none
Get-aduser This operation returned because the timeout period expired

    Question

  • I have a issue when running a powershell query against my DC. If i run the query ON one of my DC it goes thru but if i try to run the query from a management server i end up with "Get-Aduser : This operation returned because the timeout period expired"

    This is the query i run : $Users = Get-Aduser -SearchBase "ou=user,dc=*,dc=*,dc=*" -properties mail -Filter 'msRTCSIP-PrimaryUserAddress -like "*inactive_*

    Our User OU is quite large holding about 200k accounts but still doesn't explain why i can run the command on a DC and get the correct reply but not from managementserver. Only thing i can think of that has changed lately is that we have added 2 2012 R2 servers to our DC's before we only had 2012 version.

    /Lee

    Tuesday, August 25, 2015 8:48 AM

All replies

  • i think this may happens just because of the 2 Minute Timeoute of the Filter and the big amount of data the query should return.

      Timeout Behavior
        The following statements specify timeout conditions within the Active
        Directory module and describe what can be done about a timeout them.
    
        The default Active Directory module timeout for all operations is 2
        minutes.
    
        For search operation, the Active Directory module uses paging control
        with a 2-minute timeout for each page search.
    
        Note: Because a search may involve multiple server page requests the
        overall search time may exceed 2 minutes.
    
        A TimeoutException error indicates that a timeout has occurred.
    
        For a search operation, you can choose to use a smaller page size, set
        with the ResultPageSize parameter, if you are getting a TimeoutException
        error.
    
        If after trying these changes you are still getting a TimeoutException
        error, consider optimizing your filter using the guidance in the
        Optimizing Filters section of this topic.

    Source: https://technet.microsoft.com/en-us/library/hh531527(v=ws.10).aspx

    There are various workarounds for this problem.

    For Example:

    Another script which does the same: https://social.technet.microsoft.com/Forums/windowsserver/en-US/b5b439fe-1aa9-4823-a3ac-d0be643a5073/query-using-ad-module-timed-out

    or using something like: ADFIND from joeware

    best regards

    Daniel

    Tuesday, August 25, 2015 9:02 AM
  • Yes the 2 minute timeout i know about and understand the basics of how it works, but if that is the limitation that affecs my script how come it only stops me when i run the query remotely.

    If i run the script on the DC itself the query goes thru and i get my expected result, shouldnt the limitation affect the DS no matter where i run my query from?

    /Lee

    Tuesday, August 25, 2015 11:22 AM
  • that is indeed a bit curious, have you already tried using the -server string?

    $Users = Get-Aduser -SearchBase "ou=user,dc=*,dc=*,dc=*" -properties mail -Filter 'msRTCSIP-PrimaryUserAddress -like "*inactive_* -Server fqdn.of.dc.where.get-aduser.running.fine

    Tuesday, August 25, 2015 12:30 PM
  • Hi.

    Yes i have tried running the script pointing to both a 2012 and a 2012 R2 server with the same result, but as soon as i go to the DC and run it i get my result.

    I can't remember having these issues prior to adding the 2012 R2 server so i wonder what is changed.

    Tuesday, August 25, 2015 12:34 PM
  • just another guess :)

    i have seen some strange changes of Powershell on the internet but never actually stumbled across them (lucky one)

    what PS version do you have on your DC?

    $psversiontable

    what PS version do you have on your Client?

    $psversiontable

    if they are not the same one and you have installed the same version you have on the server on your client open a command prompt and start the powershell version you have on the server and then run the Get-ADUser-Command against the Dc-Host where Get-ADUser is working.

    powershell -version 3.0

    $Users = Get-Aduser -SearchBase "ou=user,dc=*,dc=*,dc=*" -properties mail -Filter 'msRTCSIP-PrimaryUserAddress -like "*inactive_* -Server fqdn.of.dc.where.get-aduser.running.fine

    /Daniel

    Tuesday, August 25, 2015 1:35 PM
  • Morning!

    I have checked and tested with different powershell versions also as you mention to eliminate possible causes but it's the same problem what ever i do.

    As long as i run the query localy on the server it works but as soon as it's run remotely it terminates.

    /Lee

    Wednesday, August 26, 2015 6:09 AM
  • seems my reply got lost :)

    another way would probably be psremoting -> Running the Get-ADUser in a remotepowershell session (if that works, not sure if it will timeout here too) and redirect the output (if possible -> depending if write-host or write-output is used within Get-ADUser) to the local client. 

    Wednesday, August 26, 2015 2:35 PM