I am trying to understand why when I query any given GC, I only return 1 instance of a user object for which I know there are 3 or more.
Get-ADUser -Identity admin_User -Credential $creds -Server company.com:3268
Depending on what -server parameter I choose (they are all Global Catalogs btw) I only retrieve that particular domains’ instance of the -identity.
How can I use PS to query for all objects in all child domains using the global catalog?
Thanks
Get-ADUser doesn’t necessarily query the GC; it’s designed to query the entire user object, and so it contacts a DC. Obviously, on a given DC, there can only be one instance of a given user. What’s in the GC isn’t technically a user object, which is what Get-ADUser wants to query.
You might be better off shifting to an older-style ADSI query, where you can explicitly query a GC.
(get-adforest).domains | % { get-aduser -Server $_ -filter *}
Dan,
I actually meant “How can I use PS to query for instances of a specific User in all child domains using the global catalog?”
I’ve tried adding an -identity param in your example but not working:
(get-adforest).domains | % { get-aduser -Identity ThisUser -Server $_ -filter *}
You can’t use the filter when supplying identity.
Identity can be a DN, a GUID, a SID or a sAMAccountName.
As the sAMAccountName is the only one of those that could be the same across the various domains, you’re better off providing a filter based on that. This will return the correct results:
PS C:\Users\Administrator> Get-ADUser -Filter 'sAMAccountName -eq "john.smith"' -server contoso.com:3268 -searchbase 'DC =Contoso,DC=com' | Select-Object sAMAccountName, UserPrincipalName sAMAccountName UserPrincipalName -------------- ----------------- John.Smith John.Smith@contoso.com John.Smith John.Smith@child.contoso.com