Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Get-QADGroupMember Administrators Not Working

Posted on 2014-04-03
3
Medium Priority
?
725 Views
Last Modified: 2014-04-03
I'm trying to get a list of members (users/groups) within the Built-in Administrators group for the domain.

When I run the Get-QADGroup Administrators | Select Name

It returns an error:

Get-QADGroupMember : The trust relationship between the primary domain and the trusted domain failed.
At line:1 char:19
+ Get-QADGroupMember <<<<  "Administrators" | Select Name
    + CategoryInfo          : NotSpecified: (:) [Get-QADGroupMember], SystemException
    + FullyQualifiedErrorId : System.SystemException,Quest.ActiveRoles.ArsPowerShellSnapIn.Powershell.Cmdlets.GetGroup
   MemberCmdlet

Open in new window


I am able to successfully run the the following dsquery command, but returns the full CN path.

I would prefer to have the Get-QADGroupMember option working for consistency for my purposes, but if I am limited to the dsquery command, I would like to know how to get the results to just list the name of the Account or Group, instead of the full CN

dsquery group "DC=company,DC=com" -name "Administrators" | dsget group -members -expand

Open in new window


Thanks.
0
Comment
Question by:fireguy1125
  • 2
3 Comments
 
LVL 17

Accepted Solution

by:
Brad Bouchard earned 2000 total points
ID: 39976751
1.  If that's the error you're getting on number 1, can you verify (In AD Domains and Trusts) that the Trust between your primary domain and the trusted domain is in fact ok?  Start there and re-post with results.

2.  If you are limited to #2, use this will help the output
-o {dn | rdn | samid}
Specifies the format that dsquery uses to display the search results. A dn value displays the distinguished name of each entry. An rdn value displays the relative distinguished name of each entry. A samid value displays the Security Accounts Manager (SAM) account name of each entry. The default value is dn.

Per this link:  http://technet.microsoft.com/en-us/library/cc754525.aspx
0
 
LVL 1

Author Comment

by:fireguy1125
ID: 39976782
I actually had an invalid foreign security principal as a group member, which when removed was able to retrieve the results. Thanks for the #2 option as well.
0
 
LVL 17

Expert Comment

by:Brad Bouchard
ID: 39976812
Any time.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Let's recap what we learned from yesterday's Skyport Systems webinar.
High user turnover can cause old/redundant user data to consume valuable space. UserResourceCleanup was developed to address this by automatically deleting user folders when the user account is deleted.
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

972 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question