DEVHIDE
Login Or Sign up

Why does the ProtectedFromAccidentalDeletion property on the Get-ADGroup command in the PS AD module return a NullReferenceException on one machine?

473 Views Asked by At

I have a PowerShell script that uses the Active Directory PowerShell module (part of RSAT). It's running fine on my Windows 10 machine in PowerShell 7, but on a Windows Server 2019 VM in PowerShell 6, it's returning an error. RSAT's AD tools are installed on both machines, and ActiveDirectory v 1.0.1.0 is showing as installed correctly on both machines when I run Get-Module -Name ActiveDirectory:

AD module showing as installed correctly

The script iterates through all AD Groups and puts them in an array with the following command:

$ADGroupsList = @(Get-ADGroup -Filter * -Properties * | Select-Object DistinguishedName,CN,GroupCategory,Description | Sort-Object CN)

This is returning the following error on the Server 2019 VM:

Get-ADGroup : Object reference not set to an instance of an object.
At line:1 char:19
+ Get-ADGroup -Identity ACC_Admin -Properties *
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo          : NotSpecified: (ACC_Admin:ADGroup) [Get-ADGroup], NullReferenceException
+ FullyQualifiedErrorId : ActiveDirectoryCmdlet:System.NullReferenceException,Microsoft.ActiveDirectory.Management.Commands.GetADGroup

When I broke it down to its constituent parts, I found that I get the same error with just Get-ADGroup -Properties *, even if I select a specific AD group that I know exists and has properties, like "ACC_Admin":

NRE error when selecting all properties of a specific group

If I select just one property, like CN, it works fine:

Get-ADGroup -Filter * -Properties CN

Results:

CN                : ACC_Admin
DistinguishedName : CN=ACC_Admin,OU=SecurityCameras,DC=ths,DC=local
GroupCategory     : Security
Name              : ACC_Admin
ObjectClass       : group
ObjectGUID        : 77d856b4-3f8b-4afc-80cb-106e0b8cbc3b
SamAccountName    : ACC_Admin
SID               : S-1-5-21-994927589-7149997842-1008150880-53730

correct results for an AD group when only one property is specified

When I iterated through every single default property to find the culprit, I found that ProtectedFromAccidentalDeletion was the property causing the error.

It's also confusing since the value of this property is "False" for the example group I'm checking against, rather than just being blank or null, when I check it from my personal workstation:

Get-ADGroup command w/ property working on my workstation

Why is ProtectedFromAccidentalDeletion returning a NRE here if it doesn't return an error on my personal workstation, which has the same version of the Active Directory module installed (1.0.1.0)? And how can I fix that?

powershell active-directory powershell-6.0
Original Q&A
1

There are 1 best solutions below

0
On BEST ANSWER

This is a bug in PowerShell 6. The resolution is to upgrade to PowerShell 7, where it was fixed.

Reference GitHub issue where the issue was first reported & marked fixed:

SteveL-MSFT commented on Aug 23, 2019:

This is fixed in PS7 Preview3

(See also https://github.com/PowerShell/PowerShellModuleCoverage/issues/8)

Related Questions in POWERSHELL

Related Questions in ACTIVE-DIRECTORY

Related Questions in POWERSHELL-6.0

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Popular Questions

Copyright © 2021 Jogjafile Inc.