"Get-ADuser : A referral was returned from the server" when trying to access subdomain

Question

Hello everyone,

I run into an issue where I seemingly can't look for users in a subdomain.

I made a small script that replaces the company of users from a .csv file. I'm looping through two domains: test.local and location1.test.local.

Now there's no issue working with test.local. But with the subdomain location1.test.local I can't seem to get anything working without the following error.

PS C:\Users\Administrator> Get-ADUser -filter * -searchbase "DC=location1,DC=test,DC=local"
Get-ADuser : A referral was returned from the server

• Get-ADUser -filter * -searchbase ""DC=location1,DC=test,DC=local"
• ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
• CategoryInfo : ResourceUnavailable: (:) [Get-ADUser], ADReferralException
• FullyQualifiedErrorId : ActiveDirectoryServer:8235,Microsoft.ActiveDirectory.Management.Commands.GetADUser

Answer 1

Hi @kardon ,

if you like to get the users from a different domain (in the same forest) the query should be send to a domain controller that is a global catalog server as well.
You are running the command on a computer that is member in test.local?

You can give it a try with this:

$PSDefaultParameterValues = @{  
    "*-AD*:Server" = "test.local:3268"  
}  
Get-ADUser -filter -searchbase "DC=location1,DC=test,DC=local"  

----------

(If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)

Regards
Andreas Baumgarten

Answer 2

Hi,

Try searching the Global Catalog, not the DC.

$GlobalCatalog = Get-ADDomainController -Discover -Service GlobalCatalog  
Get-ADUser -Filter * -Server "$($GlobalCatalog.name):3268"  

Best Regards,
Ian Xue

============================================

If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.