SAPIEN Forums

I'm having trouble setting a customAttribute via PS Remoting.

Locally on the server this works perfectly:

Set-ADUser testuser-Replace @{DepartmentNumber = @("test1", "test2","test3")}

If I try to remote this very same command with Invoke-Command I get this:

Invalid type 'System.Collections.ArrayList'.
Parameter name: DepartmentNumber
+ CategoryInfo : InvalidArgument: (anker:ADUser) [Set-ADUser], ArgumentException
+ FullyQualifiedErrorId : ActiveDirectoryCmdlet:System.ArgumentException,Microsoft.ActiveDirectory.Management.Commands.SetADUser

If I try a single value it works locally and remotely, but as soon a I pass an array, arraylist or hashtable, I get an error remotely

Why do you need to use "Invoke-Command".

"DepartmentNumber" is not an array: https://msdn.microsoft.com/en-us/librar ... s.85).aspx

jvierra wrote:Why do you need to use "Invoke-Command".

"DepartmentNumber" is not an array: https://msdn.microsoft.com/en-us/librar ... s.85).aspx

Because I'm remoting. (using JEA)

also, DepartmentNumber is a Multi value AD field.

Remoting has no requirement to do that. Are you thinking you want to use "Invoke-Command" but it needs to have a target session to connect to.

help invoke-command -full

JEA is not remoting. It is a way of referring to a special type of restricted endpoint.

jvierra wrote:Remoting has no requirement to do that. Are you thinking you want to use "Invoke-Command" but it needs to have a target session to connect to.

help invoke-command -full

JEA is not remoting. It is a way of referring to a special type of restricted endpoint.

?

I don't understand.
I'm combining remoting and JEA.
I have helpdeskusers that need to perform certain tasks.
I have created a GUI application for this.
Under the hood JEA is used in combination with a group managed service account.
The helpdesk users are not on the machine where the commands need to run so I use Invoke-Command passing it a ConfigurationName

So you will need to use Invoke-Command to the constrained endpoint. If the endpoint is allowed to execute the commands and has access to the resources it will work.

I still cannot understand what question you are asking. As I noted above you cannot use an array for "DepartmentNumber". That is the cause of your error message.

jvierra wrote:So you will need to use Invoke-Command to the constrained endpoint. If the endpoint is allowed to execute the commands and has access to the resources it will work.

I still cannot understand what question you are asking. As I noted above you cannot use an array for "DepartmentNumber". That is the cause of your error message.

Try it
You can pass this Attribute a collection just fine on the computer itself
It also is a Multi value field in AD

If I pass this an array on the computer itself it works perfectly, so it must do something with it so it works. The Invoke-Command probably doesn't do this.
Same issue with "ProxyAddresses"

Please read the definition of the field. It is not multivalued which is why you are getting the error.

https://msdn.microsoft.com/en-us/librar ... s.85).aspx

You cannot set a department number on a local computer. Somewhere you are missing or mis-reporting this information.

Actually it turns out that on WS2008R2 and later that it has been changed to an array and you can set multiple values.

I also tested using Invoke-Command and it also fails on multiple values. I suggest reporting this as a bug in the RSAT components.

jvierra wrote:Actually it turns out that on WS2008R2 and later that it has been changed to an array and you can set multiple values.

I also tested using Invoke-Command and it also fails on multiple values. I suggest reporting this as a bug in the RSAT components.

Thanks. What would be the best channel to report this bug?