I had a script that was working fine. Went away for a few hours and came back and now it errors.
Error
Get-ADUser : The server was unable to process the request due to an internal error. For more information about the error, either turn on IncludeExceptionDetailInFaults
(either from ServiceBehaviorAttribute or from the <serviceDebug> configuration behavior) on the server in order to send the exception information back to the client, or
turn on tracing as per the Microsoft .NET Framework SDK documentation and inspect the server trace logs.
At C:\Users\orion\Desktop\GetUsersProcessFile.ps1:1 char:1
+ Get-ADUser -Filter * -Properties CN,Department,Description,DisplayNam ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Get-ADUser], ADException
+ FullyQualifiedErrorId : ActiveDirectoryServer:0,Microsoft.ActiveDirectory.Management.Commands.GetADUser
The script is as follows
Get-ADUser -Filter * -Properties CN,Department,Description,DisplayName,Division,EmailAddress,extensionAttribute10,GivenName,mail,mailNickname,Name,Office,SamAccountName,sn,Title,UserPrincipalName | export-csv -path e:\ad\user-export.csv
I am looking to export every user I can with the details I want to a CSV file.
As I said, I got it working and it was working but I now get this error. This is sitting on a Windows 2019 Server.
Any ideas why it would suddenly stop working?
I did some digging and found a couple posts that may provide some insight:
First up: https://social.technet.microsoft.com/Forums/lync/en-US/a7ca2b45-bcf7-474b-a3d4-9ccc7b6f792b/internal-error-for-non-domain-admins?forum=winserverpowershell
In this case, someone removed Domain Users from the builtin Users group. Since ADWS restricts access to the Users group, queries were failing.
Second: https://social.technet.microsoft.com/Forums/en-US/f8eb3d11-6a79-4c0b-a59a-8c90b65557cf/active-directory-powershell-quotinternal-errorquot?forum=winserverpowershell
In this case, the problem was fixed by restarting the ADWS service on the domain controllers.
Note that the cmdlets like Get-ADUser and Set-ADUser depends on ADWS running on the DCs, whereas native ADSI methods do not. However, using native ADSI requires a bit more care, e.g. using paging for querying the memberOf property. There's a lot of good documentation out there on using native ADSI objects from PowerShell.
Related
I am a bit of a novice where PowerShell is concerned. I do lots of things in ti, but generally have to look them up.
I am trying to get a list of users who have been assigned a specific licence in Office 365. I am using a command which I have used before successfully, but this time it will not work and keeps giving me the following error;
Get-MsolUser : The request channel timed out while waiting for a
reply after 00:00:59.9152154. Increase the timeout value passed to the
call to Request or increase the SendTimeout value on the Binding. The
time allotted to this operation may have been a portion of a longer
timeout. At line:1 char:1
+ Get-MsolUser | Where-Object {($_.licenses).AccountSkuId -match "excha ...
+ ~~~~~~~~~~~~
+ CategoryInfo : OperationStopped: (:) [Get-MsolUser], TimeoutException
+ FullyQualifiedErrorId : System.TimeoutException,Microsoft.Online.Administration.Automation.GetUser
The command I am using is;
Get-MsolUser | Where-Object {($_.licenses).AccountSkuId -match "exchangestandard"}
Is there a way if increasing the timeout? Or is there another way of getting this information, other than doing it manually. The company only has about 500 users and this particular licence is only being used by 42.
Thank you.
Updated SFB-prem to CU9 but for some reason unable to move test user to Teams or SFBO. anyone facing this issue?
I tried to used PS commands and SFB admin portal but same results
$cred=Get-Credential
$url="https://admxxxx.online.lync.com/HostedMigration/hostedmigrationService.svc"
Move-CsUser -Identity teamstestuser02#xxx.com -Target sipfed.online.lync.com -Credential $cred -HostedMigrationOverrideUrl $url
Move-CsUser : Unable to connect to some of the servers in pool
"XXX.com" due to a Distributed Component Object Model (DCOM) error.
