Why are no results received from PowerShell script

Kacper Huzar

We are running a PowerShell scrip to collect AD Computers using the Get-ADComputer cmdlet and we are receiving this type of response in Cribl which is not what we are expecting to receive:
{"time":"2024-09-20T14:40:32.097Z","cid":"w0","channel":"input:test-retrieve_ad_computers","level":"error","message":"error from child process","data":{"0":65,"1":116,"2":32,"3":108,"4":105,"5":110,"6":101,"7":58,"8":49,"9":32,"10":99,"11":104,"12":97,"13":114,"14":58,"15":49,"16":53,"17":54,"18":13,"19":10}}

Brian Yearwood

1/ Ensure that you have the ActiveDirectory module installed by executing the following command in PowerShell:
Get-Module -ListAvailable | Where-Object { S_. Name -like "*ActiveDirectory*" }

The output should look like this if you do have the module installed:

2/ If you do not have the module installed install the ActiveDirectory module

2.1/ On Windows 10/11 or Windows Server 2016/2019/2022
# Open PowerShell as Administrator and execute the following command:
Add-WindowsFeature -Name "RSAT-AD-PowerShell"

2.2/ On Windows 10 Version 1809+ and Windows 11
# Open PowerShell as Administrator and Install RSAT for Active Directory via PowerShell using the following command:
Get-WindowsCapability -Name RSAT.ActiveDirectory.DS-LDS.Tools* -Online | Add-WindowsCapability -Online

3/ Depending on the amount of entries you have in your AD it may be better to use Get-ADObject commandlet instead of Get-ADComputer or Get-ADUser commandlets, as it has been seen in some cases that the Get-ADObject commandlet is better performing than the Get-ADComputer or Get-ADUser commandlets.

Here are some examples:

Users:
foreach ($item in Get-ADObject -LDAPFilter "(&(objectClass=user))" -Properties *) {

    $item | ConvertTo-Json -Depth 1 -Compress

}

Computers:

foreach ($item in Get-ADObject -LDAPFilter "(&(objectClass=computer))" -Properties *) {

    $item | ConvertTo-Json -Depth 1 -Compress

}

Brian Yearwood

1/ Ensure that you have the ActiveDirectory module installed by executing the following command in PowerShell:
Get-Module -ListAvailable | Where-Object { S_. Name -like "*ActiveDirectory*" }

The output should look like this if you do have the module installed:

2/ If you do not have the module installed install the ActiveDirectory module

2.1/ On Windows 10/11 or Windows Server 2016/2019/2022
# Open PowerShell as Administrator and execute the following command:
Add-WindowsFeature -Name "RSAT-AD-PowerShell"

2.2/ On Windows 10 Version 1809+ and Windows 11
# Open PowerShell as Administrator and Install RSAT for Active Directory via PowerShell using the following command:
Get-WindowsCapability -Name RSAT.ActiveDirectory.DS-LDS.Tools* -Online | Add-WindowsCapability -Online

3/ Depending on the amount of entries you have in your AD it may be better to use Get-ADObject commandlet instead of Get-ADComputer or Get-ADUser commandlets, as it has been seen in some cases that the Get-ADObject commandlet is better performing than the Get-ADComputer or Get-ADUser commandlets.

Here are some examples:

Users:
foreach ($item in Get-ADObject -LDAPFilter "(&(objectClass=user))" -Properties *) {

    $item | ConvertTo-Json -Depth 1 -Compress

}

Computers:

foreach ($item in Get-ADObject -LDAPFilter "(&(objectClass=computer))" -Properties *) {

    $item | ConvertTo-Json -Depth 1 -Compress

}