but the group resides in another domain. Below powershell command was resulting in error as by default AD module searches on the domain from which it is running.
Add-ADGroupMember -identity "groupName" -members "userid"
Even if you are using Distinguished Name than also same error is encountered.
Here is the TIP that you can use to avoid this error. This is 3 step process than you need to implant in your script to get it rolling.
- First step is to get the user object using AD module get-aduser command and direct it to the domain where the it exists.
$getmemberobject = get-aduser -Filter "UserPrincipalName -eq '$upn'" -server $domainwhereexists
- Second step is to get the group object in the same way using get-adgroup direct it to the domain using the server parameter.
$getgroupobject =get-adgroup -identity $groupinparticulardoamin -server $domainwhereexists
- Ones above two steps are done, you can use your ADD-ADGroupmember cmdlet like below with distinguished name properties and directing it to the domain where this operation should happen.
Add-ADGroupMember -identity $getgroupobject.DistinguishedName -members $getmemberobject.DistinguishedName -server$domainwhereexists
By following above you can work in multi domain environment using the native Active Directory powerShell module.
I hope this TIP will resolve the issue, if you are developing a solution and are in similar situation.
I have tested the approach in parent child domain but I am sure this will work in other Active directory forest Scenarios.
Thanks for reading