Reputation: 789
Powershell: Unable to use the -Recursive switch for AD group membership
I have (what I think is) an odd problem.
I have two domain admin accounts and one domain controller (for the purpose of this question). Here is the scenario:
- Admin1 RDPs to dc01 and runs the Powershell command (see command below), and it succeeds
- Admin2 RDPs to dc01 and runs the Powershell command (see command below), and it fails (see error below).
In both cases, we are entering the credentials of admin1 when prompted by Get-Credential
Command: Get-ADGroupMember administrators -Credential (Get-Credential) -Server dc01 -Recursive
Error: Get-ADGroupMember : There is no such object on the server
If I remove the -Recursive parameter, then the command works for both admins (again, using the credentials of admin1). If I open ADUC as admin1, then look at the members of Administrators, I can see all members, opening sub-groups without issue.
What in the world is going on? Thanks.
Upvotes: 0
Views: 317
Answers (1)
Reputation: 789
Well, looks like it was a permissions issue. I added the service account to Enterprise Admins and the failure stopped. I have no idea which object is causing the failure.
Upvotes: 0
Related Questions
- Get recursive group membership of all AD users using Powershell
- Powershell throws error with Get-ADPrincipleGroup
- Unable to retrieve cross domain users with get-adgroupmember -recursive
- Recursive PowerShell function fails to call itself
- Get-AdGroupMember -recursive does not return groups when also returning users
- PowerShell Script Not Working As Intended When Getting AD Groups
- Querying AD group membership through powershell results in error: Get-ADGroupMember : One or more properties are invalid
- Powershell not returning expected groups
- powershell retrieve members of group recursively
- Is Powershell Get-ADGroup recursive?