cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

ActiveDirectory module against on-prem ad when connected to azure ad

MarcoDS395
Brass Contributor

‎Feb 09 2022 02:39 AM - edited ‎Feb 09 2022 02:44 AM

‎Feb 09 2022 02:39 AM - edited ‎Feb 09 2022 02:44 AM

ActiveDirectory module against on-prem ad when connected to azure ad

Good day to all. 

Would it be possible to request assistance please. 

We are in the process of testing Intune autopilot enrolled devices. Migrating devices from current on prem domain to Azure. Currently as this is still in test faze i'm currently exporting the hardware hash and then manually importing the device into Intune. All works ok. 

The build process all completes ok. 

As this is still in testing faze i still need to run a few powershell commands against the On prem AD. 

I've imported the AD module but when i run the (Example get-adprincipalgroupmembership ) 

I'm unable to reach the domain. 

I know that there is a post here similiar to this request but this is dated 2017. 

If i run \\servername\networkshare i can reach the shared folder successfully. but from powershell i cannot reach the ad server. This is the same when trying to run an powershell command against exchange. The current setup is a hybrid setup

 is the one error Unable to find a default server with Active Directory Web Services running.

I'm also pretty new at Intune configs. 

 

Would it be possible if someone could assist me in how to guide on how to access a on prem domain from a azure ad connected device. 

 

 

1,652 Views
0 Likes
2 Replies
Reply
2 Replies
BilalelHadd

‎Feb 10 2022 05:41 AM

‎Feb 10 2022 05:41 AM

Re: ActiveDirectory module against on-prem ad when connected to azure ad

Hi @MarcoDS395,

What are you trying to achieve? If you describe what you want, we might provide you with a different solution. Don't forget that moving from an on-premise way of working to Azure AD moves you to work in a modern way. This also means accessing on-premises resources is traditional and requires an (Always-on) VPN.
0 Likes
Reply
best response confirmed by MarcoDS395 (Brass Contributor)
MarcoDS395

‎Feb 11 2022 01:58 AM

‎Feb 11 2022 01:58 AM

Solution

Re: ActiveDirectory module against on-prem ad when connected to azure ad

Hi @BilalelHadd and to all that have been viewing this post 

I would like to apologize in the lake of information to this post as well. 

 

Thank you for the response as well. 

So here is one of the scripts that i was working with 

 

=============================================================

#AD Get Groups Script v.02

#Flow of use:

#User inputs the username required as variable $user#Request User input (Username)
#Script verifies with user if name is correct, if anything other then Y is selected the script will restart
#If verification is complete the script will grab all groups as a variable $groups
#The script will then take this variableand edit to have ; at the end of each line (so this is usable within AD groups) - outputting a CSV and TXT with this complete data
#end of script

#This sets where the report will be placed, this will be called on later (and defaults to the output folder in the service desk toolbox folder)
$filepath = Split-Path -Path $PsScriptRoot
$filepath = $filepath + "\OutputFiles\AD Groups"


#Title
Write-Host 'Get User AD Groups Script' -ForegroundColor Green

#Set up variable
$loop = 'loop'

while ($loop -eq 'loop') {

$user = Read-Host -Prompt 'Please input users username (first.lastname)'

#Rquest User Verification

$confirmation = Read-Host 'Please verify you require the AD groups extracted for' $user '(Y/N)'

#If not verified ask for $user input again - restart script

if ($confirmation -eq 'y') {

#If user has verified Y - continue script

#Search for groups and assign list of groups to variable $groups

$groups = get-adprincipalgroupmembership -ResourceContextServer <FQDN name> -Identity $user | Select-Object -expand name

#Add ; to the end of each group line

$groups = $groups | ForEach-Object { $_ + ";" }

 

#Ouput .txt and .csv file

$groups | Out-File -FilePath $filepath\$user-Groups.txt
$groups | Out-File -FilePath $filepath\$user-Groups.csv

#Text confirming completion

$confirmation = Read-Host $user 'files have been output to the Service Desk Toolbox folder under Output Files and then AD Groups - do you require any additional users groups? (Y/N)'

if ($confirmation -ne 'y') {
$loop = 'broken'
}


}
}

 

========================================================

 

The end goal was to try and run a few other AD on prem queries either when in the office or remote ( von connection ) the vpn would be signed in and active. 

