This is what I needed to do to get the script to run reliably on Server 2019, Powershell 7.3.1
In Debug-KerberosTicketEncryption - if $kerberosTicketEncryptionClient is an array with 1 element, the condition then goes on to try to read the .Value property, which is $null. Then .ToString() on this gives a null reference. I added a check to cope with this.
The check for EncryptionCiphers
(Get-SmbServerConfiguration).PSobject.Properties.Name -contains "EncryptionCiphers"
was missing an outer set of brackets which stopped it from detecting that this property was missing on down-level servers.
There were a number of calls to the .Value property of the SID - this is a string already so we get $null rather than the desired value - causing null reference exceptions.
The Set-ADAccountPassword cmdlet takes a string DN in the -Identity property, not an object.
This is what I needed to do to get the script to run reliably on Server 2019, Powershell 7.3.1
In Debug-KerberosTicketEncryption - if $kerberosTicketEncryptionClient is an array with 1 element, the condition then goes on to try to read the .Value property, which is $null. Then .ToString() on this gives a null reference. I added a check to cope with this.
The check for EncryptionCiphers
(Get-SmbServerConfiguration).PSobject.Properties.Name -contains "EncryptionCiphers"was missing an outer set of brackets which stopped it from detecting that this property was missing on down-level servers.There were a number of calls to the .Value property of the SID - this is a string already so we get $null rather than the desired value - causing null reference exceptions.
The Set-ADAccountPassword cmdlet takes a string DN in the -Identity property, not an object.