header image

Get-ADUser issue

Posted by: | November 6, 2013 | 2 Comments |

By default Get-ADUser returns a limited number of properties.  If you wanted to see all properties on a user account you would do this

Get-Aduser –Identity richard –Properties *

This option appears to be broken in Windows 2012 R2 / PowerShell 4

PS C:\Windows\system32> Get-ADUser -Identity richard -Properties *

Get-ADUser : One or more properties are invalid.
Parameter name: msDS-AssignedAuthNPolicy
At line:1 char:1
+ Get-ADUser -Identity richard -Properties *
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidArgument: (richard:ADUser) [Get-ADUser], ArgumentException
    + FullyQualifiedErrorId : ActiveDirectoryCmdlet:System.ArgumentException,Microsoft.ActiveDirectory.Management.Commands.GetADUser

You can work round the problem like this:

Get-ADUser -Identity richard| Get-ADObject -Properties *

under: PowerShell and Active Directory, PowerShell v4, Windows 2012 R2


  1. By: Olli Janatuinen on November 6, 2013 at 3:43 pm      

    This is not “broken”. Problem is that PowerShell 4 include more properties than AD schema.

    It works after you extending AD schema to 2012 R2 level 🙂 ( support\adprep\adprep.exe /forestprep from 2012 R2 DVD)

    Look: http://support.microsoft.com/kb/556086
    objectVersion on 2012 R2 is 69

  2. By: RichardSiddaway on November 9, 2013 at 8:01 am      

    You are correct – performing a schema upgrade did correct the problem as I report here http://msmvps.com/blogs/richardsiddaway/archive/2013/11/08/get-aduser-issue-fixed.aspx

    Thank you for the information