Maybe someone who has more experience with Active Directory can help me. I need to get info such as OS, name, FQDN from a computer in a different domain. I will explain what I mean. I have root domain: example.com, with 2 subdomains: xxx.example.com and yyy.xxx.example.com
Each domain contain 1 computer. Both of them in one group, for example groupfoo, they also in different OU
I can get info about members in group, I try PowerShell and dsquery. Both of them return right list of computers in group. But I can get info only from computer in the same domain where I run PowerShell script and dsquery.
to be clear I have one more computer not in groupfoo, and this computer used for administrating Active Directory.
As I understand in Active Directory we have thing such as "referral chasing". I read a lot and as I know Power Shell don't have an options such as "enable referral chasing". For dsquery I found option -r for recursive request.
What I have already tried:
PS> dsquery group -name goupfoo | dsget group -members
"CN=member01,OU=Domain Controllers,DC=xxx,DC=example,DC=com"
"CN=member02,OU=XXX,OU=Domain Controllers,DC=yyy,DC=xxx,DC=example,DC=com"
My computer in DC=yyy,DC=xxx,DC=example,DC=com I can get info from CN=member02,OU=XXX,OU=Domain Controllers,DC=yyy,DC=xxx,DC=example,DC=com
PS > dsquery * -filter "(&(objectClass=Computer)(objectCategory=Computer)(sAMAccountName=member02$))" -attr sAMAccountName operatingSystem
sAMAccountName operatingSystem
member02$ Windows Server 2008 R2 Standard
running the same command for member01 yielded no results :
PS > dsquery * -filter "(&(objectClass=Computer)(objectCategory=Computer)(sAMAccountName=member01$))" -attr sAMAccountName operatingSystem
PS >
I tried different variation of dsquery, I try -r key for recursive, but it's dosen't work.
Maybe important thing, in the settings of "DC=yyy,DC=xxx,DC=example,DC=com" I saw what "DC=xxx,DC=example,DC=com" it's a trusted parent for "DC=yyy,DC=xxx,DC=example,DC=com" maybe I can get info doing the same from parent domain?
The same I can get with Power Shell Get-ADGroup, Get-ADMember etc, I tried use all options, credentials, server etc. it's always return info only from one computer in the same domain as I am.