2017-08-07 Get-ADUser -Properties * ends with error

1 minute read

Get-ADUser -Filter * -Properties * breaks with an error

PS > Get-ADUser -Filter * -Properties *
Get-ADUser : Cannot find the requested object.

If we look into the last error CategoryInfo we will get more details.

PS > $Error[0].CategoryInfo
Category   : NotSpecified
Activity   : Get-ADUser
Reason     : CryptographicException
TargetName : User1
TargetType : ADUser

It’s an CryptographicException on AD user User1.

So let’s grab all properties from a user in AD where it works.

$user = Get-ADUser TestUser -Properties *
$props = $user.psobject.properties.name

Then we can test all AD user accounts or this particular one.

Then in a catch block test on that user each property, one by one, until we find the one that is corrupted.

$users = Get-ADUser User1
# or test all AD Users
# $users = Get-ADUser -Filter *
foreach ($user in $users){	
	try {
		$User | Get-ADUser -Properties * | Out-Null
	}
	catch{
		Write-Output $user.SamAccountName
		foreach ($prop in $props){			
			try {
				$user | Get-ADUser -Properties $prop | Out-Null
			}
			catch{
				Write-Output "    $prop"				
			}
		}
	}
}

OUTPUT:

User1
    Certificates

Now we know we have an issue with the property certificates that is mapped to the userCertificate attribute in AD.

Correct, delete or whatever you have to do with that corrupted certificate.

Source Code

Share on

Twitter Facebook Google+ LinkedIn

Adam Mnich

2017-08-07 Get-ADUser -Properties * ends with error

Share on

Leave a Comment

You May Also Enjoy

2019-11-21 Get company information using GUS BIR API

2018-03-08 Get-CpuUsage in total and per core

2018-03-03 Convert output from Dirquota quota list to a PS Object

2018-01-15 Enable the Disk Cleanup tool on Windows Server.