It works really well locally, I’m trying to get something like this to run on remote servers and return information. I tried using

invoke-command -cn “whatever” -scriptblock {

$filter = “(&(objectCategory=computer)(objectClass=computer)(cn=$env:COMPUTERNAME))”


But it came back with…"Exception calling “FindOne” with “0” argument(s): “The search filter is invalid.” "

I’m unsure what I’m doing wrong here


I typically end up wrapping ADSI calls in a function, e.g. Get-ADSIObject - there are many others out there.

In this particular case, you are using PowerShell remoting with the default authentication, Kerberos. This means in your remote session, they trust that you are you, but they can’t delegate that out to anything that requires AD access.

The simplest solution, assuming it fits your use case, would be to simply replace $env:computername with the account you want to query for.


This is absolute bare bones function

function get-computerDN {
param ($computername)
$filter = “(&(objectCategory=computer)(objectClass=computer)(cn=$computername))”


Use it like this

£> get-computerDN -computername server02
CN=SERVER02,OU=Domain Controllers,DC=Manticore,DC=org

You can run scripts to work with AD from any machine in the domain - assuming you have permissions to perform those actions. You don’t have to remote onto a machine to do that. As Warren said with remoting you’re attempting to delegate your Kerberos credentials and that isn’t allowed by default remoting configuration