Listing Forwarders for all domain DNS Servers

Anyone who's managed Active Directory long enough can tell you that one of the most (if not the most) important thing to a healthy AD is healthy DNS.  While forwarders won't likely be a huge cause for AD problems, it's still nice to make sure your servers are configured in a consistent manner, and since forwarders can be set per DNS server, you'd have to log in to each and every one to verify the settings on it.  Fortunately, PowerShell can help (but only if you're running Windows 8/Server 2012 or newer; don't worry, though, the target servers can be 2008 R2, though it does have to be Microsoft DNS (sorry, BIND users!)).

Note that if you supply the name of your domain, you should get back a list of IPs of all of your AD/DNS servers.  If this is not the case, then you likely have bigger issues with DNS to resolve first.  If you for some reason separate your AD and DNS servers, then you may have to do something else to get the list of servers.  Also note that my idea of having all forwarders be the same is not necessarily a one-size-fits-all; there are times and places when having them be different for some servers makes sense.  Even still, being able to quickly and easily document these settings could be a huge time saver, especially if you have a large environment.

Forwarders aren't the only thing you can get with Get-DNSServer; you can see just about any setting on the server with that.  I recommend firing it off by itself against a single DNS server to see what all it gives you, and you could easily modify this snippet to document just about any setting in there that you want.

EDIT 5-18-2015: I've modified the part of the script that gets the name servers and makes it actually capture the name servers and not just assume that the A records for the domain will be a full list of name servers.

Simple Network Host Scan in PowerShell

This is very crass and simplified, and frankly, other programs (such as Angry IP and (my personal favorite) NMap) do a much, much better job; however, if you need to do a scan in a script for whatever reason, this may do the trick.  It would be very easy to make any changes to this you'd like, such as leaving out DNS resolution, or swapping it for a WMI query, or adding just about anything else you want.  This is just a quick, dirty example, and as such, it doesn't have a lot of polish.  (Note: as-is, this code requires Windows 8 due to Resolve-DnsName not being included in prior versions)

If you want to run this on Windows 7, here are two methods of resolving DNS names that work:

Using .NET methods (my preference):
Windows PowerShell One Liner: Name to IP Address

Using nslookup (more work to get the output you want, but always a good tool):
PowerShell v2 And DNS Queries