4

The server was unable to process the request due to an internal error

I ran into the below error message when running the Get-ADPrincipalGroupMembership account Powershell commands for certain user accounts in AD.

I searched the Internet thoroughly and couldn't find much at all so I kept digging, turned on verbose, tracing, testing, comparing, and so on.

I finally found the cause and a solution (in my case) so I wanted to post this here as both a question and an answer since I couldn't find much elsewhere during my troubleshooting process.

This may help someone get a quick solution and save them some headaches if they're working on something urgent or critical.


Full Powershell Error Message

PS C:\Users\User> Get-ADPrincipalGroupMembership <AccountName>
Get-ADPrincipalGroupMembership : The server was unable to process the request due to an 
internal error.  For more information about the error, either turn on 
IncludeExceptionDetailInFaults (either from ServiceBehaviorAttribute or from the 
<serviceDebug> configuration behavior) on the server in order to send the exception 
information back to the client, or turn on tracing as per the Microsoft .NET Framework 3.0 
SDK documentation and inspect the server trace logs.
At line:1 char:1
+ Get-ADPrincipalGroupMembership <AccountName>
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (<AccountName>:ADPrincipal) [Get-ADPrincipalGr 
   oupMembership], ADException
    + FullyQualifiedErrorId : The server was unable to process the request due to an inter 
   nal error.  For more information about the error, either turn on IncludeExceptionDetai  
  lInFaults (either from ServiceBehaviorAttribute or from the <serviceDebug> configurati   
 on behavior) on the server in order to send the exception information back to the clie    
nt, or turn on tracing as per the Microsoft .NET Framework 3.0 SDK documentation and i    
nspect the server trace logs.,Microsoft.ActiveDirectory.Management.Commands.GetADPrinc    
ipalGroupMembership
Pimp Juice IT
  • 1,010
  • 1
  • 9
  • 16

1 Answers1

2

THE CAUSES (in my case)

  1. There was an OU in AD that one of these accounts were in that had a [/] forward slash character in the name of the OU .
  2. There was a group in AD with a Group Name that also contained a [/] forward slash character.

THE SOLUTION (in my case)

  1. I removed all the forward slash characters from the OU and group names and everything worked as expected afterwards.

    • I know these groups have no LDAP or any hard-coded OU path or mappings set anywhere in other systems, so in my case simply replacing the invalid characters was a sufficient solution.
Pimp Juice IT
  • 1,010
  • 1
  • 9
  • 16