Cannot convert System Object to String Powershell - powershell

Hi I am trying to use the below powershell script
$get_AD_Server = (Get-WmiObject -Class Win32_NetworkAdapterConfiguration).DnsDomain | Out-String
$get_Nearest_DC = (Get-ADDomainController -DomainName $get_AD_Server -Discover -NextClosestSite).Name
The output of $get_AD_Server contains contoso.com, however when i pass the variable $get_AD_Server in the next variable it always errors out, any idea on what am i doing wrong?
Get-ADDomainController : The format of the specified domain name is invalid
At line:2 char:20
+ ... arest_DC = (Get-ADDomainController -DomainName $get_AD_Server.ToStrin ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (:) [Get-ADDomainController], ADException
+ FullyQualifiedErrorId : GetADDomainController:BeginProcessingOverride:DiscoverDC:1212,Microsoft.ActiveDirectory.Management.Commands.GetADDomainController

Automatic variable unrolling will return a collection.
DNSDomain property may not be populated. In my case it isn't. Assuming you've got that covered I think you might have better luck if you isolate the NIC configuration you care about. If you narrow the return to 1 object .DNSDomain will be a string.
In my case this looks like:
(Get-WmiObject win32_NetworkAdapterCOnfiguration -Filter "IPEnabled = 'True'").DnsDomain
If needed just work on the filter until you find something that reliably only returns the NIC you care about.
Note: I may have misread something, but I worry you'll have an issue with the next step. You may have trouble querying the AD domain when you aren't authenticated. If you do hit something like that you may consider using the -Credential parameter on Get-ADDomainController. Of course it'd be interactive at that point.

Instead of fetching the DNS domain associated with the NIC, pull the computers domain from the Win32_ComputerSystem class:
$domain = (Get-WmiObject -Class Win32_ComputerSystem).Domain
$nearestDC = (Get-ADDomainController -DomainName $domain -Discover -NextClosestSite).Name

Related

Issue for import-csv and foreach

I want to import a csv, then delete from AD several objects
$ImportComputer = "C:\Users\deng\Desktop\ComputerLastlogondateformatBis.csv"
Import-Module ActiveDirectory
foreach ($Computer in(Import-Csv -Path C:\Users\deng\Desktop\ComputerLastlogondateformatBis.csv))
{
Remove-ADObject -Identity $Computer.'Computer'
these two object exist in AD, but I cannot seem to find out why it is not working.
see below error message:
Remove-ADObject : Cannot find an object with identity: 'fr-borr-mac' under: 'DC=PII,DC=net'.
At C:\Users\deng\OneDrive - Aptus Health\Script\Export.ps1:7 char:1
+ Remove-ADObject -Identity $Computer.'Computer'
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (fr-borr-mac:ADObject) [Remove-ADObject], ADIdentityNotFoundException
+ FullyQualifiedErrorId : ActiveDirectoryCmdlet:Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException,Microsoft.ActiveDirectory.Management.Commands.RemoveADObject
Remove-ADObject : Cannot find an object with identity: 'jlinmacfr' under: 'DC=PII,DC=net'.
At C:\Users\deng\OneDrive - Aptus Health\Script\Export.ps1:7 char:1
+ Remove-ADObject -Identity $Computer.'Computer'
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Content of the CSV below:
Computer
--------
fr-borr-mac
jlinmacfr
Could anyone give input on this?
The -Identity parameter on the *-ADObject commands expect either a DistinguishedName or Guid value. If you are wanting to work with SamAccountName or some other attribute, you should consider using the *-ADComputer or using -Filter to find your objects.
# Using Remove-ADObject
Remove-ADObject -Filter "SamAccountName -eq '$($Computer.Computer)'"
# Using Remove-ADComputer
Remove-ADComputer -Identity $Computer.Computer
Alternatively, you can use Get-ADComputer or Get-ADObject to retrieve your object first and then pipe that into Remove-ADObject.
Get-ADObject -Filter "SamAccountName -eq '$($Computer.Computer)'" | Remove-ADObject
See the Remove-ADObject documentation for the following excerpt regarding explicitly binding to -Identity:
Specifies an Active Directory object by providing one of the following
property values. The identifier in parentheses is the Lightweight
Directory Access Protocol (LDAP) display name for the attribute. The
acceptable values for this parameter are:
A distinguished name
A GUID (objectGUID)
For piping an object into Remove-ADObject, the following excerpt applies, which is why you can use a Get-AD* command and pipe the result into the Remove-ADObject:
This parameter can also get this object through the pipeline or you
can set this parameter to an object instance.
Derived types, such as the following, are also accepted:
Microsoft.ActiveDirectory.Management.ADGroup
Microsoft.ActiveDirectory.Management.ADUser
Microsoft.ActiveDirectory.Management.ADComputer
Microsoft.ActiveDirectory.Management.ADServiceAccount
Microsoft.ActiveDirectory.Management.ADFineGrainedPasswordPolicy
Microsoft.ActiveDirectory.Management.ADDomain

