Funny how things turn out. I was visiting today a customer which is undergoing a process of upgrading his Domain Controllers to W2K3 R2 and I was asked to help them get a report of OS version on all the DCs in the forest (multi-domain forest). First I thought to query the AD directly, but it appears that there is no way to distinguish between W2K3 and W2K3 R2 when looking at operatingSystem, operatingSystemVersion and operatingSystemServicePack attributes of the DC's computer account.
Now what is so funny about it ? Well, just yesterday I helped out a guy at the forum I manage to fix a script that was running against a list of servers and was querying the OS and SP version (see the original post here – it's in Hebrew). The script the guy wrote was almost perfect for my case, but I still had to scope it to run only against the DCs. What I came up is a generic batch that you can use to run a set of commands against all the DCs in the forest (including trees and child domains ).
So how do we achieve that ? Here is the logic I used in the script:
- I use "dsquery server forestroot" command to obtain a list of all the server objects in the forest (this gives us a list of distinguished names of the server objects in the Configuration partition)
- For each DN in the list, I query the "serverreference" attribute, which is pointing the the distinguished name of the actual DC's computer account ("dsquery * <DN> -attr serverreference". The DN returned will be used in the next step.
- I use DN from step 2 to query the dnsHostName attribute of the DC.
- I run a set of commands against each DC using it's DNS name obtained in step 3
The script break-down:
Most-outer loop (step 1):
for /f "usebackq" %%n in (`dsquery server forestroot`) do ( <second loop here> )
Second loop (inside the above loop):
for /f "usebackq delims=" %%s in (`dsquery * %%n -attr serverreference ^| findstr /i DC=`) do ( <third loop here> )
Third loop (again inside the above loop):
for /f "usebackq skip=1 delims=" %%d in (`dsquery * forestroot -filter "distinguishedname=%%s" -attr dNSHostName`) do (
for /f "usebackq skip=1" %%a in (`dsquery * forestroot -filter "distinguishedname=%%s" -attr name`) do (
echo !netbiosname! : !dnsname!