Get-ADUser Powershell Issue

I am trying to run the following script and I get an error

I am running the script with the same user as defined in the script and it has the appropriate rights to the domain and the local machine.  

The user and the users all exist in another domain that we have a one way trust from the domain with.

 I have verified DNS is correct in the domain and I can contact both DC's in the domain from the machine (all machines are running 2012R2)

$UserFile = "User.fil"

$PassFile = "Pass.fil"  

# Check for credential files, create if required
if (!(Test-Path $UserFile) -or !(Test-Path $PassFile)) {
    Write-Host "Credential files not found"
    $cred = Get-Credential -Credential ($env:userdomain + "\" + $env:username)
    $cred.UserName | Set-Content $UserFile -Force
    $cred.Password | ConvertFrom-SecureString | Set-Content $PassFile -Force
    Write-Host "Credentials saved"
}

# Load password credential from encrypted file
$pass = Get-Content $PassFile | ConvertTo-SecureString
$user = Get-Content $UserFile
$cred = New-Object System.Management.Automation.PsCredential($user, $pass)
$ErrorActionPreference = "Stop"
$ErrorActionPreference | out-file -FilePath C:\Scripts\Test_Scripts\Scheduled_Provision-out.txt
$AD_Centrify_Group = 'CentrifyUsers'
#$AD_Centrify_Group = 'CentTop2'
$AD_Centrify_Group | out-file -FilePath C:\Scripts\Test_Scripts\Scheduled_Provision-out.txt -Append



<###################################
 # Get available DCs
 ###################################>

$DCName_FRANKLIN = (Get-ADDomainController -domain ad.franklin.uga.edu -discover -writable).name + 'AD.FRANKLIN.UGA.EDU'
$DCName_FRANKLIN | out-file -FilePath C:\Scripts\Test_Scripts\Scheduled_Provision-out.txt -Append
$DCName_MSMYID = (Get-ADDomainController -domain msmyid.uga.edu -discover -writable).name + '.MSMYID.UGA.EDU'
$DCName_MSMYID | out-file -FilePath C:\Scripts\Test_Scripts\Scheduled_Provision-out.txt -Append


<###################################
 # Get stored credentials
 # NOTE: This script MUST be run as the same user who created the password hash.
 # For the most part, this should be the MYID\s-fc_centrify account.
 ###################################>

$creds_uname = "MYID\s-fc_centrify"
$creds_uname | out-file -FilePath C:\Scripts\Test_Scripts\Scheduled_Provision-out.txt -Append
$creds_pw = Get-Content C:\Scripts\Test_Scripts\centrify.creds | ConvertTo-SecureString
$creds_pw | out-file -FilePath C:\Scripts\Test_Scripts\Scheduled_Provision-out.txt -Append
$MSMYID_Creds = New-Object System.Management.Automation.PsCredential ($creds_uname, $creds_pw)
$MSMYID_Creds | out-file -FilePath C:\Scripts\Test_Scripts\Scheduled_Provision-out.txt -Append


<###################################
 # Blank Group Membership
 ###################################

$arrUsers = Get-ADGroupMember -Identity $AD_Centrify_Group -Credential $MSMYID_Creds

Foreach ($objUser in $arrUsers) {
    Remove-ADGroupMember -Identity $AD_Centrify_Group -Credential $MSMYID_Creds -Members $objUser -Confirm:$false
}

#>
<###################################
 # Gather & add Enabled OU Accounts
 ###################################>

# Write output to a file, for testing/debugging.
Write-Host $DCName_FRANKLIN
$arrAcctOUs = Get-ADUser -Filter { (enabled -eq $true) } -Server $DCName_FRANKLIN -SearchBase 'OU=Users,OU=OUADM,OU=Departments,DC=ad,DC=franklin,DC=uga,DC=edu'

Foreach ($objAcctOUs in $arrAcctOUs) {
    Write-Output "Add-ADGroupMember $AD_Centrify_Group -Members $objAcctOUs" | out-file -FilePath C:\Scripts\Test_Scripts\Scheduled_Provision-OU_Accts-out.txt -Append
}
#
# Production code
$arrAcctOUs = Get-ADUser -Filter { (enabled -eq $true) } -Server $DCName_FRANKLIN -SearchBase 'OU=Users,OU=OUADM,OU=Departments,DC=ad,DC=franklin,DC=uga,DC=edu'

