Get-ADUser : One or more properties are invalid. Parameter name: msDS-AssignedAuthNPolicy


If you are running PowerShell 4.0 on Windows 8.1/2012 R2 and tried to use the Get-ADUser or Get-ADComputer cmdlets (from the ActiveDirectory Module) with the -Property parameter, specifying * to get all the properties’ object, you may have encountered the error message below:

Get-ADUser : One or more properties are invalid.
Parameter name: msDS-AssignedAuthNPolicy
At line:1 char:1
+ Get-ADUser martin -Server DC01 -Properties *
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidArgument: (martin:ADUser) [Get-ADUser], ArgumentException
    + FullyQualifiedErrorId : ActiveDirectoryCmdlet:System.ArgumentException,Microsoft.ActiveDirec
   tory.Management.Commands.GetADUser

This has been identified as a bug, and there’s a hotfix as described in KB2923122 that you can install. You could also install KB2928680 that contains the above hotfix, and others as well.

As a workaround, you could use the following command instead:

Get-ADUser martin | Get-ADObject -Properties *

To check if either of the hotfixes are installed, you can use the following command:

Get-HotFix -Id KB2923122, KB2928680

HTH,

\Martin.

Comments (2)

  1. VIBHAT SRIVASTAVA says:

    Thanks a lot for sharing this. Great help !

  2. Greg Tate says:

    For what it’s worth, the hotfix doesnt seem to work if you are trying to run the command twice in the same powershell session.

Skip to main content