Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Summary
In recent times the manager asked to query AD to get department and display name. We are in a trusted domain and have a different AD forest. We can successfully get out AD users report but not other domain.
Error:
Get-QADUser : The server does not support the control. The control is critical.
Code:
| Add-PSSnapin Quest.Activeroles.AdManagement Get-QADUser -SearchRoot 'OU=TEST,DC=TEST,DC=TEST' -SizeLimit 0 | Select Name , DisplayName | Export-Csv C:\Temp\UserReport.CSV -NoTypeInformation -Encoding UTF8 |
Solution:
| Add-PSSnapin Quest.Activeroles.AdManagement Get-QADUser -SearchRoot 'OU=TEST,DC=TEST,DC=TEST' -SizeLimit 0 -Service 'DCINTRUSTEDDOMAIN.DOMAIN.NET' | Select Name , DisplayName | Export-Csv C:\Temp\UserReport.CSV -NoTypeInformation -Encoding UTF8 |
Fix is to add -service parameter. Enjoy PowerShell :)