none
powershell: can't get-spuser ADFS user RRS feed

  • Question

  • We've configured claims based authentication to ADFS.  The problem is I can't seem to get properties of an ADFS user.

     

    The ADFS user shows up with this query:

    >get-spuser -web $url|select userlogin

    UserLogin

    -----------

    Domain\userA

    i:0?.t|idp.domain.ca|user B

     

    But it errors when I try to get this specific user:

    > get-spuser -web $url -identity "i:0?.t|idp.domain.ca|user B"

    Get-SPUser: You must specify a valid user object or user identity.

    +CategoryInfo: InvalidArgument: (Microsoft.Share....SPUserPipeBind:SPUserPipeBind) [Get-SPUser], PSArgumentException

    +FullyQualifiedErrorId: Microsoft.SharePoint.PowerShell.SPCmdletGetUser

    Thursday, February 24, 2011 9:47 PM

Answers

  • I don't have an ADFS configured machine to test this but this should work:

    $claim = New-SPClaimsPrincipal -EncodedClaim "i:0?.t|idp.domain.ca|user B"

    $user = Get-SPUser -Web $url -Identity $claim


    Gary Lapointe, Blog: http://blog.falchionconsulting.com/, Twitter: http://twitter.com/glapointe
    Friday, February 25, 2011 11:41 PM

All replies

  • You need to create a new claims principal and pass that into the get-spuser cmdlet (use the New-SPClaimsPrincipal cmdlet).
    Gary Lapointe, Blog: http://blog.falchionconsulting.com/, Twitter: http://twitter.com/glapointe
    Friday, February 25, 2011 2:01 AM
  • Sorry, I'm new to Sharepoint.  I may need some handholding because it's still not working for me (same error).

    >$identity = (New-SPClaimsPrincipal -identity "i:0?.t|idp.domain.ca|user B" -trustedidentitytokenissuer "idp.domain.ca").ToEncodedString()

    >echo $identity

    i:0?.t|idp.domain.ca|i%3a0?.t%7cidp.domain.ca%7cuser B

    >get-spuser -web $url -identity $identity

    Get-SPUser: You must specify a valid user object or user identity.

    +CategoryInfo: InvalidArgument: (Microsoft.Share....SPUserPipeBind:SPUserPipeBind) [Get-SPUser], PSArgumentException

    +FullyQualifiedErrorId: Microsoft.SharePoint.PowerShell.SPCmdletGetUser

     

    Any ideas?

    Friday, February 25, 2011 9:32 PM
  • I don't have an ADFS configured machine to test this but this should work:

    $claim = New-SPClaimsPrincipal -EncodedClaim "i:0?.t|idp.domain.ca|user B"

    $user = Get-SPUser -Web $url -Identity $claim


    Gary Lapointe, Blog: http://blog.falchionconsulting.com/, Twitter: http://twitter.com/glapointe
    Friday, February 25, 2011 11:41 PM
  • I now get a different error:

    Get-SPUser : Cannot bind parameter 'Identity'.  Cannot convert value "http://schemas.xmlsoap.org/ws/2005/05/claims/nameidentifier: user B" to type "Microsoft.SharePoint.PowerShell.SPUserPipeBind".  Error: "Claim does not represent a SharePoint Identity.

    Any ideas?

    Monday, February 28, 2011 4:47 PM
  • Although this thread has gone silent, I am in the same boat and wondering if you have made any progress.
    Thursday, April 7, 2011 8:55 PM
  • Hi Gary,

    Thanks... Helped me a lot....  I was migrating CBA to FBA (AD Membership).
    Sree
    Monday, October 24, 2011 12:56 PM
  • Although it's old thread, want to know whether it's got resolved, I am getting the same error which you mentioned above.Please let me know.

    Many Thanks


    Rajendra

    Sunday, November 1, 2015 9:28 PM