{"id":12511,"date":"2011-10-03T00:01:00","date_gmt":"2011-10-03T00:01:00","guid":{"rendered":"https:\/\/blogs.technet.microsoft.com\/heyscriptingguy\/2011\/10\/03\/use-powershell-to-document-your-network-configuration\/"},"modified":"2011-10-03T00:01:00","modified_gmt":"2011-10-03T00:01:00","slug":"use-powershell-to-document-your-network-configuration","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/scripting\/use-powershell-to-document-your-network-configuration\/","title":{"rendered":"Use PowerShell to Document Your Network Configuration"},"content":{"rendered":"<p><strong>Summary:<\/strong> Learn how to use Windows PowerShell and Active Directory cmdlets to document your Active Directory configuration.<\/p>\n<p>&nbsp;<\/p>\n<p><img decoding=\"async\" title=\"Hey, Scripting Guy! Question\" border=\"0\" alt=\"Hey, Scripting Guy! Question\" align=\"left\" src=\"https:\/\/devblogs.microsoft.com\/wp-content\/uploads\/sites\/29\/2019\/02\/q-for-powertip.jpg\" width=\"34\" height=\"34\" \/>Hey, Scripting Guy! I recently inherited an Active Directory. By this, I mean the network administrator quit. He did not give any notice, and it appears he took any documentation he may have created with him. He may have been abducted by Martians (there seems to be quite a bit of this going on at work) for all I know. Anyway, I need a good way to easily discover information about the domain and the forest. If I could easily print it out, it would be even better. I know how to use Active Directory Users and Computers, and I have been making screen shots, but there should be a better way of doing things. Help!<\/p>\n<p>&mdash;BV<\/p>\n<p>&nbsp;<\/p>\n<p><img decoding=\"async\" title=\"Hey, Scripting Guy! Answer\" border=\"0\" alt=\"Hey, Scripting Guy! Answer\" align=\"left\" src=\"https:\/\/devblogs.microsoft.com\/wp-content\/uploads\/sites\/29\/2019\/02\/a-for-powertip.jpg\" width=\"34\" height=\"34\" \/>Hello BV,<\/p>\n<p>Microsoft Scripting Guy Ed Wilson here. I am sorry Martians abducted your network administrator. You did not specify which version of Windows you are running, and you did not say which version of domain controllers you have. I am guessing that perhaps you do not know. To find information about your operating system, you can use the following command in Windows PowerShell:<\/p>\n<p style=\"padding-left: 30px\">Get-WmiObject win32_operatingsystem<\/p>\n<p>Using the Active Directory Windows PowerShell cmdlets and remoting, I can easily discover information about the forest and the domain. The first thing I need to do is to enter a <b>PSSession<\/b> on the remote computer. To do this, I use the <b>Enter-PSSession<\/b> cmdlet. Next, I import the active directory module, and set my working location to the root of the C drive. These commands are shown here:<\/p>\n<p style=\"padding-left: 30px\">PS C:\\Users\\Administrator.NWTRADERS&gt; Enter-PSSession dc1<\/p>\n<p style=\"padding-left: 30px\">[dc1]: PS C:\\Users\\Administrator\\Documents&gt; Import-Module activedirectory<\/p>\n<p style=\"padding-left: 30px\">[dc1]: PS C:\\Users\\Administrator\\Documents&gt; Set-Location c:\\<\/p>\n<p>After I have connected to the remote domain controller, I can use the <b>Get-WmiObject<\/b> cmdlet to verify my operating system on that computer. This command and associated output are shown here:<\/p>\n<p style=\"padding-left: 30px\">[dc1]: PS C:\\&gt; Get-WmiObject win32_operatingsystem<\/p>\n<p style=\"padding-left: 30px\">SystemDirectory : C:\\Windows\\system32<\/p>\n<p style=\"padding-left: 30px\">Organization&nbsp;&nbsp;&nbsp; :<\/p>\n<p style=\"padding-left: 30px\">BuildNumber&nbsp;&nbsp;&nbsp;&nbsp; : 7601<\/p>\n<p style=\"padding-left: 30px\">RegisteredUser&nbsp; : Windows User<\/p>\n<p style=\"padding-left: 30px\">SerialNumber&nbsp;&nbsp;&nbsp; : 55041-507-0212466-84005<\/p>\n<p style=\"padding-left: 30px\">Version&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : 