Chasing Referrals

by smcreamer at 2013-04-29 11:42:30

Using the following command:

Get-ADGroupMember “Enterprise Admins” | Get-ADUser -Properties DisplayName,Enabled,PasswordNeverExpires

When members of Enterprise Admins are in a child domain (or at least I think so), I get the error:

Get-ADUser : A referral was returned from the server.

How do I force AD to retrieve the user object details for the child domains?
by DonJ at 2013-04-29 14:16:04
You’re probably going to have to enumerate the users and get their home domains, and send the requests to those domains. Get-ADUser picks a domain controller in your logon domain, by default, and that can’t resolve user requests for other domains’ users. Parameters of the command let you target different domains.