get-aduser certificates strange error

0
votes

I'm trying to get AD users list with 'certificates' property. But when i'm doing

$users = Get-ADUser -searchbase "CN=Users,DC=mydomain,DC=com" -filter * -Properties “Certificates”

I'm getting strange error

Get-ADUser : Cannot find the requested object.
At line:1 char:10
+ $users = Get-ADUser -searchbase "CN=Users,DC=mydomain,DC=com" -filte ...
+          ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Get-ADUser], CryptographicException
    + FullyQualifiedErrorId : ActiveDirectoryCmdlet:System.Security.Cryptography.CryptographicException,Microsoft.Ac 
   tiveDirectory.Management.Commands.GetADUser

When I'm doing this without variable

Get-ADUser -searchbase "CN=Users,DC=mydomain,DC=com" -filter * -Properties “Certificates”

I'm getting the list of users and certificates and the error above in the end of the list. But how can I pass data to variable? Tryed with erroraction, still no result.

3
powershell
This works perfectly fine for myself, I get no error when running as $users in this situation, what version are you running? i'm running 4.0 on my DCMatthew
4.0 on DC, and 5.1 on my test vm. Tested it with 4.0 on both sides and got the same error. Weird thing. Only expandproperty works atm. I thought it's about version difference, but no. Anyway, the working method still exists and it's fine to use it.Utka Kanibal

3 Answers

0
votes

I just threw users' samaccountnames into foreach.

$users = Get-ADUser -Filter * -SearchBase "CN=Users,DC=mydomain,DC=com" | select -ExpandProperty samaccountname

foreach ($u in $users) {
....
}
0
votes

I'm getting the list of users and certificates and the error above in the end of the list. But how can I pass data to variable?

This is a question near and dear to my heart.

I've cooked up a function (f) to recreate this problem:

function f { write-output $(1..100); throw 'bs' }

If you run f, you'll get numbers 1 through 100 then an exception. You have a similar situation; output then a bomb.

I've never found a good way to handle this. This is what I do:

f 1> stuff.txt; $o = cat .\stuff.txt; rm stuff.txt -force

The numbers should goto stdout and exception to stderr. Or, so I think. :-)

I send the output (the numbers 1 through 100) to a file, read the file into a variable, and then delete the file. This gives you the output as a variable, but it's way hacky and gross.

Hoping someone posts something a better, but this should help you if you're in a pinch.

0
votes

What happens if you use a Where-Object to the command like so:

$users = Get-ADUser -SearchBase "CN=Users,DC=mydomain,DC=com" -Properties * | 
    Where-Object { $null -ne $_.Certificates } | 
    ForEach-Object { 
        # write out whatever properties you need for each user
    }