locked
Get-ADUser : An empty SearchBase is only supported while connected to a GlobalCatalog. RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote
    Param(
        $BaseOUDN="",
        [switch]$Test=$true
        #[switch]$Test=$false
    )

     if($env:USERDNSDOMAIN)
        {
            # If in a domain
            #Add-PSSnapin Microsoft.Exchange.Management.PowerShell.SnapIn
            $null=Import-Module ActiveDirectory
            $maxPasswordAge=((Get-ADDefaultDomainPasswordPolicy).MaxPasswordAge).days
            
            if($BaseOUDN -eq "")
            {
                "DC="+$env:USERDNSDOMAIN.Split(".")[0]+",DC="+$env:USERDNSDOMAIN.Split(".")[1]
            }
            else
            {
                 $SearchBase=$BaseOUDN
            }

            $users = Get-ADUser -SearchBase $BaseOUDN -Properties DisplayName,mail,PasswordLastSet,PasswordNeverExpires,enabled -Filter * | select Name,Enabled,mail,PasswordLastSet,PasswordNeverExpires

            #For each enabled user, which password will expire, there will be sent a warning mail
            <g class="gr_ gr_32 gr-alert gr_spell gr_inline_cards gr_run_anim ContextualSpelling ins-del multiReplace" data-gr-id="32" id="32">foreach</g> ($u in $users)
            {.....

    I get this error why?

    <g class="gr_ gr_17 gr-alert gr_gramm gr_inline_cards gr_run_anim Style multiReplace" data-gr-id="17" id="17">Get-ADUser :</g> An empty SearchBase is only supported while connected to a <g class="gr_ gr_19 gr-alert gr_spell gr_inline_cards gr_run_anim ContextualSpelling ins-del multiReplace gr-progress" data-gr-id="19" id="19">GlobalCatalog</g>.
    At C:\SystemMaintenance\Scripts\MTA-RemindPasswordChange.ps1:68 char:18
    + ...    $users = Get-ADUser -SearchBase $BaseOUDN -Properties DisplayName, ...
    +                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : InvalidArgument: (:) [Get-ADUser], ArgumentException
        + FullyQualifiedErrorId : ActiveDirectoryCmdlet:System.ArgumentException,Microsoft.ActiveDirectory.Management.Commands.GetADUser

    Tuesday, February 27, 2018 2:30 PM

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi,

    > I get this error why?

    The error message seems to be pretty clear: An empty SearchBase is only supported while connected to a GlobalCatalog

    I suppose you did not write this script yourself, did you?

    Calling the script you have to set the base DN as param $BaseOUDN. That would be something like: "DC=my,DC=domain,DC=com"

    Tuesday, February 27, 2018 2:37 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    You cannot use an empty string or a null as the SearchBase with this CmdLet.  Either do not use the Parameter or set it to the domain root.

     $domainRoot = Get-AdDomain | select -expand DistinguishedName

    \_(ツ)_/


    Tuesday, February 27, 2018 2:42 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Per the help for Get-ADUser:

    === quote ===

    When the value of the SearchBase parameter is set to an empty string and you are connected to a GC port, all
    partitions will be searched. If the value of the SearchBase parameter is set to an empty string and you are
    not connected to a GC port, an error will be thrown.

    === end quote ===

    Generally, -SearchBase will have a default value, either the current domain or the current drive. The error indicates that $BaseOUDN is a blank string. If the value is blank, do not use the -SearchBase parameter, unless your intent is to query the GC, in which case you need to use the -Server parameter and specify the GC port of a DC, for example:

    -Server corp-DC12.corp.contoso.com:3268

    Richard Mueller - MVP Enterprise Mobility (Identity and Access)

    Tuesday, February 27, 2018 3:34 PM