Get-ItemProperty of reg value in all DCs all Domains

PowerShell Help
1

I have my variable populated correctly and have hostnames for all of my DCs but my forEach isn’t working…

$DCs = foreach ($domain in (get-adforest -Identity company.com).domains) { get-addomaincontroller -filter * -server $domain | select hostname}

foreach( $dc in $DCs )
{ invoke-command -computername $dc -command {Get-ItemProperty -path hklm:\System\CurrentControlSet\Services\NTDS\Parameters -Name "Strict Replication Consistency" | Select-Object "Strict Replication Consistency"}}

What is incorrect here?

thank you

2

What isn’t working? It’s a little hard to just cold-read code written by someone else ;).

3

I dont recall a -command parameter
Invoke-command -scriptblock {}

Try to run ur invoke against one of ur dc

4

looks like you need to expand your hostname property, rather than just selecting it:

... get-addomaincontroller -filter * -server $domain | select hostname}

change to:

... get-addomaincontroller -filter * -server $domain | select -ExpandProperty hostname}

without the -expandproperty switch what you are actually creating is an array of objects with a hostname property, rather than a simple string list. So when you run that through your foreach, instead of passing a string value with the DC name to the invoke-command, you’re actually passing it a psobject with a hostname property. invoke-command has no idea what to do with that. You could also give invoke-command what it wants by using:

invoke-command -computername $DC.hostname ...

or

foreach($dc in $DCs.hostname)

Those two options aren’t as straightforward as the first one though, but should illustrate how to navigate around the objects you’ve created. Best bet is to do the first option and make sure the value in $DCs looks the way you want it.

5

Jeremy,

thanks this really helped me see the contents of what I was sending over the forEach. I looked at gm for my original $DCs and then did it for the expandedProperty one and saw what you were talking about.

Appreciate the lesson and I see the values now across all my DCs

Jeff

6

Or, you could tighten this up to, say…

(Get-ADForest -Identity $env:USERDNSDOMAIN).domains `
| % {(Get-ADDomainController -filter * -Server $).HostName} `
| % {invoke-command -computername $
-ScriptBlock {Get-ItemProperty `
-path ‘hklm:\System\CurrentControlSet\Services\NTDS\Parameters’ `
-Name “Strict Replication Consistency” `
| Select-Object “Strict Replication Consistency”
}
} | Format-Table -AutoSize

Results

Strict Replication Consistency PSComputerName RunspaceId

                         1 DC01.contoso.com  c96bb82c-...