Verify that Front End service is running on servers in this pool. If
the pool is set up for load balancing, verify that load balancer is
configured correctly. At line:2 char:1
+ Move-CsUser -Identity teamstestuser02#XXXX.com -Target "sip ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (CN=TeamsTestUse...p,xx.xxcom:OCSADUser) [Move-CsUser],
MoveUserException
+ FullyQualifiedErrorId : MoveError,Microsoft.Rtc.Management.AD.Cmdlets.MoveOcsUserCmdlet
Have you run this on the FrontEnd Server itself?
I have hit and misses with Move-CsUser when it targets SkypeOnline
Potential mitigations I found:
-Run on FE
-Specify undocumented Switch -DomainController to point it at a writable DC
https://learn.microsoft.com/en-us/skypeforbusiness/hybrid/move-users-between-on-premises-and-cloud should have all the juice you need, make sure that the user you are running this command as (i.E. logged into the FE) has CsServerAdministrator and the $Cred has Global Admin or User Admin + Skype For Business Admin
Hope that helps :)
I used -UseOAuth switch on the Frond End server and the issue resolved. Some users return errors for Rollback, and nothing works for these users until I used force switch, which they lost their contacts and meeting info.
Are you able to import a module through PowerShell with a different user account? I am specifically attempting to import the ActiveDirectory module with a different account to the currently logged in one.
I don't want to go all out for the console though because I am attempting to use the current Outlook process to send an email after the part of the code is done, and if the entire console is elevated it will give a COM error (instance of PowerShell and Outlook are not elevated together).
The SMTP way of sending an email or through Send-Mail won't work as even though I can ping the SMTP server, I get the below error message, which from what I've read is because I am unable to communicate with the SMTP server appropriately?
Exception calling "Send" with "1" argument(s): "Failure sending mail."
At C:\Users\\Desktop\SCRIPT.ps1:64 char:9
+ $SMTP.Send($MSG)
+ ~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : SmtpException
You can't import a module with a different account as it doesn't work this way. You need to run the individual commands themselves with alternative credentials.
As you mentioned AD I've used Get-ADUser as an example but a lot of powershell commands have a Credential or PSCredential parameter of some kind, check the documentation to find out.
$Credentials = Get-Credential
Get-ADUser JohnSmith -Properties DistinguishedName -Credential $Credentials
This above example will prompt for credentials, but you can also save them in the script instead on entering them every time.
NOTE: Saving credentials in a file isn't secure so be careful what credentials you save and where you store them!
$Username = "DomainUserName"
$Password = "PlainPassword" | ConvertTo-SecureString -AsPlainText -Force
$Credentials = New-Object System.Management.Automation.PSCredential($Username ,$Password)
There are also other ways to save credentials, but that's too much to go into here.
The AD module for powershell is a wrapper around much of the .NET framework's System.DirectoryServices namespace of code.
.NET in turn is wrapped on top of the older COM ADSI component.
Because of this, it is possible to use windows cached credentials to handle the AD work without using the -Credential option.
If you cache a Windows Domain credential prior to running the script, the AD cmdlets will use those cached credentials to authenticate to the DC. Of course, there's no requirement to remove the cached credential...but realize it's static. if the password changes in the domain, you need to re-cache the cred.
The management of domain creds can be done by command line as well using the cmdkey.exe program that is present since Win7. Using this command line tool, you could set the windows credential just before you run your script, then remove the credential after.
Note that the use of the cached creds is based solely on the server name that the cmdlet will attempt to communicate. If you are not specifying a DC in your cmdlet calls, then it will use the %logonserver% environment variable.
The critical piece then is that the servername used by ADSI must match exactly in the credential cache. If the short name (server01) is used, then that must be in the cache. If the full dns name is used (server01.domain.com), then that must be in the cache. If you feel that your script may change to another server, then that server must be in the cache.
I'm at a bit of a loss with where to start with this one.
