Skip to content
This repository was archived by the owner on Jun 16, 2021. It is now read-only.
This repository was archived by the owner on Jun 16, 2021. It is now read-only.

Get-ADUser Fails To Import When In a WhatIf Context #89

Open
Open
Get-ADUser Fails To Import When In a WhatIf Context#89
@aolszowka

Description

@aolszowka
aolszowka
opened on Jun 2, 2021

Issue

In PowerShell 7.1.3 when attempting to execute the following FROM A CLEAN SESSION we encounter an error.

Script:

function Test-GetADUser {
    [CmdletBinding(
        SupportsShouldProcess = $true
    )]
    param (
    )
    process {
        Get-ADUser -Filter "SamAccountName -eq '$env:USERNAME'"
    }
}

Test-GetADUser -WhatIf

Error:

PS C:\Users\Ace.Olszowka> c:\Users\Ace.Olszowka\Desktop\WebPortalRemovals\WhatIfRemotingBug.ps1
What if: Performing the operation "Copy File" on target "Item: C:\Users\Ace.Olszowka\AppData\Local\Temp\79\tmp_hi0s3iyz.hi4\remoteIpMoProxy_ActiveDirectory_1.0.0.0_localhost_99a12936-ef8b-469a-ba86-28da0c409df1.format.ps1xml Destination: C:\Users\Ace.Olszowka\AppData\Local\Temp\79\remoteIpMoProxy_ActiveDirectory_1.0.0.0_localhost_99a12936-ef8b-469a-ba86-28da0c409df1\remoteIpMoProxy_ActiveDirectory_1.0.0.0_localhost_99a12936-ef8b-469a-ba86-28da0c409df1.format.ps1xml".
What if: Performing the operation "Copy File" on target "Item: C:\Users\Ace.Olszowka\AppData\Local\Temp\79\tmp_hi0s3iyz.hi4\remoteIpMoProxy_ActiveDirectory_1.0.0.0_localhost_99a12936-ef8b-469a-ba86-28da0c409df1.psd1 Destination: C:\Users\Ace.Olszowka\AppData\Local\Temp\79\remoteIpMoProxy_ActiveDirectory_1.0.0.0_localhost_99a12936-ef8b-469a-ba86-28da0c409df1\remoteIpMoProxy_ActiveDirectory_1.0.0.0_localhost_99a12936-ef8b-469a-ba86-28da0c409df1.psd1".
What if: Performing the operation "Copy File" on target "Item: C:\Users\Ace.Olszowka\AppData\Local\Temp\79\tmp_hi0s3iyz.hi4\remoteIpMoProxy_ActiveDirectory_1.0.0.0_localhost_99a12936-ef8b-469a-ba86-28da0c409df1.psm1 Destination: C:\Users\Ace.Olszowka\AppData\Local\Temp\79\remoteIpMoProxy_ActiveDirectory_1.0.0.0_localhost_99a12936-ef8b-469a-ba86-28da0c409df1\remoteIpMoProxy_ActiveDirectory_1.0.0.0_localhost_99a12936-ef8b-469a-ba86-28da0c409df1.psm1".
What if: Performing the operation "Remove Directory" on target "C:\Users\Ace.Olszowka\AppData\Local\Temp\79\tmp_hi0s3iyz.hi4".
Get-ADUser: C:\Users\Ace.Olszowka\Desktop\WebPortalRemovals\WhatIfRemotingBug.ps1:8:9
Line |
   8 |          Get-ADUser -Filter "SamAccountName -eq 'Ace.Olszowka'"
     |          ~~~~~~~~~~
     | The 'Get-ADUser' command was found in the module 'ActiveDirectory', but the module could not be loaded. For more information, run 'Import-Module ActiveDirectory'.

Any subsequent runs in this session with -WhatIf will fail.

However if you remove the -WhatIf and execute it, this runs without issue.

IN THAT SAME SESSION if you attempt to run the above again with -WhatIf it will succeed without issue.

Working Theory

Our guess is that there is some type of bug in this version of ActiveDirectory in combination with WindowsCompatibility that causes -WhatIf to be acted upon for the setup of the remoting call. This means that subsequent attempts to use the proxied module are futile. This would explain why running this same script in the same session at least once without a -WhatIf corrects the issue for subsequent -WhatIf calls.

