Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

Incorrect results when you run AD Windows PowerShell cmdlets on a Windows Server 2012 or Windows Server 2008 R2-based domain controller


View products that this article applies to.

Symptoms

Consider the following scenarios.

Scenario 1

  • You have a Windows Server 2012 or Windows Server 2008 R2-based domain controller that has User Account Control (UAC) enabled.
  • You log on to the domain controller by using a Domain Admins user account.
  • You make sure that no Windows PowerShell window is running.
  • You start Active Directory Module for Windows PowerShell directly without promoting it by using administrator privilege.
  • You run the Move-ADObject cmdlet to move one Active Directory object to a different container or domain. For example, you run the following cmdlet to move computer A from organizational unit 1 (ou1) to organizational unit 2 (ou2):
    Move-ADObject "cn=computerA,ou=ou1,dc=test,dc=com" -targetpath "ou=u2,dc=test,dc=com"
  • The cmdlet fails as expected, and you receive an "Access is denied" error message.
  • You keep the PowerShell window open, and then you start Active Directory Module for Windows PowerShell as an administrator to open another PowerShell window.
  • You run the Move-ADObject cmdlet again.
In this scenario, the cmdlet fails incorrectly. Additionally, you receive an "Access is denied" error message.

Scenario 2

  • You have a Windows Server 2012 or Windows Server 2008 R2-based domain controller that has User Account Control (UAC) enabled.
  • You log on to the domain controller by using a Domain Admins user account.
  • You make sure that no Windows PowerShell window is running.
  • You start Active Directory Module for Windows PowerShell as an administrator.
  • You run the Move-ADObject cmdlet to move one Active Directory object to a different container or domain. For example, you run the following cmdlet to move computerA from ou1 to ou2:
    Move-ADObject "cn=computerA,ou=ou1,dc=test,dc=com" -targetpath "ou=u2,dc=test,dc=com"
  • The cmdlet finishes as expected.
  • You keep the PowerShell window open, and then you start Active Directory Module for Windows PowerShell as an administrator to open another PowerShell window.
  • You run the Move-ADObject cmdlet again.
In this scenario, the cmdlet unexpectedly finishes successfully.

↑ Back to the top


Resolution

Windows Server 2012

To resolve this issue in Windows Server 2012, install update rollup 2836988. For more information about how to obtain this update rollup package, click the following article number to view the article in the Microsoft Knowledge Base: 
2836988 Windows 8 and Windows Server 2012 update rollup: May 2013

Windows Server 2008 R2

To resolve this issue in Windows Server 2008 R2, install update 2806748. 

How to obtain this update

Microsoft Update
This update is available from the following Microsoft Update website:
Microsoft Download Center
The following files are available for download from the Microsoft Download Center:
Operating systemUpdate
All supported x64-based versions of Windows Server 2008 R2Download Download the update package now.
For more information about how to download Microsoft support files, click the following article number to view the article in the Microsoft Knowledge Base:
119591 How to obtain Microsoft support files from online services
Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help prevent any unauthorized changes to the file.

Prerequisites

To apply this update, you must be running Windows Server 2008 R2 or Windows Server 2008 R2 Service Pack 1 (SP1). For more information about how to obtain a Windows Server 2008 R2 service pack, click the following article number to view the article in the Microsoft Knowledge Base:

976932 Information about Service Pack 1 for Windows 7 and for Windows Server 2008 R2

Registry information

To use the update, you do not have to change the registry.

Restart requirement

You must restart the computer after you apply this update.

