Describe the Bug
Powershell errors when running any mode (tried mode 0, mode 2). Specifically seeing errors on ESC6, ESC7 and ESC16
Steps To Reproduce
Invoke-Locksmith
Expected Behavior
No Errors
Environment
- Locksmith Version: 2026.1.4.1426
- OS: Windows Server 2022
- PowerShell Version: 5.1.20348.4294
- PowerShell Host: PowerShell
Additional Context
I am running this as a domain admin on a domain joined computer (not a domain controller or the CA server).
Identifying Certificate Authorities with EDITF_ATTRIBUTESUBJECTALTNAME2 enabled (ESC6)...
You cannot call a method on a null-valued expression.
At C:\Users\user\Documents\WindowsPowerShell\Modules\Locksmith\2026.1.4.1426\Private\Set-RiskRating.ps1:128
char:9
-
$SID = $Issue.IdentityReferenceSID.ToString()
-
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- CategoryInfo : InvalidOperation: (:) [], RuntimeException
- FullyQualifiedErrorId : InvokeMethodOnNull
Identifying Certificate Authorities with Non-Standard Admins (ESC7)...
Exception calling "Translate" with "1" argument(s): "Some or all identity references could not be translated."
At C:\Users\user\Documents\WindowsPowerShell\Modules\Locksmith\2026.1.4.1426\Private\Convert-IdentityReferenceToS
id.ps1:33 char:9
-
$SID = ($Principal.Translate([System.Security.Principal.Secur ...
-
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- CategoryInfo : NotSpecified: (:) [], MethodInvocationException
- FullyQualifiedErrorId : IdentityNotMappedException
You cannot call a method on a null-valued expression.
At C:\Users\user\Documents\WindowsPowerShell\Modules\Locksmith\2026.1.4.1426\Private\Set-RiskRating.ps1:69
char:13
-
$SID = $Issue.IdentityReferenceSID.ToString()
-
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- CategoryInfo : InvalidOperation: (:) [], RuntimeException
- FullyQualifiedErrorId : InvokeMethodOnNull
Get-ADObject : Variable: 'SID' found in expression: $SID is not defined.
At C:\Users\user\Documents\WindowsPowerShell\Modules\Locksmith\2026.1.4.1426\Private\Set-RiskRating.ps1:70
char:45
- ... enceObjectClass = Get-ADObject -Filter { objectSid -eq $SID } | Selec ...
-
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- CategoryInfo : InvalidArgument: (:) [Get-ADObject], ArgumentException
- FullyQualifiedErrorId : ActiveDirectoryCmdlet:System.ArgumentException,Microsoft.ActiveDirectory.Management.Comm
ands.GetADObject
Exception calling "Translate" with "1" argument(s): "Some or all identity references could not be translated."
At C:\Users\user\Documents\WindowsPowerShell\Modules\Locksmith\2026.1.4.1426\Private\Convert-IdentityReferenceToS
id.ps1:33 char:9
-
$SID = ($Principal.Translate([System.Security.Principal.Secur ...
-
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- CategoryInfo : NotSpecified: (:) [], MethodInvocationException
- FullyQualifiedErrorId : IdentityNotMappedException
You cannot call a method on a null-valued expression.
At C:\Users\user\Documents\WindowsPowerShell\Modules\Locksmith\2026.1.4.1426\Private\Set-RiskRating.ps1:69
char:13
-
$SID = $Issue.IdentityReferenceSID.ToString()
-
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- CategoryInfo : InvalidOperation: (:) [], RuntimeException
- FullyQualifiedErrorId : InvokeMethodOnNull
Get-ADObject : Variable: 'SID' found in expression: $SID is not defined.
At C:\Users\user\Documents\WindowsPowerShell\Modules\Locksmith\2026.1.4.1426\Private\Set-RiskRating.ps1:70
char:45
- ... enceObjectClass = Get-ADObject -Filter { objectSid -eq $SID } | Selec ...
-
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- CategoryInfo : InvalidArgument: (:) [Get-ADObject], ArgumentException
- FullyQualifiedErrorId : ActiveDirectoryCmdlet:System.ArgumentException,Microsoft.ActiveDirectory.Management.Comm
ands.GetADObject
Identifying Certificate Authorities with szOID_NTDS_CA_SECURITY_EXT disabled (ESC16)...
You cannot call a method on a null-valued expression.
At C:\Users\user\Documents\WindowsPowerShell\Modules\Locksmith\2026.1.4.1426\Private\Set-RiskRating.ps1:128
char:9
-
$SID = $Issue.IdentityReferenceSID.ToString()
-
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- CategoryInfo : InvalidOperation: (:) [], RuntimeException
- FullyQualifiedErrorId : InvokeMethodOnNull
Describe the Bug
Powershell errors when running any mode (tried mode 0, mode 2). Specifically seeing errors on ESC6, ESC7 and ESC16
Steps To Reproduce
Invoke-Locksmith
Expected Behavior
No Errors
Environment
Additional Context
I am running this as a domain admin on a domain joined computer (not a domain controller or the CA server).
Identifying Certificate Authorities with EDITF_ATTRIBUTESUBJECTALTNAME2 enabled (ESC6)...
You cannot call a method on a null-valued expression.
At C:\Users\user\Documents\WindowsPowerShell\Modules\Locksmith\2026.1.4.1426\Private\Set-RiskRating.ps1:128
char:9
Identifying Certificate Authorities with Non-Standard Admins (ESC7)...
Exception calling "Translate" with "1" argument(s): "Some or all identity references could not be translated."
At C:\Users\user\Documents\WindowsPowerShell\Modules\Locksmith\2026.1.4.1426\Private\Convert-IdentityReferenceToS
id.ps1:33 char:9
You cannot call a method on a null-valued expression.
At C:\Users\user\Documents\WindowsPowerShell\Modules\Locksmith\2026.1.4.1426\Private\Set-RiskRating.ps1:69
char:13
Get-ADObject : Variable: 'SID' found in expression: $SID is not defined.
At C:\Users\user\Documents\WindowsPowerShell\Modules\Locksmith\2026.1.4.1426\Private\Set-RiskRating.ps1:70
char:45
ands.GetADObject
Exception calling "Translate" with "1" argument(s): "Some or all identity references could not be translated."
At C:\Users\user\Documents\WindowsPowerShell\Modules\Locksmith\2026.1.4.1426\Private\Convert-IdentityReferenceToS
id.ps1:33 char:9
You cannot call a method on a null-valued expression.
At C:\Users\user\Documents\WindowsPowerShell\Modules\Locksmith\2026.1.4.1426\Private\Set-RiskRating.ps1:69
char:13
Get-ADObject : Variable: 'SID' found in expression: $SID is not defined.
At C:\Users\user\Documents\WindowsPowerShell\Modules\Locksmith\2026.1.4.1426\Private\Set-RiskRating.ps1:70
char:45
ands.GetADObject
Identifying Certificate Authorities with szOID_NTDS_CA_SECURITY_EXT disabled (ESC16)...
You cannot call a method on a null-valued expression.
At C:\Users\user\Documents\WindowsPowerShell\Modules\Locksmith\2026.1.4.1426\Private\Set-RiskRating.ps1:128
char:9