By default Get-ADUser returns a limited number of properties. If you wanted to see all properties on a user account you would do this
Get-Aduser –Identity richard –Properties *
This option appears to be broken in Windows 2012 R2 / PowerShell 4
PS C:\Windows\system32> Get-ADUser -Identity richard -Properties *
Get-ADUser : One or more properties are invalid.
Parameter name: msDS-AssignedAuthNPolicy
At line:1 char:1
+ Get-ADUser -Identity richard -Properties *
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidArgument: (richard:ADUser) [Get-ADUser], ArgumentException
+ FullyQualifiedErrorId : ActiveDirectoryCmdlet:System.ArgumentException,Microsoft.ActiveDirectory.Management.Commands.GetADUser
You can work round the problem like this:
Get-ADUser -Identity richard| Get-ADObject -Properties *
Reblogged this on Soyka's Blog.
Pingback: Password Expiry Notification Script | Adam Fowler - I.T. From Australia
Pingback: Konstiga beteenden för Get-ADUser | JohanPersson.nu