I need help troubleshooting an ADException

This topic contains 2 replies, has 3 voices, and was last updated by  Axel Bøg Andersen 3 months, 2 weeks ago.

  • Author
    Posts
  • #97893

    Larry B
    Participant

    I'm trying to run a script to change the UPN suffix of user accounts. I've run into an oddity I can't figure out.

    Import-Module ActiveDirectory
     $oldSuffix = "Domain.net"
     $newSuffix = "Domain.com"
     $server = "DC001"
    $OUs = Get-Content c:\OUList.txt
    foreach ($ou in $OUs){
     Get-ADUser -SearchBase $ou -filter * -properties proxyaddresses,userprincipalName | ForEach-Object {
     $newUpn = $_.UserPrincipalName.Replace($oldSuffix,$newSuffix) 
     $_ | Set-ADUser -server $server -UserPrincipalName $newUpn
     echo $_.UserPrincipalName
     }
    }
    

    ——-

    The file "c:\OUList.txt" contains:
    OU=BU1,OU=Accounts,OU=Businesses,DC=MyDomain,DC=net
    OU=BU2,OU=Accounts,OU=Businesses,DC=MyDomain,DC=net
    OU=BU3,OU=Accounts,OU=Businesses,DC=MyDomain,DC=net

    The script runs fine until I changed the contents of "c:\OUList.txt" to a single line using just the parent OU:

    OU=Accounts,OU=Businesses,DC=MyDomain,DC=net

    With the contents of "c:\OUList.txt" as a single "parent OU" line the script runs for a while and eventually it stops and gives the following error:

    Get-ADUser : The server has returned the following error: invalid enumeration context.
    At line:2 char:2
    + Get-ADUser -SearchBase $ou -filter * -properties proxyaddresses,userprincipalNa ...
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : NotSpecified: (:) [Get-ADUser], ADException
    + FullyQualifiedErrorId : The server has returned the following error: invalid enumeration context.,Microsoft.Acti
    veDirectory.Management.Commands.GetADUser

    ——–
    At the bottom of the loop I added the line "echo $_.UserPrincipalName" to allow me to watch the process. I can now see the error only happens while processing items within "OU=BU2"

    If I remove the "Set-user" line the script processes without any errors.

    All the permissions are applied at the "Businesses" OU, so it's not a permissions issue.

    Can someone provide guidance on how to figure this out – thanks

  • #97899

    Joel Sallow
    Participant

    If you're inserting a single value instead of a loop, then you may need to remove the loop and just insert the single value.

  • #97983

    Axel Bøg Andersen
    Participant

    If you move the echo part up, you can see what user causes the issue (if that is the issue).

    foreach ($ou in $OUs){
        Get-ADUser -SearchBase $ou -filter * -properties proxyaddresses,userprincipalName | ForEach-Object {
        Write-Verbose "Changing suffix on $($_.UserPrincipalName)" -verbose
        $newUpn = $_.UserPrincipalName.Replace($oldSuffix,$newSuffix) 
        $_ | Set-ADUser -server $server -UserPrincipalName $newUpn
        }
       }
    

You must be logged in to reply to this topic.