So I am trying to duplicate the output of a very simple AdFind command to locate a universal group and enumerate the members in a simple quoted DN format. I want identical output to the console or perhaps I could live without the quotes.
The AdFind command looks like:
adfind -gcb -f "displayname=some group displayname" member –qlist
I spent more time than I should trying to figure out how to duplicate it. Nothing intuitive seemed to work.
Apparently Get-ADGroup requires you to specify the actual GC name and port in order to perform a GC search… Several other ADWS cmdlets seem to require the same. WTF?? Seriously? Anyone remember serverless bind on the team that wrote those cmdlets? How hard is it to add a simple -gc switch or if you absolutely must -GlobalCatalog or even -PleaseUseAD***GlobalCatalog?
The best I have gotten to to this point is:
$gc=(Get-ADDomainController -discover -service globalcatalog).hostname + ":3268" ; $dn=(Get-ADGroup -server $gc -searchbase "" -f ‘displayname -eq "some group displayname"’).distinguishedname ; (Get-ADGroupMember $dn).distinguishedname
Even for PowerShell that seems a bit verbose. What am I doing wrong?