none
Get-ADUser : Object reference not set to an instance of an object. RRS feed

  • Question

  • Hello Scripting Guys,

    I am trying to run a query on AD to fetch some users details and it fails with below error.

    Get-ADUser : Object reference not set to an instance of an object.
    At C:\Scripts\AllDetails_ADUsers.ps1:1 char:1
    + Get-ADUser -Filter {Enabled -ne $false } -Properties *| Select EmployeeId, Given ...
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : NotSpecified: (:) [Get-ADUser], NullReferenceException
        + FullyQualifiedErrorId : ActiveDirectoryCmdlet:System.NullReferenceException,Microsoft.ActiveDirectory.Management.Commands.GetA
       DUser

    Here is the command I am running..

    Get-ADUser -Filter {Enabled -eq $true } -Properties *| Select EmployeeId, GivenName, Surname, SamAccountName, UserPrincipalName, EmailAddress, LastLogonDate,PrimaryGroup, msRTCSIP-PrimaryUserAddress, 
    Title, Company, Description, Department, Office, Enabled | Export-Csv AllUserDetails_User_Active.csv -NoTypeInformation

    However if I run the same command for inactive users i.e Enabled -eq false  the above commands runs fine..

    What am I doing wrong here?

    Thank you..

    Wednesday, July 27, 2016 9:39 AM

Answers

  • Nice job of narrowing down the problem. That helps a lot. If you know which user raises the error, check the primary group. If it is not "cn=Domain Users", then are there any unusual characters in the distinguished name, like "/", "\", "*", etc.?

    Extra code is required to resolve the PrimaryGroup property. First the cmdlet must retrieve the primaryGroupID attribute of the user, then either search for the group with the corresponding primaryGroupToken, or convert into the correct SID and translate that into the corresponding group DN. Unusual characters may reveal a bug in the code behind the PowerShell property method.

    Edit: Can you give use the common name of the primary group of the problem user?


    Richard Mueller - MVP Enterprise Mobility (Identity and Access)



    Wednesday, July 27, 2016 5:05 PM
    Moderator

All replies

  • Possibly the first enabled user is missing one or more of the attributes in your Select. The fix is to specify any attributes you need in the -Properties parameter that are not default properties (instead of using -Properties *).

    Richard Mueller - MVP Enterprise Mobility (Identity and Access)

    Wednesday, July 27, 2016 10:23 AM
    Moderator
  • Thanks for the quick reply Richard..

    What do you mean by not default properties?

    Should I put it this way?

    Get-ADUser -Filter {Enabled -eq $true } -Properties EmployeeId, GivenName, Surname, SamAccountName, UserPrincipalName, EmailAddress, LastLogonDate,PrimaryGroup, msRTCSIP-PrimaryUserAddress, 
    Title, Company, Description, Department, Office, Enabled| Select EmployeeId, GivenName, Surname, SamAccountName, UserPrincipalName, EmailAddress, LastLogonDate,PrimaryGroup, msRTCSIP-PrimaryUserAddress, 
    Title, Company, Description, Department, Office, Enabled | Export-Csv AllUserDetails_User_Active.csv -NoTypeInformation

    Wednesday, July 27, 2016 10:31 AM
  • That should work if the problem is what I suspect. Default and extended properties explained here:

    http://social.technet.microsoft.com/wiki/contents/articles/12031.active-directory-powershell-ad-module-properties.aspx


    Richard Mueller - MVP Enterprise Mobility (Identity and Access)

    Wednesday, July 27, 2016 10:42 AM
    Moderator
  • Thank you. I have gone through the link..

    I have also manged to narrow it down to the user it is failing and the attribute as well.

    Now the shortened command I have to write to re-create it is

    Get-ADUser -Filter * -Properties PrimaryGroup | Select PrimaryGroup
    
    Or 
    
    Get-ADUser -Filter * -Properties PrimaryGroup
    Please suggest me how to get around this problem..

    Wednesday, July 27, 2016 10:57 AM
  • are you still facing the same issue while executing this command ?

    Get-ADUser -Filter * -Properties PrimaryGroup | Select PrimaryGroup


    J.B.Patnaik

    Wednesday, July 27, 2016 11:08 AM
  • Yes I am
    Wednesday, July 27, 2016 11:38 AM
  • Nice job of narrowing down the problem. That helps a lot. If you know which user raises the error, check the primary group. If it is not "cn=Domain Users", then are there any unusual characters in the distinguished name, like "/", "\", "*", etc.?

    Extra code is required to resolve the PrimaryGroup property. First the cmdlet must retrieve the primaryGroupID attribute of the user, then either search for the group with the corresponding primaryGroupToken, or convert into the correct SID and translate that into the corresponding group DN. Unusual characters may reveal a bug in the code behind the PowerShell property method.

    Edit: Can you give use the common name of the primary group of the problem user?


    Richard Mueller - MVP Enterprise Mobility (Identity and Access)



    Wednesday, July 27, 2016 5:05 PM
    Moderator
  • Thank you Richard...

    That was a lot of very helpful information.

    Thursday, July 28, 2016 9:55 AM