Will 'get-ADUser -server $FQDN' use the same DC as 'get-addomaincontroller -Server $FQDN'

Killer99 · September 6, 2022, 1:32pm

Hi, I’m trying to Identify the DC in use by get-ADUser without hard-coding the DC name in the -server param for redundancy reasons. (I know i can specify the DC - just trying not to).

$FQDN = domain.forest.corp
#Will:
get-addomaincontroller -Server $FQDN
#use the same DC as 
get-ADUser -server $FQDN
#If i run them one after another in this order?

Thanks for any help.

Olaf · September 6, 2022, 3:48pm

Pete,
Welcome to the forum.

It is very likely but not guaranteed.

May I ask why?

BTW: When you post code, sample data, console output or error messages please format it as code using the preformatted text button ( </> ). Simply place your cursor on an empty line, click the button and paste your code.

Thanks in advance

How to format code in PowerShell.org <---- Click

Killer99 · September 6, 2022, 3:52pm

Thanks for the answer. I guess that’s what i figured. I guess i am asking if the -server switch will work in the same way and provide the same result (if the server is up), on both commands.

As for why - I would like it to work if a DC is down for patching or whatever reason.

Olaf · September 6, 2022, 4:04pm

But you don’t need to provide a server at all. PowerShell (or actually the underlying dotNet) will choose the nearest available server. Actually providing a particular server makes your code less robust.

Killer99 · September 6, 2022, 4:07pm

Ah yes, but the script runs on multiple domains from a server not in that domain, and so the $FQDN is provided via function prams and will be different on each run. So it needs to be present.

thedavecarroll · September 6, 2022, 4:09pm

If you are creating then updating objects, you’ll want to ensure that you use the same DC. For each iteration, detect the DC then use that for all actions for that one object. Perhaps on subsequent iterations, just verify if the DC is available. Don’t hard code a specific value and don’t use the DNS domain name.

See this doc for discovery.

Killer99 · September 6, 2022, 4:12pm

But I am not updating objects i am reading them. This is a little off topic.

Olaf · September 6, 2022, 4:14pm

Actually not. If you’re just querying an AD it doesn’t matter if you use the same DC or not. Then it will be enough to specify the domain like you showed in your initial question.

thedavecarroll · September 6, 2022, 4:15pm

See link in edited reply.

The discovery would be the same to interact with a given domain regardless of what actions you are taking.

darwin-reiswig · September 8, 2022, 1:30pm

If it’s important to use the same DC (IDK if it really is or not), you could do this:

$FQDN = domain.forest.corp
$DC = get-addomaincontroller -Server $FQDN
get-ADUser -server $DC

Then you would use the DC you retrieved in the first command for the second one.

Topic		Replies	Views
What domain controllers are computers authenticating to? PowerShell Help	5	188	August 1, 2017
Works for Domain, why not Forest PowerShell Help	6	148	August 16, 2022
using variables PowerShell Help	0	125	December 31, 2011
Pulling my hair out PowerShell Help	2	177	March 20, 2020
Which domain contoller is polled in Powershell query PowerShell Help	0	127	December 31, 2011

Will 'get-ADUser -server $FQDN' use the same DC as 'get-addomaincontroller -Server $FQDN'

Related Topics