Reputation: 187
Active Directory Querying with PowerShell
I am building a report on our active directory groups and am having a hard time when it comes to different forests.
We have groups from forestA with users inside from forestB. I was able to pull those groups using Quest AD:
$GroupUsers = Get-QADGroupMember $GroupName -Type 'user' -Indirect
The only problem is that even though the users inside are from forest B, they come up showing they are from forestA. They do exist in both forests, don't know if that's a problem.
Any clue on why this happens?
Thanks in advance.
Upvotes: 0
Views: 294
Answers (2)
Reputation: 111
you can query forest for domains or all global catalogs: get-adforest (properties GlobalCatalogs,Domains) - I often did something like this: I pulled the list of all SIDs in the group then checked which one belongs to my domain/forest, the rest was searched in external forest.
Upvotes: 0
Reputation: 1445
There is -Server parameter of Get-ADGroupMember cmdlet where you may specify domain controller from another domain/forest. Something like:
Get-ADGroupMember -Identity $GroupName -Server DC.AnotherDomain.com
Upvotes: 1
Related Questions
- powershell scripts for querying Active Directory
- Include Specific Attributes Active Directory Query for an ADUser
- LDAP query in PowerShell
- Powershell query AD group
- Powershell Script to query Active Directory
- Powershell querying users in Active Directory
- Powershell to query a specific OU on domain
- Active Directory PowerShell Filter
- Querying AD from Powershell
- How do I look up Active Directory from powershell with multiple variables?