Invoke PowerShell with ActiveDirectory module not working

Hello,

I’m trying to interrogate a user on AD by using the activity Invoke Power Shell but without any luck. If I try to apply this command under PowerShell directly it will work (after I import or will auto-import once it hits the Get-ADUSER ) without any issue.

I’ve tried to following command on

Get-ADUser -filter {employeeid -eq 0000} -Properties * | Select employeeid, mail

The error that I get is (I deleted most of the lines because each cmdlet has the same response. you get the point):

System.Management.Automation.CommandNotFoundException: The ‘Get-ADUser’ command was found in the module ‘ActiveDirectory’, but the module could not be loaded. For more information, run ‘Import-Module ActiveDirectory’. —> System.Management.Automation.CmdletInvocationException: The following error occurred while loading the extended type data file:
Error in TypeData “Microsoft.ActiveDirectory.Management.ADAuthenticationPolicySilo”: Type “Microsoft.ActiveDirectory.Management.ADEntityAdapter” should be a PSPropertyAdapter.
Error in TypeData “Microsoft.ActiveDirectory.Management.ADAuthenticationPolicy”: Type “Microsoft.ActiveDirectory.Management.ADEntityAdapter” should be a PSPropertyAdapter.
Error in TypeData “Microsoft.ActiveDirectory.Management.ADClaimTransformPolicy”: Type “Microsoft.ActiveDirectory.Management.ADEntityAdapter” should be a PSPropertyAdapter.
Error in TypeData “Microsoft.ActiveDirectory.Management.ADTrust”: Type
.
.
.
“Microsoft.ActiveDirectory.Management.ADEntityAdapter” should be a PSPropertyAdapter.
at System.Management.Automation.Runspaces.InitialSessionState.ThrowTypeOrFormatErrors(String resourceString, String errorMsg, String errorId)
at System.Management.Automation.Runspaces.InitialSessionState.UpdateTypes(ExecutionContext context, Boolean updateOnly)
at System.Management.Automation.Runspaces.InitialSessionState.Bind_UpdateTypes(ExecutionContext context, Boolean updateOnly)
at System.Management.Automation.Runspaces.InitialSessionState.<>c__DisplayClass129_0.b__0()
at System.Management.Automation.Runspaces.InitialSessionState.Bind(ExecutionContext context, Boolean updateOnly, PSModuleInfo module, Boolean noClobber, Boolean local, Boolean setLocation)
at Microsoft.PowerShell.Commands.ModuleCmdletBase.LoadModuleManifest(String moduleManifestPath, ExternalScriptInfo manifestScriptInfo, Hashtable data, Hashtable localizedData, ManifestProcessingFlags manifestProcessingFlags, Version minimumVersion, Version maximumVersion, Version requiredVersion, Nullable1 requiredModuleGuid, ImportModuleOptions& options, Boolean& containedErrors) --- End of inner exception stack trace --- at System.Management.Automation.Runspaces.PipelineBase.Invoke(IEnumerable input) at System.Management.Automation.Runspaces.Pipeline.Invoke() at System.Management.Automation.PowerShell.Worker.ConstructPipelineAndDoWork(Runspace rs, Boolean performSyncInvoke) at System.Management.Automation.PowerShell.CoreInvokeHelper[TInput,TOutput](PSDataCollection1 input, PSDataCollection1 output, PSInvocationSettings settings) at System.Management.Automation.PowerShell.CoreInvoke[TInput,TOutput](PSDataCollection1 input, PSDataCollection1 output, PSInvocationSettings settings) at System.Management.Automation.PowerShell.Invoke[T](IEnumerable input, IList1 output, PSInvocationSettings settings)
at System.Management.Automation.PowerShell.InvokeT
at System.Management.Automation.CommandDiscovery.AutoloadSpecifiedModule(String moduleName, ExecutionContext context, SessionStateEntryVisibility visibility, Exception& exception)
— End of inner exception stack trace —
at System.Activities.Statements.Throw.Execute(CodeActivityContext context)
at System.Activities.CodeActivity.InternalExecute(ActivityInstance instance, ActivityExecutor executor, BookmarkManager bookmarkManager)
at System.Activities.ActivityInstance.Execute(ActivityExecutor executor, BookmarkManager bookmarkManager)
at System.Activities.Runtime.ActivityExecutor.ExecuteActivityWorkItem.ExecuteBody(ActivityExecutor executor, BookmarkManager bookmarkManager, Location resultLocation)

