Search sqlserver-dba.com
Follow sqlserver-dba.com
*Use the Comments section for questions
SQLServer-DBA.com Links
Recent Posts
- The current transaction cannot be committed and cannot support operations that write to the log file. Roll back the transaction.
- How to find privilege changes with SQL Server Default Trace
- sys.dm_server_services - How to check if SQL Server service is running or not?
- Msg 3023, Level 16, State 2 Backup, file manipulation operations (such as ALTER DATABASE ADD FILE) and encryption changes on a database must be serialized. Reissue the statement after the current backup or file manipulation operation is completed.
- Can we restore a database to an older version in SQL Server?
- How do I save all SQL Agent Jobs
- How to view SQL Server mount point space without access to server
- DBCC SHRINKFILE: page could not be moved because it is a work table page.
- SQL Agent Last Modified explanation
- Sql certificate chain was issued by an authority that is not trusted
How to search a different Active Directory Domain with Powershell Get-ADGroupMember
22 June,2018 by Tom Collins
Question: I'm using the Powershell Get-ADGroupMember to iterate through various Groups and return the members. This is working OK - as long as I'm searching in AD groups which are on the same domain server as the server I'm currently logged on.
For example - I've logged onto the domain : mydomain1.admin.net . I have authority to check AD groups in this domain. But if I then attempt to do a search on another domain e.g mydomain2.admin.net , even though the domain is in the same AD farm , the Get-ADGroupMember will not find the group.
To make things more confusing - if there is a mydomain2 AD group nested in a mydomain1 AD groups and I use Get-ADGroupMember than the Powershell cmdlet will return all the members , including the nested group.
Yet , If I attempt to search only the mydomain2 group - NO GO!
Is there a way to search directly on another domain using Get-ADGroupMember?
Answer: The behaviour you've outlined is the way it works. Now, if you want to access the other domain directly but within the same Active Directory , than this can be completed by using Get-ADGroupMember and the -server switch.
This is an example of how you would use the -server switch . This assumes your current logon is resolved on mydomain1.admin.net but then you need to check the AD group on mydomain2.admin.net
Get-ADGroupMember -server 'mydomain2.admin.net' -identity 'DBASupport' -Recursive
Once you access the data there are all sorts of usages - commonly I use the Powershell Get-ADGroupMember method to get base data for SQL Server security audits , it audit, certification ,
How to get DOMAIN login name with Powershell Get-ADGroupMember
How to Export Active Directory Group Members with Powershell Get-ADGroupMember
Author: Tom Collins (http://www.sqlserver-dba.com)
Share:
Verify your Comment
Previewing your Comment
This is only a preview. Your comment has not yet been posted.
As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.
Having trouble reading this image? View an alternate.
Posted by: |