October 23, 2019 at 12:45 pm #184553ParticipantTopics: 2Replies: 0Points: 12Rank: Member
I don't seem to be able to execute the command "Get-ADPrincipalGroupMembership".
I tried with the -Server and -Credential parameter, but I keep on getting "The operation being requested was not performed because the user has not been authenticated."
Another command like "Get-ADUser" works fine.
I notice I'm not the first person with this error, though it is unclear to me to what the solution might be.
Get-ADPrincipalGroupMembership : The operation being requested was not performed because the user has not been authenticated.
At line:2 char:1
+ Get-ADPrincipalGroupMembership -Identity davidtest
+ CategoryInfo : NotSpecified: (davidtest:ADPrincipal) [Get-ADPrincipalGroupMembership], ADException
+ FullyQualifiedErrorId : ActiveDirectoryServer:1244,Microsoft.ActiveDirectory.Management.Commands.GetADPrincipalGroupMembership
October 23, 2019 at 8:54 pm #184661ParticipantTopics: 10Replies: 117Points: 456Rank: Contributor
As an alternative, have you tried the slightly longer route of:
$userName = 'davidtest' $groups = ([ADSISEARCHER]"samAccountName=$userName").FindOne().Properties.memberof -replace '^CN=([^,]+).+$','$1' # Then do something with groups Write-Output $groups
Edit: Sorry for multiple edits – formatting issues.
October 26, 2019 at 3:55 pm #185114ParticipantTopics: 4Replies: 45Points: 90Rank: Member
I came across the same issue once. When one of the domain controllers (also Global Catalogue server) failed to replicate, using that command no longer worked. It may or may not apply to your problem but it's nice to check if there is any AD replication issue in your environment.
- You must be logged in to reply to this topic.