Get-ADGroupMember Returns different results than AD Users and Computers

This topic contains 5 replies, has 2 voices, and was last updated by Profile photo of Dave Wyatt Dave Wyatt 2 years, 1 month ago.

  • Author
    Posts
  • #20095
    Profile photo of Travis Hubbard
    Travis Hubbard
    Participant

    I have created a security group in my Computers OU and tested adding a couple of computers to it via Powershell. When I run Get-ADGroupMember against that group it returns the computer objects I would expect. However it does not return computers I have manually added through the AD Users and Computers application.

    Also, when browsing the created group using AD Users and Computers I am not seeing the computers added via powershell, but do see computers added manually.

    I feel like I may be missing something simple here...

    The command I am using to add a computer is like so:
    Add-ADGroupMember -identity S-1-5-21-1721530621-3416553010-47989647-1234 -members mycomputername$

    To list group membership I am running:
    get-adgroupmember -identity S-1-5-21-1721530621-3416553010-47989647-1342

    Any feedback is appreciated!

  • #20097
    Profile photo of Dave Wyatt
    Dave Wyatt
    Moderator

    Are you using different SIDs in your Add and Get commands deliberately, or is that just a bogus example value?

  • #20098
    Profile photo of Travis Hubbard
    Travis Hubbard
    Participant

    I intentionally changed a couple of characters for anonymity. Perhaps that was overkill. The SIDs for the identity are the same in the commands I am running here.

  • #20099
    Profile photo of Dave Wyatt
    Dave Wyatt
    Moderator

    OK. It's possible that you're talking to different domain controllers in your PowerShell session and in your AD Users and Computers console. (This would typically happen because PowerShell requires a domain controller running AD Web Services, and ADUC just uses LDAP.) You might just have to wait for AD replication to take place.

  • #20100
    Profile photo of Travis Hubbard
    Travis Hubbard
    Participant

    Sure enough. I had recently connected Azure to our site and have a DC across a VPN that I am not used to seeing. It had added the accounts to that DC and replication had not occurred.

    Thanks Dave!

  • #20101
    Profile photo of Dave Wyatt
    Dave Wyatt
    Moderator

    No problem. 🙂

You must be logged in to reply to this topic.