We use the PowerShell Active Directory module cmdlets for our applications and wanted to share a tip if you’re running the Get-ADDomain cmdlet using the default IIS application pool identity. Since this identity is actually a Windows Virtual Account, you cannot get to a domain using Get-ADDomain based on the application identity since there is no IIS AppPool domain in AD. You will see an error like the following with the default behavior.

[sourcecode language=”powershell”]Get-ADDomain : Cannot find an object with identity: ‘IIS APPPOOL’ under: ‘DC=example,DC=local'[/sourcecode]

Use the local computer for the current scope and the Get-ADDomain cmdlet will work properly by using the current computer’s domain.

[sourcecode language=”powershell”]Get-ADDomain -Current LocalComputer[/sourcecode]