"msDS-ExpirePasswordsOnSmartCardOnlyAccounts not exist" error when you check domain object properties by using RSAT in Windows 10


You have a Windows 10 Version 1607-based client that joins a domain with a Windows Server 2008 R2 or Windows Server 2012 R2 controller. Additionally, the Remote Server Administration Tools (RSAT) for Windows 10 is installed on the client. When you right-click the properties of a domain object in Active Directory Administrative Center (ADAC) in this situation, you receive the following error message:
Failed to retrieve the object 'DC=CONTOSO,DC=COM' due to the following error:
The specified directory service attribute or value does not exist Parameter name: msDS-ExpirePasswordsOnSmartCardOnlyAccounts


This issue occurs when the schema version of the domain has not yet been updated to Windows Server 2016 Schema Version 87.


To work around this issue, use one of the following tools to obtain the properties of a domain object:
  • DSA.msc
  • Ldifde.exe
  • Ldp.exe
  • ADSI Edit (adsiedit.msc)
  • Get-ADObject cmdlet

Article ID: 3214525 - Last Review: 2017 urt. 26 - Revision: 10