• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 743
  • Last Modified:

Get-QADGroupMember Administrators Not Working

I'm trying to get a list of members (users/groups) within the Built-in Administrators group for the domain.

When I run the Get-QADGroup Administrators | Select Name

It returns an error:

Get-QADGroupMember : The trust relationship between the primary domain and the trusted domain failed.
At line:1 char:19
+ Get-QADGroupMember <<<<  "Administrators" | Select Name
    + CategoryInfo          : NotSpecified: (:) [Get-QADGroupMember], SystemException
    + FullyQualifiedErrorId : System.SystemException,Quest.ActiveRoles.ArsPowerShellSnapIn.Powershell.Cmdlets.GetGroup

Open in new window

I am able to successfully run the the following dsquery command, but returns the full CN path.

I would prefer to have the Get-QADGroupMember option working for consistency for my purposes, but if I am limited to the dsquery command, I would like to know how to get the results to just list the name of the Account or Group, instead of the full CN

dsquery group "DC=company,DC=com" -name "Administrators" | dsget group -members -expand

Open in new window

  • 2
1 Solution
Brad BouchardInformation Systems Security OfficerCommented:
1.  If that's the error you're getting on number 1, can you verify (In AD Domains and Trusts) that the Trust between your primary domain and the trusted domain is in fact ok?  Start there and re-post with results.

2.  If you are limited to #2, use this will help the output
-o {dn | rdn | samid}
Specifies the format that dsquery uses to display the search results. A dn value displays the distinguished name of each entry. An rdn value displays the relative distinguished name of each entry. A samid value displays the Security Accounts Manager (SAM) account name of each entry. The default value is dn.

Per this link:  http://technet.microsoft.com/en-us/library/cc754525.aspx
fireguy1125Author Commented:
I actually had an invalid foreign security principal as a group member, which when removed was able to retrieve the results. Thanks for the #2 option as well.
Brad BouchardInformation Systems Security OfficerCommented:
Any time.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now