Unable to enumerating group memberships in multi forest AD infrastructure

  • 201 Views
  • Last Post 08 March 2018
ahobbs posted this 07 March 2018

Hey all

show

Order By: Standard | Newest | Votes
barkills posted this 07 March 2018

I am trying to enumerate the membership of a domain local security group in
> our 2016 resource forest (FOREST A) using the get-adgroupmember cmdlet and

show

ahobbs posted this 07 March 2018

Yes, that’s correct. Physicals appear to be OK, problem appears to be with the virtuals.

The logs show the working DC talks to the Root DC, it’s when it refers to the child domain it seems to have issues.

The groups contain less than 30 users. I’ve checked the AD-WS ports are opened and the services running on the servers and windows firewall port opened

I’ll look into those links thank you

A

Sent from my iPhone

show

amulnick posted this 07 March 2018

Can you say more about the firewalls and network connectivity from the VM's perspective?  My first thought runs to a routing issue (i.e. a firewall or broken route) from the vm network. 
That kind of lack of consistency often has issues in the lower levels.  
Al


show

Rajeev Chauhan posted this 07 March 2018

Are you using window firewall. If yes then check network profile is it private/domain or public on virtuals.   Network Location Awarness services can cause the issue restart would clear the issue 


show

ahobbs posted this 08 March 2018

Hey
The VM’s sit behind VMware NSX, and there are further firewalls between the resource forest and the local forests containing the nested groups. I can do port queries successfully and no dropped packets are found with logging turned on. 
My networking knowledge isn’t brilliant, so if there is any further information you need I’ll try and find out
Thank you
A
Sent from my iPhone
On 7 Mar 2018, at 18:34, Al Mulnick <amulnick@xxxxxxxxxxxxxxxx> wrote:
Can you say more about the firewalls and network connectivity from the VM's perspective?  My first thought runs to a routing issue (i.e. a firewall or broken route) from the vm network. 
That kind of lack of consistency often has issues in the lower levels.  
Al


show

ahobbs posted this 08 March 2018

Hey
We are using windows firewall, and I’m sure we checked the ports opened but I’ll double check to see what profile is being used.
Thanks
A
Sent from my iPhone
On 7 Mar 2018, at 19:53, Rajeev Chauhan <rkaramchand@xxxxxxxxxxxxxxxx> wrote:
Are you using window firewall. If yes then check network profile is it private/domain or public on virtuals.   Network Location Awarness services can cause the issue restart would clear the issue 


show

amulnick posted this 08 March 2018

My best guess is that you connectivity issues at the network later. Best bet is to trace it out with your VMware and firewall sme ‘s. 
Al Mulnick
On Mar 7, 2018, at 7:07 PM, Amanda Hobbs <ahobbslist@xxxxxxxxxxxxxxxx> wrote:
Hey
The VM’s sit behind VMware NSX, and there are further firewalls between the resource forest and the local forests containing the nested groups. I can do port queries successfully and no dropped packets are found with logging turned on. 
My networking knowledge isn’t brilliant, so if there is any further information you need I’ll try and find out
Thank you
A
Sent from my iPhone
On 7 Mar 2018, at 18:34, Al Mulnick <amulnick@xxxxxxxxxxxxxxxx> wrote:
Can you say more about the firewalls and network connectivity from the VM's perspective?  My first thought runs to a routing issue (i.e. a firewall or broken route) from the vm network. 
That kind of lack of consistency often has issues in the lower levels.  
Al


show

Close