I am trying to enumerate the membership of a domain local security group in our 2016 resource forest (FOREST A) using the get-adgroupmember cmdlet and it’s failing on 3 of our 5 Windows 2016 Domain Controllers. The physical server connects, but the virtual servers do not.
The domain local security group contains nested groups from two different 2008 R2 Active Directory forests (FORESTS B & C), which are setup with two-way forest trusts.
The issue only affects one of the Active Directory Forests (FOREST C), this forest has a root and child domain. The forest trust is created with the root domain and FOREST B is a single forest single domain.
We’ve checked all the network connectivity and the same firewall rules are applied to all domain controllers. We’ve used port query monitored firewalls and we can’t see any dropped packets.
The message we get is:
get-adgroupmember : An unspecified error has occurred
At line:1 char:1
+ get-adgroupmember jsock-users-europe
+ CategoryInfo : NotSpecified: (jsock-users-europe)
+ FullyQualifiedErrorId : ActiveDirectoryServer:0,Microsoft.ActiveDire
Replication is working, we can’t see any issues with DNS resolution. Any ideas?
Forum info: http://www.activedir.org
Problems unsubscribing? Email admin@xxxxxxxxxxxxxxxx