1

Hey guys,

I am trying to export my users from AD to a CSV file. For some reason it doesn’t want to work. I keep getting this error message.

  • $AllADUsers = Get-ADUser -server $ADServer `
  • CategoryInfo : ObjectNotFound: (:slight_smile: [Get-ADUser], ADIdentityNotFoundException
  • FullyQualifiedErrorId : ActiveDirectoryCmdlet:Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException,Microsoft.ActiveDirectory.Management.Commands.GetADUser

This is Server 2012 R2.

Any ideas?

Thanks guys

6 Spice ups
2

I believe that you have to add a filter. Something like

 $AllADUsers = Get-ADUser -server $ADServer -Filter *

edit: or better yet, find all the users who are currently enabled

$AllADUsers = Get-ADUser -server $ADServer -Filter 'enabled -eq $true'
1 Spice up
3

If you post code, please use the ‘Insert Code’ button. Please and thank you!

codebutton2.pngCan you please post your entire sanitized command?

4

This is already there.

$AllADUsers = Get-ADUser -server $ADServer `
-Credential $GetAdminact -searchbase $SearchBase `
-Filter * -Properties * | Where-Object {$_.info -NE 'Migrated'} #ensures that updated users are never exported.

The link is where I downloaded the ps1 from.

https://gallery.technet.microsoft.com/scriptcenter/Powershell-script-to-5edcdaea

5

Does the server you are running this on have the Active Directory role installed on it? I know to have the get-aduser command available on desktops RSAT needs to be installed. So, it is possible that the Powershell commands only become available if the module is installed when the role is configured.

1 Spice up
6

Yes sir Active Directory role is installed.

7

I am even running this directly off of my AD server. This seems really odd to me.

8 
Try { 
     Get-ADUser -server "dc.contoso.com" -Filter {enabled -eq $true} -ErrorAction Stop
} Catch [ADIdentityNotFoundException] {
    $_
}

see what error comes up.

may be remote server do not have ad web services installed

9 
At line:3 char:3
+ } Catch [ADIdentityNotFoundException] {
+   ~~~~~
Unexpected token 'Catch' in expression or statement.
    + CategoryInfo          : ParserError: (:) [], ParentContainsErrorRecordException
    + FullyQualifiedErrorId : UnexpectedToken
10

How about something easy?

Get-ADUser -filter *

Run from the DC logged into a domain admin account through an administrative Powershell window.

11

lets simply catch the warning

try {
Get-ADUser -server "dc.contoso.com" -Filter {enabled -eq $true} -ErrorAction Stop
}
catch 
{
Write-Warning “$_”
}
1 Spice up
12 
WARNING: Unable to contact the server. This may be because this server does not exist, it is currently down, or it does not have the Active Directory Web Services running.

Ahhhhh

13

I think I’ve found something. Does your search base include “OU=Users” (referencing the built-in Users OU of AD)? If so, change that to “CN=Users” as the built-in Users is a container, not an organizational unit.

1 Spice up
14

Changed to CN and still same thing.

15

try this way?

$credential = Get-Credential -Credential domain\administrator

$session = New-PSSession -cn dc.contoso.com -Credential $credential -Authentication Credssp

Invoke-Command -Session $session -ScriptBlock { Import-Module ActiveDirectory; Get-ADUser -Filter {enabled -eq $true} }

But are you sure AD and ps module is installed on remote server?

16 
Get-ADUser : Directory object not found
At C:\Users\****\Desktop\PS\RMADGRAB.ps1:17 char:15
+ $AllADUsers = Get-ADUser -server $ADServer `
+               ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (:) [Get-ADUser], ADIdentityNotFoundException
    + FullyQualifiedErrorId : ActiveDirectoryCmdlet:Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException,Microsoft.ActiveDirectory.Management.Commands.GetADUser

I keep getting this

17

Its not Cn issue even get-aduser is not working make sure you can connect to remote server and have ad installed

18

I am doing this directly on the AD server that has the AD role installed and has ps installed.

19

This error often means that a distinguished name is incorrect. Verify that the distinguished name you’re providing to the -SearchBase parameter is correct. It should be in the below format and point to an existing container / organizational unit.

Organizational Unit:
OU=OrgUnitChild,OU=OrgUnitParent,DC=Domain,DC=Com

Container:
CN=ContChild,CN=ContParent,DC=Domain,DC=Com

Also try running that line as a single line without the back ticks.

$AllADUsers = Get-ADUser -Server $ADServer -Credential $GetAdminact -searchbase $SearchBase -Filter * -Properties * | Where-Object {$_.info -NE 'Migrated'}
2 Spice ups
20

Fixed! Had an OU that was throwing things off! Wowwwww!

Thank you all very very much!