Get-ADUser issue fixed

I reported in this post https://richardspowershellblog.wordpress.com/2013/11/06/get-aduser-issue/ an issue with Get-ADUser under PowerShell 4.0 on Windows 8.1/2012 R2 where using –Properties * caused a failure.

I had a comment that this is schema related and a schema upgrade fixes the problem.

My starting point is a Windows 20012 domain

£> Get-ADDomain | ft DomainMode -a

DomainMode
———-
Windows2012Domain

And I have schema version 56

On a Windows 2012 R2 member server I try get-aduser

£> Get-ADUser -Identity richard -Properties *
Get-ADUser : One or more properties are invalid.
Parameter name: msDS-AssignedAuthNPolicy
At line:1 char:1
+ Get-ADUser -Identity richard -Properties *
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo          : InvalidArgument: (richard:ADUser) [Get-ADUser], ArgumentException
+ FullyQualifiedErrorId : ActiveDirectoryCmdlet:System.ArgumentException,Microsoft.ActiveDirectory.Management.Comm
ands.GetADUser

Now lets try the schema upgrade – looks like it goes to  version 69 – that’s quite a big upgrade. Once the upgrade has been performed – let the schema replication occur & reboot the Windows 2012 R2 member server just to make sure nothing is cached that could affect the result.

Now to re-try Get-AdUser

Get-ADUser -Identity richard -Properties *
Get-ADUser -Identity richard -Property *

Both work – we have a winner.  If you are seeing this problem the answer is to upgrade your schema.  You don’t need to upgrade the Domain Controllers just the schema.

Its a bit naught that this happens – I don’t remember similar problems putting a Windows 8/2012 machine with PowerShell 3.0 into a Windows 2008 r2 domain