In an Active Directory environment with multiple domains and forests, it can be hard to distinguish the trees from the forest. As authentication is often per forest, an easy way to list the domains per forest will be welcome.

Alas, the only reliable way to list the domains in a forest is to use PowerShell.

For this recipe, we'll need one of the following:

• A domain controller running Windows Server 2012 with Desktop Experience (or a newer version of Windows Server)
• A domain-joined member server running Windows Server 2012 with Desktop Experience (or a newer version of Windows Server) with the Active Directory module for Windows PowerShell installed
• A domain-joined device running Windows 8.1 (or a newer version of Windows) with the Active Directory module for Windows PowerShell installed

To install the Active Directory module for Windows PowerShell on a Windows Server with Desktop Experience, follow these steps:

1. Open Server Manager ( servermanager.exe).
2. In the top gray pane, click Manage.
3. Select Add Roles and Features from the context menu.
4. In Add Roles and Features Wizard, click Next > until you reach the Select Features screen.
5. On the Select Features screen, scroll down in the list of features until you reach Remote Server Administration Tools.
6. Expand Remote Server Administration Tools.

7. Expand Role Administration Tools.
8. Expand AD DS and AD LDS Tools.
9. Select the Active Directory module for Windows PowerShell feature:

10. Click Next > until you reach the Confirm installation selections page.
11. Click Install.
12. Click Close.

To install the Active Directory module for Windows PowerShell on a Server Core installation of Windows Server, run these two commands:

PowerShell
Install-WindowsFeature RSAT-AD-PowerShell

To install the Active Directory module for Windows PowerShell on a Windows device, download the separately available Remote Server Administration Tools (RSAT) package for your version of Windows. After you install the package, all the RSAT will be available, including the Active Directory module for Windows PowerShell.

To list all the domains in a forest, use an account that is a member of the Enterprise Admins group in Active Directory.

On the system, start an elevated Windows PowerShell window or Windows PowerShell ISE window using the domain credentials for any account.

Then, type the following lines of PowerShell:

Import-Module ActiveDirectory
Get-ADForest | select domains

On the first line, we verify that the Active Directory module for Windows PowerShell is installed, correctly configured, and ready.

On the second line, we use the Get-ADForest cmdlet from the Active Directory module to get the information for the current Active Directory forest. Then, we pipe the output of that command to select only the domains, since that's what we're after.

You can now make the best choices for implementing new domains and/or forests, and/or decommissioning domains and/or forests.