MassimoPascucci
commented
2 years ago This seems… less than ideal. Connecting to a domain using its DNS name will use DNS round robin to point to a random DC for that domain, which in a large environment could be anywhere in the world.
Also, it seems to cause authentication issues (see #51).
I’m a bit puzzled by the issue existing at all: a Global Catalog should be able to answer that kind of query about any object in the forest.
I think the real issue is that you are not actually talking with the GC service in your queries. To do that, you need to specify TCP port 3268:
Get-AdObject -Server ($globalCatalogServer + ':3268')
Encountered scenario where customer had additional trees and child domains within the forest. During the normalization function for each recipient dependency the get-adobject call was issued but if the object did not exist in the same domain as the group it would fail.
Created a new function get-activeDirectoryDomainName that takes the DN and strips out the domain portion. Then changed all get-adobject referneces to use the -server which and then the domain name in FQDN format. This allows a domain referral to occur and the object to be found across domains.