6.1.7601<\/p>\n<p>Now, I want to get information about the forest. To do this, I use the <b>Get-ADForrest<\/b> cmdlet. The output from <b>Get-ADForest<\/b> includes lots of great information such as the domain naming master, forest mode, schema master, and domain controllers. This command and associated output are shown here:<\/p>\n<p style=\"padding-left: 30px\">[dc1]: PS C:\\&gt; Get-ADForest&nbsp;<\/p>\n<p style=\"padding-left: 30px\">&nbsp;<\/p>\n<p style=\"padding-left: 30px\">ApplicationPartitions : {DC=DomainDnsZones,DC=nwtraders,DC=com, DC=ForestDnsZones,DC=nwtraders,DC=com}<\/p>\n<p style=\"padding-left: 30px\">CrossForestReferences : {}<\/p>\n<p style=\"padding-left: 30px\">DomainNamingMaster&nbsp;&nbsp;&nbsp; : DC1.nwtraders.com<\/p>\n<p style=\"padding-left: 30px\">Domains&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : {nwtraders.com}<\/p>\n<p style=\"padding-left: 30px\">ForestMode&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : Windows2008Forest<\/p>\n<p style=\"padding-left: 30px\">GlobalCatalogs&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : {DC1.nwtraders.com}<\/p>\n<p style=\"padding-left: 30px\">Name&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : nwtraders.com<\/p>\n<p style=\"padding-left: 30px\">PartitionsContainer&nbsp;&nbsp; : CN=Partitions,CN=Configuration,DC=nwtraders,DC=com<\/p>\n<p style=\"padding-left: 30px\">RootDomain&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : nwtraders.com<\/p>\n<p style=\"padding-left: 30px\">SchemaMaster&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : DC1.nwtraders.com<\/p>\n<p style=\"padding-left: 30px\">Sites&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : {Default-First-Site-Name}<\/p>\n<p style=\"padding-left: 30px\">SPNSuffixes&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : {}<\/p>\n<p style=\"padding-left: 30px\">UPNSuffixes&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : {}<\/p>\n<p>The above commands and output are shown in the following figure.<\/p>\n<p><a href=\"https:\/\/devblogs.microsoft.com\/wp-content\/uploads\/sites\/29\/2019\/02\/4540.hsg-10-3-11-1.png\"><img decoding=\"async\" style=\"border: 0px\" title=\"Image of commands and output\" alt=\"Image of commands and output\" src=\"https:\/\/devblogs.microsoft.com\/wp-content\/uploads\/sites\/29\/2019\/02\/4540.hsg-10-3-11-1.png\" \/><\/a><\/p>\n<p>Now I am interested in obtaining information about the domain. To do this, I use the <b>Get-ADDomain<\/b> cmdlet. The command returns important information such as the location of the default domain controller organizational unit, the PDC emulator, and the RID master. The command and associated output are shown here:<\/p>\n<p style=\"padding-left: 30px\">[dc1]: PS C:\\&gt; Get-ADDomain<\/p>\n<p style=\"padding-left: 30px\">&nbsp;<\/p>\n<p style=\"padding-left: 30px\">AllowedDNSSuffixes&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : {}<\/p>\n<p style=\"padding-left: 30px\">ChildDomains&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : {}<\/p>\n<p style=\"padding-left: 30px\">ComputersContainer&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;: CN=Computers,DC=nwtraders,DC=com<\/p>\n<p style=\"padding-left: 30px\">DeletedObjectsContainer&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : CN=Deleted Objects,DC=nwtraders,DC=com<\/p>\n<p style=\"padding-left: 30px\">DistinguishedName&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : DC=nwtraders,DC=com<\/p>\n<p style=\"padding-left: 30px\">DNSRoot&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : nwtraders.com<\/p>\n<p style=\"padding-left: 30px\">DomainControllersContainer&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;: OU=Domain Controllers,DC=nwtraders,DC=com<\/p>\n<p style=\"padding-left: 30px\">DomainMode&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : Windows2008Domain<\/p>\n<p style=\"padding-left: 