This topic contains 5 replies, has 2 voices, and was last updated by
May 7, 2015 at 10:03 pm #25031
I need to create a script, which has to run also on computers which don't have the ActiveDirectory Module installed. So I am using ADSISearcher instead of the usual AD cmdlets.
My goal is to get the MemberOf contents of computers. My company has multiple domains, which are all trusted. Since the computer might be in a different domain, I am searching the global catalogue (GC://) and not LDAP.
Here is what I have so far:
$root = [ADSI]("GC://DC=forest,DC=com") $search = [adsisearcher]$root $search.filter = "(&(objectclass=computer)(cn=computername))" $object = $search.findone() $computer = $object.getdirectoryentry() $computer.memberof
This woks fine if the computer is in the same domain as me. The membership is listed correctly.
But when the computer is in one of the other domains, I get to see only the universal groups where the PC is a member of, but not the other groups (domain local, global).
Any ideas how to see the complete membership?
May 7, 2015 at 11:43 pm #25033
I found this article to be very usefull when I had the same problem of getting users
Hope it helps
May 8, 2015 at 12:00 am #25035
Hmmm....I'm not sure I can follow your advice.
I am talking about Active Directory and your link is talking about local users/groups.
May 8, 2015 at 12:09 am #25036
So you're looking to get a list of all the active directory users on the different domains?
May 8, 2015 at 12:12 am #25037
No sir. I never mentioned this.
I want to get the AD group membership of certain computers. My problem is that I can't get the complete membership when the computer is in a different domain than I am.
May 8, 2015 at 12:15 am #25038
I'm sorry for misunderstanding your question.
The topic ‘Get AD group membership for computer in another domain’ is closed to new replies.