I'm having a problem with two Active Directory Module cmdlets: Get-ADPrincipalGroupMembership and Get-ADGroup.
I've found comments elsewhere indicating that these might be bugs. They occur in both Powershell 2.0 and 3.0. I have two questions for the forum:
Thanks and keep up the Powershell-ing.
These are mainly AD issues not PowerShell issues.
First off – and this may seem like I'm splitting hairs – but the PowerShell team aren't responsible for the AD cmdlets. They are produced by the AD team. What version of Windows are you using for your domain controllers? If you were running Windows 2008 R2 and for instance and upgraded PowerShell to v3 the AD cmdlets wouldn't be changed because they aren't part of the core PowerShell engine.
When I tried to create a group called Test/Group in AD Users and Computers I was told / is an illegal character and I was offered the chance to replace the / by a _ I got a similar error in New-Adgroup.
if I was you I'd seriously consider renaming the groups to remove the /. Its going to save you a lot of effort over time.
I created a group with a different name and samAccountName and tried using Get-ADGroup
PS> New-ADGroup -Name 'FunnyTestGroup' -Path 'ou=All groups,dc=manticore,dc=org' -GroupCategory Security -GroupScope Gl
The problem is that the identity parameter only accepts values representing
In this case none of those were supplied. However:
will work for you.
Again I would recommend keeping the samAccountName the same as the group name for ease of administration
Thank you, Richard. This gives me a better understanding of what's occurring. Our DCs are 2008 R2, but I'm running AD module from Win7 and Win8 computers.
These groups are a little old, and were probably created by some method that did not strictly enforce these restrictions. I'll research making the corrections on the groups themselves.
Thank you also for the explanation about the AD module being written by the AD team.
You must be logged in to reply to this topic.