" Get-ADGroupMember | Get-ADUser"对于不同域中的用户失败 [英] "Get-ADGroupMember | Get-ADUser" fails for users in different domain
问题描述
运行以下cmdlet对组成员身份(Amer域中的组)中的所有用户有效,无论列出的用户位于哪个域中:
Running the following cmdlet works for all users in the group membership (group in Amer domain), regardless of what domain the user listed resides in:
Get-ADGroupMember <group_name> -Server amer
但是,当尝试通过管道传递到Get-ADUser
来获取有关用户的详细信息时,我遇到的错误是针对不同域(EMEA)而不是组(AMER)的用户:
However, when trying to get details on the users by piping to Get-ADUser
, I get errors for the users in a different domain (EMEA) then the group (AMER):
Get-ADGroupMember <group_name> | Get-ADUser
以下是在不同域中的每个用户(EMEA域中的错误用户)之后返回的错误:
Here is the error returned after each user in a different domain (error users in EMEA domain):
Get-ADUser : A referral was returned from the server
At line:1 char:46
+ Get-ADGroupMember GBL-Storage-Admin-NAS-L2-U|Get-ADUuser
+ ~~~~~~~~~~
+ CategoryInfo : ResourceUnavailable: (CN=EMASAN- WARNE...C=pfizer,DC=com:ADUser) [Get-ADUser], ADReferralException
+ FullyQualifiedErrorId : A referral was returned from the server,Microsoft.ActiveDirectory.Management.Commands.GetADUser
我可以通过指定get-aduser <user> -Server EMEA
来查找每个错误用户,但是当有很多用户时,这很麻烦.
I can lookup each error user by specifying get-aduser <user> -Server EMEA
, but that is manual painfull when there is a lot of users.
如何获取通往Get-ADUser
的管道以与其他域中的用户一起使用?
How can I get the pipe to Get-ADUser
to work with users in other domains?
推荐答案
Basically, you need to query a DC that holds the global catalog if you want to chase referrals to other domains (see here). DCs holding the global catalog can be determined like this:
$gc = Get-ADForest 'example.org' | Select-Object -Expand GlobalCatalogs -First 1
其中example.org
是您的林根域的FQDN.
where example.org
is the FQDN of your forest root domain.
这篇关于" Get-ADGroupMember | Get-ADUser"对于不同域中的用户失败的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!