Powershell not able to query remote (Trusted) Forest Domain to retrieve Global Groups in Local (Trusting) Forest Domain


I have a One Way Trust between a USER (Trusted) Forest (Domain_A) and a RESOURCE (Trusting) Forest (Domain_B)

From ADUC on Domain_B, I can add my various RESOURCE (Local) groups to USER (Global) groups ,from Domain_A but I cannot replicate that functionality in Powershell (executed from Domain_B)

To Test what's going wrong, I have checked whether the following lines work (first is to prove my syntax is correct. The Working Line,, successfully queries the local Domain and inputs the information into the variable $g

However, the failing lines, times out and when I check the Firewall traffic, nothing is being sent down the Firewall for Domain_B. How can I force the script to actually recognise that Domain_A queries need to go though the Firewall ?

When I perform an NLTEST command (nltest.exe /dclist:Domain_A), i get a correct response for the two DC's in that TRUSTED domain and when I ping those DC's the DNS forwarders know to route the traffic through the Firewall but the PS script doesn't seem to know what to do ?

Obviously once I get over this hurdle, I have can add this line back into a script for managing all my resource groups,' access

:Working Lines

$g = Get-ADGroup -Server "domain_B" <group_that_exists_In_Domain_B>

:Failing Lines

$AdminCredentials = Get-Credential "Domain_A\<admin-name>"

$g = Get-ADGroup -Server "domain_A"" group_that_exists_In_Domain_A> -Credential $AdminCredentials

Get-ADGroup : Unable to contact the server. This may be because this server does not exist, it is currently down, or it does not have the Active Directory Web Services

  • Argh thanks,

    so are you saying in the example, the "$g" variable is looking at the local environment and needs to be specified in way that poweshell knows to start a remote session ?

    $g = Get-ADGroup -Server "domain_A" "<group_that_exists_In_Domain_A>" -Credential $AdminCredentials

Reply Children
No Data