PowerShell – Error when you query Active Directory for the OperatingSystem attribute

Last week I posted a PowerShell function to get time server NTP settings from clients.

Depending on how you use the script, you may encounter an issue which is not the cause of the script but nevertheless very annoying…
Let’s say that you want to query your AD and only get computers with ‘server’ in the name of the operating system.
You’ll do something like:

Now here’s the annoyance. If you have a rather large AD with many computer objects, you’ll encounter an error:

As it turns out, the ‘operatingsystem’ attribute in Active Directory is not indexed. When you query lots of objects on this, you’ll get hit with such an error.

If you have a large number of computer objects in your domain, and you frequently query based on OS, it could makes sense to make operatingSystem indexed.
This is controlled by the searchFlags attribute of the attribute (of the attribute object in the cn=Schema container). The bit mask for IS_INDEXED is 1.

In ADSI Edit,
navigate to ‘cn=Schema,cn=Configuration,dc=MyDomain,dc=com’,
find the attribute with Common Name “Operating-System”,
right click and select “Properties”,
find the searchFlags attribute,
click “Edit” and enter the value 1.

Then save it and wait for the attribute to be indexed 🙂

One comment

  1. Mac says:

    I was getting this trying to return OS, SP and Version for a large set of OUs. When I included “-Property OperatingSystem,OperatingSystemServicePack,OperatingSystemVersion” it worked fine.

Leave a Reply

Your email address will not be published. Required fields are marked *