Weird problem with get-addomaincontroller

  • 96 Views
  • Last Post 18 June 2019
kurtbuff posted this 14 June 2019

All,
Found a cool script that uses "get-addomaincontroller -filter *", and I'm getting an error using it.
Can anyone here give me a starting place to start the hunt? I've looked in the Windows\WinRM logs, and don't see anything that looks relevant. I've done both a "winrm quickconfig" and "enable-psremoting", and that seems to have taken, so I'm at a loss as to where to go from here.

get-addomaincontroller -filter *
get-addomaincontroller : Directory object not found
At line:1 char:1
+ get-addomaincontroller -filter *
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (:) [Get-ADDomainController], ADIdentityNotFoundException
    + FullyQualifiedErrorId : ActiveDirectoryCmdlet:Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException,Microsoft.ActiveDirectory.Management.Commands.GetADDomainController

I'm pretty baffled, because I've run it on all 4 of my DCs ( 3 x 2012 R2 and 1 x 2016).
If I run the the cmdlet against named DCs, I get back data, no problems.
I suspect (but am really not sure!) it has something to do with wsman on the DC in our UK office, and here's why - the script I'm running is from here: https://itconnect.uw.edu/wares/msinf/other-help/lmcompatibilitylevel/using-get-ntlmv1logonevents-ps1/
(Thanks to Eric Kool-Brown and Brian Arkills for this!)
Running it with "-Target DCs" emits the error below, but running it against individual DCs works, except against our UK DC. When running it against our UK DC, whether from my laptop or on the DC itself, I get the following:
.\Get-NtlmV1LogonEvents.ps1 -NumEvents 10 -Target DCs
Get-ADDomainController : Directory object not found
At C:\Batchfiles\Get-NtlmV1LogonEvents.ps1:93 char:10
+         $dcs = Get-ADDomainController -Filter * | select -expand host ...
+                ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (:) [Get-ADDomainController], ADIdentityNotFoundException
    + FullyQualifiedErrorId : ActiveDirectoryCmdlet:Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException,Microsoft.ActiveDirectory.Management.Commands.GetADDomainController
Querying security log for NTLM V1 events (ID 4624) on DCs
Invoke-Command : Cannot validate argument on parameter 'ComputerName'. The argument is null or empty. Provide an
argument that is not null or empty, and then try the command again.
At C:\Batchfiles\Get-NtlmV1LogonEvents.ps1:97 char:32
+         Invoke-Command -ComputerName $dcs -ScriptBlock $remoteScript  ...
+                                      ~~~~
    + CategoryInfo          : InvalidData: (:) [Invoke-Command], ParameterBindingValidationException
    + FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.PowerShell.Commands.InvokeCommandCommand


Kurt

Order By: Standard | Newest | Votes
bdesmond posted this 14 June 2019

I’d probably turn up tracing on the ADWS instance you’re targeting and see what it’s doing. First hit I got was this -

https://dirteam.com/tomek/2010/04/10/ad-ws-diagnostic-logging/. You might need to futz with permissions on the folder path to make sure the service can write to it.

 

Thanks,

Brian

 

 

show

kurtbuff posted this 14 June 2019

Thanks.
I will pursue this and get back to the list with results - but I have to conquer a firewall problem first.
Kurt


show

kurtbuff posted this 18 June 2019

Well that was less than satisfactory.
I turned up debugging per the article, including restarting the service, and get absolutely no results.in the log file.
I'll have to do some more searching.
Kurt


show

Close