Get-ADRootDSE : The server has rejected the client credentials.

[MAXXIT4HACK]

Hi, I ran into a small issue when running the PowerShell commands. I received the following error “Get-ADRootDSE : The server has rejected the client credentials.”. We have hardened our AD environment, which I suspect is why the commands did not work. After digging around and testing, modified the code as below to get things working.

$auth = Get-Credential $ADRoot = (Get-ADRootDSE -Credential $auth).rootDomainNamingContext $Safe_Owners = "Enterprise Admins|Domain Admins|Administrators" $ADCS_Objects = Get-ADObject -Credential $auth -Filter * -SearchBase "CN=Public Key Services,CN=Services,CN=Configuration,$ADRoot" -SearchScope 2 -Properties * $ADCS_Objects | Where-Object { $_.nTSecurityDescriptor.Owner -notmatch $Safe_Owners } | Format-Table Name,DistinguishedName

I hope this helps someone who had the same issue.

Regards Stephen

[jakehildreth]

Stephen,

Thank you so much for this solution. Honestly, prompting for credentials should probably be included in all of the snippets. If you'd like to submit a PR to get your code added, I'd love to accept it. But if you want me to do it, I'm okay with that too!

Thanks! Jake