locked
using Get-ADComputer across different domains RRS feed

  • Question

  • I am using the technet article for get-adcomputer as my starting point (http://technet.microsoft.com/en-us/library/ee617192.aspx) and it looks like I want to use -SearchBase to change from my local domain to execute the command on a different domain. However, when I do that it throws an error stating that the 'supplied distinguishedName must belong to one of the following partitions', then itlists partitions part of my local domain. My code is simply this, get-adcomputer -SearchBase "DC=MyOtherDomain,DC=com" where MyOtherDomain is the domain I want to work with.

    Thanks!


    Friday, March 16, 2012 2:38 PM

Answers

  • Get-ADComputer -Filter * -SearchBase "DC=MyOtherDomain,DC=com" -Server "MyOtherDomain.com"
    • Edited by Kazun Friday, March 16, 2012 3:11 PM
    • Proposed as answer by Richard MuellerMVP Friday, March 16, 2012 3:54 PM
    • Marked as answer by Robert Little Friday, March 16, 2012 4:53 PM
    Friday, March 16, 2012 2:54 PM

All replies

  • Get-ADComputer -Filter * -SearchBase "DC=MyOtherDomain,DC=com" -Server "MyOtherDomain.com"
    • Edited by Kazun Friday, March 16, 2012 3:11 PM
    • Proposed as answer by Richard MuellerMVP Friday, March 16, 2012 3:54 PM
    • Marked as answer by Robert Little Friday, March 16, 2012 4:53 PM
    Friday, March 16, 2012 2:54 PM
  • Great, thanks Kazun. Spot on as usual :)
    Friday, March 16, 2012 4:54 PM
  • Get-ADComputer -Filter * -SearchBase "DC=MyOtherDomain,DC=com" -Server "MyOtherDomain.com"

    Okay this works fine, for all devices in the defined OU.

    Can you provide me an example to run this search for one dedicated device?

    Wednesday, August 10, 2016 8:22 AM
  • Goudduif, you can filter on the name of the computer (assuming it is unique in the domain). For example:

    Get-ADComputer -Filter {Name -eq "MyComputer"} -SearchBase "DC=MyOtherDomain,DC=com" -Server "MyOtherDomain.com"


    Richard Mueller - MVP Enterprise Mobility (Identity and Access)

    Wednesday, August 10, 2016 2:18 PM
  • Hi Kazun I know is a old tread but I feel lucky xD

    I am trying like this but I am getting the next erro I am not AD guy so I will really appreciate any help here

    PS C:\Users\XW-Admin-VM3> Get-ADComputer -Filter 'Name -like "mx*"' -SearchBase "DC=america,DC=abc,DC=com" -Properties IPv4Address | FT Name,DNSHostName,IPv4Address -A

    Get-ADComputer : The supplied distinguishedName must belong to one of the following partition(s): 'CN=Configuration,DC=abc,DC=com , CN=Schema,CN=Configuration,DC=abb,DC=com , 
    DC=europa,DC=abc,DC=com , DC=ForestDnsZones,DC=abc,DC=com , DC=DomainDnsZones,DC=europa,DC=abc,DC=com'.
    At line:1 char:1
    + Get-ADComputer -Filter 'Name -like "mx*"' -SearchBase "DC=americas,DC=abc,DC=com ...
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : InvalidArgument: (:) [Get-ADComputer], ArgumentException
        + FullyQualifiedErrorId : ActiveDirectoryCmdlet:System.ArgumentException,Microsoft.ActiveDirectory.Management.Commands.GetADComputer
    Tuesday, April 4, 2017 8:37 PM
  • The command is seeing the domain europa.abc.com, but not america.abc.com. Perhaps specify a domain controller in the other domain with the -Server parameter, similar to:

    Get-ADComputer -Filter 'Name -like "mx*"' -SearchBase "DC=america,DC=abc,DC=com" -Server MyDC01.america.abc.com -Properties IPv4Address 

    This assumes there is a trust between the domains.


    Richard Mueller - MVP Enterprise Mobility (Identity and Access)

    Wednesday, April 5, 2017 1:20 AM
  • #OLD thread but still accurate issue...

    $servers = (Get-Content -path '.path\Servers.txt')
    ForEach($server in $servers)
    {get-adcomputer -filter * -SearchBase "DC=anotherdomain,DC=forest,DC=root" -Server 'FQDNLOCALDOMAINDCSERVERNAME' -properties * -ErrorAction SilentlyContinue | select Name,IPV4Address,OperatingSystem,OperatingSystemServicePack
    }

    #STILL has an issue with cross domain auth with a full trust


    Patrick Burwell, Sr. Systems Engineer

    Thursday, June 20, 2019 8:06 PM
  • For the -server parameter you do not use the server name of the dc just the domain. ie  -server 'local.contoso.com' not  -server 'DC1.local.contoso.com'
    Thursday, September 26, 2019 10:52 PM