Get-QADUser: The server does not support the control. The control is critical.

Summary

In recent times the manager asked to query AD to get department and display name. We are in a trusted domain and have a different AD forest. We can successfully get out AD users report but not other domain.

Error:

Get-QADUser : The server does not support the control. The control is critical.

Code:

Add-PSSnapin Quest.Activeroles.AdManagement Get-QADUser  -SearchRoot 'OU=TEST,DC=TEST,DC=TEST' -SizeLimit 0 |  Select Name , DisplayName | Export-Csv C:\Temp\UserReport.CSV -NoTypeInformation -Encoding UTF8

Solution:

Add-PSSnapin Quest.Activeroles.AdManagement Get-QADUser  -SearchRoot 'OU=TEST,DC=TEST,DC=TEST' -SizeLimit 0 -Service 'DCINTRUSTEDDOMAIN.DOMAIN.NET' |  Select Name , DisplayName | Export-Csv C:\Temp\UserReport.CSV -NoTypeInformation -Encoding UTF8

Fix is to add -service parameter. Enjoy PowerShell :)