I am trying to run the following script and I get an error
I am running the script with the same user as defined in the script and it has the appropriate rights to the domain and the local machine.
The user and the users all exist in another domain that we have a one way trust from the domain with.
I have verified DNS is correct in the domain and I can contact both DC's in the domain from the machine (all machines are running 2012R2)
$UserFile = "User.fil"
$PassFile = "Pass.fil"
# Check for credential files, create if required
if (!(Test-Path $UserFile) -or !(Test-Path $PassFile)) {
Write-Host "Credential files not found"
$cred = Get-Credential -Credential ($env:userdomain + "\" + $env:username)
$cred.UserName | Set-Content $UserFile -Force
$cred.Password | ConvertFrom-SecureString | Set-Content $PassFile -Force
Write-Host "Credentials saved"
}
# Load password credential from encrypted file
$pass = Get-Content $PassFile | ConvertTo-SecureString
$user = Get-Content $UserFile
$cred = New-Object System.Management.Automation.PsCredential($user, $pass)
$ErrorActionPreference = "Stop"
$ErrorActionPreference | out-file -FilePath C:\Scripts\Test_Scripts\Scheduled_Provision-out.txt
$AD_Centrify_Group = 'CentrifyUsers'
#$AD_Centrify_Group = 'CentTop2'
$AD_Centrify_Group | out-file -FilePath C:\Scripts\Test_Scripts\Scheduled_Provision-out.txt -Append
<###################################
# Get available DCs
###################################>
$DCName_FRANKLIN = (Get-ADDomainController -domain ad.franklin.uga.edu -discover -writable).name + 'AD.FRANKLIN.UGA.EDU'
$DCName_FRANKLIN | out-file -FilePath C:\Scripts\Test_Scripts\Scheduled_Provision-out.txt -Append
$DCName_MSMYID = (Get-ADDomainController -domain msmyid.uga.edu -discover -writable).name + '.MSMYID.UGA.EDU'
$DCName_MSMYID | out-file -FilePath C:\Scripts\Test_Scripts\Scheduled_Provision-out.txt -Append
<###################################
# Get stored credentials
# NOTE: This script MUST be run as the same user who created the password hash.
# For the most part, this should be the MYID\s-fc_centrify account.
###################################>
$creds_uname = "MYID\s-fc_centrify"
$creds_uname | out-file -FilePath C:\Scripts\Test_Scripts\Scheduled_Provision-out.txt -Append
$creds_pw = Get-Content C:\Scripts\Test_Scripts\centrify.creds | ConvertTo-SecureString
$creds_pw | out-file -FilePath C:\Scripts\Test_Scripts\Scheduled_Provision-out.txt -Append
$MSMYID_Creds = New-Object System.Management.Automation.PsCredential ($creds_uname, $creds_pw)
$MSMYID_Creds | out-file -FilePath C:\Scripts\Test_Scripts\Scheduled_Provision-out.txt -Append
<###################################
# Blank Group Membership
###################################
$arrUsers = Get-ADGroupMember -Identity $AD_Centrify_Group -Credential $MSMYID_Creds
Foreach ($objUser in $arrUsers) {
Remove-ADGroupMember -Identity $AD_Centrify_Group -Credential $MSMYID_Creds -Members $objUser -Confirm:$false
}
#>
<###################################
# Gather & add Enabled OU Accounts
###################################>
# Write output to a file, for testing/debugging.
Write-Host $DCName_FRANKLIN
$arrAcctOUs = Get-ADUser -Filter { (enabled -eq $true) } -Server $DCName_FRANKLIN -SearchBase 'OU=Users,OU=OUADM,OU=Departments,DC=ad,DC=franklin,DC=uga,DC=edu'
Foreach ($objAcctOUs in $arrAcctOUs) {
Write-Output "Add-ADGroupMember $AD_Centrify_Group -Members $objAcctOUs" | out-file -FilePath C:\Scripts\Test_Scripts\Scheduled_Provision-OU_Accts-out.txt -Append
}
#
# Production code
$arrAcctOUs = Get-ADUser -Filter { (enabled -eq $true) } -Server $DCName_FRANKLIN -SearchBase 'OU=Users,OU=OUADM,OU=Departments,DC=ad,DC=franklin,DC=uga,DC=edu'
Foreach ($objAcctOUs in $arrAcctOUs) {
Add-ADGroupMember $AD_Centrify_Group -Members $objAcctOUs
}
#
<###################################
# Gather & add Enabled Z Accounts
###################################>
# Write output to a file, for testing/debugging.
$arrAcctZs = Get-ADUser -Filter { (enabled -eq $true) } -Server $DCName_MSMYID -Credential $MSMYID_Creds -SearchBase 'OU=Users,OU=OUADM,OU=ARTSCI,OU=Departments,DC=msmyid,DC=uga,DC=edu'
Foreach ($objAcctZs in $arrAcctZs) {
Write-Output "Add-ADGroupMember $AD_Centrify_Group -Members $objAcctZs" | out-file -FilePath C:\Scripts\Test_Scripts\Scheduled_Provision-Z_Accts-out.txt -Append
}
# Production code
$arrAcctZs = Get-ADUser -Filter { (enabled -eq $true) } -Server $DCName_MSMYID -Credential $MSMYID_Creds -SearchBase 'OU=Users,OU=OUADM,OU=ARTSCI,OU=Departments,DC=msmyid,DC=uga,DC=edu'
Foreach ($objAcctZs in $arrAcctZs) {
Add-ADGroupMember $AD_Centrify_Group -Members $objAcctZs
}
#
<###################################
# Gather & add Enabled MyIDs
###################################
# Write output to a file, for testing/debugging.
$arrAcctMYIDs = Get-ADUser -ResultSetSize $null -Filter { (enabled -eq $true) } -Server $DCName_MSMYID -Credential $MSMYID_Creds -SearchBase 'OU=MyID,DC=msmyid,DC=uga,DC=edu'
$arrAcctMYIDs | out-file -FilePath C:\Scripts\Test_Scripts\Scheduled_Provision-MyIDs_array-out.txt -Append
Foreach ($objAcctMyIDs in $arrAcctMYIDs) {
Write-Output "Add-ADGroupMember $AD_Centrify_Group -Members $objAcctMYIDs" | out-file -FilePath C:\Scripts\Test_Scripts\Scheduled_Provision-MyIDs-out.txt -Append
}
#>
# Production code
$arrAcctMYIDs = Get-ADUser -ResultSetSize $null -Filter { (enabled -eq $true) } -Server $DCName_MSMYID -Credential $MSMYID_Creds -SearchBase 'OU=MyID,DC=msmyid,DC=uga,DC=edu'
Foreach ($objAcctMyIDs in $arrAcctMYIDs) {
Add-ADGroupMember $AD_Centrify_Group -Members $objAcctMYIDs
}
#
ERROR MESSAGE
Get-ADUser : Unable to contact the server. This may be because this server does not exist, it is currently down, or it does not have the Active Directory
Web Services running.
At line:1 char:15
+ $arrAcctOUs = Get-ADUser -Filter { (enabled -eq $true) } -Server $DCName_FRANKLI ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ResourceUnavailable: (:) [Get-ADUser], ADServerDownException
+ FullyQualifiedErrorId : ActiveDirectoryServer:0,Microsoft.ActiveDirectory.Management.Commands.GetADUser