how would i query for another domain
-
Wednesday, June 20, 2012 7:06 PM
Dear,
Following script to get info for from one domain.
how would i query from another domain using same script method
param(
$SourceAccount
)
# Load Visual Basic assembly
[void][System.Reflection.Assembly]::LoadWithPartialName('Microsoft.VisualBasic')
# Load Active Directory Module
Import-Module ActiveDirectory
#Load Exchange Management Module
Add-PSSnapin Microsoft.Exchange.Management.Powershell.Admin
# Checks if both accounts are provided as an argument, otherwise prompts for input
if (-not $SourceAccount) { $SourceAccount = [Microsoft.VisualBasic.Interaction]::InputBox("Enter Username to Enable") }
Get-ADUser -filter {samaccountname -eq $SourceAccount} | Set-Aduser -Enabled $True
Support@Mytechnet.me
All Replies
-
Wednesday, June 20, 2012 8:31 PM
If you are just trying to query a second domain with the Get-ADUser cmdlet, you can use:
Get-ADUser -Server DOMAINCONTROLLER -credential $NULL -filter {samaccountname -eq $SourceAccount} | Set-ADUser -Enabled $True
The -server propertie points to the domain controller and the -credential $NULL will prompt for a Domain Admin ID in the other domain to use.
J.
Jason McCaughey MCTS - Exchange 2007
- Proposed As Answer by Jason McCaughey Wednesday, June 20, 2012 8:36 PM
-
Wednesday, June 20, 2012 8:34 PM
If the domains are trusted, you can specify a DC in the other domain with the -Server parameter, and the domain name in the -Partition parameter. For example:
Get-ADUser -filter {samaccountname -eq $SourceAccount} -Server dc12.mydomain.com -Partition "dc=mydomain,dc=com"
-----
And if necessary, you can use the -Credential parameter to specify alternate credentials.
Richard Mueller - MVP Directory Services
-
Wednesday, June 20, 2012 9:09 PM
I will add that DC must have ADWS to use powershell with Active Directory Module.
You can use the following command to identify which DC you can use.
Import-Module ActiveDirectory Get-ADDomainController -Discover -Service ADWS -DomainName DOMAIN
Regards,
-
Thursday, June 21, 2012 3:44 PM
Dear Thx,
I mean to say thet using same scirpt how would swtch to another domain
Exp : if user does not exist in this domain then query should move forward
Support@Mytechnet.me
-
Thursday, June 21, 2012 5:00 PM
In theory, if the domains are in the same forest, you should get the user distinguished name (DN) from the Global Catalog. The GC has a partial (read-only) replica of all domains in the forest. I don't know how to do this with Get-ADUser. In theory, you would specify the GC: provider instead of the LDAP: provider, and let the system select the best GC. You should not have to specify the DC. Once you have the DN, if the domains are trusted, you should be able to bind to the object and modify it (if you have permissions).
Richard Mueller - MVP Directory Services
-
Thursday, June 21, 2012 5:19 PM
I only have one domain to test in now, but this worked for me:
$Domain = New-Object System.DirectoryServices.DirectoryEntry("GC://dc=MyDomain,dc=com")
$Searcher = New-Object System.DirectoryServices.DirectorySearcher($Domain)
$Searcher.PageSize = 100
$Searcher.SearchScope = "subtree"
$Searcher.Filter = "(sAMAccountName=jsmith)"
$Searcher.PropertiesToLoad.Add("distinguishedName") > $Null
$Results = $Searcher.FindAll()
ForEach ($Result In $Results)
{
$DN = $Result.Properties.Item("distinguishedName")
$User = [ADSI]"LDAP://$DN"
$user.distinguishedName
}
-----
Richard Mueller - MVP Directory Services
- Marked As Answer by Yan Li_Microsoft Contingent Staff, Moderator Tuesday, July 03, 2012 2:57 AM
.png)
