Geek asks and answers

Active Directory Referral Referencing Problem

Perhaps someone with more experience with Active Directory can help me. I need to get information, such as OS, name, FQDN from a computer in another domain. I will explain what I mean. I have a root domain: example.com, with 2 subdomains: xxx.example.com and yyy.xxx.example.com

Each domain contains 1 computer. Both of them in the same group, for example groupfoo, they are also in different OU

I can get information about group members, I will try PowerShell and dsquery. Both of them return the correct list of computers in the group. But I can only get information from a computer in the same domain where I run the PowerShell script and dsquery.

to be clear. I have another computer that does not work in groupfoo, and this computer is used to administer Active Directory.

As I understand it, in Active Directory we have such a thing as “referral coinage”. I read a lot, and, as I know, Power Shell does not have such parameters as "enable referral pursuit." For dsquery, I found the -r option for a recursive query.

What I already tried:

PS> dsquery group -name goupfoo | dsget group -members
"CN=member01,OU=Domain Controllers,DC=xxx,DC=example,DC=com"
"CN=member02,OU=XXX,OU=Domain Controllers,DC=yyy,DC=xxx,DC=example,DC=com"

My computer is in DC = yyy, DC = xxx, DC = example DC = com I can get information from CN = member02, OU = XXX, OU = domain controllers, DC = yyy, DC = xxx, DC = example, DC = COM

PS > dsquery * -filter "(&(objectClass=Computer)(objectCategory=Computer)(sAMAccountName=member02$))" -attr sAMAccountName operatingSystem
  sAMAccountName    operatingSystem
  member02$        Windows Server 2008 R2 Standard

running the same command for member01 gave no results:

PS > dsquery * -filter "(&(objectClass=Computer)(objectCategory=Computer)(sAMAccountName=member01$))" -attr sAMAccountName operatingSystem
PS >

I tried different options for dsquery, I try to use the -r switch for recursive, but it does not work.

, "DC = yyy, DC = xxx, DC = example, DC = com" , "DC = xxx, DC = example, DC = com", "DC = yyy, DC = xxx, DC = example, DC = com" , , ?

Power Shell Get-ADGroup, Get-ADMember .. , , .., , .

+3
1

DirectorySearcher:

$filter     = "(&(objectCategory=Computer)(sAMAccountName=$computername))"
$properties = 'distinguishedName', 'sAMAccountName', ...

$search = New-Object DirectoryServices.DirectorySearcher
$search.SearchRoot  = New-Object DirectoryServices.DirectoryEntry
$search.Filter      = $filter
$search.SearchScope = 'Subtree'
$search.ReferralChasing = [DirectoryServices.ReferralChasingOption]::All
$properties | % { $search.PropertiesToLoad.Add($_) } | Out-Null

$search.FindAll()

, ActiveDirectory .

0
source

More articles:


All Articles