Hello,
Problem
When running the following powershell script under a normal user with domain admin / enterprise admin rights i get no result on the "ExpiryDate" output:
Get-ADUser -filter {Enabled -eq $True -and PasswordNeverExpires -eq $False} –Properties "DisplayName", "msDS-UserPasswordExpiryTimeComputed"|Select-Object -Property "Displayname",@{Name="ExpiryDate";Expression={[datetime]::FromFileTime($_."msDS-UserPasswordExpiryTimeComputed")}}
Also when running the following command: net user adm-xxx /domain i get the following error:
C:\Users\adm-xxx>net user adm-xxx/domain
System error 5 has occurred.
Access is denied.
Workaround
When i run the the powershell or CMD window with elevated permissions (run-as administrator) i get the desired results. Also under the built-in administrator accounts i get the desired results. I tried the following solutions:
- Disable UAC on the DC
- Add user object to all the groups the built-in administrator is in
Nothing seems to work..
What do you guys think? Is it a bug or expected behaviour.
With kind regards,
Max