Reputation: 441
How to switch to another domain and get-aduser
I am on a server under the DomainA. I can use Get-ADUser and it's working fine.
Now there is a trust built between DomainA and DomainB. I would like to switch to DomainB and get all the users that's in OU=New Users, DC=DomainB, DC=com.
I tried these but I get an error.
$FetchDomainB = Get-ADUser -SearchBase "OU=New Users, DC=DomainB, DC=com"
This asks me for Filter and i put in emailadress then it throws an error saying "Supplied distinguished name below to dc=DomainA,dc=net"
Same error is thrown for following code as well.
PS C:\> $test = Get-ADUser -SearchBase "dc=DomainB,dc=com" -filter {EmailAddress -like "*Smith_Karla*"} -Properties EmailAddress
Upvotes: 33
Views: 239531
Answers (5)
Reputation: 13009
You can try in multiple domains one after another using below script:
Here, first we check whether user is present in a domain and if so, we get the email address. Else we check in the subsequent domain.
$users = Get-Content D:\UserBase\users.txt
foreach($user in $users)
{
if([bool] (Get-ADUser -Filter { SamAccountName -eq $user } -Server DomainA.com))
{
Get-ADUser -Filter { SamAccountName -eq $user } -Server DomainA.com -Properties Mail |Select-Object -ExpandProperty Mail | Out-file D:\UserBase\emails.txt -Append
}
elseif([bool] (Get-ADUser -Filter { SamAccountName -eq $user } -Server DomainB.com))
{
Get-ADUser -Filter { SamAccountName -eq $user } -Server DomainB.com -Properties Mail |Select-Object -ExpandProperty Mail | Out-file D:\UserBase\emails.txt -Append
}
Also, you can get the list of domains in the organization using below script:
$ForestObj = Get-ADForest -Server $env:USERDOMAIN
foreach($Domain in $ForestObj.Domains) {
Get-ADDomainController -Filter * -Server $Domain | select Domain,HostName,Site
}
Upvotes: 0
Reputation: 19
best solution TNX to Drew Chapin and all of you too:
I just want to add that if you don't inheritently know the name of a domain controller, you can get the closest one, pass it's hostname to the -Server argument.
$dc = Get-ADDomainController -DomainName example.com -Discover -NextClosestSite
Get-ADUser -Server $dc.HostName[0] `
-Filter { EmailAddress -Like "*Smith_Karla*" } `
-Properties EmailAddress
my script:
$dc = Get-ADDomainController -DomainName example.com -Discover -NextClosestSite
Get-ADUser -Server $dc.HostName[0] ` -Filter { EmailAddress -Like "*Smith_Karla*" } ` -Properties EmailAddress | Export-CSV "C:\Scripts\Email.csv
Upvotes: 1
Reputation: 8009
I just want to add that if you don't inheritently know the name of a domain controller, you can get the closest one, pass it's hostname to the -Server argument.
$dc = Get-ADDomainController -DomainName example.com -Discover -NextClosestSite
Get-ADUser -Server $dc.HostName[0] `
-Filter { EmailAddress -Like "*Smith_Karla*" } `
-Properties EmailAddress
Upvotes: 30
Reputation: 53
get-aduser -Server "servername" -Identity %username% -Properties *
get-aduser -Server "testdomain.test.net" -Identity testuser -Properties *
These work when you have the username. Also less to type than using the -filter property.
EDIT: Formatting.
Upvotes: 5
Reputation: 54971
Try specifying a DC in DomainB using the -Server property. Ex:
Get-ADUser -Server "dc01.DomainB.local" -Filter {EmailAddress -like "*Smith_Karla*"} -Properties EmailAddress
Upvotes: 44
Related Questions
- Unable to retrieve cross domain users with get-adgroupmember -recursive
- How to access user account's domain in PowerShell
- Get-ADUser for multiple users across different servers
- Get-ADUser Powershell Parameter
- How to Query an AD user in a different domain
- Get-ADUser across domains - Help needed
- "Get-ADGroupMember | Get-ADUser" fails for users in different domain
- Change AD password for user on a different domain with PowerShell
- AD domain using powershell?
- How can I Get ADUser