If I follow the first line from the error output and add in my command line the Import-Module ActiveDirectory which looks like this:

“Import-Module ActiveDirectory;Get-ADUser -filter {employeeid -eq 0000} -Properties * | Select employeeid, mail”

It will give me the following output

Source: Invoke Power Shell (Throw)

Message: The following error occurred while loading the extended type data file:
Error in TypeData “Microsoft.ActiveDirectory.Management.ADAuthenticationPolicySilo”: Type “Microsoft.ActiveDirectory.Management.ADEntityAdapter” should be a PSPropertyAdapter.
Error in TypeData “Microsoft.ActiveDirectory.Management.ADAuthenticationPolicy”: Type “Microsoft.ActiveDirectory.Management.ADEntityAdapter” should be a PSPropertyAdapter.
.
.
.
Error in TypeData “Microsoft.ActiveDirectory.Management.ADEntity”: Type “Microsoft.ActiveDirectory.Management.ADEntityAdapter” should be a PSPropertyAdapter.
Exception Type: System.Management.Automation.CmdletInvocationException
System.Management.Automation.CmdletInvocationException: The following error occurred while loading the extended type data file:
Error in TypeData “Microsoft.ActiveDirectory.Management.ADAuthenticationPolicySilo”: Type “Microsoft.ActiveDirectory.Management.ADEntityAdapter” should be a PSPropertyAdapter.
“Microsoft.ActiveDirectory.Management.ADEntityAdapter” should be a PSPropertyAdapter.
at System.Management.Automation.Runspaces.InitialSessionState.ThrowTypeOrFormatErrors(String resourceString, String errorMsg, String errorId)
at System.Management.Automation.Runspaces.InitialSessionState.UpdateTypes(ExecutionContext context, Boolean updateOnly)
at System.Management.Automation.Runspaces.InitialSessionState.Bind_UpdateTypes(ExecutionContext context, Boolean updateOnly)
at System.Management.Automation.Runspaces.InitialSessionState.<>c__DisplayClass129_0.b__0()
at System.Management.Automation.Runspaces.InitialSessionState.Bind(ExecutionContext context, Boolean updateOnly, PSModuleInfo module, Boolean noClobber, Boolean local, Boolean setLocation)
at Microsoft.PowerShell.Commands.ModuleCmdletBase.LoadModuleManifest(String moduleManifestPath, ExternalScriptInfo manifestScriptInfo, Hashtable data, Hashtable localizedData, ManifestProcessingFlags manifestProcessingFlags, Version minimumVersion, Version maximumVersion, Version requiredVersion, Nullable`1 requiredModuleGuid, ImportModuleOptions& options, Boolean& containedErrors)
— End of inner exception stack trace —
at System.Activities.Statements.Throw.Execute(CodeActivityContext context)
at System.Activities.CodeActivity.InternalExecute(ActivityInstance instance, ActivityExecutor executor, BookmarkManager bookmarkManager)
at System.Activities.ActivityInstance.Execute(ActivityExecutor executor, BookmarkManager bookmarkManager)
at System.Activities.Runtime.ActivityExecutor.ExecuteActivityWorkItem.ExecuteBody(ActivityExecutor executor, BookmarkManager bookmarkManager, Location resultLocation)

So mainly the same output as the first command but without The ‘Get-ADUser’ command was found in the module ‘ActiveDirectory’, but the module could not be loaded.