Foreach ($objAcctOUs in $arrAcctOUs) {
    Add-ADGroupMember $AD_Centrify_Group -Members $objAcctOUs
}
#

<###################################
 # Gather & add Enabled Z Accounts
 ###################################>

# Write output to a file, for testing/debugging.
$arrAcctZs = Get-ADUser -Filter { (enabled -eq $true) } -Server $DCName_MSMYID -Credential $MSMYID_Creds -SearchBase 'OU=Users,OU=OUADM,OU=ARTSCI,OU=Departments,DC=msmyid,DC=uga,DC=edu'

Foreach ($objAcctZs in $arrAcctZs) {
    Write-Output "Add-ADGroupMember $AD_Centrify_Group -Members $objAcctZs" | out-file -FilePath C:\Scripts\Test_Scripts\Scheduled_Provision-Z_Accts-out.txt -Append
}

# Production code
$arrAcctZs = Get-ADUser -Filter { (enabled -eq $true) } -Server $DCName_MSMYID -Credential $MSMYID_Creds -SearchBase 'OU=Users,OU=OUADM,OU=ARTSCI,OU=Departments,DC=msmyid,DC=uga,DC=edu'

Foreach ($objAcctZs in $arrAcctZs) {
    Add-ADGroupMember $AD_Centrify_Group -Members $objAcctZs
}
#

<###################################
 # Gather & add Enabled MyIDs
 ###################################

# Write output to a file, for testing/debugging.
$arrAcctMYIDs = Get-ADUser -ResultSetSize $null -Filter { (enabled -eq $true) } -Server $DCName_MSMYID -Credential $MSMYID_Creds -SearchBase 'OU=MyID,DC=msmyid,DC=uga,DC=edu'
$arrAcctMYIDs | out-file -FilePath C:\Scripts\Test_Scripts\Scheduled_Provision-MyIDs_array-out.txt -Append

Foreach ($objAcctMyIDs in $arrAcctMYIDs) {
    Write-Output "Add-ADGroupMember $AD_Centrify_Group -Members $objAcctMYIDs" | out-file -FilePath C:\Scripts\Test_Scripts\Scheduled_Provision-MyIDs-out.txt -Append
}

#>

# Production code
$arrAcctMYIDs = Get-ADUser -ResultSetSize $null -Filter { (enabled -eq $true) } -Server $DCName_MSMYID -Credential $MSMYID_Creds -SearchBase 'OU=MyID,DC=msmyid,DC=uga,DC=edu'

Foreach ($objAcctMyIDs in $arrAcctMYIDs) {
    Add-ADGroupMember $AD_Centrify_Group -Members $objAcctMYIDs
}
#

ERROR MESSAGE 

Get-ADUser : Unable to contact the server. This may be because this server does not exist, it is currently down, or it does not have the Active Directory 
Web Services running.
At line:1 char:15
+ $arrAcctOUs = Get-ADUser -Filter { (enabled -eq $true) } -Server $DCName_FRANKLI ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ResourceUnavailable: (:) [Get-ADUser], ADServerDownException
    + FullyQualifiedErrorId : ActiveDirectoryServer:0,Microsoft.ActiveDirectory.Management.Commands.GetADUser

September 10th, 2015 10:42am

Your error message does not match the script.

Read the error very carefully.  It tells you exactly what your problem is.

Just type that one line and you will see the error.  The firewall or the routers are not allowing the query to connect.  It is not a script problem.  COntact your network admins to find out why the connection is being blocked.

Free Windows Admin Tool Kit Click here and download it now
September 10th, 2015 10:54am

Be sure the server you are targeting has the RSAT web service installed.

September 10th, 2015 10:55am

Get-ADUser : Unable to contact the server. This may be because this server does not exist, it is currently down, or it does not have the Active Directory 

Validate your server name is correct in your Get-ADUser fields

$arrAcctMYIDs = Get-ADUser -ResultSetSize $null -Filter { (enabled -eq $true) } -Server $DCName_MSMYID -Credential $MSMYID_Creds -SearchBase 'OU=MyID,DC=msmyid,DC=uga,DC=edu'

If you are running this from a machine other than a domain controller make sure RSAT is enabled and you have domain admin access.

Free Windows Admin Tool Kit Click here and download it now
September 10th, 2015 1:30pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics