Which domain controllers are all computers authenticating to?

I was tasked with writing a script (see below) to determine which domain controllers all computers are using for authentication.

Get-ADComputer -filter * -Searchbase “OU=ourcomputerOU,DC=domain,DC=AD” | %{Get-WmiObject -Class win32_ntdomain -Filter “DomainName = ‘ourdomain’” -ComputerName $_.Name} | Export-csv c:\temp\logon.csv

After I ran the script and based on how large our organization is and the number of computers that are deployed, I thought I would have seen more computers listed in my output file logon.csv. The following errors below repeat multiple times as the script is running. I ran the script during different hours of the day with the same results. What stands out is “The RPC server is unavailable.” Any comments or suggestion will be appreciated.

Get-WmiObject : The RPC server is unavailable. (Exception from HRESULT: 0x800706BA)
At line:1 char:79

  • … ,DC=AD" | %{Get-WmiObject -Class win32_ntdomain -Filter "DomainName = …
  •             ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    
    • CategoryInfo : InvalidOperation: (:slight_smile: [Get-WmiObject], COMException
    • FullyQualifiedErrorId : GetWMICOMException,Microsoft.PowerShell.Commands.GetWmiObjectCommand

Thanks,
Kano

Did you try any of the stuff in the other thread you started about this?

https://powershell.org/forums/topic/what-domain-controllers-are-computers-authenticating-to/#post-76339

It could be firewall rules on some of your machines

Have you thought of adding the query to a logon script and have this write to a central file or database ?
i.e. in dos write the result of
echo %logonserver%

RPC server unavailable means that you can’t make a connection to WMI on the remote machine. The commonest cause for this is a firewall is blocking DCOM.

A few things other than firewalls to keep in mind:

  1. You may have a significant number of stale computer objects in your environment. Query all computer objects for password last set and create an input file based only on machine that have changed their passwords in the last 60 days

  2. Take that first list and run a test-connection against the machines. The machines that respond are live in your environment. If you can query them then do so and make note of machines that were down. Remember, unlike servers, workstations are frequently powered down by their owners. Run subsequent queries only against that smaller list from time to time and generate narrower lists as you go.

you could do this from a logon script

echo %logonserver% >> path to txt file