question

kardon-6773 avatar image
0 Votes"
kardon-6773 asked AndreasBaumgarten commented

"Get-ADuser : A referral was returned from the server" when trying to access subdomain

Hello everyone,

I run into an issue where I seemingly can't look for users in a subdomain.

I made a small script that replaces the company of users from a .csv file. I'm looping through two domains: test.local and location1.test.local.

Now there's no issue working with test.local. But with the subdomain location1.test.local I can't seem to get anything working without the following error.

PS C:\Users\Administrator> Get-ADUser -filter -searchbase "DC=location1,DC=test,DC=local"
Get-ADuser : A referral was returned from the server
+ Get-ADUser -filter
-searchbase ""DC=location1,DC=test,DC=local"
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ResourceUnavailable: (:) [Get-ADUser], ADReferralException
+ FullyQualifiedErrorId : ActiveDirectoryServer:8235,Microsoft.ActiveDirectory.Management.Commands.GetADUser

windows-server-powershellwindows-active-directory
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @kardon-6773 ,

Did the answer work for you? Are there any additional questions to this topic?

If you found the answer helpful, it would be great if you please mark it "Accept as answer". This will help others to find answers in Q&A

----------
Regards
Andreas Baumgarten

0 Votes 0 ·
IanXue-MSFT avatar image
0 Votes"
IanXue-MSFT answered IanXue-MSFT edited

Hi,

Try searching the Global Catalog, not the DC.

 $GlobalCatalog = Get-ADDomainController -Discover -Service GlobalCatalog
 Get-ADUser -Filter * -Server "$($GlobalCatalog.name):3268"

Best Regards,
Ian Xue
============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

AndreasBaumgarten avatar image
0 Votes"
AndreasBaumgarten answered

Hi @kardon-6773 ,

if you like to get the users from a different domain (in the same forest) the query should be send to a domain controller that is a global catalog server as well.
You are running the command on a computer that is member in test.local?

You can give it a try with this:

 $PSDefaultParameterValues = @{
     "*-AD*:Server" = "test.local:3268"
 }
 Get-ADUser -filter -searchbase "DC=location1,DC=test,DC=local"


(If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)

Regards
Andreas Baumgarten

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.