Error handling for illegal characters #149
Comments
|
Hi @sdbruce1 , would you please be able to provide a PowerShell command, that would create such an account with a malformed DN? |
|
Hi Michael, after testing in my lab, I was unable to use Powershell to do such. A member of my team was able to replicate the the malformed object by using ASDI edit. We are investigating an internal tool that has caused that behavior. |
sdbruce1
changed the title
|
@sdbruce1 I was still not able to replicate the issue: |
|
|
|
Hi Michael, It seemed to me that Get-ADDBAccount functions but the pipe to Test Password quality is when we saw value cannot be null. The \ acted as an escape character and resulted in error. |
Hi Michael,
We use this command in our environment:
Get-ADDBAccount -All -DatabasePath $ntds -BootKey $Key | Test-PasswordQuality | Out-File report.txt
During a password audit, DSInternals completed Get-ADDBAccount successfully, but failed when piping results to Test-PasswordQuality. Error code is:
Get-ADDBAccount: Value cannot be null.
Parameter name: value
At line:1 char:1
We found a malformed object in Active Directory. Some of the attributes have been obscured, but please notice illegal character in DN and absence of name or full FQDN. This issue, as a side note, was caused by improper ASDI edit configuration.
DistinguishedName : CN=backslash (the character is omitted by Github so I had to type it out)
DNSHostName : .domain
Enabled : True
Name :
ObjectClass : computer
ObjectGUID : {Redacted, but valid}
SamAccountName : $
SID : {Redacted, but valid}
UserPrincipalName :
After removing the object from AD, DSInternals is working as expected again.
Wanting to bring this to your attention in case there is a way to allow the command to continue while excluding any AD object with illegal characters.
Thanks for your time.
The text was updated successfully, but these errors were encountered: