PS Script: Find a working domain controller from any domain even on non domain joined PC`s

An update has been applied do to some issues with the credentials support. Version 1.0 has been released

Today i release the first of many scripts to support exchange and active directory PowerShell commands from any pc and support for workflows. The first script is about locating a domain controller that is up and running by validating its response on port 389 and have a additional parameter to return not a random but the fastest responding up and running domain controller. You can query any domain from any pc as long as there is tcp connectivity between the computers and you have a account that can authenticate against the domain controllers. If you do not select a active directory site all the domain controllers of the domain will be tested. The script is written to use .NET framework so no additional modules are needed. Due to this the script is 100% compatible to run in PowerShell workflows and PowerShell Parallel workflows.

You can find the script in the technet gallery or under the script section of this site.

The Help content of the script:


Lets see the function in action from a non domain joined computer.

We call the function and use the parameters “-Domain”  and “-Cred”  to specify the domain name and that we want to use a additional credential. In the credential part we pass the “(get-credential)” to get a interactive GUI that uses the PowerShell secure password type.


The function returns the 13TH-DC02.13TH.LAN domain controller. ( this forest has 2 domain controllers 13TH-DC01 and 13TH-dc02)


The function uses a random return of up and running domain controllers. We will demonstrate this using a while loop. The function returns DC 1 and DC2 in a random order.


The function has support for best response time based on a 2 time ping average by using the parameter “-bestresponsetime”. If you DC`s are spread across data centers and you don’t use the site parameter “-Site”  to specify a Active Directory site this best response parameters ensures that a domain controller close to you will be returned. I demonstrate this by using a while loop again. As you can see it 13TH-DC02 seems to be faster than 13TH-DC01.


To show that the connection test works we disable the virtual nic on 13TH-DC02 and we run the command again. Although the command runs slower do to timing out on the health check only the up and running domain controller 13TH-DC01 is returned.


That`s all for now enjoy this function and let us know what you think by posting here or on the TechNet gallery.


Martijn ( Scriptkiddie ) van Geffen


Leave a Reply

Your email address will not be published. Required fields are marked *