Quick question for the gurus around here....
We are using a script that is querying the Local Administrators group on a Server. It will pull the Users as well as the Groups that are a member of the Local Admins group on a server/system and using the recursive parameter with Get-ADGroupMembers, it will also list the members of any groups. However, we seem to hit a snag when a Group is a member of another domain or even if the group is a member of the parent domain/forest.
For example...One of the Members of the Local Admin group on a server is the "Enterprise Admins". This group lives in "Corp.Fabrikam.com" yet the server is one level deeper in "ChildDomain.Corp.Fabrikam.com". So of course, when looking in the Child Domain there is no Enterprise Admins group for it to find and it gives us an error that it can not be found. Samething for Groups that live in other child domains of the forest (ChildDomain2.corp.Fabrikam.com)
I am trying to figure out how to get the command to distinguish between these differences of the Group accounts and return the results from the domain those accounts live in. Any ideas if this is normal behavior or if there is a work around?
Thanks!