Hello I am trying to find out the groups a user belongs across domains and forests.
The BE.LOCAL and EMEA.LOCAL domains both are member of the LOCAL forest.
There is a trust between the LOCAL forest and the contoso.com forest.
I manage to find the groups when remaining in the LOCAL forest. This script lists the EMEA groups "BE\John Doe" is member of.
Get-ADPrincipalGroupMembership
-Identity "CN=Doe \, John \, SAMID,OU=HR,OU=Common,OU=USER,DC=be,DC=local"
-ResourceContextServer
emea.local -Server
be.local
But when I run this script on contoso.com
Get-ADPrincipalGroupMembership
-Identity "CN=Doe \, John \, SAMID,OU=HR,OU=Common,OU=USER,DC=be,DC=local"
-ResourceContextServer
contoso.com -Server
be.local
I get this error message:
Does any one have a suggestion?
Thank you!
Get-ADPrincipalGroupMembership : The operation being requested was not performed because the user has not been authenticated
At line:1 char:2
+
Get-ADPrincipalGroupMembership -Identity "CN=DOE \ ...
+
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo
: NotSpecified: (CN=DOE \, ...,DC=be,DC=local:ADPrincipal) [Get-ADPrincipalGroupMembership], ADException
+ FullyQualifiedErrorId : ActiveDirectoryServer:1244,Microsoft.ActiveDirectory.Management.Commands.GetADPrincipalGroupMembership
