I’m trying to run a script to change the UPN suffix of user accounts. I’ve run into an oddity I can’t figure out.
Import-Module ActiveDirectory
$oldSuffix = "Domain.net"
$newSuffix = "Domain.com"
$server = "DC001"
$OUs = Get-Content c:\OUList.txt
foreach ($ou in $OUs){
Get-ADUser -SearchBase $ou -filter * -properties proxyaddresses,userprincipalName | ForEach-Object {
$newUpn = $_.UserPrincipalName.Replace($oldSuffix,$newSuffix)
$_ | Set-ADUser -server $server -UserPrincipalName $newUpn
echo $_.UserPrincipalName
}
}
The file “c:\OUList.txt” contains:
OU=BU1,OU=Accounts,OU=Businesses,DC=MyDomain,DC=net
OU=BU2,OU=Accounts,OU=Businesses,DC=MyDomain,DC=net
OU=BU3,OU=Accounts,OU=Businesses,DC=MyDomain,DC=net
The script runs fine until I changed the contents of “c:\OUList.txt” to a single line using just the parent OU:
OU=Accounts,OU=Businesses,DC=MyDomain,DC=net
With the contents of “c:\OUList.txt” as a single “parent OU” line the script runs for a while and eventually it stops and gives the following error:
Get-ADUser : The server has returned the following error: invalid enumeration context.
At line:2 char:2
- Get-ADUser -SearchBase $ou -filter * -properties proxyaddresses,userprincipalNa …
-
+ CategoryInfo : NotSpecified: (:) [Get-ADUser], ADException + FullyQualifiedErrorId : The server has returned the following error: invalid enumeration context.,Microsoft.Acti veDirectory.Management.Commands.GetADUser
At the bottom of the loop I added the line “echo $_.UserPrincipalName” to allow me to watch the process. I can now see the error only happens while processing items within “OU=BU2”
If I remove the “Set-user” line the script processes without any errors.
All the permissions are applied at the “Businesses” OU, so it’s not a permissions issue.
Can someone provide guidance on how to figure this out - thanks