请参见

See the answers in this question. Answers there indicate you can retrieve the referral location in the exception and retry the Get-ADUser against the other server.

您可能会重新考虑如何搜索所有这些组和用户.在整个林中复制用户.全球和通用团体也是如此.因此，您可以搜索全局目录，而不是遍历每个域中的一个DC. 获取-DomainController -GlobalCatalog 并针对该服务器的全局目录端口(即 Get-ADUser -server $ GCServerName:3268

You might reconsider how you search for all these groups and users. Users are replicated throughout the forest. Global and Universal groups are too. So you could search the Global Catalog instead of iterating through one DC in every domain. Get-DomainController -GlobalCatalog and run your Get-AD* commands against that server's global catalog port, i.e. Get-ADUser -server $GCServerName:3268

但是，请记住，GC不包含完整的用户和组属性，并且 返回的属性会受到复制延迟的影响.

However, bear in mind that the GC doesn't contain complete user and group properties, and the properties it does return are subject to replication delays.

这是否有用取决于您的域体系结构.在我自己的工作场所中，查询远程域控制器非常昂贵.不过，我们的站点域控制器是一个全局目录，因此在其中搜索林信息非常快.

Whether this is helpful depends on your domain architecture. In my own workplace, querying remote domain controllers is very expensive. Our site domain controller is a global catalog, though, so searching it for forest information is very fast.