Powershell – How to set a default domain controller for all PowerShell AD cmdlets

active-directorydomain-controllerpowershell

All the PowerShell cmdlets in the ActiveDirectory module support being run against a specific domain controller using the -server parameter; but is there any way to set a default DC to use for all AD-related operations, or do I need to specify it on every single command if I actually care about which DC I'm using (as is frequent when replication latency is involved)?

Best Answer

If you are on PowerShell version 3, then you can use the new automatic variable $PSDefaultParameterValues to set a default for the Server parameter on the AD Module cmdlets. You can run

Get-Help about_Parameters_Default_Values

for more details on this variable.

In your specific case, you could set the variable like so:

$PSDefaultParameterValues = @{"*-AD*:Server"='YOUR-CHOSEN-DC'}

Another option which would work with version 2 or 3, is to use the AD Module's provider to create a new PSDrive.

By default when you import the AD Module, it creates an "AD:" PSDrive which connects to the local domain. You can create new PSDrives using this same provider, specifying the specific domain controller you want to connect to. Then, when you run AD cmdlets from within the context of that PSDrive, they will use that connection. You can create a new PSDrive like so:

New-PSDrive -Name <name of the drive> -PSProvider ActiveDirectory -Root "<DN of the partition/NC>" –Server <server or domain name (NetBIOS/FQDN)[:port number]> -Credential <domain name>\<username>

Then just cd <name of drive>: and when you run your cmdlets, they will use the domain controller you specified in the New-PSDrive cmdlet.

Related Solutions

Powershell – Exporting specific fields with powershell’s export-csv

You want to use the Select-Object cmdlet in place of Format-Table. This should work for you:

| select-object givenname,sn,company,telephonenumber,mail `
| export-csv -Delimiter `t -NoTypeInformation -Path c:\scripts\adexport.csv

Windows – Need for another Domain Controller

@gWaldo has a good idea in terms of increasing reliability and updating your outdated DC, but it's a "guess" as to if it'll fix the issue. @Chris-S is correct in comment that bandwidth (at first glance) doesn't sound like it's the issue either.

First you should ensure that WAN connection is reliable, has no packet loss, and has ample available bandwidth throughout the day.

Also a DC not being available will not prevent a Windows client login (assuming default GPO's) because cache credentials on a domain let you in. It would help if you posted the actual errors the users are getting.

For mapped drives, if they are done by login script then you have little to no ability to see any logs about that info, but I would move that functionally to Group Policy Preferences which will let you map drives, make them persistent, and also log to the client event logs on any issues. Your mapping issues could be either they can't get the script, or they can't access the drive... but hard to tell without logging.

Again, keeping DC's current and having one at remote site is "better" but is just throwing darts at the wall of this specific issue. I've had 70-100 remote sites on much lower WAN speeds with no remote DC's act just fine as long as connection was reliable and had available bandwidth.

Best Answer

Related Solutions

Powershell – Exporting specific fields with powershell’s export-csv

Windows – Need for another Domain Controller

Related Topic