none
how would i query for another domain

    Question

  • Dear,

    Following script to get info for from one domain.

    how would i query from another domain using same script method

    param(

           $SourceAccount

          

    )

    # Load Visual Basic assembly

    [void][System.Reflection.Assembly]::LoadWithPartialName('Microsoft.VisualBasic')

    # Load Active Directory Module

    Import-Module ActiveDirectory

    #Load Exchange Management Module

    Add-PSSnapin Microsoft.Exchange.Management.Powershell.Admin

    # Checks if both accounts are provided as an argument, otherwise prompts for input

    if (-not $SourceAccount) { $SourceAccount = [Microsoft.VisualBasic.Interaction]::InputBox("Enter Username to Enable") }

    Get-ADUser -filter {samaccountname -eq $SourceAccount} | Set-Aduser -Enabled $True


    Support@Mytechnet.me

    Wednesday, June 20, 2012 7:06 PM

Answers

  • I only have one domain to test in now, but this worked for me:


    $Domain = New-Object System.DirectoryServices.DirectoryEntry("GC://dc=MyDomain,dc=com")
    $Searcher = New-Object System.DirectoryServices.DirectorySearcher($Domain)
    $Searcher.PageSize = 100
    $Searcher.SearchScope = "subtree"

    $Searcher.Filter = "(sAMAccountName=jsmith)"
    $Searcher.PropertiesToLoad.Add("distinguishedName") > $Null

    $Results = $Searcher.FindAll()
    ForEach ($Result In $Results)
    {
        $DN = $Result.Properties.Item("distinguishedName")
        $User = [ADSI]"LDAP://$DN"
        $user.distinguishedName
    }

    -----



    Richard Mueller - MVP Directory Services

    Thursday, June 21, 2012 5:19 PM

All replies

  • If you are just trying to query a second domain with the Get-ADUser cmdlet, you can use:

    Get-ADUser -Server DOMAINCONTROLLER -credential $NULL  -filter {samaccountname -eq $SourceAccount} | Set-ADUser -Enabled $True

    The -server propertie points to the domain controller and the -credential $NULL will prompt for a Domain Admin ID in the other domain to use.

    J.


    Jason McCaughey MCTS - Exchange 2007

    Wednesday, June 20, 2012 8:31 PM
  • If the domains are trusted, you can specify a DC in the other domain with the -Server parameter, and the domain name in the -Partition parameter. For example:

    Get-ADUser -filter {samaccountname -eq $SourceAccount} -Server dc12.mydomain.com -Partition "dc=mydomain,dc=com"

    -----

    And if necessary, you can use the -Credential parameter to specify alternate credentials.


    Richard Mueller - MVP Directory Services

    Wednesday, June 20, 2012 8:34 PM
  • I will add that DC must have ADWS to use powershell with Active Directory Module.

    You can use the following command to identify which DC you can use.

    Import-Module ActiveDirectory
    
    Get-ADDomainController -Discover -Service ADWS -DomainName DOMAIN

    Regards,

    Wednesday, June 20, 2012 9:09 PM
  • Dear Thx,

    I mean to say thet using same scirpt how would swtch to another domain

    Exp : if user does not exist in this domain then query should move forward


    Support@Mytechnet.me

    Thursday, June 21, 2012 3:44 PM
  • In theory, if the domains are in the same forest, you should get the user distinguished name (DN) from the Global Catalog. The GC has a partial (read-only) replica of all domains in the forest. I don't know how to do this with Get-ADUser. In theory, you would specify the GC: provider instead of the LDAP: provider, and let the system select the best GC. You should not have to specify the DC. Once you have the DN, if the domains are trusted, you should be able to bind to the object and modify it (if you have permissions).


    Richard Mueller - MVP Directory Services

    Thursday, June 21, 2012 5:00 PM
  • I only have one domain to test in now, but this worked for me:


    $Domain = New-Object System.DirectoryServices.DirectoryEntry("GC://dc=MyDomain,dc=com")
    $Searcher = New-Object System.DirectoryServices.DirectorySearcher($Domain)
    $Searcher.PageSize = 100
    $Searcher.SearchScope = "subtree"

    $Searcher.Filter = "(sAMAccountName=jsmith)"
    $Searcher.PropertiesToLoad.Add("distinguishedName") > $Null

    $Results = $Searcher.FindAll()
    ForEach ($Result In $Results)
    {
        $DN = $Result.Properties.Item("distinguishedName")
        $User = [ADSI]"LDAP://$DN"
        $user.distinguishedName
    }

    -----



    Richard Mueller - MVP Directory Services

    Thursday, June 21, 2012 5:19 PM