Author Posts

May 7, 2015 at 10:03 pm

Hi,

I need to create a script, which has to run also on computers which don't have the ActiveDirectory Module installed. So I am using ADSISearcher instead of the usual AD cmdlets.
My goal is to get the MemberOf contents of computers. My company has multiple domains, which are all trusted. Since the computer might be in a different domain, I am searching the global catalogue (GC://) and not LDAP.
Here is what I have so far:

$root = [ADSI]("GC://DC=forest,DC=com")
$search = [adsisearcher]$root
$search.filter = "(&(objectclass=computer)(cn=computername))"
$object = $search.findone()
$computer = $object.getdirectoryentry()
$computer.memberof

This woks fine if the computer is in the same domain as me. The membership is listed correctly.
But when the computer is in one of the other domains, I get to see only the universal groups where the PC is a member of, but not the other groups (domain local, global).
Any ideas how to see the complete membership?

May 7, 2015 at 11:43 pm

Hi deiandrei,

I found this article to be very usefull when I had the same problem of getting users

http://blogs.technet.com/b/heyscriptingguy/archive/2011/11/10/use-powershell-to-find-user-profiles-on-a-computer.aspx

Hope it helps

May 8, 2015 at 12:00 am

Hmmm....I'm not sure I can follow your advice.
I am talking about Active Directory and your link is talking about local users/groups.

May 8, 2015 at 12:09 am

So you're looking to get a list of all the active directory users on the different domains?

May 8, 2015 at 12:12 am

No sir. I never mentioned this.
I want to get the AD group membership of certain computers. My problem is that I can't get the complete membership when the computer is in a different domain than I am.

May 8, 2015 at 12:15 am

I'm sorry for misunderstanding your question.