Update replacement information

This update does not replace a previously released update.
File information
The global version of this update installs files that have the attributes that are listed in the following tables. The dates and the times for these files are listed in Coordinated Universal Time (UTC). The dates and the times for these files on your local computer are displayed in your local time together with your current daylight saving time (DST) bias. Additionally, the dates and the times may change when you perform certain operations on the files.
Windows Server 2008 R2 file information notes
  • The files that apply to a specific product, milestone (RTM,SPn), and service branch (LDR, GDR) can be identified by examining the file version numbers as shown in the following table:
    VersionProductMilestoneService branch
    6.1.760
    0.17xxx
    Windows Server 2008 R2RTMGDR
    6.1.760
    1.18xxx
    Windows Server 2008 R2SP1GDR
    6.1.760
    1.22xxx
    Windows Server 2008 R2SP1LDR
  • GDR service branches contain only those fixes that are widely released to address widespread, critical issues. LDR service branches contain hotfixes in addition to widely released fixes.
  • The MANIFEST files (.manifest) that are installed for each environment are listed separately in the "Additional file information for Windows Server 2008 R2" section. MANIFEST files and the associated security catalog (.cat) files, are extremely important to maintain the state of the updated components. The security catalog files, for which the attributes are not listed, are signed with a Microsoft digital signature.
For all supported x64-based versions of Windows Server 2008 R2
File nameFile versionFile sizeDateTimePlatform
Adwsres.dll6.1.7600.163852,04814-Jul-200901:24x64
Microsoft.activedirectory.webservices.exe6.1.7600.17222487,42425-Jan-201305:47x86
Microsoft.activedirectory.webservices.exe.configNot applicable7,43117-Mar-201005:10Not applicable
Adwsres.dll6.1.7600.163852,04814-Jul-200901:24x64
Microsoft.activedirectory.webservices.exe6.1.7600.21433487,42425-Jan-201305:49x86
Microsoft.activedirectory.webservices.exe.configNot applicable7,43117-Mar-201005:14Not applicable
Adwsres.dll6.1.7600.163852,04814-Jul-200901:24x64
Microsoft.activedirectory.webservices.exe6.1.7601.18063487,42425-Jan-201306:15x86
Microsoft.activedirectory.webservices.exe.configNot applicable7,43105-Nov-201001:52Not applicable
Adwsres.dll6.1.7600.163852,04814-Jul-200901:24x64
Microsoft.activedirectory.webservices.exe6.1.7601.22231487,42425-Jan-201305:27x86
Microsoft.activedirectory.webservices.exe.configNot applicable7,43105-Nov-201001:52Not applicable

↑ Back to the top


Status

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

↑ Back to the top


More Information

For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:

824684 Description of the standard terminology that is used to describe Microsoft software updates

Additional file information
Additional files for all supported x64-based versions of Windows Server 2008 R2
File nameAmd64_microsoft.activedirectory.webservices_31bf3856ad364e35_6.1.7600.17222_none_f79a5965cab5115c.manifest
File versionNot applicable
File size9,352
Date (UTC)25-Jan-2013
Time (UTC)13:01
PlatformNot applicable
File nameAmd64_microsoft.activedirectory.webservices_31bf3856ad364e35_6.1.7600.21433_none_f81a2874e3d9e395.manifest
File versionNot applicable
File size9,352
Date (UTC)25-Jan-2013
Time (UTC)13:01
PlatformNot applicable
File nameAmd64_microsoft.activedirectory.webservices_31bf3856ad364e35_6.1.7601.18063_none_f9567705c7fb0663.manifest
File versionNot applicable
File size9,352
Date (UTC)25-Jan-2013
Time (UTC)13:01
PlatformNot applicable
File nameAmd64_microsoft.activedirectory.webservices_31bf3856ad364e35_6.1.7601.22231_none_f9fe84e6e1021cd3.manifest
File versionNot applicable
File size9,352
Date (UTC)25-Jan-2013
Time (UTC)13:01
PlatformNot applicable

↑ Back to the top


Keywords: kbfix, atdownload, kbsurveynew, kbexpertiseadvanced, kb

↑ Back to the top

Article Info
Article ID : 2806748
Revision : 2
Created on : 4/9/2020
Published on : 4/9/2020
Exists online : False
Views : 339