WestCoastGuy
Reputation: 3
Get-ADGroup to retrieve members not returning members in other forest (but does return for different domain/same forest)
I'm in a multi-domain and multi-forest environment. Forest 1 contains the vast chunk of users and domains - forest 2 contains a single legacy domain, and this setup is causing issues.
Get-ADGroup -Identity $_.groupname -Server $_.domainname -Properties members | select members
When this is run on groups from either forest, the results ONLY return members that are in the same forest as the group. This is an issue as we have users from forest 1 inside forest 2 groups, and vice-versa. Edit: The users from the other forest are NOT listed as foreign security principals in this output, but I know they are there based on Forefront Identity Manager.
The objective here is to get a full listing of users within groups, regardless of domain or forest, as we need this for an upcoming audit.
Upvotes: 0
Views: 756
Answers (0)
Related Questions
- Cannot load members with Get-ADGroupMember but can with Get-ADGroup... why?
- Unable to retrieve cross domain users with get-adgroupmember -recursive
- get-adgroupmember - Failing when group has member from a different domain.
- powershell get-adgroups returns wrong result
- Get-AdGroupMember -recursive does not return groups when also returning users
- Querying AD group membership through powershell results in error: Get-ADGroupMember : One or more properties are invalid
- get-adprincipalgroupmembership not showing all groups
- Powershell not returning expected groups
- "Get-ADGroupMember | Get-ADUser" fails for users in different domain
- Powershell - (Active Directory Module) - Get-ADGroupMember only works for groups in my Domain