Get an Active Directory forest.

      Get-ADForest [-Current {LocalComputer | LoggedOnUser}]
         [-AuthType {Negotiate | Basic}] [-Credential PSCredential]
            [-Server string] [CommonParameters]

      Get-ADForest [-Identity] ADForest
         [-AuthType {Negotiate | Basic}] [-Credential PSCredential]
            [-Server string] [CommonParameters]

   -AuthType {Negotiate | Basic}
       The authentication method to use: Negotiate (or 0), Basic (or 1)
       A Secure Sockets Layer (SSL) connection is required for Basic authentication.

   -Credential PSCredential
       The user account credentials to use to perform this task.
       The default credentials are those of the currently logged on user unless the
       cmdlet is run from an Active Directory PowerShell provider drive.
       If the cmdlet is run from such a provider drive, the account associated with the drive is the default.

       Type a user name, such as "User64" or "Domain64\User64" or specify a
       PSCredential object such as one generated by Get-Credential 

       If a user name is specified, the cmdlet will prompt for a password.

   -Current ADCurrentForestType
       Whether to return the domain of the local computer or the current logged on user (CLU).
       Possible values:
          LocalComputer or 0
          LoggedOnUser  or 1

       Return a discoverable domain controller that meets the conditions specified by the
       cmdlet parameters. To get a domain controller by using the discovery mechanism of
       DCLocator, use -Discover. This parameter also requires search criteria to be set by
       setting parameters such as Service, SiteName, DomainName, NextClosestSite, AvoidSelf, and ForceDiscover.

         e.g. To get a live DC that has Web Services enabled in a specific site with name "RODC-Site"

         Get-ADDomainController -Discover -Services ADWS -SiteName RODC-Site

   -Identity ADForest
       An AD Forest object.
       This may be given as:
          Fully qualified domain name:
          GUID (objectGUID): 539c5d2e-e75d-4d20-8a42-033d96465f68
          DNS host name:
          NetBIOS name:      SS64

       The cmdlet searches the default naming context or partition to find the object.
       If two or more objects are found, the cmdlet returns a non-terminating error.

       The ADForest object may also be passed through the pipeline or set via a variable.

   -Server string
       The AD Domain Services instance to connect to, this may be a Fully qualified domain name,
       or NetBIOS name, Fully qualified directory server name (with or without port number.)

Get-ADForest gets the AD forest specified by the -Identity or -Current parameters.

The -Identity parameter specifies the AD forest to get. Identify a forest by its fully qualified domain name (FQDN), DNS host name, or NetBIOS name or set the parameter to a forest object variable or through the pipeline.

When the -Current parameter is set to LocalComputer or LoggedOnUser, the cmdlet can also use the -Server and -Credential parameters to determine the domain of the forest.

If the -Server parameter is specified it must be for a server that resides in the domain of the LocalComputer or LoggedOnUser. By default the domain is set to the domain of the LocalComputer or LoggedOnUser and a server is located in this domain. The credentials of the currently logged on user are used to get the domain.


Get forest information for the current logged on users forest:

PS C:\> Get-ADForest

Get the forest information of the forest:

PS C:\> Get-ADForest

Get the forest information of the current local computer's forest:

PS C:\> Get-ADForest -Current LocalComputer

“The world's a forest, in which all lose their way; though by a different path each goes astray” ~ George Villiers

Related PowerShell Cmdlets

Set-adDomain - Modify an AD domain.
Set-adDomainMode - Set the domain functional level for an AD domain.

Copyright © 1999-2023
Some rights reserved