This applies to Get-ADComputer cmdlet too. When I try to get all properties of an AD account like Get-ADUser JohnDoe –Properties * it gives following error.
Get-ADUser : One or more properties are invalid.
Parameter name: msDS-AssignedAuthNPolicy
It used to work in older PowerShell versions (Windows 8 or Windows 7). Now my scripts are all stopped working.
Well I believe it is a bug in ActiveDirectory PowerShell module. But also on other hand we should NOT be using –Properties * in a script. That would be a bad scripting practice, it takes more time to process obviously. Right way is use it like –Properties <propertyname1>,<propertyname2>.
What if I don’t know the properties I want. What if I have to figure the correct property name. Do NOT worry, there is a workaround. Pipe the Get-ADUser or Get-ADComputer to a Get-ADObject cmdlet like below.
Get-ADuser JohnDoe | Get-ADObject –Properties *
Hopefully it will be fixed on next updates or MS don’t want us to use * in properties parameter. Enjoy.
2 thoughts on “PowerShell 4.0: “Get-ADUser : One or more properties are invalid””
Microsoft just released a hotfix for this exact issue this week.
(windows 8.1 clients and 2012 R2 member servers)
The hotfix can be found here:
Awesome! Thanks Jared.