Potential Workaround

Based on the above theory the following works around this issue in a clean session:

function Test-GetADUser {
    [CmdletBinding(
        SupportsShouldProcess = $true
    )]
    param (
    )
    process {
        $script:oldWhatIfPreference = $WhatIfPreference
        try {
            $WhatIfPreference = $false
            Import-Module ActiveDirectory
        }
        finally {
            $WhatIfPreference = $script:oldWhatIfPreference
        }
        Get-ADUser -Filter "SamAccountName -eq '$env:USERNAME'"
    }
}

Test-GetADUser -WhatIf

We have proved that this works in our environment and have rolled this fix into production.

Environment

  • Windows Server 2012R2
  • $PSVersionTable:
Name                           Value
----                           -----
PSVersion                      7.1.3
PSEdition                      Core
GitCommitId                    7.1.3
OS                             Microsoft Windows 6.3.9600
Platform                       Win32NT
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0…}
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1
WSManStackVersion              3.0
  • (From PowerShell 5.1) Get-Module -ListAvailable | Where-Object { $_.Name -eq 'ActiveDirectory' } | Select-Object *:


LogPipelineExecutionDetails : False
Name                        : ActiveDirectory
Path                        : C:\Windows\system32\WindowsPowerShell\v1.0\Modules\ActiveDirectory\ActiveDirectory.psd1
ImplementingAssembly        : 
Definition                  : 
Description                 : 
Guid                        : 43c15630-959c-49e4-a977-758c5cc93408
HelpInfoUri                 : http://go.microsoft.com/fwlink/?LinkId=301394 
ModuleBase                  : C:\Windows\system32\WindowsPowerShell\v1.0\Modules\ActiveDirectory
PrivateData                 : 
Tags                        : {}
ProjectUri                  : 
IconUri                     : 
LicenseUri                  : 
ReleaseNotes                : 
RepositorySourceLocation    : 
Version                     : 1.0.0.0
ModuleType                  : Manifest
Author                      : Microsoft Corporation
AccessMode                  : ReadWrite
ClrVersion                  : 4.0
CompanyName                 : Microsoft Corporation
Copyright                   : © Microsoft Corporation. All rights reserved.
DotNetFrameworkVersion      : 
ExportedFunctions           : {}
Prefix                      : 
ExportedCmdlets             : {[Add-ADCentralAccessPolicyMember, Add-ADCentralAccessPolicyMember], 
                              [Add-ADComputerServiceAccount, Add-ADComputerServiceAccount], 
                              [Add-ADDomainControllerPasswordReplicationPolicy, 
                              Add-ADDomainControllerPasswordReplicationPolicy], 
                              [Add-ADFineGrainedPasswordPolicySubject, Add-ADFineGrainedPasswordPolicySubject]...}
ExportedCommands            : {[Add-ADCentralAccessPolicyMember, Add-ADCentralAccessPolicyMember], 
                              [Add-ADComputerServiceAccount, Add-ADComputerServiceAccount], 
                              [Add-ADDomainControllerPasswordReplicationPolicy, 
                              Add-ADDomainControllerPasswordReplicationPolicy], 
                              [Add-ADFineGrainedPasswordPolicySubject, Add-ADFineGrainedPasswordPolicySubject]...}
FileList                    : {}
CompatiblePSEditions        : {}
ModuleList                  : {}
NestedModules               : {}
PowerShellHostName          : 
PowerShellHostVersion       : 
PowerShellVersion           : 3.0
ProcessorArchitecture       : None
Scripts                     : {}
RequiredAssemblies          : {Microsoft.ActiveDirectory.Management}
RequiredModules             : {}
RootModule                  : C:\Windows\system32\WindowsPowerShell\v1.0\Modules\ActiveDirectory\ActiveDirectory.psd1
ExportedVariables           : {}
ExportedAliases             : {}
ExportedWorkflows           : {}
ExportedDscResources        : {}
SessionState                : 
OnRemove                    : 
ExportedFormatFiles         : {C:\Windows\system32\WindowsPowerShell\v1.0\Modules\ActiveDirectory\ActiveDirectory.Forma
                              t.ps1xml}
ExportedTypeFiles           : {C:\Windows\system32\WindowsPowerShell\v1.0\Modules\ActiveDirectory\ActiveDirectory.Types
                              .ps1xml}

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions