Get-ADUser WhenChanged and WhenCreated are empty for some users

Question

I've built a PowerShell 5.1 script to export all the users in the DB and save all the data in to a CSV file. The script allows you to set a date back in time so you can decide since when you'd like your users to be exported.

After some testing a realized that not all the users are exported, and upon further investigation I realized that the property WhenChanged and WhenCreated are not present for each user. Despite the AD UI showing the property with the right data, as seen in the screenshot bellow.

When I run the following command:

Get-ADUser -filter * -Properties LastLogonDate, userPrincipalName, initials, WhenCreated, whenChanged | Select-Object userPrincipalName, initials, whenCreated, whenChanged

I get the following result:

 userPrincipalName  initials whenCreated            whenChanged          
-----------------  -------- -----------            -----------          
                            11/9/2017 2:06:29 PM   1/24/2018 4:26:48 PM 


                            11/9/2017 2:07:47 PM   11/22/2017 4:12:52 PM
[email protected] MP       11/14/2017 3:14:45 PM  2/14/2018 4:02:51 AM 
[email protected] DG       11/15/2017 12:51:25 PM 2/21/2018 2:12:52 PM 
[email protected] AE                                                   
[email protected] MM                                                   
[email protected] RW                                                   
[email protected] KK                                                   
[email protected] AP                                                   
[email protected] JS                                                   
[email protected] CB       11/17/2017 12:21:32 PM 11/22/2017 4:41:35 PM


[email protected]                                                      
[email protected] TT

As you can see the user with the initials TT has no value despite the screenshot showing that it has them. Despite me creating this user today, and changing few values the same day.

Questions

What am I missing?
Is it a problem with AD itself or just the command?

remove the select-object for now, directly assign result of get-user to a variable, then show the values via the variable, is it there? — strongline, Feb 21 '18 at 16:23
Are you sure you're connecting to a Global Catalog? Are all your DCs GCs? At least [`when-changed`](https://msdn.microsoft.com/en-us/library/ms680921(v=vs.85).aspx) is not a replicated attribute. — jscott, Feb 22 '18 at 13:36
@strongline if I do that the issue is even more clear since I get this: `@{[email protected]; initials=TT; whenCreated=; whenChanged=}`. So, yes, no value at all. — David Gatti, Feb 23 '18 at 13:30
@jscott even if I add `-SearchBase "DC=mycompany,DC=local"` I get the same result. — David Gatti, Feb 23 '18 at 13:31
@DavidGatti How does changing the searchbase determine if you're connecting to a Global Catalog? — jscott, Feb 23 '18 at 13:32
You can identify GCs via `Get-ADDomainController -Filter { isGlobalCatalog -eq $true } | select Name`. Then add the `-Server` parameter, with a GC, to your `Get-ADUser`. — jscott, Feb 23 '18 at 13:40

score 2 · Accepted Answer · answered Feb 23 '18 at 13:47

The solution to the problem is to right click on the PowerShell shortcut and select Run as Administrator. You have to do this even if you are an Administrator already. If you do that and run the command again all your data will be there.

userPrincipalName  initials whenCreated            whenChanged
-----------------  -------- -----------            -----------
                            11/9/2017 2:06:29 PM   1/24/2018 4:26:48 PM
                            11/9/2017 2:06:29 PM   11/9/2017 2:06:29 PM
                            11/9/2017 2:06:29 PM   11/9/2017 2:06:29 PM
                            11/9/2017 2:07:47 PM   11/22/2017 4:12:52 PM
[email protected] MP       11/14/2017 3:14:45 PM  2/14/2018 4:02:51 AM
[email protected] DG       11/15/2017 12:51:25 PM 2/21/2018 2:12:52 PM
[email protected] AE       11/16/2017 1:11:30 PM  11/22/2017 4:11:37 PM
[email protected] MM       11/16/2017 1:12:02 PM  11/22/2017 4:11:37 PM
[email protected] RW       11/16/2017 1:12:40 PM  11/22/2017 4:11:37 PM
[email protected] KK       11/16/2017 1:13:13 PM  11/22/2017 4:11:37 PM
[email protected] AP       11/16/2017 1:14:15 PM  11/22/2017 4:11:37 PM
[email protected] JS       11/16/2017 1:14:50 PM  11/22/2017 4:11:37 PM
[email protected] CB       11/17/2017 12:21:32 PM 11/22/2017 4:41:35 PM
                            11/22/2017 3:37:49 PM  2/16/2018 2:50:25 PM
                            11/22/2017 3:38:43 PM  2/17/2018 3:58:24 PM
[email protected]          11/22/2017 4:02:18 PM  11/22/2017 4:41:36 PM
[email protected] TT       2/21/2018 1:21:13 PM   2/21/2018 1:59:17 PM

score 0 · Answer 2 · answered Jul 22 '22 at 21:11

Like you, when I ran this command:

Get-ADObject -filter 'sAMAccountName -eq "xxxxxx"' | select whenchanged

the date was always empty. I found this article: https://www.itprotoday.com/powershell/view-all-properties-ad-objects-powershell that showed me how to list all properties on an object:

Get-ADObject -filter 'sAMAccountName -eq "xxxxxx"'  -properties *

Which lead me to this variation of my query to appropriately show the whenChanged (or any other property for that matter):

Get-ADObject -filter 'sAMAccountName -eq "xxxxxx"'  -properties *| select whenchanged

Note that you can replace the "*" with a comma delimited list of properties you care about - this likely has performance implications if you have large datasets or limited ram.

Hope this helps others.

Get-ADUser WhenChanged and WhenCreated are empty for some users

Questions

2 Answers2