Active Directory Schema Details for a Trusted Forest

I am trying to export AD schema details for a trusted forest. I don't have access to a domain computer of the trusted forest. I don't have an account of a trusted forest.

I use the following command to extract attributes of my own forest.

$schema = Get-ADObject -SearchBase ((Get-ADRootDSE).schemaNamingContext) `
-SearchScope OneLevel -Filter * -Property objectClass, name, whenChanged,`
whenCreated,description,attributeID, isDefunct | Select-Object objectClass, name, whenCreated, whenChanged, isDefunct, `
@{name="event";expression={($_.whenCreated).Date.ToShortDateString()}} | `
Sort-Object whenCreated

However Get-ADObject is not working when I provide the schema partition context of the trusted domain. it gives an error like this.

Get-ADObject : The supplied distinguishedName must belong to one of the following partition(s)... listing the schema, configuration , domain partitions of my current forest.

I tried to use the directory services methods. But this doesn't provide us details like whenmodified which is required for us to understand the timeline of schema changes in the directory. Any one can provide us with a comprehensive way to query schema of a trusted forest ??

$Forest = new-object System.DirectoryServices.ActiveDirectory.DirectoryContext("Forest", $ForestFQDN)
$Schema = [System.DirectoryServices.ActiveDirectory.ActiveDirectorySchema]::GetSchema($Forest
$AllProperties = $Schema.FindAllProperties()

Solution 1:

Info re the two-way trust would have been helpful, since a permissions issue is the first thing that comes to mind.

With your [System.DirectoryServices] query, you're listing the properties listed inside the Schema, not the Schema LDAP object properties. You've gone one level too far.

$Forest = new-object System.DirectoryServices.ActiveDirectory.DirectoryContext("Forest", "$forestFQDN") 
$Schema = [System.DirectoryServices.ActiveDirectory.ActiveDirectorySchema]::GetSchema($Forest)
$s = $Schema.GetDirectoryEntry()
$s | fl whencreated,whenchanged

whenCreated : {2002-02-06 11:40:41}
whenchanged : {2021-05-17 21:10:06}

If the $Schema.GetDirectoryEntry() method fails, it may still be a perms thing, of course. But if you can locate the object with GetSchema, that's encouraging.

Slightly tweaked version:

$Forest = new-object System.DirectoryServices.ActiveDirectory.DirectoryContext("Forest", "$forestFQDN")
$ForestObj = [System.DirectoryServices.ActiveDirectory.Forest]::GetForest()
$Schema = $ForestObj.Schema.GetDirectoryEntry()

Exposing simple pod using kubernetes ingress

Parallel MPI_File_open failed on NFSv4 but ran on NFSv3

How to handle failover for wordpress woocommerce store?

VPC setup for (micro) services - shared vs. peering vs. one project - best practice

Using Redis in an untrusted environment (multiple users)

Remote Desktop Connection: "This computer can't connect to the remote computer"

Restoring the partition table and a fsarchiver backup from a dead disk to a new one

Is it possible to close the gui of a virtualbox vm and return it to headlessly running without rebooting it with opensuse as host system

sudo prompts for password even though suders entry specifies NOPASSWD

LaTeX Equations in MS Word/OpenOffice?

Synergy Not Switching monitors correctly using dual monitors on host and client

Powershell - how to add number of files along size of the folder that contains the files, recursively