域控制器未在PowerShell中更新Get-ADUser

Question

When looking up an account using net user jsmith /domain it will display all the current info about a user and it's password. When I look it up using powershell with Get-ADUser , the information is not accurate. I am guessing this is because they are pointing to a different domain controller, and one did not catch up yet?

Question is: What domain controller is net user using? So that I may make Get-ADUser use the same one.

Better yet, how can I find the fastest domain controller?

Answer 1

So I was wrong about my assumption see Robert's Answer . Using that knowledge properly I can salvage this answer.

So, If you want cohesion between the net user and Get-Aduser you could try something like this:

$pdc = (((nltest /dclist:domainname | ?{$_ -match "\[PDC\]"}).Trim()) -Split '\s')[0]
Get-ADUser -Identity someguy -Server $pdc

As for picking the fastest domain controller your computer should have already been told which controller is appropriate for it to use. Changes you make in the same active directory site should replicate quickly. If you are making changes across AD sites then you will have to wait as long as you have set in your site to site replication settings.

Answer 2

The net user command, when given the /domain switch, operates on the Primary Domain Controller , which may not necessarily be your current logon server which, on the other hand, is used by Get-ADUser .

And the reason why you are seeing different information is that replication of this change has not occured yet between these two.

• To see your logon server, in cmd, do set logonserver .
• To see your primary domain controller (PDC), do nltest /dclist:example.org ( nltest requires some Active Directory tools to be installed, see the docs )