" Get-ADGroupMember | Get-ADUser"对于不同域中的用户失败 [英] "Get-ADGroupMember | Get-ADUser" fails for users in different domain

问题描述

运行以下cmdlet对组成员身份(Amer域中的组)中的所有用户有效，无论列出的用户位于哪个域中:

Running the following cmdlet works for all users in the group membership (group in Amer domain), regardless of what domain the user listed resides in:

Get-ADGroupMember <group_name> -Server amer

但是，当尝试通过管道传递到Get-ADUser来获取有关用户的详细信息时，我遇到的错误是针对不同域(EMEA)而不是组(AMER)的用户:

However, when trying to get details on the users by piping to Get-ADUser, I get errors for the users in a different domain (EMEA) then the group (AMER):

Get-ADGroupMember <group_name> | Get-ADUser

以下是在不同域中的每个用户(EMEA域中的错误用户)之后返回的错误:

Here is the error returned after each user in a different domain (error users in EMEA domain):

Get-ADUser : A referral was returned from the server
At line:1 char:46
+ Get-ADGroupMember GBL-Storage-Admin-NAS-L2-U|Get-ADUuser
+                                              ~~~~~~~~~~
    + CategoryInfo          : ResourceUnavailable: (CN=EMASAN-    WARNE...C=pfizer,DC=com:ADUser) [Get-ADUser], ADReferralException
    + FullyQualifiedErrorId : A referral was returned from the     server,Microsoft.ActiveDirectory.Management.Commands.GetADUser

我可以通过指定get-aduser <user> -Server EMEA来查找每个错误用户，但是当有很多用户时，这很麻烦.

I can lookup each error user by specifying get-aduser <user> -Server EMEA, but that is manual painfull when there is a lot of users.

如何获取通往Get-ADUser的管道以与其他域中的用户一起使用?

How can I get the pipe to Get-ADUser to work with users in other domains?

推荐答案

基本上，您需要查询包含此:

Basically, you need to query a DC that holds the global catalog if you want to chase referrals to other domains (see here). DCs holding the global catalog can be determined like this:

$gc = Get-ADForest 'example.org' | Select-Object -Expand GlobalCatalogs -First 1

其中example.org是您的林根域的FQDN.

where example.org is the FQDN of your forest root domain.

这篇关于" Get-ADGroupMember | Get-ADUser"对于不同域中的用户失败的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！