I have one Azure account with 2 subscriptions (I'm not the full admin just a co-admin so can't edit them) and both are called Pay-As-You-Go with different IDs.
I can connect powershell to the account and log in, list the subscriptions, select the subscription that I want to use.
However when I issue the get-AzureVM command either in a script or from the
command line I get the error below:
Get-AzureVM : Account with name 'Pay-As-You-Go' does not exist.
Parameter name: accountName
At line:1 char:1
+ Get-AzureVM
+ ~~~~~~~~~~~
+ CategoryInfo : CloseError: (:) [Get-AzureVM], ArgumentException
+ FullyQualifiedErrorId : Microsoft.WindowsAzure.Commands.ServiceManagement.IaaS.GetAzureVMCommand
I can enter a specific VM name and service name and get the same error back.
My confusion stems from the fact that I haven't specified that account name as far as I'm aware in the command.
I have been playing around on the machine quite a lot this morning with writing wrapper scripts to allow selection of different user name connections via a prompt and selection of the relevant subscription but nothing I'm aware would have affected this command.
I can still run the commands below and get the output I expect:
Get-AzureAccount
Get-AzureSubscription -current
So the session is working for sure.
The VM I am trying to query was created from a custom image this morning and I can RDP to it and it seems to be running normally
Any ideas would be great?
The best way to do that it is to Execute the command Clear-AzureProfile it will require you to login again the problem it is that you account has been logged out. The sam problem happens when you have 2 different subscription for 2 different accounts and you change from one to another after executing some commands on the first one. Using the clear command after the switch solves that.
Well, I'm not sure of the root cause of this one, restarting the machine, opening closing the IDE etc had no effect.
But I did find by running Remove-AzureAccount and then running Add-AzureAccount again that it resolved.
So I just removed my account from powershell and re-added it to solve...
If you are working with a larger external list (more than 2000 items) in dev environment it works perfectly, but when you work in production environment, it throws error
"Unable to display this Web Part. To troubleshoot the problem, open this Web page in a Microsoft SharePoint Foundation-compatible HTML editor such as Microsoft SharePoint Designer. If the problem persists, contact your Web server administrator. Correlation ID: ...........".
So start to working to fix the BCS limit through powershell.
When I enter below command in powershell I get error in cmd. Any idea?
PS C:\Program Files\Nintex\Nintex Workflow 2010> Set-SPBusinessDataCatalogThrott
leConfig -Identity Get-SPBusinessDataCatalogThrottleConfig -Scope ThrottleType I
tems Database-GUID-ServiceApplicationProxy 5222b2db-fdd1-43f5-accb-7f039155f654-
8000-default maximum 6000
Set-SPBusinessDataCatalogThrottleConfig : Cannot bind parameter 'Identity'. Can
not convert the "Get-SPBusinessDataCatalogThrottleConfig" value of type "System
.String" to type "Microsoft.SharePoint.BusinessData.SharedService.ThrottleConfi
g".
At line:1 char:50
+ Set-SPBusinessDataCatalogThrottleConfig -Identity <<<< Get-SPBusinessDataCat
alogThrottleConfig -Scope ThrottleType Items Database-GUID-ServiceApplicationPr
oxy 5222b2db-fdd1-43f5-accb-7f039155f654-8000-default maximum 6000
+ CategoryInfo : InvalidArgument: (:) [Set-SPBusinessDataCatalogT
hrottleConfig], ParameterBindingException
+ FullyQualifiedErrorId : CannotConvertArgumentNoMessage,Microsoft.SharePo
int.BusinessData.SharedService.SPSetSPBusinessDataCatalogThrottleConfig
At first glance there seems to be some issues in your PowerShell syntax. You specify another cmdlet as value for the -Identity parameter, and that won't work. Sharepoint is not really my expertise, but this article by lionelro on the msdn blogs looks like a good place to start. Especially since the start of the article describes your issue online appearing on the production environment. Hope it helps.