- Powershell
- Windows Server 2008
- Active Directory
- domain controller
Issues with a powershell command get-aduser
We're experiencing an issue with a powershell command. We would like to run this command to simply retrieve the information on several objects. Unfortunately, we've been experiencing issues running the command against most (if not all) of our DCs. This is an issues that is going on intermitently, sometimes it happens sometimes it doesnt. Besides this error, I havent noticed any issues with our DCs. Does any one have any idea what this could mean?
Command:
get-aduser lesquivel -server celldepotdc2
Error:
get-aduser : A local error has occurred
At line:1 char:1
+ get-aduser lesquivel -server celldepotdc2
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (lesquivel:ADUser) [Get-ADUser], ADException
+ FullyQualifiedErrorId : ActiveDirectoryServer:8251
Further details:
- We have over 30 DCs in the domain which are 2008R2
- All admins in the team are experiencing this same error
Any insights on this would be much appreciated.
Command:
get-aduser lesquivel -server celldepotdc2
Error:
get-aduser : A local error has occurred
At line:1 char:1
+ get-aduser lesquivel -server celldepotdc2
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (lesquivel:ADUser) [Get-ADUser], ADException
+ FullyQualifiedErrorId : ActiveDirectoryServer:8251
Further details:
- We have over 30 DCs in the domain which are 2008R2
- All admins in the team are experiencing this same error
Any insights on this would be much appreciated.
I assume you
1. launched powershell as an administrator
2. Ran Import-Module ActiveDirectory (if it didn't load automatically)
3. Please list the fdqn of the domain after -server not just celldepotdc2
1. launched powershell as an administrator
2. Ran Import-Module ActiveDirectory (if it didn't load automatically)
3. Please list the fdqn of the domain after -server not just celldepotdc2
Check events on both the client and the DC you specify with the -server parameter to see if there's anything around the same time as the command was run.
Thank you all for your responses. Let me answer them:
@FOX
1. Yes, the command is being ran as an administrator.
2. The import was done automatically. We still ran the import-Module ActiveDirectory and the error occured again.
3. The FQDN is celldepot.local
@Qlemo
4. This is going on on most DCs (intermittent) but there are a few of them is happening all the time.
@footech
5. I will check the events on event viewer on both client and server and see whats up. I will come back with your answers.
@FOX
1. Yes, the command is being ran as an administrator.
2. The import was done automatically. We still ran the import-Module ActiveDirectory and the error occured again.
3. The FQDN is celldepot.local
@Qlemo
4. This is going on on most DCs (intermittent) but there are a few of them is happening all the time.
@footech
5. I will check the events on event viewer on both client and server and see whats up. I will come back with your answers.
Leo on one of your domain controllers run the command
repadmin /showrepl
YOu need to verify if your DCs are replicating successfully
repadmin /showrepl
YOu need to verify if your DCs are replicating successfully
Hello all, sorry for my delayed response.
I'm not seeing any events that might indicate an issue related to this command. THe DCs are replicated succesfully as per repadmin /showrepl. No issues there.
Any other ideas?
I will keep looking for events to see if I can catch something that might indicate an issue but so far, I dont see any,
I'm not seeing any events that might indicate an issue related to this command. THe DCs are replicated succesfully as per repadmin /showrepl. No issues there.
Any other ideas?
I will keep looking for events to see if I can catch something that might indicate an issue but so far, I dont see any,
This issue has been finally resolved. Investigating through logs we couldn't find any communication issues between the local computer and the DCs being targeted. We went back to basics and figured we should check the builtin users group in Active Directory Users and computers.
When checking this, we noticed that the group "Authenticated Users" was missing from a child domain. We added the group back in the Builtin / Users and this has fixed the issue.
Resolution for future cases:
- On all domains (child and parent domains) you have in your environment, check the Builtin container.
- Go to the Users group membership
- Check and make sure that the group "authenticated users" is present on all domains
- If there is a domain missing this group, request the AD team to added back again.
At least for us, this has resolved the issue. Thank you all for your replies.
When checking this, we noticed that the group "Authenticated Users" was missing from a child domain. We added the group back in the Builtin / Users and this has fixed the issue.
Resolution for future cases:
- On all domains (child and parent domains) you have in your environment, check the Builtin container.
- Go to the Users group membership
- Check and make sure that the group "authenticated users" is present on all domains
- If there is a domain missing this group, request the AD team to added back again.
At least for us, this has resolved the issue. Thank you all for your replies.
-
![]()
received a Solution
Need a Powershell script that will automatically trigger data collector set on the DC once a threshold limit is reached for CPU or memory -
![]()
wrote an Article
![]()
Sending styled HTML email from Powershell (Using a .NET DLL in Powershell)
-
![]()
created a Video
![]()
Exchange all versions - Check when a user mailbox was created
-
Explore Cloud Class® ![]()
Certification: CFR CyberSec First Responder - Threat Detection and Response
Premium Content
You need an Expert Office subscription to comment.Start Free Trial