1

When looking up an account using net user jsmith /domain it will display all the current info about a user and it's password. When I look it up using powershell with Get-ADUser , the information is not accurate. I am guessing this is because they are pointing to a different domain controller, and one did not catch up yet?

Question is: What domain controller is net user using? So that I may make Get-ADUser use the same one.

Better yet, how can I find the fastest domain controller?

Improve this question
9
  • I think net user would be using the domain controller that you would see from the command set logonserver or set log for short. There is not fastest domain controller really. All depends on where the initial change is made and the deisng of your replication sites Commented Feb 10, 2015 at 18:15
  • Any way to find out what controller that is? Commented Feb 10, 2015 at 18:28
  • I was trying to tell you. The output of the cmd set log should tell you that. Commented Feb 10, 2015 at 19:10
  • Strange that this worked with command prompt but not in powershell. Any idea why? Commented Feb 10, 2015 at 19:16
  • 1
    In short because it is not a powershell command. Set in powershell is an alias for Set-Variable. In PowerShell $env:LOGONSERVER would be a better fit. Didnt occur to me to suggest it at first Commented Feb 10, 2015 at 19:21

2 Answers 2

Reset to default
1

So I was wrong about my assumption see Robert's Answer. Using that knowledge properly I can salvage this answer.

So, If you want cohesion between the net user and Get-Aduser you could try something like this:

$pdc = (((nltest /dclist:domainname | ?{$_ -match "\[PDC\]"}).Trim()) -Split '\s')[0]
Get-ADUser -Identity someguy -Server $pdc

As for picking the fastest domain controller your computer should have already been told which controller is appropriate for it to use. Changes you make in the same active directory site should replicate quickly. If you are making changes across AD sites then you will have to wait as long as you have set in your site to site replication settings.

Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

I am pretty sure Get-ADUser uses the same env var (LOGONSERVER) as net user... It certainly does not randomly select one for each command from DNS, that would break all Hell loose.
@RobertRossmann I would think that to be correct. Then my replication comments could be of use.
Well the problem kind of does not compute for me... If we agree that both commands use the same DC, why would replication be of any concern? If replication is of no concern then why by the nine divines is the information not identical?
@RobertRossmann In hindsight you are right. I was trying to figure out a reason why the two would be different using the op's assumtions for my basis. After reading your comment I realize my code is redundant.
Well, turns out we were both wrong - net user does not use the logonserver.:) It uses the primary domain controller - see my answer below if you are interested.
1

The net user command, when given the /domain switch, operates on the Primary Domain Controller, which may not necessarily be your current logon server which, on the other hand, is used by Get-ADUser.

And the reason why you are seeing different information is that replication of this change has not occured yet between these two.

  • To see your logon server, in cmd, do set logonserver.
  • To see your primary domain controller (PDC), do nltest /dclist:example.org (nltest requires some Active Directory tools to be installed, see the docs)
Improve this answer

2 Comments

I saw that put ignored it since true PDC's don't exist anymore. That is obviously not completely correct. I tried to salvage my answer with your findings. Good work.
Well, when I ran that command, it listed all the domain controllers, and there was one in the list that had [PDC] next to it. Strange thing is that this was the exact domain controller I was getting my data from, but it still is not updated and shows inaccurate info. Is there some caching going on or maybe just some maintenance? Also, the command should be nltest /dclist:example.org -- you have an extra space.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.