Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Get-QADGroupMember Administrators Not Working

Posted on 2014-04-03
3
Medium Priority
?
717 Views
Last Modified: 2014-04-03
I'm trying to get a list of members (users/groups) within the Built-in Administrators group for the domain.

When I run the Get-QADGroup Administrators | Select Name

It returns an error:

Get-QADGroupMember : The trust relationship between the primary domain and the trusted domain failed.
At line:1 char:19
+ Get-QADGroupMember <<<<  "Administrators" | Select Name
    + CategoryInfo          : NotSpecified: (:) [Get-QADGroupMember], SystemException
    + FullyQualifiedErrorId : System.SystemException,Quest.ActiveRoles.ArsPowerShellSnapIn.Powershell.Cmdlets.GetGroup
   MemberCmdlet

Open in new window


I am able to successfully run the the following dsquery command, but returns the full CN path.

I would prefer to have the Get-QADGroupMember option working for consistency for my purposes, but if I am limited to the dsquery command, I would like to know how to get the results to just list the name of the Account or Group, instead of the full CN

dsquery group "DC=company,DC=com" -name "Administrators" | dsget group -members -expand

Open in new window


Thanks.
0
Comment
Question by:fireguy1125
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 17

Accepted Solution

by:
Brad Bouchard earned 2000 total points
ID: 39976751
1.  If that's the error you're getting on number 1, can you verify (In AD Domains and Trusts) that the Trust between your primary domain and the trusted domain is in fact ok?  Start there and re-post with results.

2.  If you are limited to #2, use this will help the output
-o {dn | rdn | samid}
Specifies the format that dsquery uses to display the search results. A dn value displays the distinguished name of each entry. An rdn value displays the relative distinguished name of each entry. A samid value displays the Security Accounts Manager (SAM) account name of each entry. The default value is dn.

Per this link:  http://technet.microsoft.com/en-us/library/cc754525.aspx
0
 
LVL 1

Author Comment

by:fireguy1125
ID: 39976782
I actually had an invalid foreign security principal as a group member, which when removed was able to retrieve the results. Thanks for the #2 option as well.
0
 
LVL 17

Expert Comment

by:Brad Bouchard
ID: 39976812
Any time.
0

Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this post we will be converting StringData saved within a text file into a hash table. This can be further used in a PowerShell script for replacing settings that are dynamic in nature from environment to environment.
Let's recap what we learned from yesterday's Skyport Systems webinar.
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question