The strange fact is that on Windows-Legacy is working but as I understood, this one opens the x86 as the Windows opens the 64bit.
The difference that saw that x86 doesn’t import any module (which is strange) and it works.
The 64bit import some built-in (I guess) module la PSReadLine.
At this point I’m stuck and I don’t know how this can be resolved. I’ve done a lot of digging over the internet and it seems that many people are facing this issue but without any fix.
The only fix that I managed to find was related to .NET Framework 4.0 that was reinstalled, but that was like 8years ago (something like that).
I’ve tried creating a profile, making a script, reinstalling RSAT AD, modifying the ExecutionPolicy, running with admin credentials, tried to Auto import modifying the powershell variable $PSModuleAutoLoadingPreference, upgrading .NET Framework to 4.8 from 4.5, I’ve tried even to modify the module (clearly not a smart move, but I had to try)
from ADEntityAdapter to PSPropertyAdapter because the error says … should be should be a PSPropertyAdapter. even so the TypeArgument in Properties for the Invoke PowerShell is set to System.Management.Automation.PSPropertyAdapter. Absolutely nothing worked.

Can someone please tell me what am I doing wrong on the Windows project?

Thanks,
Daniel

1 Like

Hi @Daniel_Caldararu

The PowerShell instance used by the Windows project comes from one of the System package dependencies, mainly the PowerShell SDK. I verified it by fetching the execution policies from Studio and from my own system. The execution policies of the process run from Studio were unaffected by the ones set on my machine.

The next logical step was to try and elevate the execution policy directly at the start of the script in Studio. This worked and that’s how it is possible to fix any issue with the execution policy blocking the script.

However, I think your issue goes one level deeper and would be explained by the fact that this SDK version of PowerShell does not have access to the modules that you have to install.

If the module you need allows for the install from PowerShell, a pretty rough way would be to try and install it directly from the script, at the beginning.

Hello,

Thank you for your time on look on this topic.
I’ve used the execution policy and even elevated in order to invoke powershell script using the Active Directory module but without any luck. As of the SDK version of PowerShell not having access to the modules, I doubt that because I’ve checked the PowerShell Module Path and saw that it has three locations. I took each one of them and edit the module to see which one of them is actually using it. So accessing the module path doesn’t seems to be the cause.
Also, the module ActiveDirectory doesn’t needs to be installed because is part of RSAT package which is installed through Powershell or KB package from Windows official website. Powershell is importing the module and not installing it each time I’m using it. The fun fact is that if I use the Windows Legacy project is not a problem, but only the Windows one.

If it works with x86, have you tested to target the 32-bit executable of Powershell instead?

CommandText:

"Set-ExecutionPolicy Unrestricted -Scope CurrentUser
$powershell32 = $env:SystemRoot + '\SysWOW64\WindowsPowerShell\v1.0\powershell.exe'
& $powershell32 -file 'C:\Test\Hello64.ps1'"

Change “C:\Test\Hello64.ps1” to the ps file you want to execute.

image

image

3 Likes

Hello,

Thanks for the feedback ptrobot. I’ve tried to target also the 32bit and didn’t worked in the past but I tried it with your example and the only difference seems that I don’t have the error message anymore (a progress I guess) but I don’t have any result. I’m trying to do the output but nothing popes out and neither in a Log Message activity doesn’t show the output.
Script is simple as as I said in my first post:

“Import-Module ActiveDirectory; get-ADUser -filter {employeeid -eq 0000} -Properties * | select employeeid, mail | Export-Csv C:\Test\output.csv -NoTypeInformation”

Tried with and without Import-Module. Same result.

Ok, that’s strange. Have you tested to add “Set-ExecutionPolicy” to your ps1-file?

E.g.

test1.ps4:

Set-ExecutionPolicy Unrestricted -Scope CurrentUser
get-ADUser -filter {employeeid -eq 0000} -Properties * | select employeeid, mail | Export-Csv C:\Test\output.csv -NoTypeInformation
2 Likes

I’ve checked again. Sorry. The first one I’ve put the script under quotation marks. My bad. I’ve ran it again and surprise. It works!
Can’t believe after massively googling this issue and a lot of people complaining finally found a solution. It’s a bit disappointing that in order to get the same result as in Windows Legacy where you just input the powershell command, here you need to input additional steps to make it work.
Maybe this issue can go to development team to understand it and make it work similar as windows-legacy. :slight_smile:

Thanks a lot for your help !
Good day!

5 Likes

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.