Get-ADUser returns an error on windows 2012 R2 when you want all properties.

When you try to get all properties of an ActiveDirectory Object using PowerShell you get an error.

You would typically run some command like:

Get-ADUser -Identity someone -Properties *   . This will return an unexpected error.

Get-ADUser : One or more properties are invalid.
Parameter name: msDS-AssignedAuthNPolicy
At line:1 char:1
+ Get-ADUser pilot1 -Properties *
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo          : InvalidArgument: (pilot1:ADUser) [Get-ADUser], ArgumentException
+ FullyQualifiedErrorId : ActiveDirectoryCmdlet:System.ArgumentException,Microsoft.ActiveDirectory.Management.Commands.GetADUser 

The workaround is to pipe AD Object to GET- ADObject like this:

Get-ADUser – identity someone | Get-ADObject -Properties *

This is probably a  bug in Windows 2012R2 and Windows 8.1


Leave a Reply