Solved: getting user ad group_powershell

jvm2016 · ‎06-03-2019

Hi Luc,

can we get userad group from powershell command .i know his user id .and im trying to get this on member server not on domain controller.

LucD · ‎06-04-2019

It looks as if you have an incorrect child domain, or your account has no permission to list that child domain.
I suggest to talk to your AD Admins.

Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference

View solution in original post

LucD · ‎06-03-2019

The Get-AdGroupMember cmdlet should allow you to do that query.

That cmdlet comes with the ActiveDirectory module, part of RSAT.
You can install this on a Windows box, for example WIn10 or a Windows 2016 member server.

Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference

jvm2016 · ‎06-03-2019

thanks Luc,

it is windows 2008 r2 .however if you can help me to understand one basic thing.

i run get-addomain comand on this member server .

and found parent domain.

its like xyz.com and one childdomain of like river.xyz.com.

i see some users from pond.xyz.com unable to access vcenter .when i dont find pond.xyz.com as childdomain .i think there is no point of adding them in vcenter.is that right reasoning??

hope above makes sense .

LucD · ‎06-03-2019

Not 100% sure, but I assume you will need to add each child domain to the Identity Sources in vCenter.

Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference

jvm2016 · ‎06-03-2019

oh i thought if i add parentdomain as identity source it will cover allchilddomains under it .howeveri am going to check this again. thnaks.

LucD · ‎06-03-2019

It depends how you identified the AD source, and which trusts exist between the child domains themselves.

See also Identity Sources for vCenter Server with vCenter Single Sign-On

Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference

piercj2 · ‎06-04-2019

I've had similar issues in te past, for me it was due to how AD was designed /implimented.

I was adding Identity Sources for example ACME.COM, EXAMPLE.COM, ...

unfortunately, ACME.COM has child domains that i was unable to see so, couldn't see/add AD Users/Groups.

For me, the solution was to create a Machine Account in AD for the vCenter and join it to the domain (then remove the ACME.COM Identity source as it will complain about having more than one source for the same domain)

After this, i could add Users/Groups from child.ACME.COM (and search for them).

Hope this helps

jvm2016 · ‎06-04-2019

thanks for yur response .i am checking this option .

if you or Luc can suggest

how to use

get-adgroup command to find all adgroups under child.xyz.com.

LucD · ‎06-04-2019

Try something like this

Get-ADGroup -Filter 'ObjectClass -eq "group"' -SearchBase "dc=child,dc=xyz,dc=com"

Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference

jvm2016 · ‎06-04-2019

not working

LucD · ‎06-04-2019

It looks as if you have an incorrect child domain, or your account has no permission to list that child domain.
I suggest to talk to your AD Admins.

Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference

jvm2016 · ‎06-05-2019

ok thnaks.

All

getting user ad group_powershell