Home Dashboard Directory Help
Search

PowerShell remoting DirectoryServices.DirectorySearcher object garbled. by HPH2


Status: 

Active


15
0
Sign in
to vote
Type: Bug
ID: 630828
Opened: 12/13/2010 3:54:29 AM
Access Restriction: Public
1
Workaround(s)
view
4
User(s) can reproduce this bug

Description

From: http://social.technet.microsoft.com/Forums/en-US/ITCG/thread/7d2a0b0e-254f-4725-9c02-20744cd3cdd5/

Powershell version 2.0

Background:
I have a script successfully assembling information about servers in our primary domain.
Now i am trying to use PowerShell Remoting to include information about servers in our DMZ zones.
This works great.

Except when i try to query the Active Directory.

Following runs fine in a powershell window on the server dzms01 in a remote desktop session:

PS C:\> $DomainRootPath='LDAP://DC=beodmz,DC=beo,DC=dk'
PS C:\> $servername='dzms01'
PS C:\> $searcher = new-object DirectoryServices.DirectorySearcher([ADSI] $DomainRootPath)
PS C:\> $searcher.filter = "(&(objectClass=computer)(Name=$servername))"
PS C:\> $searcher.CacheResults = $true
PS C:\> $searcher.SearchScope = 'Subtree'
PS C:\> $searcher.PageSize = 1000
PS C:\> $ad=$searcher.FindOne()
PS C:\> $ad

Path                                                        Properties
----                                                        ----------
LDAP://CN=DZMS01,OU=ProductionServers,OU=Servers,DC=beod... {operatingsystem, countrycode, cn, lastlogoff...}

PS C:\> $searcher

CacheResults             : True
ClientTimeout            : -00:00:01
PropertyNamesOnly        : False
Filter                 : (&(objectClass=computer)(Name=dzms01))
PageSize                 : 1000
PropertiesToLoad         : {}
ReferralChasing         : External
SearchScope             : Subtree
ServerPageTimeLimit     : -00:00:01
ServerTimeLimit         : -00:00:01
SizeLimit                : 0
SearchRoot             : System.DirectoryServices.DirectoryEntry
Sort                     : System.DirectoryServices.SortOption
Asynchronous             : False
Tombstone                : False
AttributeScopeQuery     :
DerefAlias             : Never
SecurityMasks            : None
ExtendedDN             : None
DirectorySynchronization :
VirtualListView         :
Site                     :
Container                :

PS C:\> $searcher.SearchRoot

distinguishedName : {DC=beodmz,DC=beo,DC=dk}
Path             : LDAP://DC=beodmz,DC=beo,DC=dk

PS C:\> $searcher.SearchRoot.path
LDAP://DC=beodmz,DC=beo,DC=dk
PS C:\>



Trying to do the same thing from my PC using powershell remote, and using the same login credentials, i get this:

PS C:\> $ses = New-PSSession -ComputerName 'dzms01' -Credential $cred
PS C:\> Invoke-Command {$DomainRootPath='LDAP://DC=beodmz,DC=beo,DC=dk'} -session $ses
PS C:\> Invoke-Command {$DomainRootPath} -session $ses
LDAP://DC=beodmz,DC=beo,DC=dk
PS C:\> Invoke-Command {$servername='dzms01'} -session $ses
PS C:\> Invoke-Command {$searcher = new-object DirectoryServices.DirectorySearcher([ADSI] $DomainRootPath)} -session $ses
PS C:\> Invoke-Command {$searcher.filter = "(&(objectClass=computer)(Name=$servername))"} -session $ses
PS C:\> Invoke-Command {$searcher.CacheResults = $true} -session $ses
PS C:\> Invoke-Command {$searcher.SearchScope = 'Subtree'} -session $ses
PS C:\> Invoke-Command {$searcher.PageSize = 1000} -session $ses
PS C:\> Invoke-Command {$ad=$searcher.FindOne()} -session $ses
Exception calling "FindOne" with "0" argument(s): "An operations error occurred.
"
    + CategoryInfo         : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : DotNetMethodException

PS C:\> Invoke-Command {$searcher} -session $ses

PSComputerName     : dzms01
RunspaceId         : 19248cc5-e3b2-422d-9f16-62b6419cc0f8
PSShowComputerName : True
CacheResults        : True
ClientTimeout     : -00:00:01
PropertyNamesOnly : False
Filter             : (&(objectClass=computer)(Name=dzms01))
PageSize            : 1000
PropertiesToLoad    : {}
ReferralChasing     : External
SearchScope         : Subtree
ServerPageTimeLimit : -00:00:01
ServerTimeLimit     : -00:00:01
SizeLimit         : 0

The following exception occurred while retrieving member "StringSerializationSource": "An operations error occurred.
"
    + CategoryInfo         : NotSpecified: (:) [], ExtendedTypeSystemException
    + FullyQualifiedErrorId : CatchFromBaseGetMember

PS C:\> Invoke-Command {$searcher.SearchRoot} -session $ses
System.DirectoryServices.DirectoryEntry
PS C:\> Invoke-Command {$searcher.SearchRoot.path} -session $ses
PS C:\> Invoke-Command {$searcher.filter} -session $ses
(&(objectClass=computer)(Name=dzms01))
PS C:\>

It seems as the DirectoryServices.DirectorySearcher object is somehow garbled.
Can anyone help me in the right direction?

