I have a parent domain (sandbox.local) and a child domain (child.sandbox.local) and want the capability to add and remove sandbox\User to a (domain local) group in the child domain.
I can add the user to the group:
$GroupDN = (Get-ADGroup $groupsam -server "child.sandbox.local").DistinguishedName
$UserDN = (Get-ADUser $sam -server "sandbox.local").DistinguishedName
Add-ADGroupMember -Identity GroupDN -Members UserDN
Problem: when I use any of the commands listed below, I get an object not found or referral was returned from the server error.
Remove-ADGroupMember -Identity GroupDN -Members UserDN -server "sandbox.local"
Remove-ADGroupMember -Identity GroupDN -Members UserDN -server "child.sandbox.local"
Remove-ADPrincipalGroupMembership -Identity $UserDN -MemberOf $GroupDN -Server "sandbox.local"
Remove-ADPrincipalGroupMembership -Identity $UserDN -MemberOf $GroupDN -Server "child.sandbox.local"
Suggestions?
Paul
<Specific error codes.>
Remove-ADGroupMember -Identity $GroupDN -Members $UserDN -Confirm:$false -Server "sandbox.local"
Remove-ADGroupMember : A referral was returned from the server
At C:\Users\user\AppData\Local\Temp\4e5f275f-5786-4a0d-990e-50312cef9d70.ps1:10 char:21
+ Remove-ADGroupMember <<<< -Identity $GroupDN -Members $UserDN -Confirm:$false -Server "sandbox.local"
+ CategoryInfo : ResourceUnavailable: (CN=TestGroup,OU...,DC=local:ADGroup) [Remove-ADGroupMember], ADReferralException
+ FullyQualifiedErrorId : A referral was returned from the server,Microsoft.ActiveDirectory.Management.Commands.RemoveADGroupMember
Remove-ADGroupMember -Identity $GroupDN -Members $UserDN -Confirm:$false -Server "child.sandbox.local"
Remove-ADGroupMember : Cannot find an object with identity: 'CN=user,OU=pacific,OU=KrbUsers,DC=ad,DC=spawar,DC=local' under: 'DC=pac,DC=
ad,DC=spawar,DC=local'.
At C:\Users\user\AppData\Local\Temp\4e5f275f-5786-4a0d-990e-50312cef9d70.ps1:10 char:21
+ Remove-ADGroupMember <<<< -Identity $GroupDN -Members $UserDN -Confirm:$false -Server "child.sandbox.local"
+ CategoryInfo : ObjectNotFound: (CN=user,OU=...,DC=local:ADPrincipal) [Remove-ADGroupMember], ADIdentityNotFoundException
+ FullyQualifiedErrorId : SetADGroupMember.ValidateMembersParameter,Microsoft.ActiveDirectory.Management.Commands.RemoveADGroupMember
Remove-ADPrincipalGroupMembership -Identity $UserDN -MemberOf $GroupDN -Server "sandbox.local"
Remove-ADPrincipalGroupMembership : A referral was returned from the server
At C:\Users\user\AppData\Local\Temp\4e5f275f-5786-4a0d-990e-50312cef9d70.ps1:11 char:34
+ Remove-ADPrincipalGroupMembership <<<< -Identity $UserDN -MemberOf $GroupDN -Server "sandbox.local"
+ CategoryInfo : ResourceUnavailable: (CN=user,OU=...,DC=local:ADPrincipal) [Remove-ADPrincipalGroupMembership], ADReferra
lException
+ FullyQualifiedErrorId : A referral was returned from the server,Microsoft.ActiveDirectory.Management.Commands.RemoveADPrincipalGroupMembers
hip
Remove-ADPrincipalGroupMembership -Identity $UserDN -MemberOf $GroupDN -Server "child.sandbox.local"
Remove-ADPrincipalGroupMembership : Cannot find an object with identity: 'CN=user,OU=pacific,OU=KrbUsers,DC=ad,DC=spawar,DC=local' under
: 'DC=pac,DC=ad,DC=spawar,DC=local'.
At C:\Users\user\AppData\Local\Temp\4e5f275f-5786-4a0d-990e-50312cef9d70.ps1:11 char:34
+ Remove-ADPrincipalGroupMembership <<<< -Identity $UserDN -MemberOf $GroupDN -Server "child.sandbox.local"
+ CategoryInfo : ObjectNotFound: (CN=user,OU=...,DC=local:ADPrincipal) [Remove-ADPrincipalGroupMembership], ADIdentityNotF
oundException
+ FullyQualifiedErrorId : SetADPrincipalGroupMembership:ProcessRecordOverride,Microsoft.ActiveDirectory.Management.Commands.RemoveADPrincipal
GroupMembership