0

I want to export users of some large groups. The groups are filled with other groups and the members of those groups are users from a trusted external domain.

When I run this script if gives an error:

$Users = Get-ADGroupMember -Identity 'Group' -recursive |
  Where {$_.ObjectClass -eq 'User'} |
  Get-ADUser -Properties SamAccountName |
  Select-Object SamAccountName

Error: The operation being requested was not performed because the user has not been authenticated.

And that's the other domain that requests authentication. How can I achieve this in the script?

Thanks

Mathias R. Jessen
  • 157,619
  • 12
  • 148
  • 206
Jaap2016
  • 1
  • `Get-ADUser` has a parameter called `Credential` – Theo Mar 25 '20 at 11:03
  • Please paste the full error in its entirety (minus any internal names you want to sanitize) – Mathias R. Jessen Mar 25 '20 at 11:05
  • Get-ADGroupMember : The server was unable to process the request due to an internal error. For more information about the error, either turn on IncludeExceptionDetailInFaults (either from ServiceBehaviorAttribute or from the configuration behavior) on the server in order to send the exception information back to the client, or turn on tracing as per the Microsoft .NET Framework SDK documentation and inspect the server trace logs. – Jaap2016 Mar 25 '20 at 13:02

1 Answers1

0

Whenever you run an AD group cmdlet, it uses your logged-in credentials to query Active Directory. This says you need to be on a domain joined computer logged in as an AD user that has permission to query.

You are on a workgroup computer or need to authenticate to AD as a different user. Then you need to provide credentials. Like other ps cmdlets, Get-ADGroupMember has a -Ceedential parameter and This parameter allows you to specify a username and password to use for the authentication.

This will show a dialog to prompt you for your credentials:

$Users = Get-ADGroupMember -Identity 'Group' -recursive -Credential (Get-Credential) | Where {$_.ObjectClass -eq 'User'} | Get-ADUser -Properties SamAccountName | Select-Object SamAccountName

Or you can specify credentials:

$cred = New-object System.Management.Automation.Pscredential User, Password

AND -Credential $cred

Wasif
  • 14,755
  • 3
  • 14
  • 34
  • Still the error: Get-ADGroupMember : The server was unable to process the request due to an internal error. For more information about the error, either turn on IncludeExceptionDetailInFaults (either from ServiceBehaviorAttribute or from the configuration behavior) on the server in order to send the exception information back to the client, or turn on tracing as per the Microsoft .NET Framework SDK documentation and inspect the server trace logs. – Jaap2016 Mar 25 '20 at 13:01