How do you search a different active directory domain?

Sometimes you’ll see a a service account in SQL Server that you can’t easily find in Active Directory.

Say you want to find the service account for processing Adverts.

$ Get-ADUser -Filter "Name -like '*Advert*'" | Select Name

No results. Damn!

This was frustrating until someone reminded me that it was probably outside the corp domain that holds the mostly human users, like me. Your domain is the default domain for the AD cmdlets.

So how do you search other domains?

Use Get-ADForest to list all the domains in your forest.

$ (Get-ADForest).Domains
api.cloudcorp.local
corp.cloudcorp.local
dev.cloudcorp.local
int.cloudcorp.local
prod.cloudcorp.local

Use the -Server parameter of Get-ADUser to override the default domain value. It’s oddly named, but it’s basically synonymous with Domain. (It actually refers to an instance of Active Directory Domain Services.)

If you want to search all the domains, just set up a pipeline.

Select UserPrincipalName at the very end to distinguish the different domains.

$ (Get-ADForest).Domains | % { Get-ADUser -Server $_ -Filter "Name -like '*advert*'" } | Select UserPrincipalName

UserPrincipalName
-----------------
svc_advert@dev.cloudcorp.local
svc_advert@int.cloudcorp.local
svc_advert@prod.cloudcorp.local
svc_advert@test.cloudcorp.local

Thanks to Steve Mahoney on the PowerShell.com forum for explaining this.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s