Get current computer's distinguished name in powershell without using the ActiveDirectory module

Asked 21/6, 2012 at 20:30 Answered 11/3, 2024 at 15:28

I have a script that I need to find the full Distinguished name (CN=MyComputer, OU=Computers, DC=vw, DC=local) of the computer it is running on, however I can not guarantee that the ActiveDirectory module will be available on all computers that this script will be run on. Is there a way to get the current computer's full Distinguished name without using Get-ADComputer $Env:COMPUTERNAME?

Just in case this is a XY problem, what I am trying to do is move the computer to a specific OU, but I need a way to get the ASDI entry for the computer I am running on.

[ADSI]$computer = ("LDAP://" + $localDN)
if($Production)
{
    [ADSI]$destination = 'LDAP://ou=Production,ou=Computers,ou=VetWeb,dc=vw,dc=local'
    $computer.MoveTo($destination);
}
else
{
    [ADSI]$destination = 'LDAP://ou=Test,ou=Computers,ou=VetWeb,dc=vw,dc=local'
    $computer.MoveTo($destination);
}

Valaria answered 21/6, 2012 at 20:30 Comment(0)

Try this (requires v2):

$filter = "(&(objectCategory=computer)(objectClass=computer)(cn=$env:COMPUTERNAME))"
([adsisearcher]$filter).FindOne().Properties.distinguishedname

Loud answered 21/6, 2012 at 21:22 Comment(4)

Thank you, that one works perfectly. In fact I don't even need the Properties.distingushedname, I just changed the second line to $computer = [ADSI](([adsisearcher]$filter).FindOne().Path) and I could use it with my MoveTo command. – Valaria 21/6, 2012 at 21:27

Thanks. You could also get the computer object with: ([adsisearcher]$filter).FindOne().GetDirectoryEntry() – Loud 21/6, 2012 at 21:37

This returned null for me. – Pomeranian 16/1, 2017 at 4:54

These property names appear to be case-sensitive, so for example distinguishedname works, but not distinguishedName – Mailbag 15/2, 2024 at 14:14

Be careful with the ADSIsearcher method. If you have two computers with the same name in different domains in the same forest (the issue that caused me to perform the search that returned this article), this method is not guaranteed to return the correct one. This method will simply search in AD for a computer with the name returned by the ComputerName Environment Variable. You need to be sure to cross-reference the domain to which the computer is joined if you are in an environment with multiple domains in a forest.

Moderator, this should really be a comment to the answer by Shay Levy, but I cannot make a comment because I am new.

Syncretize answered 31/1, 2014 at 4:28 Comment(1)

Welcome on board. Once you reach 50 reputation you will be able to comment everywhere. Thanks for the comment. – Chifforobe 31/1, 2014 at 4:50

The cmdlet Get-ADComputer (PS ver 2.0) can help.

PS:\> $(Get-ADComputer 'mycomputer').distinguishedName

The name of the computer should be the short name, like $env:COMPUTERNAME.

Foran answered 14/5, 2013 at 8:43 Comment(1)

FYI: requires RSAT on Windows 7 – Subdivide 5/2, 2016 at 15:35

The only sure way I know to find the DistinguishedName of the computer is the following which must be run as an administrator:

gpresult /r /scope:computer | find "CN="

Gathering answered 14/7, 2018 at 19:48 Comment(0)

Try something like this:

$de = New-Object System.DirectoryServices.DirectoryEntry
$ds = New-Object System.DirectoryServices.DirectorySearcher
$ds.SearchRoot = $de
$ds.Filter = "(&(objectCategory=computer)(objectClass=computer)(samAccountName=$($env:ComputerName)$))"
$ds.SearchScope = "SubTree"

$r = $ds.FindOne()

$r.Path

Flatfooted answered 21/6, 2012 at 20:51 Comment(2)

I try it but $r is null after the FindOne(), FindAll() also returns no results. The filter I get after variable expansion is (&(objectCategory=computer)(objectClass=computer)(samAccountName=(VWDEV)$)) does that look correct to you? I am not fully up to speed on LDAP queires but it seems odd to me to have a parenthesis between the computer name and the $ – Valaria 21/6, 2012 at 21:7

No, there shouldn't be parens around VWDEV. Change the filter to "(&(objectCategory=computer)(objectClass=computer)(samAccountName=$($env:ComputerName)$))" – Flatfooted 21/6, 2012 at 23:49

Try This...Easy to understand and easy to remember as well.....

$cn = Read-Host "Enter the ComputerName"

$cnObj = Get-ADComputer $cn

$ou = $cnObj.distinguishedname

$ou

Oliverolivera answered 9/5, 2014 at 6:39 Comment(2)

Isn't Get-ADComputer part of the active directory module which may or may not be installed on the system (the entire point of the question is to have a way that will always work and does not rely on "optional" modules) – Valaria 9/5, 2014 at 13:34

@scott-chamberlain The module doesn't necessarily need to be installed. You can use implicit-remoting technique in PS. This way all cmdlets of ActiveDirectory module will work as if they are locally installed on your PC. Read More here: TechTutsOnline – Oliverolivera 17/8, 2018 at 5:39

Get-ItemPropertyValue -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\DataStore\Machine\0" -Name "DNName"

Larry answered 16/11, 2019 at 17:30 Comment(2)

Why go to all that trouble rather than running this get-computerinfo | select -Property csname? – Wichman 17/11, 2019 at 7:1

This also works and doesn't have the weird '0' part which feels like one day could become e.g. '1' :)

Get-ItemPropertyValue -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine" -Name "Distinguished-Name"

– Dworman 18/4, 2024 at 8:4

Because sometimes the simplest answer is the best

$(Get-ADComputer -Identity $env:COMPUTERNAME).DistinguishedName

I'm sure the command options have evolved across the years, but for someone trying to get the DistinguishedName in a batch or remote script, this may be beneficial.

Kravits answered 20/7, 2023 at 19:38 Comment(0)

The ADSystemInfo COM object will work and does not require any additional modules or initiate any LDAP searches

[__ComObject].InvokeMember('ComputerName', 'GetProperty', $null, (New-Object -ComObject ADSystemInfo), $null)

Dworman answered 11/3, 2024 at 15:28 Comment(0)

-1

I think you can get it from the environment by using:

$computer = gc env:computername

Or is this exactly what you don't want? I'm terrible with powershell.

Amputate answered 21/6, 2012 at 20:34 Comment(1)

No that is the computer's common name, I need its distinguished name, I need "CN=MyComputer, DC=example,DC=com", your answer just returns "MyComputer" – Valaria 21/6, 2012 at 20:36

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags