Author Posts

May 26, 2014 at 5:58 am

Hi guys,

I am performing some search in the AD. Our company has more than 100.000 computer objects split over 4 domains.
One of the domains has about 65000 – 70000 objects. The others take the rest.
So, I am using Get-ADComputer and Foreach-Object to scan all 4 domains.
At some point, I get an error in the console:

Get-ADComputer : The server has returned the following error: invalid enumeration context.
At MyScript.ps1:36 char:1
+ Get-ADComputer -Filter * -SearchBase $Searchbase -Properties Canonicalname ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Get-ADComputer], ADException
+ FullyQualifiedErrorId : The server has returned the following error: invalid enumeration context.,Microsoft.ActiveDirectory.Management.Commands.GetADComputer

I have searched the internet for this error and there are a lot of people complaining. Still, there was no clean solution.
For some of them, it helped to change the value of ResultPageSize, which is actually a parameter of Get-ADcomputer.
That didn't work for me. I set it to a low value (like 10) and then to a high value (like 1000). I still get that error.
Some others suggested using the DirectorySearcher for this job, but I would like to use Get-ADcomputer since it's more convenient.

Did anyone else experience this issue and did anyone get past it?

Thanks in advance!

May 26, 2014 at 6:00 am

PS: someone said in an internet post that the property I was looking for was not indexed.
I had a look in ADSI Edit and that property IS indexed.

May 28, 2014 at 3:39 pm

According to the Directory Services Team this is basically a timeout type of issue when performing queries involving a vary large data set:
http://blogs.technet.com/b/askds/rss.aspx?Tags=group+policy#invalidenumeration

Without seeing your code it's hard for me to say what may be going on here, but you said the property that you want is in fact indexed – what property is that? Are you certain you aren't pulling other properties that are not indexed? If you are using 'Get-ADComputer -Properties *' then you will definitely run into problems with this many computer objects. See this article here for an example regarding the 'operatingSystem' attribute:

PowerShell – Error when you query Active Directory for the OperatingSystem attribute

October 13, 2015 at 2:13 pm

I know this is a pretty old thread, but wanted to drop in this link to Technet WIKI that explains this error and what to do about.

http://social.technet.microsoft.com/wiki/contents/articles/32418.active-directory-troubleshooting-server-has-returned-the-following-error-invalid-enumeration-context.aspx

October 13, 2015 at 11:47 pm

Wow! Thank you very much! I really appreciate your effort of sharing this information with us!

Now I can clearly understand the root cause of the problem. I also appreciate that there is a solution posted in the link 😉