Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Get-QADGroupMember Administrators Not Working

Posted on 2014-04-03
3
Medium Priority
?
739 Views
Last Modified: 2014-04-03
I'm trying to get a list of members (users/groups) within the Built-in Administrators group for the domain.

When I run the Get-QADGroup Administrators | Select Name

It returns an error:

Get-QADGroupMember : The trust relationship between the primary domain and the trusted domain failed.
At line:1 char:19
+ Get-QADGroupMember <<<<  "Administrators" | Select Name
    + CategoryInfo          : NotSpecified: (:) [Get-QADGroupMember], SystemException
    + FullyQualifiedErrorId : System.SystemException,Quest.ActiveRoles.ArsPowerShellSnapIn.Powershell.Cmdlets.GetGroup
   MemberCmdlet

Open in new window


I am able to successfully run the the following dsquery command, but returns the full CN path.

I would prefer to have the Get-QADGroupMember option working for consistency for my purposes, but if I am limited to the dsquery command, I would like to know how to get the results to just list the name of the Account or Group, instead of the full CN

dsquery group "DC=company,DC=com" -name "Administrators" | dsget group -members -expand

Open in new window


Thanks.
0
Comment
Question by:fireguy1125
  • 2
3 Comments
 
LVL 17

Accepted Solution

by:
Brad Bouchard earned 2000 total points
ID: 39976751
1.  If that's the error you're getting on number 1, can you verify (In AD Domains and Trusts) that the Trust between your primary domain and the trusted domain is in fact ok?  Start there and re-post with results.

2.  If you are limited to #2, use this will help the output
-o {dn | rdn | samid}
Specifies the format that dsquery uses to display the search results. A dn value displays the distinguished name of each entry. An rdn value displays the relative distinguished name of each entry. A samid value displays the Security Accounts Manager (SAM) account name of each entry. The default value is dn.

Per this link:  http://technet.microsoft.com/en-us/library/cc754525.aspx
0
 
LVL 1

Author Comment

by:fireguy1125
ID: 39976782
I actually had an invalid foreign security principal as a group member, which when removed was able to retrieve the results. Thanks for the #2 option as well.
0
 
LVL 17

Expert Comment

by:Brad Bouchard
ID: 39976812
Any time.
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this post, I will showcase the steps for how to create groups in Office 365. Office 365 groups allow for ease of flexibility and collaboration between staff members.
The article explains the process to deploy a Self-Service password reset portal I developed a few years ago. Hopefully, it will prove useful to someone.  Any comments, bug reports etc. are welcome...
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

578 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question