One-Liner: Use PowerShell to Verify Domain Controller Location

It's generally a bad thing if a domain controller isn't in the domain controllers OU. For example, the default domain controllers policy may not be applied.

Here's a cheeky one-liner to check you're good:

 

 
Get-ADDomainController -Filter * | ForEach-Object {

    if ($_.ComputerObjectDN -notmatch "CN=$($_.Name),OU=Domain COntrollers,$($_.DefaultPartition)") {

        Write-Output "$($_.Name) computer object DN set to $($_.ComputerObjectDN)"

    }
}

 

Capture172