Powershell: Script that was working now errors giving Get-ADUser : The server was unable to process the request due to an internal error

Question

I had a script that was working fine. Went away for a few hours and came back and now it errors.

Error

Get-ADUser : The server was unable to process the request due to an internal error.  For more information about the error, either turn on IncludeExceptionDetailInFaults 
(either from ServiceBehaviorAttribute or from the <serviceDebug> configuration behavior) on the server in order to send the exception information back to the client, or 
turn on tracing as per the Microsoft .NET Framework SDK documentation and inspect the server trace logs.
At C:\Users\orion\Desktop\GetUsersProcessFile.ps1:1 char:1
+ Get-ADUser -Filter * -Properties CN,Department,Description,DisplayNam ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Get-ADUser], ADException
    + FullyQualifiedErrorId : ActiveDirectoryServer:0,Microsoft.ActiveDirectory.Management.Commands.GetADUser

The script is as follows

Get-ADUser -Filter * -Properties CN,Department,Description,DisplayName,Division,EmailAddress,extensionAttribute10,GivenName,mail,mailNickname,Name,Office,SamAccountName,sn,Title,UserPrincipalName | export-csv -path e:\ad\user-export.csv

I am looking to export every user I can with the details I want to a CSV file.

As I said, I got it working and it was working but I now get this error. This is sitting on a Windows 2019 Server.

Any ideas why it would suddenly stop working?

Answer 1

I did some digging and found a couple posts that may provide some insight:

First up: https://social.technet.microsoft.com/Forums/lync/en-US/a7ca2b45-bcf7-474b-a3d4-9ccc7b6f792b/internal-error-for-non-domain-admins?forum=winserverpowershell

In this case, someone removed Domain Users from the builtin Users group. Since ADWS restricts access to the Users group, queries were failing.

Second: https://social.technet.microsoft.com/Forums/en-US/f8eb3d11-6a79-4c0b-a59a-8c90b65557cf/active-directory-powershell-quotinternal-errorquot?forum=winserverpowershell

In this case, the problem was fixed by restarting the ADWS service on the domain controllers.

Note that the cmdlets like Get-ADUser and Set-ADUser depends on ADWS running on the DCs, whereas native ADSI methods do not. However, using native ADSI requires a bit more care, e.g. using paging for querying the memberOf property. There's a lot of good documentation out there on using native ADSI objects from PowerShell.