Author Posts

June 12, 2016 at 9:26 pm

I am using the following command to query the count of all security groups in our domain:

Get-ADGroup -Filter {name -notlike 'solution team iw'} | 
select name, @{n='Member Count' ; e= {(get-adgroupmember $_.samaccountname -recursive).count }} | 
export-csv C:\\adgroupmembercount.csv

However, the command fails on one group, Solution Team IW.
I am trying to exclude this group using the expression shown, but the command still returns the error "Invalid Enumeration Context".
I'm guessing there's a corrupt AD object. But I can't remove this object as business operations depend on it.

I've tried specifying another domain controller, but no luck.

Any ideas on how you would workaround this issue?

June 12, 2016 at 9:31 pm

Have you tried just running the initial Get command to confirm that the group is being excluded from the results?

June 13, 2016 at 4:52 am

Hi Greg,
Take a look at this article on Technet Wiki to see if it helps. I suspect, after looking at your code, you are running into this same issue.

http://social.technet.microsoft.com/wiki/contents/articles/32418.active-directory-troubleshooting-server-has-returned-the-following-error-invalid-enumeration-context.aspx

June 13, 2016 at 11:43 am

Curtis,
You saved the day!

This article helped me understand the issue (and taught me a new skill along the way with using TCPView in conjunction with measure-command).

Ultimately, I was able to get the command to work by reducing the ResltPageSize from default 256 to a smaller number, 25.