I have an AD environment with a root and two child domains. I need to add groups that live in the root domain to a newly created user object no matter which domain it’s created in. After creating the object, I check to see if it’s in the global catalog and if not, I sync the object. I then have a function that checks the replication and waits until it’s found. It doesn’t seem to sync in a reasonable amount of time. Can someone give me an idea why?
Function Get-UserReplication {
[cmdletbinding()]
Param (
[string]$DistinguishedName,
[string]$Server
)
Do{
try {
$NewUser = get-aduser -Server $Server -Filter {DistinguishedName -eq $DistinguishedName}
}catch{
Write-Verbose "Waiting for replication."
Start-sleep -Seconds 30
}
} While (!$NewUser)
Return $True
}
#
# Other stuff that reads a JSON file from PowerAutomate with new employee information and creates the object.
# This works and then I try to wait for it to finish replicating.
#
# If not in root domain sync new user object to root domain
If ($UserDomain -ne $RootDomain) {
Get-ADUser -Identity $NewUserObject.samAccountName | Sync-ADObject -Destination $RootDomainGC
Get-UserReplication -DistinguishedName $NewUserObject.DistinguishedName -Server $GCLookup
}
# Add user object to licensing groups
$Licenses = $NewUserObject.licenses.Value
foreach ($License in $Licenses) {
Write-Verbose "Adding new user to $License."
Add-ADGroupMember -Server $RootDomain -Identity $license -Members $newUserObject
}