Active Directory referral chasing issue

Question

Maybe someone who has more experience with Active Directory can help me. I need to get info such as OS, name, FQDN from a computer in a different domain. I will explain what I mean. I have root domain: example.com, with 2 subdomains: xxx.example.com and yyy.xxx.example.com

Each domain contain 1 computer. Both of them in one group, for example groupfoo, they also in different OU

I can get info about members in group, I try PowerShell and dsquery. Both of them return right list of computers in group. But I can get info only from computer in the same domain where I run PowerShell script and dsquery.

to be clear I have one more computer not in groupfoo, and this computer used for administrating Active Directory.

As I understand in Active Directory we have thing such as "referral chasing". I read a lot and as I know Power Shell don't have an options such as "enable referral chasing". For dsquery I found option -r for recursive request.

What I have already tried:

PS> dsquery group -name goupfoo | dsget group -members
"CN=member01,OU=Domain Controllers,DC=xxx,DC=example,DC=com"
"CN=member02,OU=XXX,OU=Domain Controllers,DC=yyy,DC=xxx,DC=example,DC=com"

My computer in DC=yyy,DC=xxx,DC=example,DC=com I can get info from CN=member02,OU=XXX,OU=Domain Controllers,DC=yyy,DC=xxx,DC=example,DC=com

PS > dsquery * -filter "(&(objectClass=Computer)(objectCategory=Computer)(sAMAccountName=member02$))" -attr sAMAccountName operatingSystem
  sAMAccountName    operatingSystem
  member02$        Windows Server 2008 R2 Standard

running the same command for member01 yielded no results :

PS > dsquery * -filter "(&(objectClass=Computer)(objectCategory=Computer)(sAMAccountName=member01$))" -attr sAMAccountName operatingSystem
PS >

I tried different variation of dsquery, I try -r key for recursive, but it's dosen't work.

Maybe important thing, in the settings of "DC=yyy,DC=xxx,DC=example,DC=com" I saw what "DC=xxx,DC=example,DC=com" it's a trusted parent for "DC=yyy,DC=xxx,DC=example,DC=com" maybe I can get info doing the same from parent domain?

The same I can get with Power Shell Get-ADGroup, Get-ADMember etc, I tried use all options, credentials, server etc. it's always return info only from one computer in the same domain as I am.

Answer 1

Try using a DirectorySearcher object:

$filter     = "(&(objectCategory=Computer)(sAMAccountName=$computername))"
$properties = 'distinguishedName', 'sAMAccountName', ...

$search = New-Object DirectoryServices.DirectorySearcher
$search.SearchRoot  = New-Object DirectoryServices.DirectoryEntry
$search.Filter      = $filter
$search.SearchScope = 'Subtree'
$search.ReferralChasing = [DirectoryServices.ReferralChasingOption]::All
$properties | % { $search.PropertiesToLoad.Add($_) } | Out-Null

$search.FindAll()

I don't know if ActiveDirectory module cmdlets actually support referral chasing.