We help IT Professionals succeed at work.

Issues with a powershell command get-aduser

We're experiencing an issue with a powershell command. We would like to run this command to simply retrieve the information on several objects. Unfortunately, we've been experiencing issues running the command against most (if not all) of our DCs. This is an issues that is going on intermitently, sometimes it happens sometimes it doesnt. Besides this error, I havent noticed any issues with our DCs. Does any one have any idea what this could mean?

get-aduser lesquivel -server celldepotdc2

get-aduser : A local error has occurred
At line:1 char:1
+ get-aduser lesquivel -server celldepotdc2
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (lesquivel:ADUser) [Get-ADUser], ADException
    + FullyQualifiedErrorId : ActiveDirectoryServer:8251,Microsoft.ActiveDirectory.Management.Commands.GetADUser

Further details:
- We have over 30 DCs in the domain which are 2008R2
- All admins in the team are experiencing this same error

Any insights on this would be much appreciated.
Watch Question

FOXActive Directory/Exchange Engineer
Top Expert 2015

I assume you
1. launched powershell as an administrator
2. Ran  Import-Module ActiveDirectory (if it didn't load automatically)
3. Please list the fdqn of the domain after -server   not just  celldepotdc2
Qlemo"Batchelor", Developer and EE Topic Advisor
Top Expert 2015

Does it work if name a different DC, or none at all at that time?
Top Expert 2014

Check events on both the client and the DC you specify with the -server parameter to see if there's anything around the same time as the command was run.
PiedraCellDepot Engineer


Thank you all for your responses. Let me answer them:

1. Yes, the command is being ran as an administrator.
2. The import was done automatically. We still ran the import-Module ActiveDirectory and the error occured again.
3. The FQDN is celldepot.local

4. This is going on on most DCs (intermittent) but there are a few of them is happening all the time.

5. I will check the events on event viewer on both client and server and see whats up. I will come back with your answers.
FOXActive Directory/Exchange Engineer
Top Expert 2015

Leo on one  of your domain controllers run the command
repadmin /showrepl  

YOu need to verify if your DCs are replicating successfully
PiedraCellDepot Engineer


Hello all, sorry for my delayed response.

I'm not seeing any events that might indicate an issue related to this command. THe DCs are replicated succesfully as per repadmin /showrepl. No issues there.

Any other ideas?
I will keep looking for events to see if I can catch something that might indicate an issue but so far, I dont see any,
CellDepot Engineer
This issue has been finally resolved. Investigating through logs we couldn't find any communication issues between the local computer and the DCs being targeted. We went back to basics and figured we should check the builtin users group in Active Directory Users and computers.

When checking this, we noticed that the group "Authenticated Users" was missing from a child domain. We added the group back in the Builtin / Users and this has fixed the issue.

Resolution for future cases:
- On all domains (child and parent domains) you have in your environment, check the Builtin container.
- Go to the Users group membership
- Check and make sure that the group "authenticated users" is present on all domains
- If there is a domain missing this group, request the AD team to added back again.

At least for us, this has resolved the issue. Thank you all for your replies.
PiedraCellDepot Engineer


Issue resolved.