-Properties parameter in ActiveDirectory module cmdlets doesn't accept value "*"

[sethvs]

-Properties parameter in ActiveDirectory module cmdlets (Get-ADUser, Get-ADComputer, Get-ADObject, etc.) doesn't accept value "*" when invoked from PowerShell Core 6.1 on Windows 10 1809.
It works in Windows PowerShell 5.1.

Steps to reproduce

Windows PowerShell 5.1

[5.1] PS C:\> Get-ADUser someuser -Properties *

AccountExpirationDate                : somevalue
accountExpires                       : somevalue
AccountLockoutTime                   : somevalue
AccountNotDelegated                  : somevalue
adminCount                           : somevalue
AllowReversiblePasswordEncryption    : somevalue
...

PowerShell Core 6.1

[6.1.0] PS C:\> Get-ADUser someuser -Properties *

Get-ADUser : Object reference not set to an instance of an object.
At line:1 char:1
+ Get-ADUser someuser -Properties *
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo          : NotSpecified: (someuser:ADUser) [Get-ADUser], NullReferenceException
+ FullyQualifiedErrorId : ActiveDirectoryCmdlet:System.NullReferenceException,Microsoft.ActiveDirectory.Management.Commands.GetADUser

Expected behavior

Return all properties of the object, as it is in Windows PowerShell 5.1.

Actual behavior

Returns error message.

Environment data

> $PSVersionTable

Name                           Value
----                           -----
PSVersion                      6.1.0
PSEdition                      Core
GitCommitId                    6.1.0
OS                             Microsoft Windows 10.0.17763
Platform                       Win32NT
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0...}
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1
WSManStackVersion              3.0

[SteveL-MSFT]

Will look into this after PSConfAsia

[SteveL-MSFT]

@tquerec who owns this module from AD team will look into this

[SteveL-MSFT]

@tquerec any update on this?

[SteveL-MSFT]

@tquerec debugged this and it's currently an issue in corefx https://github.com/dotnet/corefx/issues/34151

[JohnTrovato]

Do we have an update on this? Or do we know what attibutes to excluded?

[SteveL-MSFT]

I would suggest pinging the corefx issue (to help push priority) above as there's nothing more to do in the AD module until the corefx issue is fixed

[corbob]

I don't see any workaround listed here, so I'd like to offer up my workaround and how I came upon it:

I have added this "line" to my $profile and then use $all instead of * when calling get-aduser:

$all = @('AccountExpirationDate','accountExpires','AccountLockoutTime','AccountNotDelegated','adminCount','AllowReversiblePasswordEncryption','AuthenticationPolicy','AuthenticationPolicySilo','BadLogonCount','badPasswordTime','badPwdCount','businessCategory','c','CanonicalName','Certificates','City','CN','co','codePage','Company','CompoundIdentitySupported','Country','countryCode','Created','createTimeStamp','Deleted','Department','departmentNumber','Description','DisplayName','DistinguishedName','Division','DoesNotRequirePreAuth','dSCorePropagationData','EmailAddress','EmployeeID','EmployeeNumber','Enabled','facsimileTelephoneNumber','Fax','garbageCollPeriod','GivenName','HomeDirectory','HomedirRequired','HomeDrive','HomePage','HomePhone','houseIdentifier','Initials','instanceType','ipPhone','isDeleted','KerberosEncryptionType','l','LastBadPasswordAttempt','LastKnownParent','lastLogoff','lastLogon','LastLogonDate','lastLogonTimestamp','lastSetTime','legacyExchangeDN','LockedOut','lockoutTime','logonCount','logonHours','LogonWorkstations','mail','mailNickname','managedObjects','Manager','MemberOf','MNSLogonAccount','MobilePhone','Modified','modifyTimeStamp','msDS-User-Account-Control-Computed','msExchALObjectVersion','msExchArchiveStatus','msExchMailboxGuid','msExchMobileMailboxFlags','msExchPoliciesIncluded','msExchRecipientDisplayType','msExchRecipientTypeDetails','msExchRemoteRecipientType','msExchTextMessagingState','msExchUMDtmfMap','msExchUserAccountControl','msExchVersion','msExchWhenMailboxCreated','msTSExpireDate','msTSLicenseVersion','msTSLicenseVersion2','msTSLicenseVersion3','msTSManagingLS','Name','nTSecurityDescriptor','ObjectCategory','ObjectClass','ObjectGUID','objectSid','Office','OfficePhone','Organization','OtherName','otherTelephone','PasswordExpired','PasswordLastSet','PasswordNeverExpires','PasswordNotRequired','physicalDeliveryOfficeName','POBox','PostalCode','PrimaryGroup','primaryGroupID','PrincipalsAllowedToDelegateToAccount','ProfilePath','protocolSettings','proxyAddresses','pwdLastSet','SamAccountName','sAMAccountType','ScriptPath','sDRightsEffective','ServicePrincipalNames','showInAddressBook','SID','SIDHistory','SmartcardLogonRequired','sn','st','State','StreetAddress','Surname','targetAddress','telephoneNumber','textEncodedORAddress','thumbnailPhoto','Title','TrustedForDelegation','TrustedToAuthForDelegation','UseDESKeyOnly','userAccountControl','userCertificate','userParameters','UserPrincipalName','uSNChanged','uSNCreated','whenChanged','whenCreated')

How I came upon it:
In Windows Powershell, I did get-aduser corbob -properties * | export-clixml corbob.xml
In pwsh:

$corbob = Import-clixml corbob.xml
$corbob | gm | ? membertype -eq 'Property' | select name | % { write-host $_.name ; $null = Get-ADUser cknox -Properties $_.name }

I then copied the list and took out the 2 that had an error. Those two: CannotChangePassword and ProtectedFromAccidentalDeletion

[vexx32]

@SteveL-MSFT looks like CoreFX merged in a fix for it.

Are we able to confirm that that is all that is needed to resolve this issue?

[SteveL-MSFT]

@vexx32 looks like it was merged 9 days ago, so we may have to wait until Preview.7 of 3.0 before we can confirm it fixes this issue

[SteveL-MSFT]

This is fixed in PS7 Preview3