Skip to content
This repository has been archived by the owner on Jun 16, 2021. It is now read-only.

Get-ADUser Fails To Import When In a WhatIf Context #89

Open
aolszowka opened this issue Jun 2, 2021 · 0 comments
Open

Get-ADUser Fails To Import When In a WhatIf Context #89

aolszowka opened this issue Jun 2, 2021 · 0 comments

Comments

@aolszowka
Copy link

aolszowka commented Jun 2, 2021
edited
Loading

Issue

In PowerShell 7.1.3 when attempting to execute the following FROM A CLEAN SESSION we encounter an error.

Script:

function Test-GetADUser {
    [CmdletBinding(
        SupportsShouldProcess = $true
    )]
    param (
    )
    process {
        Get-ADUser -Filter "SamAccountName -eq '$env:USERNAME'"
    }
}

Test-GetADUser -WhatIf

Error:

PS C:\Users\Ace.Olszowka> c:\Users\Ace.Olszowka\Desktop\WebPortalRemovals\WhatIfRemotingBug.ps1
What if: Performing the operation "Copy File" on target "Item: C:\Users\Ace.Olszowka\AppData\Local\Temp\79\tmp_hi0s3iyz.hi4\remoteIpMoProxy_ActiveDirectory_1.0.0.0_localhost_99a12936-ef8b-469a-ba86-28da0c409df1.format.ps1xml Destination: C:\Users\Ace.Olszowka\AppData\Local\Temp\79\remoteIpMoProxy_ActiveDirectory_1.0.0.0_localhost_99a12936-ef8b-469a-ba86-28da0c409df1\remoteIpMoProxy_ActiveDirectory_1.0.0.0_localhost_99a12936-ef8b-469a-ba86-28da0c409df1.format.ps1xml".
What if: Performing the operation "Copy File" on target "Item: C:\Users\Ace.Olszowka\AppData\Local\Temp\79\tmp_hi0s3iyz.hi4\remoteIpMoProxy_ActiveDirectory_1.0.0.0_localhost_99a12936-ef8b-469a-ba86-28da0c409df1.psd1 Destination: C:\Users\Ace.Olszowka\AppData\Local\Temp\79\remoteIpMoProxy_ActiveDirectory_1.0.0.0_localhost_99a12936-ef8b-469a-ba86-28da0c409df1\remoteIpMoProxy_ActiveDirectory_1.0.0.0_localhost_99a12936-ef8b-469a-ba86-28da0c409df1.psd1".
What if: Performing the operation "Copy File" on target "Item: C:\Users\Ace.Olszowka\AppData\Local\Temp\79\tmp_hi0s3iyz.hi4\remoteIpMoProxy_ActiveDirectory_1.0.0.0_localhost_99a12936-ef8b-469a-ba86-28da0c409df1.psm1 Destination: C:\Users\Ace.Olszowka\AppData\Local\Temp\79\remoteIpMoProxy_ActiveDirectory_1.0.0.0_localhost_99a12936-ef8b-469a-ba86-28da0c409df1\remoteIpMoProxy_ActiveDirectory_1.0.0.0_localhost_99a12936-ef8b-469a-ba86-28da0c409df1.psm1".
What if: Performing the operation "Remove Directory" on target "C:\Users\Ace.Olszowka\AppData\Local\Temp\79\tmp_hi0s3iyz.hi4".
Get-ADUser: C:\Users\Ace.Olszowka\Desktop\WebPortalRemovals\WhatIfRemotingBug.ps1:8:9
Line |
   8 |          Get-ADUser -Filter "SamAccountName -eq 'Ace.Olszowka'"
     |          ~~~~~~~~~~
     | The 'Get-ADUser' command was found in the module 'ActiveDirectory', but the module could not be loaded. For more information, run 'Import-Module ActiveDirectory'.

Any subsequent runs in this session with -WhatIf will fail.

However if you remove the -WhatIf and execute it, this runs without issue.

IN THAT SAME SESSION if you attempt to run the above again with -WhatIf it will succeed without issue.

Working Theory

Our guess is that there is some type of bug in this version of ActiveDirectory in combination with WindowsCompatibility that causes -WhatIf to be acted upon for the setup of the remoting call. This means that subsequent attempts to use the proxied module are futile. This would explain why running this same script in the same session at least once without a -WhatIf corrects the issue for subsequent -WhatIf calls.

