Issues with a powershell command get-aduser

We're experiencing an issue with a powershell command. We would like to run this command to simply retrieve the information on several objects. Unfortunately, we've been experiencing issues running the command against most (if not all) of our DCs. This is an issues that is going on intermitently, sometimes it happens sometimes it doesnt. Besides this error, I havent noticed any issues with our DCs. Does any one have any idea what this could mean?

Command:
get-aduser lesquivel -server celldepotdc2

Error:
get-aduser : A local error has occurred
At line:1 char:1
+ get-aduser lesquivel -server celldepotdc2
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (lesquivel:ADUser) [Get-ADUser], ADException
    + FullyQualifiedErrorId : ActiveDirectoryServer:8251,Microsoft.ActiveDirectory.Management.Commands.GetADUser


Further details:
- We have over 30 DCs in the domain which are 2008R2
- All admins in the team are experiencing this same error

Any insights on this would be much appreciated.
PiedraSupport EngineerAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

FOXActive Directory/Exchange EngineerCommented:
I assume you
1. launched powershell as an administrator
2. Ran  Import-Module ActiveDirectory (if it didn't load automatically)
3. Please list the fdqn of the domain after -server   not just  celldepotdc2
0
QlemoBatchelor, Developer and EE Topic AdvisorCommented:
Does it work if name a different DC, or none at all at that time?
0
footechCommented:
Check events on both the client and the DC you specify with the -server parameter to see if there's anything around the same time as the command was run.
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

PiedraSupport EngineerAuthor Commented:
Thank you all for your responses. Let me answer them:

@FOX
1. Yes, the command is being ran as an administrator.
2. The import was done automatically. We still ran the import-Module ActiveDirectory and the error occured again.
3. The FQDN is celldepot.local

@Qlemo
4. This is going on on most DCs (intermittent) but there are a few of them is happening all the time.

@footech
5. I will check the events on event viewer on both client and server and see whats up. I will come back with your answers.
0
FOXActive Directory/Exchange EngineerCommented:
Leo on one  of your domain controllers run the command
repadmin /showrepl  


YOu need to verify if your DCs are replicating successfully
0
PiedraSupport EngineerAuthor Commented:
Hello all, sorry for my delayed response.

I'm not seeing any events that might indicate an issue related to this command. THe DCs are replicated succesfully as per repadmin /showrepl. No issues there.

Any other ideas?
I will keep looking for events to see if I can catch something that might indicate an issue but so far, I dont see any,
0
PiedraSupport EngineerAuthor Commented:
This issue has been finally resolved. Investigating through logs we couldn't find any communication issues between the local computer and the DCs being targeted. We went back to basics and figured we should check the builtin users group in Active Directory Users and computers.

When checking this, we noticed that the group "Authenticated Users" was missing from a child domain. We added the group back in the Builtin / Users and this has fixed the issue.

Resolution for future cases:
- On all domains (child and parent domains) you have in your environment, check the Builtin container.
- Go to the Users group membership
- Check and make sure that the group "authenticated users" is present on all domains
- If there is a domain missing this group, request the AD team to added back again.

At least for us, this has resolved the issue. Thank you all for your replies.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
PiedraSupport EngineerAuthor Commented:
Issue resolved.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Powershell

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.