Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Tuesday, August 11, 2015 12:36 PM
If I run Get-ADUser myname.surname -properties memberof I get a list of the groups im a member of.
If I run Get-ADUser othername.surname -properties memberof for a different user the memberof attribute is coming back as {} if I pipe it to | Select -expandobject memberof | Measure-Object the result is 0.
The user is a direct member of plenty of groups, visible when using ADUC. Ive tried this on various users and some return the group info, the others dont.
Both users primary group is Domain Users
Anyone shed any light on to why this is happening for some users?
All replies (4)
Wednesday, August 12, 2015 9:17 AM âś…Answered | 1 vote
If anyone is interested I have managed to "fix" it.. or at least find out why its happening.
If I elevate the powershell console (run as admin) then it returns that attributes value, even though I was logged onto the DC with my Dom Admin account.
So obvioulsy a permission thing but not sure why
Patrick
Tuesday, August 11, 2015 6:03 PM
How are the users in your organization named? is it firstname.lastname (givenname.surname) ?
Can you show us exactly how you're formatting your command? I know when I do the following:
get-aduser myuser -properties memberof | % {$_.memberof}
It will list out the groups my user object is a member of. If I enclose that whole thing in parens and drop a ".count" on the end, I get a count of how many groups my user object is a member of:
(get-aduser myuser -properties memberof | % {$_.memberof}).count
I've never seen powershell be off from other programs (AD Users and Computers, ADSI Edit, etc) because it's pulling the info from the exact same location they are.
Wednesday, August 12, 2015 7:24 AM
i type it exactly as I posted
Get-ADUser othername.surname -properties memberof
And yeah we have firstname.lastname but thats irelevant.. the command returns the user object.. just not the memberof attribute.. it gets returned as
member0f:{}
if I pipe the command to | Measure-object its 0 (zero)
Monday, January 4, 2016 1:44 PM
Another way to run this for me was run it remotely. Even from different forest.
Server A is DC in forest A. And I am domain admin in the domain.
Server B is member server inf forest B. I am plain user in relation with domain A.
If I logged locally on Server A -- does not work. If I logged to server B -- works perfectly.
To change settings I used -Credential parameter and put there forest A credentials.
For me it is something UAC related. As on my servers UAC is disabled. But if I access domain controllers over network (using -Server parameter) -- no issues.
Ilya