{"id":4541,"date":"2015-01-29T13:27:50","date_gmt":"2015-01-29T12:27:50","guid":{"rendered":"http:\/\/dollarunderscore.azurewebsites.net\/?p=4541"},"modified":"2017-06-05T21:48:11","modified_gmt":"2017-06-05T19:48:11","slug":"specifying-a-single-domain-controller-while-keeping-redundancy-in-a-powershell-script","status":"publish","type":"post","link":"https:\/\/p0wershell.com\/?p=4541","title":{"rendered":"Specifying a single domain controller while keeping redundancy in a PowerShell script"},"content":{"rendered":"<p>When scripting against Active Directory I usually specify a domain controller for the &#8220;-Server&#8221; parameter of the AD cmdlets to prevent potential issues with replication.<\/p>\n<p>For example, say you are creating a new group, and then want to <a title=\"Set permissions on properties in Active Directory (Write Members in ACL) (Shared mailbox management)\" href=\"https:\/\/p0wershell.com\/?p=1541\">change the ACLs of that group<\/a>, for example the &#8220;WriteMembers&#8221;-permission. You probably want to specify the same domain controller on these two requests to make sure the newly created group is actually available when changing the ACL.<\/p>\n<p>But hard coding things are usually not a good idea, and if that DC happens to go offline while a script is running, a lot of requests might fail. So what I did was to create a function that checks if the specified DC is online, and if it isn&#8217;t, it retrieves a lists of all the DCs that exists in the same site as the server where the script is executing, and picks the next available one after verifying it works.<\/p>\n<p>Usage example:<br \/>\n<code><\/code><\/p>\n<pre>PS&gt; Get-ScriptDC -PreferedDC MyDC01.MyDomain.local\r\n<em>WARNING: Failed to connect to MyDC01.MyDomain.local.<\/em>\r\nMyDC02.MyDomain.local\r\n<\/pre>\n<p>In this case, MyDC01.MyDomain.local was offline and didn&#8217;t work, so the function instead returned MyDC02.MyDomain.local which has been verified by issuing a AD-query to it. It is simply returned as a string, so to use it in a script you could do something like this (with some errorhandling added):<\/p>\n<p>[PowerShell]<br \/>\n$MyPreferedDC = &#8216;MyDC01.MyDomain.local&#8217;<br \/>\n$DCToUse = Get-ScriptDC -PreferedDC $MyPreferedDC<\/p>\n<p>Get-ADUser JohnDoe -Server $DCToUse<br \/>\n[\/PowerShell]<\/p>\n<p>If you put this first in the script, you&#8217;ll know that the DC used will be online when the script starts, if you want to, you could of course run this function again within in a catch-statement to be able to &#8220;failover&#8221; to another DC during script execution.<\/p>\n<p><em><strong>The code for this function has been uploaded <a href=\"https:\/\/p0wershell.com\/wp-content\/uploads\/2017\/06\/Get-ScriptDC.ps1_.txt\" target=\"_blank\">here<\/a>.<\/strong><\/em><\/p>\n<p>The ActiveDirectory-module must be available for it to work.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>When scripting against Active Directory I usually specify a domain controller for the &#8220;-Server&#8221; parameter of the AD cmdlets to prevent potential issues with replication. For example, say you are creating a new group, and then want to change the ACLs of that group, for example the &#8220;WriteMembers&#8221;-permission. You probably want to specify the same [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","enabled":false}}},"categories":[831,21],"tags":[981],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p3Zj0A-1bf","_links":{"self":[{"href":"https:\/\/p0wershell.com\/index.php?rest_route=\/wp\/v2\/posts\/4541"}],"collection":[{"href":"https:\/\/p0wershell.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/p0wershell.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/p0wershell.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/p0wershell.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=4541"}],"version-history":[{"count":0,"href":"https:\/\/p0wershell.com\/index.php?rest_route=\/wp\/v2\/posts\/4541\/revisions"}],"wp:attachment":[{"href":"https:\/\/p0wershell.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=4541"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/p0wershell.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=4541"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/p0wershell.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=4541"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}