none
get-adgroupmember : The operation is not supported on Global Catalog port? RRS feed

  • Question

  • I have a list of groups that are in different domains or child domains that have members that are also in different domains or child domains. I found this forum from a while ago Get-ADGroupMember limitations with a little modification will get me the members infomation from the different domains but I can't seem to get the groups that are in the different domains.

    Here is the script I'm using:

    $groups = gc C:\Temp\Groups.txt
    foreach($group in $groups){
        Get-ADGroup -Server "GC.server.com:3268" $group -Properties member | 
        Select-Object -ExpandProperty member |
            ForEach-Object {
            $dn = $_
            Get-ADUser -Server "GC.server.com:3268" $dn -Properties Name,SamAccountName, objectClass, msDS-PrincipalName,|
            Select-Object $group, Name, msDS-PrincipalName, objectClass  
            }
    }

    The error I get when it tries to find a group that is in a differnt domain is as followed:

    Get-ADGroup : Cannot find an object with identity: 'GroupName' under: 'DC=Childomain1,DC=region,DC=company,DC=com'.
    Any thoughts on what I have done wrong or what I missed?

    Thanks in Adavance


    • Edited by John-Barrett Friday, March 28, 2014 3:46 PM opps
    • Moved by Bill_Stewart Monday, July 7, 2014 7:11 PM Abandoned
    Friday, March 28, 2014 1:28 AM

All replies

  • What is in: No-Mangedby-Set.txt?


    ¯\_(ツ)_/¯

    Friday, March 28, 2014 1:38 AM
  • Also just try it this way:

    $groups = gc C:\Test-Perm\ast\Test\No-Mangedby-Set.txt
    foreach($group in $groups){
        Get-ADGroup $group -Server GC.server.com:3268
    }


    ¯\_(ツ)_/¯

    Friday, March 28, 2014 1:40 AM
  • jrv,

    Sorry about that I forgot to edit (aka make as generic as possible) the script I orginally posted. I edited it now thanks for catching that. I tried the change you suggested but I still get the same error when it tries to find a group in a different domain. Any other ideas?


    Thanks in Adavance

    Friday, March 28, 2014 4:02 PM
  • If you run exactly this code:

    $groups = gc C:\Test-Perm\ast\Test\No-Mangedby-Set.txt
    foreach($group in $groups){
        Get-ADGroup $group -Server GC.server.com:3268
    }

    What is the exact error?

    What is in the file. Is it samname or distinguishedname.  samname is not unique across domain.


    ¯\_(ツ)_/¯

    Friday, March 28, 2014 4:09 PM
  • The error is:

    Get-ADGroup : Cannot find an object with identity: 'GroupName' under: 'DC=Childomain1,DC=region

    The list is full of SamName's, I'm reading this article now that explains the issue with using SamName's.Advice with get-adgroupmember it looks like you posted on that one as well, but its from a couple of years ago. I wounding if I should just scrap this code and just try and modifiy the one posted by CyberDogg.


    Thanks in Adavance

    Friday, March 28, 2014 4:42 PM
  • If you only have a samname then how do you expect the GC to know what domain it is in?

    Does the file contain the domain for the group?

    You can poll the domains for the group.


    ¯\_(ツ)_/¯

    Friday, March 28, 2014 5:10 PM