i'm using following code try remove & add users activedirectory groups:
import-module activedirectory $logs = "d:\logs" $user = "tempvalue" $group = get-adgroup "somevalue" $date = (get-date).tostring('yyyymmdd') $userprincipal = (get-aduser "$user" -server 123 -properties *).userprincipalname $newuser = (get-aduser -filter "userprincipalname -like '$userprincipal'" -server 456) $filesystem = new-object -com "scripting.filesystemobject" $stream = $filesystem.createtextfile("$logs\changedgroups-$date.txt", $true, $true) remove-adgroupmember -identity "$group" -member "$user" -confirm:$false $stream.writeline("removed $user $group") add-adgroupmember -identity $group -server 123 -member $newuser $stream.writeline("added $newuser $group") scenario: both domains in same forest domains in separate forests. i'm on domain "123" trying remove user group in domain 123 , add user same group domain 456.
problem: adds user domain 456, shows user foreign security policy , gives message "note object placeholder user or group trusted external domain." idea why?
i've run limitation of add-adgroupmember well. around switch set-adgroup few examples provided below. can specify dn,sid or samaccountname withing add or remove
set-adgroup -add:@{'member'="cn=group3,cn=users,dc=globomantics,dc=com"} -identity:"cn=group1,cn=users,dc=globomantics,dc=com" -server:"dc.globomantics.com" set-adgroup -identity:"cn=group1,cn=users,dc=globomantics,dc=com" -remove:@{'member'="cn=group3,cn=users,dc=globomantics,dc=com"} -server:"dc.globomantics.com" 
Comments
Post a Comment