3

I am trying to get all computer accounts from the another domain.

Here is my PowerShell script:

$environment = "myDomain"
$strCategory = "computer"
$objDomain = New-Object System.DirectoryServices.DirectoryEntry("LDAP://dc=" + $environment + ",dc=com")
$objSearcher = New-Object System.DirectoryServices.DirectorySearcher ("LDAP://dc=" + $environment + ",dc=com")
$objSearcher.SearchRoot = $objDomain
$objSearcher.Filter = ("(objectCategory=$strCategory)")
$colProplist = "name"
foreach ($i in $colPropList){$objSearcher.PropertiesToLoad.Add($i)| Out-Null}  
$colResults = $objSearcher.FindAll()
 foreach ($objResult in $colResults) {
   $objComputer = $objResult.Properties
   Write-output $objComputer.name
}

I am getting this error: 

Exception calling "FindAll" with "0" argument(s): "A referral was returned from the server.

How can I fix this error?

Improve this question
1
  • what is your FQDN domain name? Using your script in my domain do a great job! Commented Oct 31, 2011 at 8:54

4 Answers 4

Reset to default
4

Can you try this :

$dn = New-Object System.DirectoryServices.DirectoryEntry ("LDAP://DCIpAddress:389/dc=dom,dc=fr","[email protected]","admin")

# Here look for a user
$Rech = new-object System.DirectoryServices.DirectorySearcher($dn)
$Rech.filter = "(([email protected]))"
$Rech.SearchScope = "subtree"
$Rech.PropertiesToLoad.Add("distinguishedName");
$Rech.PropertiesToLoad.Add("sAMAccountName");  
$Rech.PropertiesToLoad.Add("lastLogon");  
$Rech.PropertiesToLoad.Add("telephoneNumber");
$Rech.PropertiesToLoad.Add("memberOf");
$Rech.PropertiesToLoad.Add("distinguishedname");
$Rech.PropertiesToLoad.Add("otherHomePhone"); # téléphone domicile autre

$liste = $Rech.FindAll()

It's the same as your code, but here I target a DC (you'd better target a domain DNS name)and I authenticate my connnexion. If the other domain is in the same forest, you can use the Enterprise admin account, if the other domain is in another forest, or in a trusted domain, use the administrator of the domain.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

4

I experienced a similar issue--I found that if I specified a server that was a GC and the port that I was able to succeed. I was using the PowerShell Get-AdUser cmdlet, but my scenario was similar (trying to query a universal group membership from a child domain).

get-aduser -server fqdn.gc.root.domain:3268
Improve this answer

Comments

1

Very much like atguilmette's answer to this very question, I was able to get the Active Directory Cmdlets to work against a different domain than my current domain by specifying the -Server parameter. (Unlike that answer, I did not need to explicitly target a GC machine with a specific port. Perhaps my environment is special...)

Get-ADGroup the-group-in-the-other-domain -Server other.domain.com
Improve this answer

Comments

0

Quest's AD cmdlets offer a command specifically for connecting to another domain: Connect-QADService.

I've successfully used this in production.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.