使用PowerShell进行Active Directory查询
[英]Active Directory Querying with PowerShell
问题描述
I am building a report on our active directory groups and am having a hard time when it comes to different forests. 
我正在针对我们的活动目录组构建报告,并且在涉及不同的森林时遇到了困难。
We have groups from forestA with users inside from forestB. 我们有来自forestA的组和来自forestB的用户。 I was able to pull those groups using Quest AD: 我能够使用Quest AD来拉那些小组:
$GroupUsers = Get-QADGroupMember $GroupName -Type 'user' -Indirect
The only problem is that even though the users inside are from forest B, they come up showing they are from forestA. 唯一的问题是,即使内部用户来自林B,他们也会显示他们来自林A。 They do exist in both forests, don't know if that's a problem. 它们确实存在于两个森林中,不知道这是否是一个问题。
Any clue on why this happens? 为什么会发生这种情况的任何线索?
Thanks in advance. 提前致谢。
2 个解决方案
解决方案1
1 2017-05-29 17:07:28
There is -Server parameter of Get-ADGroupMember cmdlet where you may specify domain controller from another domain/forest. 有Get-ADGroupMember cmdlet的-Server参数,您可以在其中从另一个域/林中指定域控制器。 Something like: 就像是:
Get-ADGroupMember -Identity $GroupName -Server DC.AnotherDomain.com
解决方案2
0 2017-05-30 10:14:25
您可以查询林中的域或所有全局目录:get-adforest(属性GlobalCatalogs,Domains)-我经常这样做:我拉出组中所有SID的列表,然后检查哪个属于我的域/林,其余人员在外部森林中进行了搜索。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.