calling a variable in select -expandproperty

I'm trying to make a report that lists a server name, vm name, and notes section from the vm but I cannot seem to get this code to run, it always gives me this error:
Select-Object : Cannot convert 'System.Object[]' to the type
'System.String' required by parameter 'ExpandProperty'. not supported.
At C:\Cooper\Jobs\Get-VmNotes - Copy.ps1:32 char:48 + get-vm -server
FA0150 | Select -expandproperty $server, Name, Notes +
~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidArgument:
(:) [Select-Object], ParameterBindingException +
FullyQualifiedErrorId :
CannotConvertArgument,Microsoft.PowerShell.Commands.SelectObjectCommand
I can get the vmname and notes to output together but I just want to have a column that lists the vcenter server it is associated with.
Expand property is like the same as saying (Get-VM -Server FA0150).Name. It expands the property name you are selecting. You were trying to expand 3 properties (System.Object[]), but it is looking for just a string name of the property you want to expand. Use -Property instead.
get-vm -server FA0150 | Select-Object -Property Name,Notes
get-vm -server FA0150 | Select-Object -Property Name,Notes | Format-Table -Autosize
To also include the server name I made it into a script form since it can no longer be a one-liner:
[CmdletBinding()]
Param ( $Server )
$VMs = Get-VM -Server $Server
$VMs | Select-Object -Properties #(
#{ Label = 'Server';Expression = { $Server } }
'Name'
'Notes'
)
I found a solution to my problem using New-ViProperty. The only problem is now it creates four separate csv files and I want to combine them all into one based on the filename, keeping the same format, and delete the four others based on their filename. Is there an easy way to do this?

