Today I’ve been working together with my colleague Irwin at a customer.
We needed to do a small inventory off the active directory, amongs that was a list of user properties.
When we used Get-ADUser, we got an error:
|
1 2 3 4 5 6 7 |
get-aduser : Year, Month, and Day parameters describe an un-representable DateTime. At line:1 char:1 + get-aduser -filter * -properties * -erroraction silentlycontinue + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidArgument: (:) [Get-ADUser], ArgumentOutOfRangeException + FullyQualifiedErrorId : ActiveDirectoryCmdlet:System.ArgumentOutOfRangeException,Microsoft.ActiveDirectory.Manag ement.Commands.GetADUser |
This was caused because the customer had custom attributes included in their AD schema that didn’t follow the datetime guidelines. Get-ADUser couldn’t handle this, since it converts a string value based on the format to a datetime object.
So, what to do… what to do?
When something like this happens, I generally just go to a higher level… in this case: The schema.
|
1 2 3 |
$schemaPath = (Get-ADRootDSE).schemaNamingContext $user = Get-ADObject -filter * -SearchBase $schemaPath -Properties * | where Name -like "user" $user['maycontain','systemmaycontain'] |
Done! A marvelous list appeared with all the properties that a user in this environment could have 🙂