Quick info #1 – Get list of all forest global catalogs

I decided to write some mini posts to remind myself the best way to get certain information from AD using Powershell (I find myself doing a lot of work around AD lately)

In most Active Directory forests all DCs are also GCs (global catalogs), there are very few use cases for not using GCs on all your DCs. This is what consultants from Microsoft doing AD Risk Assesments (AD RAP) will tell you: “Don’t think about it, just make all DCs, GCs”.

First time i wanted to get information about my DCs I used this syntax:

[system.directoryservices.activedirectory.Forest]::GetCurrentForest() | `
% {$_.DomainControllers} | select Name,Domain | `
Export-Csv c:\temp\AD\dcs.csv -UseCulture -NoTypeInformation

This essentially lists all your domain controllers in every domain. For 50DCs worldwide it takes around 2 minutes. However…while running this today in my environment I found that for a domain…the Domain Controllers Field was blank…I couldn’t tell you why, I’m still investigating, nevertheless I wanted to find another way to get this information. So I found this syntax, which is simpler, it gets the list of GCs:

[System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest().GlobalCatalogs | `
select Name,Domain | sort-object Name,Domain | `
Export-Csv c:\temp\AD\dcs.csv -UseCulture -NoTypeInformation

As far as speed is concerned the time is just as long, so it is not faster, but this time I managed to get a list of all DCs, including the ones that did not show in the other object.