I need help troubleshooting an ADException

I’m trying to run a script to change the UPN suffix of user accounts. I’ve run into an oddity I can’t figure out.


Import-Module ActiveDirectory
$oldSuffix = “Domain.net
$newSuffix = “Domain.com
$server = “DC001”
$OUs = Get-Content c:\OUList.txt
foreach ($ou in $OUs){
Get-ADUser -SearchBase $ou -filter * -properties proxyaddresses,userprincipalName | ForEach-Object {
$newUpn = $.UserPrincipalName.Replace($oldSuffix,$newSuffix)
$
| Set-ADUser -server $server -UserPrincipalName $newUpn
echo $_.UserPrincipalName
}
}

The file “c:\OUList.txt” contains:
OU=BU1,OU=Accounts,OU=Businesses,DC=MyDomain,DC=net
OU=BU2,OU=Accounts,OU=Businesses,DC=MyDomain,DC=net
OU=BU3,OU=Accounts,OU=Businesses,DC=MyDomain,DC=net

The script runs fine until I changed the contents of “c:\OUList.txt” to a single line using just the parent OU:

OU=Accounts,OU=Businesses,DC=MyDomain,DC=net

With the contents of “c:\OUList.txt” as a single “parent OU” line the script runs for a while and eventually it stops and gives the following error:

Get-ADUser : The server has returned the following error: invalid enumeration context.
At line:2 char:2

  • Get-ADUser -SearchBase $ou -filter * -properties proxyaddresses,userprincipalNa …
  •   + CategoryInfo          : NotSpecified: (:) [Get-ADUser], ADException
      + FullyQualifiedErrorId : The server has returned the following error: invalid enumeration context.,Microsoft.Acti
     veDirectory.Management.Commands.GetADUser
    
    

At the bottom of the loop I added the line “echo $_.UserPrincipalName” to allow me to watch the process. I can now see the error only happens while processing items within “OU=BU2”

If I remove the “Set-user” line the script processes without any errors.

All the permissions are applied at the “Businesses” OU, so it’s not a permissions issue.

Can someone provide guidance on how to figure this out - thanks

If you’re inserting a single value instead of a loop, then you may need to remove the loop and just insert the single value.

If you move the echo part up, you can see what user causes the issue (if that is the issue).

foreach ($ou in $OUs){
    Get-ADUser -SearchBase $ou -filter * -properties proxyaddresses,userprincipalName | ForEach-Object {
    Write-Verbose "Changing suffix on $($_.UserPrincipalName)" -verbose
    $newUpn = $_.UserPrincipalName.Replace($oldSuffix,$newSuffix) 
    $_ | Set-ADUser -server $server -UserPrincipalName $newUpn
    }
   }