Get-ADUser info across multiple domains same forest

LB 21 Reputation points
2022-08-12T18:53:46.237+00:00

Dear script guru, please help, I cant figure it out how to pull users attributes for users from cross domains. The csv file has the following format:

Accounts,Name,Manager
samacc1, first last, manager1

SCRIPT #

$csv = Import-Csv 'c:\temp\test.csv'
foreach ($row in $csv)
{
$data = Get-ADUser -Id $row.accounts -Properties *

$row | Add-Member -Name 'Email' -Value $data.UserPrincipalName -MemberType NoteProperty  
$row | Add-Member -Name 'Manager' -Value $data.manager -MemberType NoteProperty  

}

$csv | Export-Csv 'c:\temp\Test-Report.csv' -NoTypeInformation

Windows for business | Windows Server | User experience | PowerShell
0 comments No comments
{count} votes

Accepted answer
  1. Gary Reynolds 9,621 Reputation points
    2022-08-16T21:42:44.98+00:00

    This is the best I can do, might need @Rich Matheisen to give it the once over. I've fixed the GC and which DC\Domain it needs to be run from, it now uses a filter based search so it can search the entire forest. Added the logic for multiple users with the same name, but this might not cover all use cases.

     [array]$allgcs = Get-ADDomainController -Filter { IsGlobalCatalog -eq $true }  
          
     # "Name" is the host portion of the fqdn. If you need the entire fqdn use "HostName" instead  
     $gc = "$($allgcs[0].hostName):3268" # May not be the best choice for efficiency  
                                     # pick one closer to your location, either by your domain or,  
                                     # better, by your domain and in your AD site.  
                                     # If none are in your site, pick one by lowest cost site  
     $root = (get-ADRootDSE).RootDomainNamingContext       
    
     Import-Csv 'c:\temp\test.csv' |  
         ForEach-Object {  
             $row = $_  
             $name = $_.accounts  
             foreach ($dn in (Get-ADUser -filter "samaccountname -eq '$name'" -Properties * -Server $gc -searchbase $root).distinguishedName){  
                 Get-ADUser -filter "distinguishedName -eq '$dn'" -Properties "manager" -Server $gc -searchbase $root |  
                 Select-Object @{n = 'Accounts'; e = { $row.Accounts } }, @{n = 'Name'; e = { $_.Name } }, Manager, @{n = 'EMail'; e = { $_.UserPrincipalName } }  
             }  
         } | Export-Csv c:\temp\Test-Report.csv -NoTypeInformation  
    
       
    

    Gary.


13 additional answers

Sort by: Most helpful
  1. Rich Matheisen 47,901 Reputation points
    2022-08-13T14:56:49.343+00:00

    I think this should work for you:

    [array]$allgcs = Get-ADDomainController -Filter { IsGlobalCatalog -eq $true }  
      
    # "Name" is the host portion of the fqdn. If you need the entire fqdn use "HostName" instead  
    $gc = "$($allgcs[0].Name):3268" # May not be the best choice for efficiency  
                                    # pick one closer to your location, either by your domain or,  
                                    # better, by your domain and in your AD site.  
                                    # If none are in your site, pick one by lowest cost site  
          
    Import-Csv 'c:\junk\test.csv' |  
        ForEach-Object {  
            $row = $_  
            $dn = (Get-ADUser -Id $_.accounts -Properties * -Server $gc).distinguishedName  
            Get-ADUser -Identity $dn -Properties * |  
            Select-Object @{n = 'Accounts'; e = { $row.Accounts } }, @{n = 'Name'; e = { $row.Name } }, Manager, @{n = 'EMail'; e = { $_.UserPrincipalName } }  
        } | Export-Csv c:\junk\Test-Report.csv -NoTypeInformation  
    
    0 comments No comments

  2. LB 21 Reputation points
    2022-08-15T14:31:07.92+00:00

    Rich, thank you for your response and trying to help, I still have trouble make it to run, the script throwing the following errors:

    Get-ADUser : Cannot validate argument on parameter 'Server'. The argument is null or empty. Provide an argument that is not null or empty, and then try the command again.
    At line:11 char:72

    • ... t-ADUser -Identity $_.accounts -Properties * -Server $gc:3268).distin ...
    • ~~~~~~~~
    • CategoryInfo : InvalidData: (:) [Get-ADUser], ParameterBindingValidationException
    • FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.ActiveDirectory.Management.Commands.GetADUser

    Accounts : The term 'Accounts' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
    At line:13 char:32

    • Select-Object @{n=Accounts;e={$row.Accounts}},@{n=Name;e ...
    • ~~~~~~~~
    • CategoryInfo : ObjectNotFound: (Accounts:String) [], CommandNotFoundException
    • FullyQualifiedErrorId : CommandNotFoundException

  3. Gary Reynolds 9,621 Reputation points
    2022-08-15T18:08:43.687+00:00

    Try changing line 3

    $gc = $allgcs[0].Name  
    

    To

    $gc = $allgcs[0].HostName  
    

  4. LB 21 Reputation points
    2022-08-15T18:22:38.077+00:00

    I tried that, $gc is reporting correct the fqdn of the gc but same error:

    Get-ADUser : Cannot validate argument on parameter 'Server'. The argument is null or empty. Provide an argument that is not null or empty, and then try the command again.
    At line:11 char:72

    • ... t-ADUser -Identity $_.accounts -Properties * -Server $gc:3268).distin ...
    • ~~~~~~~~
    • CategoryInfo : InvalidData: (:) [Get-ADUser], ParameterBindingValidationException
    • FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.ActiveDirectory.Management.Commands.GetADUser

    Accounts : The term 'Accounts' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
    At line:13 char:32

    • Select-Object @{n=Accounts;e={$row.Accounts}},@{n=Name;e ...
    • ~~~~~~~~
    • CategoryInfo : ObjectNotFound: (Accounts:String) [], CommandNotFoundException
    • FullyQualifiedErrorId : CommandNotFoundException
    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.