Technical Article

PowerShell to search for domain Computer objects


When a Cluster is created in Windows, the process requires the creation of new computer objects in the Active Directiry (AD).  The easiest method to create the cluster is log in as an account that has elevated (admin OR create, alter, delete) rights on the OU for Computers.  There is an alternative however which would make Domain Admins much happier, especially if the DBA typically does not have rights to the AD.

The alternative to elevated permissions is to request that the admins pre-create the copmuter objects within the Active Directory.  This way when the Cluster setup or the subsequent SQL Server Cluster setups run, they see their computer objects already existing and waiting to be activated.

In a previous article [Search For: PowerShell to Pre-Create domain objects for SQL Server Cluster] I covered how a  Domain Admin could run a PowerShell script to create a new OU for the SQL Clusters (creating a new OU is an organizational choice, this is not required), and then create the pre-determined computer objects within that OU.  This step could also be done by hand without PowerShell, with the guarantee that the computer objects are created and then immediately "disabled" otherwise the cluster setups will NOT be able to see them as available.  It is also critical that the security on the new objects be set manually (I was unable to elegantly script a permissions change process), to allow the main cluster object full controll on subsequent computer objects created on the cluster.

But lets assume that all the Active Directory creation was handled already by someone else.  And before you begin your cluster setups, you want to verify that the objects you defined, requested, and rely on have already been created.

Here is the script to query Active Directory as a non-elevated member.  No special permissions are required.  The assumption is that the login used to fire the query is a member of the active directlry the cluster computer objects reside in.

WHO:   Fahim Ahmad DBA Manager 
WHEN:  2013-04-15
WHY:   Query AD Computer objects
WHERE: (DBAFahim a t g m a i l . c o m)

    # BEGIN USER INPUT //////////////////////////////////////////////
$SearchComputerName = "RAL" 
    # END USER INPUT ////////////////////////////////////////////////

# VERIFY the specific computer now exists in the desired OU
$computers = ([adsisearcher]"ObjectCategory=computer")
$FoundNames = $
$FoundDistinguishedNames = $

    if ($FoundNames)
        foreach($FoundName in $FoundNames)
            if ($SearchComputerName -eq $FoundName)
                $found_fl =1
                Write-Host "FOUND  :: "$FoundName -foregroundcolor green

        foreach($DistinguishedName in $FoundDistinguishedNames)
                Write-Host $DistinguishedName
    if (!($found_fl))
        Write-Host "FAILURE :: [$SearchComputerName] not found"-Backgroundcolor RED