Error handling for illegal characters #149
Description
Hi Michael,
We use this command in our environment:
Get-ADDBAccount -All -DatabasePath $ntds -BootKey $Key | Test-PasswordQuality | Out-File report.txt
During a password audit, DSInternals completed Get-ADDBAccount successfully, but failed when piping results to Test-PasswordQuality. Error code is:
Get-ADDBAccount: Value cannot be null.
Parameter name: value
At line:1 char:1
- Get-ADDBAccount -All -DatabasePath $ntds -BootKey $Key | Test-PasswordQuality | Out-File report.txt
-
+CategoryInfo : Not Specified: (:) [Get-ADDBAccount}, ArugmentNullException + FullyQualifiedErrorID : System.ArgumentNullException,DSINTERNALS.Powershell.Commands.GetADDBAccountCommand
We found a malformed object in Active Directory. Some of the attributes have been obscured, but please notice illegal character in DN and absence of name or full FQDN. This issue, as a side note, was caused by improper ASDI edit configuration.
DistinguishedName : CN=backslash (the character is omitted by Github so I had to type it out)
DNSHostName : .domain
Enabled : True
Name :
ObjectClass : computer
ObjectGUID : {Redacted, but valid}
SamAccountName : $
SID : {Redacted, but valid}
UserPrincipalName :
After removing the object from AD, DSInternals is working as expected again.
Wanting to bring this to your attention in case there is a way to allow the command to continue while excluding any AD object with illegal characters.
Thanks for your time.