So I am trying to duplicate the output of a very simple AdFind command to locate a universal group and enumerate the members in a simple quoted DN format. I want identical output to the console or perhaps I could live without the quotes.
The AdFind command looks like:
adfind -gcb -f "displayname=some group displayname" member –qlist
I spent more time than I should trying to figure out how to duplicate it. Nothing intuitive seemed to work.
Apparently Get-ADGroup requires you to specify the actual GC name and port in order to perform a GC search… Several other ADWS cmdlets seem to require the same. WTF?? Seriously? Anyone remember serverless bind on the team that wrote those cmdlets? How hard is it to add a simple -gc switch or if you absolutely must -GlobalCatalog or even -PleaseUseAD***GlobalCatalog?
The best I have gotten to to this point is:
$gc=(Get-ADDomainController -discover -service globalcatalog).hostname[0] + ":3268" ; $dn=(Get-ADGroup -server $gc -searchbase "" -f ‘displayname -eq "some group displayname"’).distinguishedname ; (Get-ADGroupMember $dn).distinguishedname
Even for PowerShell that seems a bit verbose. What am I doing wrong?
joe
Hi Joe,
Absolutely share the same pain with you. Several times I have spent way more time to get some output from a powershell cmdlet to give up and run a simple old school command, or vbscript to accomplish the same task in a fraction of the time.
I would stick with adfind. 🙂