Sometimes you would like to run a query against all DC’s in your forest. For example today – I was looking a specific error on the System Event Logs.
Here is a quick way to get all the DC's in the forest adapted from Marcus Oh’s blog.
# ==============================================================================================
# NAME: Get-AllDomainControllers
#
# AUTHOR: Maish Saidel-Keesing
# DATE : 22/06/2010
#
# COMMENT: Will collect all Domain controllers, set the list as the $alldcs variable
# and output as list
#
# ==============================================================================================
function Get-AllDomainControllers{
$myDomain = [System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()
$script:alldcs = $myDomain.Forest.Domains | ForEach-Object { $_.DomainControllers } | `
Select-Object -Property Name | Sort-Object -Property Name
$alldcs
}
### Entry point to script
Get-AllDomainControllers
From there to get the event I wanted was easy
$alldcs | ForEach-Object {
Get-EventLog -LogName System -ComputerName $_.Name -source KDC -EntryType Error -Newest 10 | where {$_.EventID -eq 27} | select-object TimeGenerated,MachineName,message
}