When you try to get all properties of an ActiveDirectory Object using PowerShell you get an error.
You would typically run some command like:
Get-ADUser -Identity someone -Properties * . This will return an unexpected error.
Get-ADUser : One or more properties are invalid.
Parameter name: msDS-AssignedAuthNPolicy
At line:1 char:1
+ Get-ADUser pilot1 -Properties *
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidArgument: (pilot1:ADUser) [Get-ADUser], ArgumentException
+ FullyQualifiedErrorId : ActiveDirectoryCmdlet:System.ArgumentException,Microsoft.ActiveDirectory.Management.Commands.GetADUser
The workaround is to pipe AD Object to GET- ADObject like this:
Get-ADUser – identity someone | Get-ADObject -Properties *
This is probably a bug in Windows 2012R2 and Windows 8.1