The below powershell command works for most of the accounts.
import-module activedirectory
Get-ADUser <account> -Properties *
For some accounts, I get following error
Get-ADUser : Not a valid Win32 FileTime.
Parameter name: fileTime
At line:4 char:1
+ Get-ADUser <account> -Properties AccountExpirationDate
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidArgument: (<account>:ADUser) [Get-ADUser], ArgumentOutOfRangeException
+ FullyQualifiedErrorId : ActiveDirectoryCmdlet:System.ArgumentOutOfRangeException,Microsoft.ActiveDirectory.Management.Commands.GetADUser
I suspect it is because of empty (?) date property.
For valid accounts, it looks like this
AccountExpirationDate : 01/01/2030 00:00:00
Is there any way to still collect the information for these users, just excluding Date properties?
As there are hundreds of properties, I would prefer to avoid specifying which I need... unless it does not have impact on performance?
I tried the below which fails presumably due to select on failing query.
Get-ADUser <account> -Properties * | Select-Object -Property * | Where-Object { $_.AccountExpirationDate -ne $null}
Check if the
accountExpiresLDAP attribute has never been set (value 0) or if the attribute for the user has been set to 'Never Expires' (value 9223372036854775807)In both cases, there will be no valid DateTime in the
AccountExpirationDateproperty you need.Also, you should not use
-Properties *if you only need a few extra properties on top of the ones Get-ADUser returns by default, which are:DistinguishedName, Enabled, GivenName, Name, ObjectClass, ObjectGUID, SamAccountName, SID, Surname, UserPrincipalName
Try