AD domain controller user replication with group membership

Trying to figure out why a PowerShell domain controller replication job for a user object does not sync groupmemberships (memberOf).

$users = 'wtst, tst'
$usersArray = $users.Split(',')
Invoke-Command -ScriptBlock {`
 $using:usersArray | ForEach-Object {`
 (Write-Output "Processing user $($_)..."), `
 ((Sync-ADObject -Object "CN=$_,OU=XXXX,DC=XXXX,DC=XXXX" -Source 'XXXX' -Destination 'XXXX'))
 }
} -ComputerName 'XXXX' -Credential $(Get-Credential)

Other profile properties sync just fine. What am I doing wrong?

• What status code is being returned? 200 OK or a 400/500 error?

  jdweng

  – jdweng

  2023年09月11日 08:50:32 +00:00

  Commented Sep 11, 2023 at 8:50
• PowerShell terminal does not return codes as far as I know.

  colonel_claypoo

  – colonel_claypoo

  2023年09月11日 09:02:17 +00:00

  Commented Sep 11, 2023 at 9:02
• Check Event Viewer on local and remote machines and see if there is an error.

  jdweng

  – jdweng

  2023年09月11日 12:28:15 +00:00

  Commented Sep 11, 2023 at 12:28
• 2
  You could try with repadmin /syncall tho hopefully this is a test domain. Replication is not something you should be forcing in a production environment. I'm not certain that Sync-ADObject forces replication of the object's attributes, only forces the replication of the object itself. In any case, ignore the comments from the above user, they're either trolling or have no idea what they talk about or both.

  Santiago Squarzon

  – Santiago Squarzon

  2023年09月11日 13:12:17 +00:00

  Commented Sep 11, 2023 at 13:12
• 1
  Your infrastructure would have to be really bad if it could not handle a manual sync of AD lol. There is no harm to repadmin /syncall

  David Trevor

  – David Trevor

  2023年09月12日 05:44:11 +00:00

  Commented Sep 12, 2023 at 5:44

0

Start asking to get answers

Find the answer to your question by asking.

Explore related questions

See similar questions with these tags.