One-Liner: Use PowerShell to Verify Domain Controller Location

It's generally a bad thing if a domain controller isn't in the domain controllers OU. For example, the default domain controllers policy may not be applied.

Here's a cheeky one-liner to check you're good:


Get-ADDomainController -Filter * | ForEach-Object {

    if ($_.ComputerObjectDN -notmatch "CN=$($_.Name),OU=Domain COntrollers,$($_.DefaultPartition)") {

        Write-Output "$($_.Name) computer object DN set to $($_.ComputerObjectDN)"





Comments (1)

Comments are closed.

Skip to main content