Incorrect results when you run AD Windows PowerShell cmdlets on a Windows Server 2012 or Windows Server 2008 R2-based domain controller

Symptoms

Consider the following scenarios.

Scenario 1

  • You have a Windows Server 2012 or Windows Server 2008 R2-based domain controller that has User Account Control (UAC) enabled.
  • You log on to the domain controller by using a Domain Admins user account.
  • You make sure that no Windows PowerShell window is running.
  • You start Active Directory Module for Windows PowerShell directly without promoting it by using administrator privilege.
  • You run the Move-ADObject cmdlet to move one Active Directory object to a different container or domain. For example, you run the following cmdlet to move computer A from organizational unit 1 (ou1) to organizational unit 2 (ou2):
    Move-ADObject "cn=computerA,ou=ou1,dc=test,dc=com" -targetpath "ou=u2,dc=test,dc=com"
  • The cmdlet fails as expected, and you receive an "Access is denied" error message.
  • You keep the PowerShell window open, and then you start Active Directory Module for Windows PowerShell as an administrator to open another PowerShell window.
  • You run the Move-ADObject cmdlet again.
In this scenario, the cmdlet fails incorrectly. Additionally, you receive an "Access is denied" error message.

Scenario 2

  • You have a Windows Server 2012 or Windows Server 2008 R2-based domain controller that has User Account Control (UAC) enabled.
  • You log on to the domain controller by using a Domain Admins user account.
  • You make sure that no Windows PowerShell window is running.
  • You start Active Directory Module for Windows PowerShell as an administrator.
  • You run the Move-ADObject cmdlet to move one Active Directory object to a different container or domain. For example, you run the following cmdlet to move computerA from ou1 to ou2:
    Move-ADObject "cn=computerA,ou=ou1,dc=test,dc=com" -targetpath "ou=u2,dc=test,dc=com"
  • The cmdlet finishes as expected.
  • You keep the PowerShell window open, and then you start Active Directory Module for Windows PowerShell as an administrator to open another PowerShell window.
  • You run the Move-ADObject cmdlet again.
In this scenario, the cmdlet unexpectedly finishes successfully.

Resolution

Windows Server 2012

To resolve this issue in Windows Server 2012, install update rollup 2836988. For more information about how to obtain this update rollup package, click the following article number to view the article in the Microsoft Knowledge Base: 
2836988 Windows 8 and Windows Server 2012 update rollup: May 2013

Windows Server 2008 R2

To resolve this issue in Windows Server 2008 R2, install update 2806748. 

How to obtain this update

Microsoft Update
This update is available from the following Microsoft Update website:
Microsoft Download Center
The following files are available for download from the Microsoft Download Center:
Operating systemUpdate
All supported x64-based versions of Windows Server 2008 R2Download Download the update package now.
For more information about how to download Microsoft support files, click the following article number to view the article in the Microsoft Knowledge Base:
119591 How to obtain Microsoft support files from online services
Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help prevent any unauthorized changes to the file.

Prerequisites

To apply this update, you must be running Windows Server 2008 R2 or Windows Server 2008 R2 Service Pack 1 (SP1). For more information about how to obtain a Windows Server 2008 R2 service pack, click the following article number to view the article in the Microsoft Knowledge Base:

976932 Information about Service Pack 1 for Windows 7 and for Windows Server 2008 R2

Registry information

To use the update, you do not have to change the registry.

Restart requirement

You must restart the computer after you apply this update.

Update replacement information

This update does not replace a previously released update.
File information

Status

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

More Information

For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:

824684 Description of the standard terminology that is used to describe Microsoft software updates

Additional file information
プロパティ

文書番号:2806748 - 最終更新日: 2013/05/15 - リビジョン: 1

フィードバック