By default Get-ADUser returns a limited number of properties. If you wanted to see all properties on a user account you would do this
Get-Aduser –Identity richard –Properties *
This option appears to be broken in Windows 2012 R2 / PowerShell 4
PS C:\Windows\system32> Get-ADUser -Identity richard -Properties *
Get-ADUser : One or more properties are invalid.
Parameter name: msDS-AssignedAuthNPolicy
At line:1 char:1
+ Get-ADUser -Identity richard -Properties *
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidArgument: (richard:ADUser) [Get-ADUser], ArgumentException
+ FullyQualifiedErrorId : ActiveDirectoryCmdlet:System.ArgumentException,Microsoft.ActiveDirectory.Management.Commands.GetADUser
You can work round the problem like this:
Get-ADUser -Identity richard| Get-ADObject -Properties *
By: Olli Janatuinen on November 6, 2013 at 3:43 pm
This is not “broken”. Problem is that PowerShell 4 include more properties than AD schema.
It works after you extending AD schema to 2012 R2 level 🙂 ( support\adprep\adprep.exe /forestprep from 2012 R2 DVD)
Look: http://support.microsoft.com/kb/556086
9
objectVersion on 2012 R2 is 69
By: RichardSiddaway on November 9, 2013 at 8:01 am
You are correct – performing a schema upgrade did correct the problem as I report here http://msmvps.com/blogs/richardsiddaway/archive/2013/11/08/get-aduser-issue-fixed.aspx
Thank you for the information