I am trying to export AD schema details for a trusted forest. I don't have access to a domain computer of the trusted forest. I don't have an account of a trusted forest.
I use the following command to extract attributes of my own forest.
$schema = Get-ADObject -SearchBase ((Get-ADRootDSE).schemaNamingContext) `
-SearchScope OneLevel -Filter * -Property objectClass, name, whenChanged,`
whenCreated,description,attributeID, isDefunct | Select-Object objectClass, name, whenCreated, whenChanged, isDefunct, `
@{name="event";expression={($_.whenCreated).Date.ToShortDateString()}} | `
Sort-Object whenCreated
However Get-ADObject is not working when I provide the schema partition context of the trusted domain. it gives an error like this.
Get-ADObject : The supplied distinguishedName must belong to one of the following partition(s)... listing the schema, configuration , domain partitions of my current forest.
I tried to use the directory services methods. But this doesn't provide us details like whenmodified which is required for us to understand the timeline of schema changes in the directory. Any one can provide us with a comprehensive way to query schema of a trusted forest ??
$Forest = new-object System.DirectoryServices.ActiveDirectory.DirectoryContext("Forest", $ForestFQDN)
$Schema = [System.DirectoryServices.ActiveDirectory.ActiveDirectorySchema]::GetSchema($Forest
$AllProperties = $Schema.FindAllProperties()