Get-ADUser info across multiple domains same forest

Question

Dear script guru, please help, I cant figure it out how to pull users attributes for users from cross domains. The csv file has the following format:

Accounts,Name,Manager
samacc1, first last, manager1

SCRIPT #

$csv = Import-Csv 'c:\temp\test.csv'
foreach ($row in $csv)
{
$data = Get-ADUser -Id $row.accounts -Properties *

$row | Add-Member -Name 'Email' -Value $data.UserPrincipalName -MemberType NoteProperty  
$row | Add-Member -Name 'Manager' -Value $data.manager -MemberType NoteProperty  

}

$csv | Export-Csv 'c:\temp\Test-Report.csv' -NoTypeInformation

Answer 1

This is the best I can do, might need @Rich Matheisen to give it the once over. I've fixed the GC and which DC\Domain it needs to be run from, it now uses a filter based search so it can search the entire forest. Added the logic for multiple users with the same name, but this might not cover all use cases.

 [array]$allgcs = Get-ADDomainController -Filter { IsGlobalCatalog -eq $true }  
      
 # "Name" is the host portion of the fqdn. If you need the entire fqdn use "HostName" instead  
 $gc = "$($allgcs[0].hostName):3268" # May not be the best choice for efficiency  
                                 # pick one closer to your location, either by your domain or,  
                                 # better, by your domain and in your AD site.  
                                 # If none are in your site, pick one by lowest cost site  
 $root = (get-ADRootDSE).RootDomainNamingContext       

 Import-Csv 'c:\temp\test.csv' |  
     ForEach-Object {  
         $row = $_  
         $name = $_.accounts  
         foreach ($dn in (Get-ADUser -filter "samaccountname -eq '$name'" -Properties * -Server $gc -searchbase $root).distinguishedName){  
             Get-ADUser -filter "distinguishedName -eq '$dn'" -Properties "manager" -Server $gc -searchbase $root |  
             Select-Object @{n = 'Accounts'; e = { $row.Accounts } }, @{n = 'Name'; e = { $_.Name } }, Manager, @{n = 'EMail'; e = { $_.UserPrincipalName } }  
         }  
     } | Export-Csv c:\temp\Test-Report.csv -NoTypeInformation  

   

Gary.

Answer 2

I think this should work for you:

[array]$allgcs = Get-ADDomainController -Filter { IsGlobalCatalog -eq $true }  
  
# "Name" is the host portion of the fqdn. If you need the entire fqdn use "HostName" instead  
$gc = "$($allgcs[0].Name):3268" # May not be the best choice for efficiency  
                                # pick one closer to your location, either by your domain or,  
                                # better, by your domain and in your AD site.  
                                # If none are in your site, pick one by lowest cost site  
      
Import-Csv 'c:\junk\test.csv' |  
    ForEach-Object {  
        $row = $_  
        $dn = (Get-ADUser -Id $_.accounts -Properties * -Server $gc).distinguishedName  
        Get-ADUser -Identity $dn -Properties * |  
        Select-Object @{n = 'Accounts'; e = { $row.Accounts } }, @{n = 'Name'; e = { $row.Name } }, Manager, @{n = 'EMail'; e = { $_.UserPrincipalName } }  
    } | Export-Csv c:\junk\Test-Report.csv -NoTypeInformation  

Answer 3

Rich, thank you for your response and trying to help, I still have trouble make it to run, the script throwing the following errors:

Get-ADUser : Cannot validate argument on parameter 'Server'. The argument is null or empty. Provide an argument that is not null or empty, and then try the command again.
At line:11 char:72

• ... t-ADUser -Identity $_.accounts -Properties * -Server $gc:3268).distin ...
• ~~~~~~~~
• CategoryInfo : InvalidData: (:) [Get-ADUser], ParameterBindingValidationException
• FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.ActiveDirectory.Management.Commands.GetADUser

Accounts : The term 'Accounts' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
At line:13 char:32

• Select-Object @{n=Accounts;e={$row.Accounts}},@{n=Name;e ...
• ~~~~~~~~
• CategoryInfo : ObjectNotFound: (Accounts:String) [], CommandNotFoundException
• FullyQualifiedErrorId : CommandNotFoundException

Answer 4

Try changing line 3

$gc = $allgcs[0].Name  

To

$gc = $allgcs[0].HostName  

Answer 5

I tried that, $gc is reporting correct the fqdn of the gc but same error:

Get-ADUser : Cannot validate argument on parameter 'Server'. The argument is null or empty. Provide an argument that is not null or empty, and then try the command again.
At line:11 char:72

• ... t-ADUser -Identity $_.accounts -Properties * -Server $gc:3268).distin ...
• ~~~~~~~~
• CategoryInfo : InvalidData: (:) [Get-ADUser], ParameterBindingValidationException
• FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.ActiveDirectory.Management.Commands.GetADUser

Accounts : The term 'Accounts' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
At line:13 char:32

• Select-Object @{n=Accounts;e={$row.Accounts}},@{n=Name;e ...
• ~~~~~~~~
• CategoryInfo : ObjectNotFound: (Accounts:String) [], CommandNotFoundException
• FullyQualifiedErrorId : CommandNotFoundException