Posted by: Richard Siddaway
Active Directory, PowerShell v4, Windows 8.1, Windows Server 2012 R2
I reported in this post http://richardspowershellblog.wordpress.com/2013/11/06/get-aduser-issue/ an issue with Get-ADUser under PowerShell 4.0 on Windows 8.1/2012 R2 where using –Properties * caused a failure.
I had a comment that this is schema related and a schema upgrade fixes the problem.
My starting point is a Windows 20012 domain
£> Get-ADDomain | ft DomainMode -a
And I have schema version 56
On a Windows 2012 R2 member server I try get-aduser
£> Get-ADUser -Identity richard -Properties *
Get-ADUser : One or more properties are invalid.
Parameter name: msDS-AssignedAuthNPolicy
At line:1 char:1
+ Get-ADUser -Identity richard -Properties *
+ CategoryInfo : InvalidArgument: (richard:ADUser) [Get-ADUser], ArgumentException
+ FullyQualifiedErrorId : ActiveDirectoryCmdlet:System.ArgumentException,Microsoft.ActiveDirectory.Management.Comm
Now lets try the schema upgrade – looks like it goes to version 69 – that’s quite a big upgrade. Once the upgrade has been performed – let the schema replication occur & reboot the Windows 2012 R2 member server just to make sure nothing is cached that could affect the result.
Now to re-try Get-AdUser
Get-ADUser -Identity richard -Properties *
Get-ADUser -Identity richard -Property *
Both work – we have a winner. If you are seeing this problem the answer is to upgrade your schema. You don’t need to upgrade the Domain Controllers just the schema.
Its a bit naught that this happens – I don’t remember similar problems putting a Windows 8/2012 machine with PowerShell 3.0 into a Windows 2008 r2 domain