30px\">DomainSID&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : S-1-5-21-909705514-2746778377-2082649206<\/p>\n<p style=\"padding-left: 30px\">ForeignSecurityPrincipalsContainer : CN=ForeignSecurityPrincipals,DC=nwtraders,DC=com<\/p>\n<p style=\"padding-left: 30px\">Forest&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : nwtraders.com<\/p>\n<p style=\"padding-left: 30px\">InfrastructureMaster&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : DC1.nwtraders.com<\/p>\n<p style=\"padding-left: 30px\">LastLogonReplicationInterval&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; :<\/p>\n<p style=\"padding-left: 30px\">LinkedGroupPolicyObjects&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : {CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=nwtraders,DC=com}<\/p>\n<p style=\"padding-left: 30px\">LostAndFoundContainer&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : CN=LostAndFound,DC=nwtraders,DC=com<\/p>\n<p style=\"padding-left: 30px\">ManagedBy&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; :<\/p>\n<p style=\"padding-left: 30px\">Name&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : nwtraders<\/p>\n<p style=\"padding-left: 30px\">NetBIOSName&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : NWTRADERS<\/p>\n<p style=\"padding-left: 30px\">ObjectClass&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;: domainDNS<\/p>\n<p style=\"padding-left: 30px\">ObjectGUID&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : 0026d1fc-2e4d-4c35-96ce-b900e9d67e7c<\/p>\n<p style=\"padding-left: 30px\">ParentDomain&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; :<\/p>\n<p style=\"padding-left: 30px\">PDCEmulator&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : DC1.nwtraders.com<\/p>\n<p style=\"padding-left: 30px\">QuotasContainer&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : CN=NTDS Quotas,DC=nwtraders,DC=com<\/p>\n<p style=\"padding-left: 30px\">ReadOnlyReplicaDirectoryServers&nbsp;&nbsp;&nbsp; : {}<\/p>\n<p style=\"padding-left: 30px\">ReplicaDirectoryServers&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : {DC1.nwtraders.com}<\/p>\n<p style=\"padding-left: 30px\">RIDMaster&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : DC1.nwtraders.com<\/p>\n<p style=\"padding-left: 30px\">SubordinateReferences&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : {DC=ForestDnsZones,DC=nwtraders,DC=com, DC=DomainDnsZones,DC=nwtraders,DC=com, CN=Configuration,DC=nwtraders,DC=com}<\/p>\n<p style=\"padding-left: 30px\">SystemsContainer&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : CN=System,DC=nwtraders,DC=com<\/p>\n<p style=\"padding-left: 30px\">UsersContainer&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : CN=Users,DC=nwtraders,DC=com<\/p>\n<p>From a security perspective, you should always check the domain password policy. To do this, use <b>Get-ADDefaultDomainPasswordPolicy<\/b>. Things you want to especially pay attention to are the use of complex passwords, minimum password length, password age, and password retention. Of course, you also need to check lockout policy, too. This one is important to review closely when inheriting a new network. Here are the command and associated output:<\/p>\n<p style=\"padding-left: 30px\">[dc1]: PS C:\\&gt; Get-ADDefaultDomainPasswordPolicy<\/p>\n<p style=\"padding-left: 30px\">&nbsp;<\/p>\n<p style=\"padding-left: 30px\">ComplexityEnabled&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : True<\/p>\n<p style=\"padding-left: 30px\">DistinguishedName&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : DC=nwtraders,DC=com<\/p>\n<p style=\"padding-left: 30px\">LockoutDuration&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : 00:30:00<\/p>\n<p style=\"padding-left: 30px\">LockoutObservationWindow&nbsp;&nbsp;&nbsp; : 00:30:00<\/p>\n<p style=\"padding-left: 30px\">LockoutThreshold&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : 