Finding a User on one of many domains

Question

I am trying to get a script running but I keep running across the same issue, I have domains A, B, and C all in the same forest; but when I try to do simple commands such as

Disable-ADAccount -Identity $User

I am not able to get it to complete because it can't find the user in Domain B, which the user is in Domain A.

So the question, is there a way to get a script to check all domains (A, B, C) for "User1" and preform the disable action on them. (Other than setting the Switch)

-server

Answer 1

I ran into this issue recently, and ended up writing a function to get a user's ADUser object. You could use that object to disable the user easily enough.

Function Get-DomainUser{
Param([String]$Alias)
BEGIN{$GCs = Get-ADForest|select -expand GlobalCatalogs|?{($_ -match "^(.*?)\.(.+?)$")}|%{[pscustomobject]@{'Server' = $matches[1];'Region' = $matches[2];'FQDN' = $_}}|group region|%{$_.group|select -first 1}
}
PROCESS{
    $DomUser = Get-ADUser -Filter {samAccountName -eq $Alias} -Prop DisplayName
    If(([string]::IsNullOrEmpty($DomUser.Name))){
        ForEach($GC in $GCs){
            $DomUser = Get-ADUser -Filter {samAccountName -eq $Alias} -Server $GC.FQDN -Prop DisplayName
            If(!([string]::IsNullOrEmpty($DomUser.Name))){Break}
        }
    }
    $DomUser
}
}

This gets a list of global catalog servers, groups them by sites, then gets only 1 server per site. Then it tries to get the user, and if it fails for the current user then it tries each site until it finds the user.