Learn about Windows PowerShell
Summary: Microsoft Scripting Guy, Ed Wilson, talks about using Windows PowerShell to query the Active Directory configuration context to return DHCP servers.
Microsoft Scripting Guy, Ed Wilson, is here. One of the cool things about Windows Server 2012 and Windows 8 is the numerous cmdlets and functions available. After installing the Remote Server Admin Tools (RSAT) on Windows 8, all the administrator Windows PowerShell modules become available. Therefore, in addition to just having DHCP client cmdlets and functions, I also have the DHCP server cmdlets and functions available as well.
Ok, so the first thing I need to do is to figure out where DHCP servers reside in Active Directory Domain Services (AD DS). I knew they were not in the default naming context, so I figured they would be in the configuration naming context. The tool I use when looking around at AD DS is ADSI Edit. As it turned out, it was rather obvious. I am looking for a service, and the service is Networking. Here is a screenshot of ADSI Edit illustrating this container.
Now that I know where the DHCP servers reside in the AD DS infrastructure, I can easily query for them. To do this, I use the Get-ADOObject cmdlet from the ActiveDirectory module that becomes available on my computer running Windows 8 after I have Remote Server Administration Tools (RSAT) installed. Because I am using Windows PowerShell 3.0, I do not need to first import the ActiveDirectory module. It loads automatically upon first use of the cmdlet. But, if I know I am going to use it, then I generally go ahead and load the module. Here is the command:
Now I need to query the configuration naming context. To do this, I use the –SearchBase parameter of the Get-ADOObject cmdlet. Here is the parameter I use:
If I only use the Get-ADOObject cmdlet with the configuration search base, it returns a lot of information. This is definitely a place where my Filter Left edict should firmly be in place. Now, I can write a LDAP Dialect query just as well as the next Microsoft Scripting Guy, but hey, using the plain old –Filter parameter works just as well and is easier to understand. When I looked up the location of DHCP servers in Active Directory via ADSI Edit, I did not just find the container and leave it at that. No, I also paid attention to the value under the Class column because it informs me the appropriate value to use in my filter for the ObjectClass attribute. In this case, once again, it makes sense; I need the DHCPClass class of objects. Here is that part of the query:
-Filter "objectclass -eq 'dhcpclass'
Now, I also know that I am not interested in the DHCPRoot container because it does not contain names of DHCP servers. Therefore, I add an exclusion to my filter by using the –AND operator. Here is the exclusion to filter out the DHCPRoot container.
-AND Name -ne 'dhcproot'"
The complete filter I use for the –Filter parameter appears here.
-Filter "objectclass -eq 'dhcpclass' -AND Name -ne 'dhcproot'"
That is it. The entire Get-ADObject command appears here (this is a single line that wraps in the blog. I have not added any line continuation characters to the command).
Get-ADObject -SearchBase "cn=configuration,dc=iammred,dc=net" -Filter "objectclass -eq 'dhcpclass' -AND Name -ne 'dhcproot'"
On my computer, when I run the command, the following appears.
14:42 C:\> Get-ADObject -SearchBase "cn=configuration,dc=iammred,dc=net" -Filter "obj
ectclass -eq 'dhcpclass' -AND Name -ne 'dhcproot'"
DistinguishedName Name ObjectClass ObjectGUID
----------------- ---- ----------- ----------
CN=wds1.iammred.ne... wds1.iammred.net dHCPClass 0afcbc79-4268-4a8...
Once I analyze the output, I see that I am only interested in the value of the Name property. I can use the Select-Object cmdlet to return only the name property, as shown here.
15:14 C:\> Get-ADObject -SearchBase "cn=configuration,dc=iammred,dc=net" -Filter "o
ectclass -eq 'dhcpclass' -AND Name -ne 'dhcproot'" | select name
I can also use the group and dot technique because Windows PowerShell 3.0 does the automatic foreach and will, therefore, return multiple DHCP server names here. This technique is shown here.
15:20 C:\> (Get-ADObject -SearchBase "cn=configuration,dc=iammred,dc=net" -Filter "ob
jectclass -eq 'dhcpclass' -AND Name -ne 'dhcproot'").name
Why is this such a big deal? Dude, take a look at what is involved in finding authorized DHCP servers via VBScript—there are many such scripts on the Internet, but here is one from the Scripting Guys Script Repository—this script is a five-star favorite!
That is all there is to querying Active Directory Domain Services for authorized DHCP servers. Join me tomorrow when I will talk about more cool Windows PowerShell stuff.
I invite you to follow me on Twitter and Facebook. If you have any questions, send email to me at email@example.com, or post your questions on the Official Scripting Guys Forum. See you tomorrow. Until then, peace.
Ed Wilson, Microsoft Scripting Guy
PUH! This is another easy to understand and directly useful oneliner!
And it even works on Windows 7!
Nice & easy :-)
But the Screenshot does Not Look like ADSI...have a look
I love the way you reskinned ADSI Edit in your screenshot :-)
@K_Schulte yes, todays code will work on any computer that you can install the ActiveDirectory module from the RSAT tools ... Windows 7, WIndows 2008R2, Windows 8, and Windows Server 2012. With implicit remoting, you could also use this with PowerShell 2.0 from Windows XP or Windows Server 2003.
@Eric Berg Thank you for catching this. When I did the ADSI Edit screenshot, I named it 1-10-12-1 instead of 1-10-13-1, and therefore when the blog was posted by my editor, somehow it picked up an old screenshot :-(
@Maarten Piederiet LOL, I just renamed the image, and my editor it taking a look as we speak -- virtually of course.
One thing: when you run this command, it also picks up stale DHCP objects (if the administrator has not cleaned it up prior)CNF:0765a758-01b6-499a-ae74-528f2e649294So you need to filter the command to exclude the CNF objects too.
When I attempt to run the msu on the Win 7 admin mox it complains "the update is not applicable to your computer.
from powershell 4.0 can use Get-DhcpServerInDC for this
handy one liner... and thanks for that. Also as K_Schulte has pointed, this has nothing to do with the 1st paragraph glorifying the greatness of Server 2012 and win8. the command works just as well in Win 7 /any machine that can import AD modules... we
are not even touching any of the DHCP PS server cmdlets... not sure why it was mentioned in the topic.
Have to give it to Ed on not just giving out the one liner but on revealing on how he got to it by cleaning out the parts we don't need.