I'm getting
"An operations error occurred"
error when a group contains users from a different domain.
The same line in Powershell 5.1.14409.1018 works great.
Get-ADGroupMember -Server "MyDomain" -Identity "MyGroup" | ForEach-Object {$_.SamAccountName}
Is anyone else having a problem on version 5.1.16299.1146 with Get-ADGroupMember when the group contains users from a different domain?
Get-ADGroupMember : An operations error occurred At line:1 char:1 + Get-ADGroupMember -Server "MyDomain" "MyGroup ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (MyGroup:ADGroup) [Get-ADGroupMember], ADException + FullyQualifiedErrorId : ActiveDirectoryServer:8224,Microsoft.ActiveDirectory.Management.Commands.GetADGroupMember
Get-ADGroupMember
is notoriously bad at handling referral chasing for foreign security principals. You should be able to do it manually with Get-ADGroup
and Get-ADObject
though:
Function Get-ADGroupMemberFix {
[CmdletBinding()]
param(
[Parameter(
Mandatory = $true,
ValueFromPipeline = $true,
ValueFromPipelineByPropertyName = $true,
Position = 0
)]
[string[]]
$Identity,
[string]
$Server
)
begin {
$additionalArguments = @{}
if($PSBoundParameters.ContainsKey('Server')){
$additionalArguments['Server'] = $Server
}
}
process {
foreach ($GroupIdentity in $Identity) {
$Group = $null
$Group = Get-ADGroup -Identity $GroupIdentity -Properties Member @additionalArguments
if (-not $Group) {
continue
}
Foreach ($Member in $Group.Member) {
Get-ADObject $Member
}
}
}
}
Get-ADGroupMemberFix -Identity ''
(script above is a modified version of the script posted in the referenced reddit post by /u/markekraus)
You can add desired property name to the Get-ADObject
call if needed