Details
Sign in to post a comment.
Posted by Allan Haywood [HOME] on 11/15/2013 at 4:20 PM
This will work if -Authentication CredSSP is used with the invoke-command.

To use CredSSP a pscredential needs to be created and passed in, and the servers involved need to be properly configured to use CredSSP.

http://technet.microsoft.com/en-us/library/hh849872.aspx
Posted by George F on 12/13/2012 at 6:57 AM
I can also reproduce this issue. PowerShell 3.0 over an RDP connection works.

PS F:\> $d = [ADSI]""
PS F:\> $d

distinguishedName : {DC=example,DC=com}
Path             :

PS F:\> $d = New-Object System.DirectoryServices.DirectoryEntry
PS F:\> $d

distinguishedName : {DC=example,DC=com}
Path             :

PS F:\>

A PSSession to the same server yields the following.

PS F:\> Enter-PSSession -UseSSL -ComputerName server -Credential $creds
[server]: PS C:\> $d = [ADSI]""
[server]: PS C:\> $d
The following exception occurred while retrieving member "distinguishedName": "An operations error occurred.
"
    + CategoryInfo         : NotSpecified: (:) [format-default], ExtendedTypeSystemException
    + FullyQualifiedErrorId : CatchFromBaseGetMember,Microsoft.PowerShell.Commands.FormatDefaultCommand

[server]: PS C:\> $d = New-Object System.DirectoryServices.DirectoryEntry

[server]: PS C:\> $d
The following exception occurred while retrieving member "distinguishedName": "An operations error occurred.
"
    + CategoryInfo         : NotSpecified: (:) [format-default], ExtendedTypeSystemException
    + FullyQualifiedErrorId : CatchFromBaseGetMember,Microsoft.PowerShell.Commands.FormatDefaultCommand

[server]: PS C:\>

The work around of using RDP instead of PSRemoting is acceptable most of the time, but this should work in both.
Posted by Schell77 on 9/28/2012 at 5:38 PM
Here's a related and simple example in PowerShell 2.0, and it's apparently not just System.DirectoryServices.DirectorySearcher:

Try the following locally:

[System.DirectoryServices.ActiveDirectory.ActiveDirectorySite]::GetComputerSite()

Then try it remotely:

Invoke-Command RemoteServer {[System.DirectoryServices.ActiveDirectory.ActiveDirectorySite]::GetComputerSite()}

Same error:
Exception calling "GetComputerSite" with "0" argument(s): "An operations error occurred.
"
    + CategoryInfo         : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : DotNetMethodException
Posted by Бетке Сергей Сергеевич on 2/4/2011 at 3:08 AM
and my problem: http://social.technet.microsoft.com/Forums/ru-RU/scrlangru/thread/3c8b78f4-b160-4752-8cbd-4eb3052bf11d/
Posted by XMERLIN on 1/11/2011 at 5:22 AM
I have the same problem even when doing remote within the same AD domain and supplying the correct credentials. I include here the code, it checks whether a particular group exists in active directory or not. Arguments are server-to -execute-query user\domain ad-group. Code is :
Param([String]$server,[String]$credential,[String]$group)

function find-dn { param([string]$adfindtype, [string]$cName)
    $cName=$cName.ToLower() # NEW
    write-host "parameters: adfindtype ($adfindtype) cName ($cName)"
    $rootDSE = ([ADSI]"LDAP://RootDSE") #was $root = [ADSI]''
        $root=$rootDSE.defaultNamingContext
        write-host "rootDSE.defaultNamingContext ($root)"
    $searcher = new-object System.DirectoryServices.DirectorySearcher($root)
    $searcher.filter = "(&(objectClass=$adfindtype) (CN=$cName))"
    $adfind = $searcher.findall()
    return $adfind[0].path
}

# LOCAL (SUCCEEDS)

$fqdn=find-dn "group" "$group"
$check=$fqdn.Replace("LDAP://","")
write-host "Output: LOCAL distinguishedName $group = $check"

# REMOTE (FAILS)

$psSession = New-PSSession -Computer $server -Credential $credential
Invoke-Command -Session $PSSession -ScriptBlock {
param([string]$adfindtype, [string]$cName)
write-host "parameters: adfindtype ($adfindtype) cName ($cName)"
$rootDSE = ([ADSI]"LDAP://RootDSE") #was $root = [ADSI]''
$root=$rootDSE.defaultNamingContext
write-host "rootDSE.defaultNamingContext ($root)"
$searcher = new-object System.DirectoryServices.DirectorySearcher($root)
$searcher.filter = "(&(objectClass=$adfindtype) (CN=$cName))"
$adfind = $searcher.FindAll()
$fqdn = $adfind[0].path
$fqdn=$fqdn.Replace("LDAP://","")
write-host "Output: REMOTE distinguishedName $cName = $fqdn"
} -argumentlist ("group","$group")

Remove-PSSession -Session $psSession
Sign in to post a workaround.
Posted by Allan Haywood [HOME] on 11/15/2013 at 4:20 PM
This will work if -Authentication CredSSP is used with the invoke-command.

To use CredSSP a pscredential needs to be created and passed in, and the servers involved need to be properly configured to use CredSSP.

http://technet.microsoft.com/en-us/library/hh849872.aspx