Get-ADUser WhenChanged and WhenCreated are empty for some users

Question

I've built a PowerShell 5.1 script to export all the users in the DB and save all the data in to a CSV file. The script allows you to set a date back in time so you can decide since when you'd like your users to be exported.

After some testing a realized that not all the users are exported, and upon further investigation I realized that the property WhenChanged and WhenCreated are not present for each user. Despite the AD UI showing the property with the right data, as seen in the screenshot bellow.

When I run the following command:

Get-ADUser -filter * -Properties LastLogonDate, userPrincipalName, initials, WhenCreated, whenChanged | Select-Object userPrincipalName, initials, whenCreated, whenChanged

I get the following result:

 userPrincipalName  initials whenCreated            whenChanged          
-----------------  -------- -----------            -----------          
                            11/9/2017 2:06:29 PM   1/24/2018 4:26:48 PM 


                            11/9/2017 2:07:47 PM   11/22/2017 4:12:52 PM
mp@mycompany.local MP       11/14/2017 3:14:45 PM  2/14/2018 4:02:51 AM 
dg@mycompany.local DG       11/15/2017 12:51:25 PM 2/21/2018 2:12:52 PM 
ae@mycompany.local AE                                                   
mm@mycompany.local MM                                                   
rw@mycompany.local RW                                                   
kk@mycompany.local KK                                                   
ap@mycompany.local AP                                                   
js@mycompany.local JS                                                   
cb@mycompany.local CB       11/17/2017 12:21:32 PM 11/22/2017 4:41:35 PM


aw@mycompany.local                                                      
tt@mycompany.local TT

As you can see the user with the initials TT has no value despite the screenshot showing that it has them. Despite me creating this user today, and changing few values the same day.

Questions

What am I missing?
Is it a problem with AD itself or just the command?

remove the select-object for now, directly assign result of get-user to a variable, then show the values via the variable, is it there? — strongline, Feb 21 '18 at 16:23
Are you sure you're connecting to a Global Catalog? Are all your DCs GCs? At least [`when-changed`](https://msdn.microsoft.com/en-us/library/ms680921(v=vs.85).aspx) is not a replicated attribute. — jscott, Feb 22 '18 at 13:36
@strongline if I do that the issue is even more clear since I get this: `@{userPrincipalName=tt@mycompany.local; initials=TT; whenCreated=; whenChanged=}`. So, yes, no value at all. — David Gatti, Feb 23 '18 at 13:30
@jscott even if I add `-SearchBase "DC=mycompany,DC=local"` I get the same result. — David Gatti, Feb 23 '18 at 13:31
@DavidGatti How does changing the searchbase determine if you're connecting to a Global Catalog? — jscott, Feb 23 '18 at 13:32
You can identify GCs via `Get-ADDomainController -Filter { isGlobalCatalog -eq $true } | select Name`. Then add the `-Server` parameter, with a GC, to your `Get-ADUser`. — jscott, Feb 23 '18 at 13:40

score 2 · Accepted Answer · answered Feb 23 '18 at 13:47

The solution to the problem is to right click on the PowerShell shortcut and select Run as Administrator. You have to do this even if you are an Administrator already. If you do that and run the command again all your data will be there.

userPrincipalName  initials whenCreated            whenChanged
-----------------  -------- -----------            -----------
                            11/9/2017 2:06:29 PM   1/24/2018 4:26:48 PM
                            11/9/2017 2:06:29 PM   11/9/2017 2:06:29 PM
                            11/9/2017 2:06:29 PM   11/9/2017 2:06:29 PM
                            11/9/2017 2:07:47 PM   11/22/2017 4:12:52 PM
mp@mycompany.local MP       11/14/2017 3:14:45 PM  2/14/2018 4:02:51 AM
dg@mycompany.local DG       11/15/2017 12:51:25 PM 2/21/2018 2:12:52 PM
ae@mycompany.local AE       11/16/2017 1:11:30 PM  11/22/2017 4:11:37 PM
mm@mycompany.local MM       11/16/2017 1:12:02 PM  11/22/2017 4:11:37 PM
rw@mycompany.local RW       11/16/2017 1:12:40 PM  11/22/2017 4:11:37 PM
kk@mycompany.local KK       11/16/2017 1:13:13 PM  11/22/2017 4:11:37 PM
ap@mycompany.local AP       11/16/2017 1:14:15 PM  11/22/2017 4:11:37 PM
js@mycompany.local JS       11/16/2017 1:14:50 PM  11/22/2017 4:11:37 PM
cb@mycompany.local CB       11/17/2017 12:21:32 PM 11/22/2017 4:41:35 PM
                            11/22/2017 3:37:49 PM  2/16/2018 2:50:25 PM
                            11/22/2017 3:38:43 PM  2/17/2018 3:58:24 PM
aw@mycompany.local          11/22/2017 4:02:18 PM  11/22/2017 4:41:36 PM
tt@mycompany.local TT       2/21/2018 1:21:13 PM   2/21/2018 1:59:17 PM

score 0 · Answer 2 · answered Jul 22 '22 at 21:11

Like you, when I ran this command:

Get-ADObject -filter 'sAMAccountName -eq "xxxxxx"' | select whenchanged

the date was always empty. I found this article: https://www.itprotoday.com/powershell/view-all-properties-ad-objects-powershell that showed me how to list all properties on an object:

Get-ADObject -filter 'sAMAccountName -eq "xxxxxx"'  -properties *

Which lead me to this variation of my query to appropriately show the whenChanged (or any other property for that matter):

Get-ADObject -filter 'sAMAccountName -eq "xxxxxx"'  -properties *| select whenchanged

Note that you can replace the "*" with a comma delimited list of properties you care about - this likely has performance implications if you have large datasets or limited ram.

Hope this helps others.

Get-ADUser WhenChanged and WhenCreated are empty for some users

Questions

2 Answers2