'problems typing PowerShell command

I need help, I've searched all over Google and can't find any info... When entering a command

Get-adobject -filter * -properties *

I get an error:

Get-ADObject : Year, Month, and Day parameters describe an un-representable DateTime.

But if you replace -properties * with:

-Properties CanonicalName, CN, Created, Deleted, Description, DisplayName, DistinguishedName, LastKnownParent, Modified, Name, ObjectCategory, ObjectClass, ObjectGUID, ProtectedFromAccidentalDeletion

... then everything works.

powershellactive-directorywindows-server-2012-r2


Solution 1:[1]

As mentioned in the comments, the error you receive means that at least 1 object in the directory has at least 1 attribute that contains a timestamp value that the [DateTime] type considers invalid (like "30th of february", or the year -1).

To find the object(s) in question:

  • Retrieve all objects (without specifying -Properties *), then
  • Query each of those individually for all properties - once you receive the same error, you'll know which account has an invalid timestamp, and you can then
    • Query the schema for all timestamp-valued attributes
    • Fetch only that specific additional property on each query until the error occurs

Let's start by retrieving all objects and find one that's affected by -Properties *:

foreach($object in Get-ADObject -Filter *){
    try {
        $object |Get-ADObject -Properties * -ErrorAction Stop |Out-Null
    } catch {
        "Found affected object: $($object.DistinguishedName)"
        $affected = $object
        break
    }
}

Now that you can discover an affected object, we need to identify the specific attribute that has the invalid value. To do so, query the schema for all attributes that are stored as timestamps:

$timestampAttributeSchemas = Get-ADObject -Filter "objectClass -eq 'attributeSchema' -and attributeSyntax -eq '2.5.5.11'" -SearchBase (Get-ADRootDSE).schemaNamingContext -Properties LDAPDisplayName

And then query the directory for only one of those additional properties at a time:

foreach($attribute in $timestampAttributeSchemas){
    try {
        $affected |Get-ADObject -Properties $attribute.LDAPDisplayName -ErrorAction Stop
    }
    catch {
        "Attribute $($attribute.LDAPDisplayName) appears to be affected"
    }
}

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1

Related Questions

Creating/Duplicating a Certificate Template with Powershell

Creating/Duplicating a Certificate Template with Powershell

Creating/Duplicating a Certificate Template with Powershell

New-ExoPSSession: Index was out of range

PowerShell Cannot dot-source this command because it was defined in a different language mode

How do I get only directories using Get-ChildItem?

Powershell - windows hard-disk health status is giving inconsistent results

The term 'AzCopy' is not recognized as a name of a cmdlet, function, script file

check if an string exists in a list of strings, using powershell

Can Powershell Run Commands in Parallel?

How can ensure that a function only accepts a positive integer?

Powershell: Two dimension arrays

PowerShell and process exit codes

PowerShell Script to set the size of pagefile.sys

Trying to install Angular 2 Material from npm - unrecognized token in source text