Thursday, 9 April 2015

Using the ADSI accelerators using PowerShell remoting causes an error “Value for dictionary entry is not specified.”

We've had an issue this week where we were trying to resolve the GUID of an organizational unit provided by the Citrix PowerShell API to its display name or distinguished name.

As we already had a PowerShell remoting session open to the Citrix server so we thought we'd use the PowerShell ADSI accelerators to get the DirectoryEntry of the OU and read the information from there.

When run locally
([adsi]'LDAP://DC=demoxenapp,DC=int').DistinguishedName

The command returns "DC=demoxenapp,DC=int"

However when run over a PowerShell remoting session you either receive no data or the following error
([adsi]'LDAP://DC=demoxenapp,DC=int')

I was expecting a DirectoryEntry to be returned however instead saw this error

Value for dictionary entry is not specified.
    + CategoryInfo          :
    + FullyQualifiedErrorId : System.Management.Automation.Remoting.PSRemotingDataStructureException



This occurs because of the authentication double hop from your client machine to the server, and from there to a domain controller.

You'll find that if you run the command against a domain controller then the command executes correctly.

No comments:

Post a Comment