Get-ADuser:从服务器返回了引荐 [英] Get-ADuser : A referral was returned from the server

问题描述

运行脚本时出现以下错误:

I'm getting the following error when I run my script:

Get-ADUser : A referral was returned from the server At line:25 char:70
+ ... -Identity $G.name -Recursive | Get-ADUser  -Server $dom -Properties *
+                                    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ResourceUnavailable: (CN=User...,DC=org:ADUser) [Get-ADUser], ADReferral    Exception
    + FullyQualifiedErrorId : ActiveDirectoryServer:****,Microsoft.ActiveDirectory.Management.Commands.GetADUser

这是我的脚本:

$Domains = (Get-ADForest).Domains.ForEach{(Get-ADDomain $_).PDCEmulator}

$Users = @()
$Groups = @()
$list = Get-Content C:\temp\ADGroups.txt
ForEach ($dom in $Domains) {
    Foreach ($o in $list) {
        $ObjectClass = (Get-ADObject -server $dom -Filter {SamAccountName -eq $o}).ObjectClass
        If ($ObjectClass -eq "User") {
            $U =  Get-ADUser -Properties * -Identity $o -Server $dom
            $User = "" | Select FullUserName, LoginID, Description
            $User.FullUserName = $U.DisplayName
            $User.LoginID = $U.SamAccountName
            $User.Description = $U.description
            $Users += $User
        } Else {
            If ($ObjectClass -eq "Group") {
                $G = Get-ADGroup -Properties * -Identity $o -Server $dom
                $GM = Get-ADGroupMember -Server $dom -Identity $G.name -Recursive | Get-ADUser  -Server $dom -Properties *
                Foreach ($gmember in $GM) {
                    $Group = "" | Select GroupName, GroupDescription, GroupMemberName, GroupMemberLoginID, GroupMemberDesc
                    $Group.GroupName = $G.Name
                    $Group.GroupDescription = $G.Description
                    $Group.GroupMemberName = $gmember.Name
                    $Group.GroupMemberLoginID = $gmember.SamAccountName
                    $Group.GroupMemberDesc = $gmember.Description
                    $Groups += $Group
                }
            }
        }
    }
}
$Users | Export-Csv C:\temp\Users.csv -NoTypeInformation
$Groups | Export-Csv C:\temp\Groups.csv -NoTypeInformation

我的脚本的目的是提取属于组的用户并导出到.csv文件.它在大多数情况下都有效，但对于某些用户却给我一个错误.我认为可能是因为该组中的那些用户属于不同的域.

The purpose of my script is to pull users that belong in a group and export to a .csv file. It works for the most part, but it gives me an error for certain users. I think it could be because those users in the group belong in a different domain.

推荐答案

请参见

See the answers in this question. Answers there indicate you can retrieve the referral location in the exception and retry the Get-ADUser against the other server.

您可能会重新考虑如何搜索所有这些组和用户.在整个林中复制用户.全球和通用团体也是如此.因此，您可以搜索全局目录，而不是遍历每个域中的一个DC. 获取-DomainController -GlobalCatalog 并针对该服务器的全局目录端口(即 Get-ADUser -server $ GCServerName:3268

You might reconsider how you search for all these groups and users. Users are replicated throughout the forest. Global and Universal groups are too. So you could search the Global Catalog instead of iterating through one DC in every domain. Get-DomainController -GlobalCatalog and run your Get-AD* commands against that server's global catalog port, i.e. Get-ADUser -server $GCServerName:3268

但是，请记住，GC不包含完整的用户和组属性，并且 返回的属性会受到复制延迟的影响.

However, bear in mind that the GC doesn't contain complete user and group properties, and the properties it does return are subject to replication delays.

这是否有用取决于您的域体系结构.在我自己的工作场所中，查询远程域控制器非常昂贵.不过，我们的站点域控制器是一个全局目录，因此在其中搜索林信息非常快.

Whether this is helpful depends on your domain architecture. In my own workplace, querying remote domain controllers is very expensive. Our site domain controller is a global catalog, though, so searching it for forest information is very fast.

这篇关于Get-ADuser:从服务器返回了引荐的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！