Fix for Get-ADUser or Get-ADComputer throwing error “One or more properties are invalid.”

About four days ago, the update rollup of March 2014 for Windows 8.1 or Windows Server 2012 R2 was released. This bundle contains KB2923122 that aims at fixing the following error:

Get-ADUser : One or more properties are invalid.
Parameter name: msDS-AssignedAuthNPolicy

While the workarounds were easy,

  1. you could either specify the list of properties (consider this as a solution for automation because it performs faster)
  2. (…and I only have ~70 computers in AD)

  3. or you could pipe it to the Get-ADObject cmdlet
  4. Get-ADUser administrator | Get-ADObject -Properties *
  5. or upgrade the schema to version 69 (see this post)
  6. Get-ADObject (dir AD:\ | Where Name -eq "Schema").DistinguishedName -Properties objectVersion

… it got finally fixed by either the above standalone hotfix or update rollup 😀

I’ve applied the update rollup to my workstation and here’s how to see what KB was applied:

Get-HotFix -Id "KB2928680"            
Get-HotFix | ? HotfixId -match "2923122"


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.