0<\/p>\n<p style=\"padding-left: 30px\">MaxPasswordAge&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : 42.00:00:00<\/p>\n<p style=\"padding-left: 30px\">MinPasswordAge&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : 1.00:00:00<\/p>\n<p style=\"padding-left: 30px\">MinPasswordLength&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : 7<\/p>\n<p style=\"padding-left: 30px\">objectClass&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : {domainDNS}<\/p>\n<p style=\"padding-left: 30px\">objectGuid&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : 0026d1fc-2e4d-4c35-96ce-b900e9d67e7c<\/p>\n<p style=\"padding-left: 30px\">PasswordHistoryCount&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : 24<\/p>\n<p style=\"padding-left: 30px\">ReversibleEncryptionEnabled : False<\/p>\n<p>The last major thing to check is the domain controllers themselves. To do this, use the <b>Get-ADDomainController<\/b> cmdlet. This command returns important information such as is the domain controller read-only, a global catalog server, operations master roles held, and operating system information. Here are the command and associated output:<\/p>\n<p style=\"padding-left: 30px\">&nbsp;[dc1]: PS C:\\&gt; Get-ADDomainController -Identity dc1&nbsp;<\/p>\n<p style=\"padding-left: 30px\">&nbsp;<\/p>\n<p style=\"padding-left: 30px\">ComputerObjectDN&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : CN=DC1,OU=Domain Controllers,DC=nwtraders,DC=com<\/p>\n<p style=\"padding-left: 30px\">DefaultPartition&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : DC=nwtraders,DC=com<\/p>\n<p style=\"padding-left: 30px\">Domain&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;: nwtraders.com<\/p>\n<p style=\"padding-left: 30px\">Enabled&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : True<\/p>\n<p style=\"padding-left: 30px\">Forest&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : nwtraders.com<\/p>\n<p style=\"padding-left: 30px\">HostName&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : DC1.nwtraders.com<\/p>\n<p style=\"padding-left: 30px\">InvocationId&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : b51f625f-3f60-44e7-8577-8918f7396c2a<\/p>\n<p style=\"padding-left: 30px\">IPv4Address&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : 10.0.0.1<\/p>\n<p style=\"padding-left: 30px\">IPv6Address&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; :<\/p>\n<p style=\"padding-left: 30px\">IsGlobalCatalog&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : True<\/p>\n<p style=\"padding-left: 30px\">IsReadOnly&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : False<\/p>\n<p style=\"padding-left: 30px\">LdapPort&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : 389<\/p>\n<p style=\"padding-left: 30px\">Name&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : DC1<\/p>\n<p style=\"padding-left: 30px\">NTDSSettingsObjectDN&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=nwtraders,DC=com<\/p>\n<p style=\"padding-left: 30px\">OperatingSystem&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : Windows Server 2008 R2 Enterprise<\/p>\n<p style=\"padding-left: 30px\">OperatingSystemHotfix&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; :<\/p>\n<p style=\"padding-left: 30px\">OperatingSystemServicePack : Service Pack 1<\/p>\n<p style=\"padding-left: 30px\">OperatingSystemVersion&nbsp;&nbsp;&nbsp;&nbsp; : 6.1 (7601)<\/p>\n<p style=\"padding-left: 30px\">OperationMasterRoles&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : {SchemaMaster, DomainNamingMaster, PDCEmulator, RIDMaster&#8230;}<\/p>\n<p style=\"padding-left: 30px\">Partitions&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : {DC=ForestDnsZones,DC=nwtraders,DC=com, DC=DomainDnsZones,DC=nwtraders,DC=com, CN=Schema,CN=Configuration,DC=nwtraders,DC=com, CN=Configuration,DC=nwtraders,DC=com&#8230;}<\/p>\n<p style=\"padding-left: 