Get current computer's distinguished name in powershell without using the ActiveDirectory module

Question

I have a script that I need to find the full Distinguished name (CN=MyComputer, OU=Computers, DC=vw, DC=local) of the computer it is running on, however I can not guarantee that the ActiveDirectory module will be available on all computers that this script will be run on. Is there a way to get the current computer's full Distinguished name without using Get-ADComputer $Env:COMPUTERNAME?

---

Just in case this is a XY problem, what I am trying to do is move the computer to a specific OU, but I need a way to get the ASDI entry for the computer I am running on.

[ADSI]$computer = ("LDAP://" + $localDN)
if($Production)
{
    [ADSI]$destination = 'LDAP://ou=Production,ou=Computers,ou=VetWeb,dc=vw,dc=local'
    $computer.MoveTo($destination);
}
else
{
    [ADSI]$destination = 'LDAP://ou=Test,ou=Computers,ou=VetWeb,dc=vw,dc=local'
    $computer.MoveTo($destination);
}

Answer 1

The ADSystemInfo COM object will work and does not require any additional modules or initiate any LDAP searches

[__ComObject].InvokeMember('ComputerName', 'GetProperty', $null, (New-Object -ComObject ADSystemInfo), $null)

Answer 2

Because sometimes the simplest answer is the best

$(Get-ADComputer -Identity $env:COMPUTERNAME).DistinguishedName

I'm sure the command options have evolved across the years, but for someone trying to get the DistinguishedName in a batch or remote script, this may be beneficial.

Answer 3

Get-ItemPropertyValue -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\DataStore\Machine\0" -Name "DNName"

Answer 4

Try something like this:

$de = New-Object System.DirectoryServices.DirectoryEntry
$ds = New-Object System.DirectoryServices.DirectorySearcher
$ds.SearchRoot = $de
$ds.Filter = "(&(objectCategory=computer)(objectClass=computer)(samAccountName=$($env:ComputerName)$))"
$ds.SearchScope = "SubTree"

$r = $ds.FindOne()

$r.Path

Answer 5

The only sure way I know to find the DistinguishedName of the computer is the following which must be run as an administrator:

gpresult /r /scope:computer | find "CN="

Answer 6

Try This...Easy to understand and easy to remember as well.....

$cn = Read-Host "Enter the ComputerName"

$cnObj = Get-ADComputer $cn

$ou = $cnObj.distinguishedname

$ou

Answer 7

Be careful with the ADSIsearcher method. If you have two computers with the same name in different domains in the same forest (the issue that caused me to perform the search that returned this article), this method is not guaranteed to return the correct one. This method will simply search in AD for a computer with the name returned by the ComputerName Environment Variable. You need to be sure to cross-reference the domain to which the computer is joined if you are in an environment with multiple domains in a forest.

Moderator, this should really be a comment to the answer by Shay Levy, but I cannot make a comment because I am new.

Answer 8

The cmdlet Get-ADComputer (PS ver 2.0) can help.

PS:\> $(Get-ADComputer 'mycomputer').distinguishedName

The name of the computer should be the short name, like $env:COMPUTERNAME.

Answer 9

Try this (requires v2):

$filter = "(&(objectCategory=computer)(objectClass=computer)(cn=$env:COMPUTERNAME))"
([adsisearcher]$filter).FindOne().Properties.distinguishedname

Answer 10

I think you can get it from the environment by using:

$computer = gc env:computername

Or is this exactly what you don't want? I'm terrible with powershell.