So I’m making the move to PowerShell. It’s painful learning such alien (to me) concepts but books like Lee Holmes’ PowerShell: The Definitive Guide help a ton. I was fortunate enough to be the editor for Chapters 1-5 and got a sneak preview. It’s a fantastic book and can’t wait to receive the title, complete with indexes! For now, I’m searching both the 36 Word documents and the sample code for solutions using Vista’s built-in search functions.
My first task, which I’ll explain in later posts, includes some AD stuff. One tiny part of the equation is dynamically finding the FQDN of the current Active Directory domain. This should be easy! Using RootDSE, it’s super easy to find out the DistinguishedName or even the FQDN of the domain controller being queried, so wouldn’t there be a similar entry for FQDN of the whole domain? Apparently not (or if it’s there, I can’t find it). I’ve spent the morning and part of last night digging through LDAP filters, looking on Google for examples of objectcategory=crossref, dnsroot, dnshostname, etc. But after finding this useful codeplex page, I played around with GetCurrentDomain() and realized that finding the DNS hostname for an AD domain all boils down to this one line:
$strDomainDNS = [System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain().Name
Or this one liner, as Lee just suggested to me
$strDomainDNS = $env:USERDNSDOMAIN
Ahh! So it was that easy. Why, then, did it take 8 hours to find that? Now I wonder how to get the FQDN of any domain. Being a newb is hard work.
If you’re wondering what dnshostname is for, it’s to resolve the local machine you are working with. Michael at brnets.com provides the following example embedded in a big ol Exchange script:
$rootDSE = [adsi]"LDAP://RootDSE"
$DCDNShostname = $rootDSE.dnsHostName
Oh, as a bonus, here’s some another query you may find helpful. I started with benp’s script then made it a little skinnier (and more prone to errors! ;))
Search for Active Directory User Object in the Current Domain
$domain = New-Object DirectoryServices.DirectoryEntry
$search = [System.DirectoryServices.DirectorySearcher]$domain
$search.Filter = "(&(objectClass=user)(sAMAccountname=Chrissy))"
$user = $search.FindOne().GetDirectoryEntry()
My original code made reference to GetDirectoryEntry() but John Brennan suggested looking for alternative approaches. Thanks for the tip, John!