Potential Workaround

Based on the above theory the following works around this issue in a clean session:

function Test-GetADUser {
    [CmdletBinding(
        SupportsShouldProcess = $true
    )]
    param (
    )
    process {
        $script:oldWhatIfPreference = $WhatIfPreference
        try {
            $WhatIfPreference = $false
            Import-Module ActiveDirectory
        }
        finally {
            $WhatIfPreference = $script:oldWhatIfPreference
        }
        Get-ADUser -Filter "SamAccountName -eq '$env:USERNAME'"
    }
}

Test-GetADUser -WhatIf

We have proved that this works in our environment and have rolled this fix into production.

Environment

  • Windows Server 2012R2
  • $PSVersionTable:
Name                           Value
----                           -----
PSVersion                      7.1.3
PSEdition                      Core
GitCommitId                    7.1.3
OS                             Microsoft Windows 6.3.9600
Platform                       Win32NT
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0…}
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1
WSManStackVersion              3.0
  • (From PowerShell 5.1) Get-Module -ListAvailable | Where-Object { $_.Name -eq 'ActiveDirectory' } | Select-Object *:


LogPipelineExecutionDetails : False
Name                        : ActiveDirectory
Path                        : C:\Windows\system32\WindowsPowerShell\v1.0\Modules\ActiveDirectory\ActiveDirectory.psd1
ImplementingAssembly        : 
Definition                  : 
Description                 : 
Guid                        : 43c15630-959c-49e4-a977-758c5cc93408
HelpInfoUri                 : http://go.microsoft.com/fwlink/?LinkId=301394 
ModuleBase                  : C:\Windows\system32\WindowsPowerShell\v1.0\Modules\ActiveDirectory
PrivateData                 : 
Tags                        : {}
ProjectUri                  : 
IconUri                     : 
LicenseUri                  : 
ReleaseNotes                : 
RepositorySourceLocation    : 
Version                     : 1.0.0.0
ModuleType                  : Manifest
Author                      : Microsoft Corporation
AccessMode                  : ReadWrite
ClrVersion                  : 4.0
CompanyName                 : Microsoft Corporation
Copyright                   : © Microsoft Corporation. All rights reserved.
DotNetFrameworkVersion      : 
ExportedFunctions           : {}
Prefix                      : 
ExportedCmdlets             : {[Add-ADCentralAccessPolicyMember, Add-ADCentralAccessPolicyMember], 
                              [Add-ADComputerServiceAccount, Add-ADComputerServiceAccount], 
                              [Add-ADDomainControllerPasswordReplicationPolicy, 
                              Add-ADDomainControllerPasswordReplicationPolicy], 
                              [Add-ADFineGrainedPasswordPolicySubject, Add-ADFineGrainedPasswordPolicySubject]...}
ExportedCommands            : {[Add-ADCentralAccessPolicyMember, Add-ADCentralAccessPolicyMember], 
                              [Add-ADComputerServiceAccount, Add-ADComputerServiceAccount], 
                              [Add-ADDomainControllerPasswordReplicationPolicy, 
                              Add-ADDomainControllerPasswordReplicationPolicy], 
                              [Add-ADFineGrainedPasswordPolicySubject, Add-ADFineGrainedPasswordPolicySubject]...}
FileList                    : {}
CompatiblePSEditions        : {}
ModuleList                  : {}
NestedModules               : {}
PowerShellHostName          : 
PowerShellHostVersion       : 
PowerShellVersion           : 3.0
ProcessorArchitecture       : None
Scripts                     : {}
RequiredAssemblies          : {Microsoft.ActiveDirectory.Management}
RequiredModules             : {}
RootModule                  : C:\Windows\system32\WindowsPowerShell\v1.0\Modules\ActiveDirectory\ActiveDirectory.psd1
ExportedVariables           : {}
ExportedAliases             : {}
ExportedWorkflows           : {}
ExportedDscResources        : {}
SessionState                : 
OnRemove                    : 
ExportedFormatFiles         : {C:\Windows\system32\WindowsPowerShell\v1.0\Modules\ActiveDirectory\ActiveDirectory.Forma
                              t.ps1xml}
ExportedTypeFiles           : {C:\Windows\system32\WindowsPowerShell\v1.0\Modules\ActiveDirectory\ActiveDirectory.Types
                              .ps1xml}
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@aolszowka