30px\">ServerObjectDN&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=nwtraders,DC=com<\/p>\n<p style=\"padding-left: 30px\">ServerObjectGuid&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : 5ae1fd0e-bc2f-42a7-af62-24377114e03d<\/p>\n<p style=\"padding-left: 30px\">Site&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : Default-First-Site-Name<\/p>\n<p style=\"padding-left: 30px\">SslPort&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; : 636<\/p>\n<p>BV, you asked for a report. Now that we know what type of information to expect and how to obtain it, the report is as easy as redirecting the output to a text file. The associated commands are shown here.<\/p>\n<p style=\"padding-left: 30px\">Get-ADForest &gt;&gt; \\\\dc1\\shared\\AD_Doc.txt<\/p>\n<p style=\"padding-left: 30px\">Get-ADDomain &gt;&gt; \\\\dc1\\shared\\AD_Doc.txt<\/p>\n<p style=\"padding-left: 30px\">Get-ADDefaultDomainPasswordPolicy &gt;&gt; \\\\dc1\\shared\\AD_Doc.txt<\/p>\n<p style=\"padding-left: 30px\">Get-ADDomainController -Identity dc1 &gt;&gt;\\\\dc1\\shared\\AD_Doc.txt<\/p>\n<p>The file as viewed in Notepad is shown here.<\/p>\n<p><a href=\"https:\/\/devblogs.microsoft.com\/wp-content\/uploads\/sites\/29\/2019\/02\/2364.hsg-10-3-11-2.png\"><img decoding=\"async\" style=\"border: 0px\" title=\"Image of file viewed in Notepad\" alt=\"Image of file viewed in Notepad\" src=\"https:\/\/devblogs.microsoft.com\/wp-content\/uploads\/sites\/29\/2019\/02\/2364.hsg-10-3-11-2.png\" \/><\/a><\/p>\n<p>&nbsp;<\/p>\n<p>Well, that is all there is to quickly documenting a new domain and forest. Join me tomorrow for the quick way to create and manipulate user objects in Active Directory.<\/p>\n<p>I invite you to follow me on <a href=\"http:\/\/bit.ly\/scriptingguystwitter\" target=\"_blank\">Twitter<\/a> and <a href=\"http:\/\/bit.ly\/scriptingguysfacebook\">Facebook<\/a>. If you have any questions, send email to me at <a href=\"mailto:scripter@microsoft.com\" target=\"_blank\">scripter@microsoft.com<\/a>, or post your questions on the <a href=\"http:\/\/bit.ly\/scriptingforum\" target=\"_blank\">Official Scripting Guys Forum<\/a>. See you tomorrow. Until then, peace.<\/p>\n<p><b>Ed Wilson, Microsoft Scripting Guy<\/b><\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Summary: Learn how to use Windows PowerShell and Active Directory cmdlets to document your Active Directory configuration. &nbsp; Hey, Scripting Guy! I recently inherited an Active Directory. By this, I mean the network administrator quit. He did not give any notice, and it appears he took any documentation he may have created with him. He [&hellip;]<\/p>\n","protected":false},"author":595,"featured_media":87096,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[3,4,45],"class_list":["post-12511","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-scripting","tag-scripting-guy","tag-scripting-techniques","tag-windows-powershell"],"acf":[],"blog_post_summary":"<p>Summary: Learn how to use Windows PowerShell and Active Directory cmdlets to document your Active Directory configuration. &nbsp; Hey, Scripting Guy! I recently inherited an Active Directory. By this, I mean the network administrator quit. He did not give any notice, and it appears he took any documentation he may have created with him. He [&hellip;]<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts\/12511","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/users\/595"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/comments?post=12511"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts\/12511\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/media\/87096"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/media?parent=12511"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/categories?post=12511"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/tags?post=12511"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}