In the end i managed to locate another script after hours of searching 

 

=========================================================

Import-Module ActiveDirectory

New-PSDrive -Name AD -PSProvider ActiveDirectory -Server <FQDN name> -Scope Global -root "//RootDSE/"

Set-Location AD:

DIR

=========================================================

I applied the above line to the top of the script and then ran the command and happily can say the connection was successful and carried out required tasks against AD. 

 

I would like to thank you all for your input with this. 

 

I had to take these steps due to the current setup that we have i'm sure things will change once the setup changes. 

 

Thank you again. 

 

 

1 Like
Reply
1 best response

Accepted Solutions
best response confirmed by MarcoDS395 (Brass Contributor)
MarcoDS395

‎Feb 11 2022 01:58 AM

‎Feb 11 2022 01:58 AM

Solution

Re: ActiveDirectory module against on-prem ad when connected to azure ad

Hi @BilalelHadd and to all that have been viewing this post 

I would like to apologize in the lake of information to this post as well. 

 

Thank you for the response as well. 

So here is one of the scripts that i was working with 

 

=============================================================

#AD Get Groups Script v.02

#Flow of use:

#User inputs the username required as variable $user#Request User input (Username)
#Script verifies with user if name is correct, if anything other then Y is selected the script will restart
#If verification is complete the script will grab all groups as a variable $groups
#The script will then take this variableand edit to have ; at the end of each line (so this is usable within AD groups) - outputting a CSV and TXT with this complete data
#end of script

#This sets where the report will be placed, this will be called on later (and defaults to the output folder in the service desk toolbox folder)
$filepath = Split-Path -Path $PsScriptRoot
$filepath = $filepath + "\OutputFiles\AD Groups"


#Title
Write-Host 'Get User AD Groups Script' -ForegroundColor Green

#Set up variable
$loop = 'loop'

while ($loop -eq 'loop') {

$user = Read-Host -Prompt 'Please input users username (first.lastname)'

#Rquest User Verification

$confirmation = Read-Host 'Please verify you require the AD groups extracted for' $user '(Y/N)'

#If not verified ask for $user input again - restart script

if ($confirmation -eq 'y') {

#If user has verified Y - continue script

#Search for groups and assign list of groups to variable $groups

$groups = get-adprincipalgroupmembership -ResourceContextServer <FQDN name> -Identity $user | Select-Object -expand name

#Add ; to the end of each group line

$groups = $groups | ForEach-Object { $_ + ";" }

 

#Ouput .txt and .csv file

$groups | Out-File -FilePath $filepath\$user-Groups.txt
$groups | Out-File -FilePath $filepath\$user-Groups.csv

#Text confirming completion

$confirmation = Read-Host $user 'files have been output to the Service Desk Toolbox folder under Output Files and then AD Groups - do you require any additional users groups? (Y/N)'

if ($confirmation -ne 'y') {
$loop = 'broken'
}


}
}

 

========================================================

 

The end goal was to try and run a few other AD on prem queries either when in the office or remote ( von connection ) the vpn would be signed in and active. 

In the end i managed to locate another script after hours of searching 

 

=========================================================

Import-Module ActiveDirectory

New-PSDrive -Name AD -PSProvider ActiveDirectory -Server <FQDN name> -Scope Global -root "//RootDSE/"

Set-Location AD:

DIR

=========================================================

I applied the above line to the top of the script and then ran the command and happily can say the connection was successful and carried out required tasks against AD. 

 

I would like to thank you all for your input with this. 

 

I had to take these steps due to the current setup that we have i'm sure things will change once the setup changes. 

 

Thank you again. 

 

 

View solution in original post

1 Like
Reply