I am trying to do cross-domain searches for members of any given group.  From i can get any group in the local domain, but not from and vice versa.

using .\domSearch.ps1

This is rough code right now, but here it is:

$DomName = $args[0]
$SAMName = $args[1]

if ($DomName -eq "")
{
 $DomName = "DC=dom1,DC=domain,DC=com"
}
if ($DomName -eq "")
{
 $DomName = "DC=dom2,DC=domain,DC=com"
}

$searcher = new-object System.DirectoryServices.DirectorySearcher($DomName)
$searcher.filter = "(&(objectClass=group)(sAMAccountName=$SAMName))"
$user = $searcher.findall()
$tmpOutput = "userpath.tmp"
$delTmpOutput = Test-Path userpath.tmp

if ($delTmpOutput -eq $TRUE)
{
 ri $tmpOutput
}

write-output $user[0].path | Out-File $tmpOutput

$ldapList = gc $tmpOutput

foreach ($ldapGroup in $ldapList)
{
 $userGroup = [ADSI] $ldapGroup
 $userGroup.Name |out-file members.csv
 
 "Member,Location" |Out-file -encoding default export.csv
 
 foreach ($member in $userGroup.member)
 {
  $member |Out-file -encoding default export.csv -append
 }
 
 import-csv export.csv | Select Member | Out-File tmpMembers.csv
 
 $strReplace = @("Member","CN=","-"," {2,}")
 foreach ($replace in $strReplace)
 {
  $new = (gc tmpMembers.csv) -replace $replace, ""
  Set-Content tmpMembers.csv $new
 }
 gc tmpMembers.csv | where {$_ -ne ""} | out-file members.csv -append

ri export.csv
ri tmpMembers.csv
ri userpath.tmp

 $a = new-object -comobject wscript.shell
 $b = $a.popup("Members in all groups have been exported to members.csv",0,"AD Group Member Report",0 + 64)
}

Where am I messing up?

(p.s. using V2.0 CTP)

I'm having similar issues.  Did you find an answer to your problem?  You were using ps v2 CTP, have you upgraded to V2 RTM and did you try the activedirectory module?  I need to remove a user in DomA from a group in Domb.  I can get the group and I can get the user using the -server property on the Get-ADuser and Get-AdGroup cmdlets from the ActiveDirectory module in ps v2.  When I run the Remove-ADGroupMember cmdlet it can't find the user DN I supply even though I supply it by the group's member property.  My command looks like this:

$myAdminCreds is a hash table of PSCredentials

$group = get-adgroup -Properties * -Identity $user.memberof[1] -Credential $myAdminCreds.DomB -server DomB.example.com

$user = Get-ADUser myaccount -Properties memberof -Credential $myAdminCreds.DomA

I can successfully retrieve $group in DomB and I can successfully retrieve $user in DomA

However this command fails:

Remove-ADGroupMember -Identity $group.ObjectGUID -Members $user.distinguishedName -Credential $myAdminCreds.DomB -server DomB.example.com

It always fails on the -Members porperty.  I've tried SID, ObjectSid, and even converting to NTSecurity object.  I get the following error (I've taken the liberty of replacing real domain info with example info but the idea is the same):

Remove-ADGroupMember : Cannot find an object with identity: 'CN=Ove\, Cameron,OU=Users,OU=location,DC=DomA,DC=example,DC=com' under: 'DC=DomB,DC=example,DC=com'.
At line:1 char:21
+ Remove-ADGroupMember <<<<  -Identity $group.ObjectGUID -Members $group.member[12] -Credential $myAdminCreds.DomB -server DomB.example.com
    + CategoryInfo          : ObjectNotFound: (CN=Ove\, Camero...,DC=example,DC=com:ADPrincipal) [Remove-ADGroupMember], ADIdentityNotFoundException
    + FullyQualifiedErrorId : SetADGroupMember.ValidateMembersParameter,Microsoft.ActiveDirectory.Management.Commands.RemoveADGroupMember


Any help would very welcomed.  This is really halting my progress on a project I'm working on.

Thanks
Cameron Ove

Hopefully the forum moderators won't be angry but I'm going to also post my problem as a new issue as this thread is quite old.