Active Directory Querying with PowerShell

0
votes

I am building a report on our active directory groups and am having a hard time when it comes to different forests.

We have groups from forestA with users inside from forestB. I was able to pull those groups using Quest AD:

 $GroupUsers = Get-QADGroupMember $GroupName -Type 'user' -Indirect

The only problem is that even though the users inside are from forest B, they come up showing they are from forestA. They do exist in both forests, don't know if that's a problem.

Any clue on why this happens?

Thanks in advance.

2
powershellactive-directory
Can you use Powershell AD module bundled with Windows? Maybe that one doesn't have these issues. Just in case.Vesper
I tried but with the windows module I couldn't even find the group of a different forest.ranbo

2 Answers

1
votes

There is -Server parameter of Get-ADGroupMember cmdlet where you may specify domain controller from another domain/forest. Something like:

Get-ADGroupMember -Identity $GroupName -Server DC.AnotherDomain.com
0
votes

you can query forest for domains or all global catalogs: get-adforest (properties GlobalCatalogs,Domains) - I often did something like this: I pulled the list of all SIDs in the group then checked which one belongs to my domain/forest, the rest was searched in external forest.