Executing a set of commands against all DCs in the forest

29 בנובמבר 2007

אין תגובות

Funny how things turn out. I was visiting today a customer which is undergoing a process of upgrading his Domain Controllers to W2K3 R2 and I was asked to help them get a report of OS version on all the DCs in the forest (multi-domain forest). First I thought to query the AD directly, but it appears that there is no way to distinguish between W2K3 and W2K3 R2 when looking at operatingSystem, operatingSystemVersion and operatingSystemServicePack attributes of the DC's computer account.

Now what is so funny about it ? Well, just yesterday I helped out a guy at the forum I manage to fix a script that was running against a list of servers and was querying the OS and SP version (see the original post here – it's in Hebrew). The script the guy wrote was almost perfect for my case, but I still had to scope it to run only against the DCs. What I came up is a generic batch that you can use to run a set of commands against all the DCs in the forest (including trees and child domains ).

So how do we achieve that ? Here is the logic I used in the script:

  1. I use "dsquery server forestroot" command to obtain a list of all the server objects in the forest (this gives us a list of distinguished names of the server objects in the Configuration partition)
  2. For each DN in the list, I query the "serverreference" attribute, which is pointing the the distinguished name of the actual DC's computer account ("dsquery * <DN> -attr serverreference". The DN returned will be used in the next step.
  3. I use DN from step 2 to query the dnsHostName attribute of the DC.
  4. I run a set of commands against each DC using it's DNS name obtained in step 3

The script break-down:

Most-outer loop (step 1):

for /f "usebackq" %%n in (`dsquery server forestroot`) do ( <second loop here> )

Second loop (inside the above loop):

for /f "usebackq delims=" %%s in (`dsquery * %%n -attr serverreference ^| findstr /i DC=`) do ( <third loop here> )

Third loop (again inside the above loop):

for /f "usebackq skip=1 delims=" %%d in (`dsquery * forestroot -filter "distinguishedname=%%s" -attr dNSHostName`) do (     
for /f "usebackq skip=1" %%a in (`dsquery * forestroot -filter "distinguishedname=%%s" -attr name`) do (

set netbiosname=%%a
set tempname=%%d
set dnsname=!tempname:~2,-2!

echo !netbiosname! : !dnsname!
In the code above I just echo the Netbios and DNS names of the DCs, but you can use it for anything else you can execute against a remote computer – running psexec or similar is begging.
The actual script I used is attached. I would post it here, but the blog breaks the formatting of the too long lines, making it unreadable.


הוסף תגובה
facebook linkedin twitter email

כתיבת תגובה

האימייל לא יוצג באתר. שדות החובה מסומנים *