You do not have to do anything to do that. If you group contains an account from a trusted domain, good old
Get-QADGroupMember MyGroup
will resolve foreign security principals and show them as regular users.
However, in some cases – for example for performance reasons – you might not want AD cmdlets to perform these look-ups in trusted domains. For that, you just need to use the KeepForeignSecurityPrincipals parameter that we added in AD cmdlets 1.4:
Get-QADGroupMember MyGroup -KeepForeignSecurityPrincipals
0 Responses to “Resolving external accounts in domain groups”