Querying GC for same -identity

I am trying to understand why when I query any given GC, I only return 1 instance of a user object for which I know there are 3 or more.

Get-ADUser -Identity admin_User -Credential $creds -Server company.com:3268

Depending on what -server parameter I choose (they are all Global Catalogs btw) I only retrieve that particular domains’ instance of the -identity.

How can I use PS to query for all objects in all child domains using the global catalog?


Get-ADUser doesn’t necessarily query the GC; it’s designed to query the entire user object, and so it contacts a DC. Obviously, on a given DC, there can only be one instance of a given user. What’s in the GC isn’t technically a user object, which is what Get-ADUser wants to query.

You might be better off shifting to an older-style ADSI query, where you can explicitly query a GC.

(get-adforest).domains | % { get-aduser -Server $_ -filter *}


I actually meant “How can I use PS to query for instances of a specific User in all child domains using the global catalog?”

I’ve tried adding an -identity param in your example but not working:

(get-adforest).domains | % { get-aduser -Identity ThisUser -Server $_ -filter *}

You can’t use the filter when supplying identity.

Identity can be a DN, a GUID, a SID or a sAMAccountName.

As the sAMAccountName is the only one of those that could be the same across the various domains, you’re better off providing a filter based on that. This will return the correct results:

PS C:\Users\Administrator> Get-ADUser -Filter 'sAMAccountName -eq "john.smith"' -server contoso.com:3268 -searchbase 'DC
=Contoso,DC=com' | Select-Object sAMAccountName, UserPrincipalName

sAMAccountName                                              UserPrincipalName
--------------                                              -----------------
John.Smith                                                  John.Smith@contoso.com
John.Smith                                                  John.Smith@child.contoso.com