Reputation: 31
How to get all computer accounts in an another domain using PowerShell?
I am trying to get all computer accounts from the another domain.
Here is my PowerShell script:
$environment = "myDomain"
$strCategory = "computer"
$objDomain = New-Object System.DirectoryServices.DirectoryEntry("LDAP://dc=" + $environment + ",dc=com")
$objSearcher = New-Object System.DirectoryServices.DirectorySearcher ("LDAP://dc=" + $environment + ",dc=com")
$objSearcher.SearchRoot = $objDomain
$objSearcher.Filter = ("(objectCategory=$strCategory)")
$colProplist = "name"
foreach ($i in $colPropList){$objSearcher.PropertiesToLoad.Add($i)| Out-Null}
$colResults = $objSearcher.FindAll()
foreach ($objResult in $colResults) {
$objComputer = $objResult.Properties
Write-output $objComputer.name
}
I am getting this error:
Exception calling "FindAll" with "0" argument(s): "A referral was returned from the server.
How can I fix this error?
Upvotes: 3
Views: 37702
Answers (4)
Reputation: 7192
Very much like atguilmette's answer to this very question, I was able to get the Active Directory Cmdlets to work against a different domain than my current domain by specifying the -Server parameter. (Unlike that answer, I did not need to explicitly target a GC machine with a specific port. Perhaps my environment is special...)
Get-ADGroup the-group-in-the-other-domain -Server other.domain.com
Upvotes: 1
Reputation: 41
I experienced a similar issue--I found that if I specified a server that was a GC and the port that I was able to succeed. I was using the PowerShell Get-AdUser cmdlet, but my scenario was similar (trying to query a universal group membership from a child domain).
get-aduser -server fqdn.gc.root.domain:3268
Upvotes: 4
Reputation: 72612
Can you try this :
$dn = New-Object System.DirectoryServices.DirectoryEntry ("LDAP://DCIpAddress:389/dc=dom,dc=fr","[email protected]","admin")
# Here look for a user
$Rech = new-object System.DirectoryServices.DirectorySearcher($dn)
$Rech.filter = "(([email protected]))"
$Rech.SearchScope = "subtree"
$Rech.PropertiesToLoad.Add("distinguishedName");
$Rech.PropertiesToLoad.Add("sAMAccountName");
$Rech.PropertiesToLoad.Add("lastLogon");
$Rech.PropertiesToLoad.Add("telephoneNumber");
$Rech.PropertiesToLoad.Add("memberOf");
$Rech.PropertiesToLoad.Add("distinguishedname");
$Rech.PropertiesToLoad.Add("otherHomePhone"); # téléphone domicile autre
$liste = $Rech.FindAll()
It's the same as your code, but here I target a DC (you'd better target a domain DNS name)and I authenticate my connnexion. If the other domain is in the same forest, you can use the Enterprise admin account, if the other domain is in another forest, or in a trusted domain, use the administrator of the domain.
Upvotes: 3
Reputation: 7479
Quest's AD cmdlets offer a command specifically for connecting to another domain: Connect-QADService.
I've successfully used this in production.
Upvotes: 0
Related Questions
- How to find all computers a user is logged into
- How to access user account's domain in PowerShell
- how can I query to multiple domain's computer account in powershell
- How to Query an AD user in a different domain
- Get-ADUser across domains - Help needed
- Get all EoL Windows Computer in AD With Powershell
- How to get all remote computer's usernames via Powershell?
- Using PowerShell to get all active-domain computers
- Use powershell to look up 'net user' on other domains?
- powershell or .net - how to receive domain accounts with domain names