Support Multiple AD Domains with PowerShell

Since my last post, I have started a new job and had a beautiful baby girl that has kept me pretty busy.  At my new job I am responsible for managing Active Directory about 20-30 different domains spread out over 5 forests.

I wanted to be able to manage all the domains remotely without logging on to each domain separately and also wanted to be able to automate many AD tasks that were being done manually.

I created a folder structure to help me keep things organized and made it easy for me to share with my other team members.  All of my scripts are based on this structure:

  • My Documents
    • PowerShell
      • Credentials
      • InputFiles
      • Results
      • ScriptFiles

The first four functions that I wrote store the general information for all the Forest/Domains that I now support, store my credentials for all the domains, load the credentials, and the function to switch between the domains.  I placed these functions in a file called, StoredFunctions.ps1.

The first function, StoredDomains, just holds the FQDN in variables for the domains.

The second function, StoredCredentials, is used to stored credentials for the domains.  It will store them in encrypted XML files, based off the machine key.

The next function, LogIn, loads the credentials from each of the encrypted XML files for each of the domains.

The last function, SelectDomain, is used as the switching mechanism to change between all the different domains.

Once you have your functions updated and saved, you can easily call them from any script.  When creating a new script, I call these functions:

To start using these functions, you will need to save your credentials.  Type

 . StoreCredentials

This will prompt you for your userid/password.  After all of your credentials are saved, you will be able to call and log in to any of your saved domains by calling the function.

. SelectDomain

Or

. SelectDomain Domain1

As I have time, I will start to add more of the PowerShell scripts that I have created over the last 8 months, that includes automating Forest/Domain Inventory / Domain Controller Inventory, exporting to data to Excel and making it pretty, searching for files across every DC (Which can be modify to search any amount of servers), and a patching report (in the event you don’t have SCCM or better enterprise solution)

Leave a Reply

Your email address will not be published. Required fields are marked *