I needed to work with data from a child domain in our test environment so I tried to access the child domain using the Get-ADDomain cmdlet from the Active Directory module for PowerShell. When that operation failed, I attempted to map a PS drive to the child domain instead, but this operation failed as well. However, both the Get-ADDomain and New-PSDrive cmdlets work fine in the root domain of the forest.

I noted the following errors messages with each cmdlet and the New-PSDrive error message holds the key to solving the problem.

Get-ADDomain : Cannot find an object with identity: ‘child.root.local’ under: ‘DC=root,DC=local’.

New-PSDrive : Unable to contact the server. This may be because this server does not exist, it is currently down, or it does not have the Active Directory Web Services running.

Resolution

The New-PSDrive error message best exposes the source of the problem. I know the server and domain exist so that’s not the problem. Instead, the Active Directory module cmdlets cannot contact the domain because it does not have at least one Windows Server 2008 R2 domain controller in the domain or at least one instance in an AD LDS configuration set that is running on a Windows Server 2008 R2 server.

Aha! My child domain does not have any Server 2008 R2 DCs or LDS instances. So how can I address this? There are a few options.

1. Install the Active Directory Management Gateway Service on at least one non-2008 R2 domain controller, including Server 2003 and 2008. This provides a Web service interface to Active Directory domains and instances of Active Directory Lightweight Directory Services (AD LDS) or Active Directory Application Mode (ADAM) that are running on the same server as the Active Directory Management Gateway Service.
2. Promote an existing Server 2008 R2 member server in the domain to a domain controller.
3. Upgrade at least one DC in the domain to Server 2008 R2.