Pass array of CimInstance to CimMethod

I am working with WMI API through Cim cmdlets. The problem is that I can't figure out how to pass wmi object to wmi method that accepts array of wmi objects.
Here are method parameters definition:
Name CimType Qualifiers
---- ------- ----------
Path String {ID, in}
Permissions InstanceArray {EmbeddedInstance, ID, in}
ResetChildren Boolean {ID, in}
Path and ResetChildren are simple parameters. They accepts simple values like "/path" and $true respectively. But I have troubles with Permissions parameter.
Here is my code
#Acquiring object that I want to pass to method
$group = Get-CimInstance -Namespace "root\VisualSVN" -ClassName VisualSVN_Group -Filter "Name='Readers'"
#Acquiring object which method will be called
$repositories = Get-CimInstance -Namespace "root\VisualSVN" -ClassName VisualSVN_Repository
#Preparing method arguments
$args = #{
Path = "/";
Permissions = #($group[0]); #Trouble here
ResetChildren = $true
}
#Invoking method with arguments
Invoke-CimMethod -InputObject ($repositories[0]) -MethodName SetSecurity -Arguments $args
Execution of this code will result in error:
Invoke-CimMethod : Unable to cast object of type 'Microsoft.Management.Infrastructure.CimInstance' to type 'M
icrosoft.Management.Infrastructure.Native.InstanceHandle'.
Parameter name: value
At C:\somepath\script1.ps1:11 char:1
+ Invoke-CimMethod -InputObject ($repositories[0]) -MethodName SetSecurity -Argume ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Invoke-CimMethod], ArgumentException
+ FullyQualifiedErrorId : System.ArgumentException,Microsoft.Management.Infrastructure.CimCmdlets.Invoke
CimMethodCommand
If you change code
Permissions = #($group[0]); #Trouble here
To code
Permissions = $group; #Trouble here
Then error message will also change:
Invoke-CimMethod : Unable to cast object of type 'Microsoft.Management.Infrastructure.Native.InstanceHandle'
to type 'System.Collections.IList'.
Parameter name: value
At C:\somepath\script1.ps1:11 char:1
+ Invoke-CimMethod -InputObject ($repositories[0]) -MethodName SetSecurity -Argume ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Invoke-CimMethod], ArgumentException
+ FullyQualifiedErrorId : System.ArgumentException,Microsoft.Management.Infrastructure.CimCmdlets.Invoke
CimMethodCommand
Any ideas how to pass $group to method properly?
I had exactly same problem with VisualSVN_Repository::SetSecurity method.
When working with CIM method arguments, you must cast ANY array arguments to [CimInstance[]].
For example, this worked for me:
$Everyone = Get-CimInstance -Namespace root/VisualSVN -ClassName VisualSVN_Everyone
# Grant Everyone a Read/Write access:
$AccessRule = New-CimInstance -Namespace root/VisualSVN -ClassName VisualSVN_PermissionEntry -ClientOnly -Property #{ Account = $Everyone; AccessLevel = [UInt32]2 }
$SvnRepo = Get-CimInstance -Namespace root/VisualSVN -ClassName VisualSVN_Repository -Filter "Name='MY_REPOSITORY_NAME'"
Invoke-CimMethod -InputObject $SvnRepo -MethodName SetSecurity -Arguments #{
Path = '/';
Permissions = [CimInstance[]]$AccessRule;
ResetChildren = $true
} | Out-Null
You must cast array argument to [CimInstance[]] even when it is just a single item.
P.S.: Be careful with Ref array arguments too: you must first cast it to [CimInstance[]] and then to [ref[]]. For example, when calling VisualSVN_Group::Create method:
[CimInstance[]] $SvnUsers = [CimInstance[]]($ArrayOf_VisualSVN_User_Objects)
Invoke-CimMethod -ClassName VisualSVN_Group -Namespace root/VisualSVN -MethodName Create -Arguments #{
Members = [ref[]]$SvnUsers;
Name = 'MY_NEW_GROUP_NAME'
} | Out-Null
See also: Tip#5: Passing ref and embedded instances on PowerShell Blog.
If you had a repro that did not rely on software I do not have installed, I could answer definitively, so I will make my best attempt based on what I can infer from your question.
To make what you are assigning to Permissions an array, and you are only assigning one value, use a comma in front.
Permissions = ,$group
Here is some sample script and the output to demonstrate.
Script
$var1 = "any value"
$var2 = ,$var1
$var1.GetType()
$var2.GetType()
$var2.Count
$var2[0]
Output
IsPublic IsSerial Name BaseType
-------- -------- ---- --------
True True String System.Object
True True Object[] System.Array
1
any value
A possible solution (it worked for me with a similar issue that led me here) based on the 'hint' that CIM are inert objects. In my case it was installing SCCM updates in a scripted manner while allowing for reboots if the updates required them, and stopping if the entire process took more than a certain amount of time (to not go past the available maintenance window).
I was passing a CIMUpdate object through to a powershell function to perform the update to allow for rebooting if necessary between updates (Perform a single update at a time, verify if reboot is needed, then try the next update).
The CIM object was giving a Type Mismatch error when forcing it to cast as [CIMInstance[]], and if not casting at all I would get the same Unable to cast object of type 'Microsoft.Management.Infrastructure.CimInstance' to type 'Microsoft.Management.Infrastructure.Native.InstanceHandle' error message.
Solution was to use that CIMUpdate and re-query to get a live version of the object within the function and then use that new object as the argument to the CIMMethod.
as of now, it works for me , the case I am working on is passing New-ScheduledTaskTrigger instance to a function.
I am passing a CimInstance to a function and receiving it as PSCustomObject type.
Send CimInstance receive as [PSCustomObject] -> at target it remains CimInstance object type
Send CimInstance receive as [CimInstance] -> at target it remains CimInstance object type
Send CimInstance receive as [CimInstance[]] -> at target it turn to CimInstance array type

Powershell connecting and searching multiple domains

I am trying to locate the group memberships for a specified user account. One domain's user account is often a member of a group in the other domains (some domains require different admin account). Using get-QAQgroup, I can successfully search each domain individually, but when I try to loop through the domains, I can only find results in the domain that I am logged into.
#Script to change domains and look for group memberships for a specified user account.
$domains = "dom1.ad.state.company.com","dom2.ad.state.company.com","dom3.ad.state.company.com","dom4.ad.state.company.com","corporate.state.company.com","OddNamedDom.com"
$CRED=GET-CREDENTIAL
$userAcc = read-host "Enter domain\username for Group Membership Search"
foreach ($domain in $domains)
{
write-host "In the domain $domain "," $userAcc is a direct member of..."
Get-QADGroup -service $domain -Credential $cred -Containsmember $userAcc | select name
} #foreach domain
Connect-QADService -Service 'dom1.ad.state.company.com'
When I run the script I get results for dom1 (domain I am logged into) and the rest throw the following errors. I am not sure why the "Ref 1:.." lines are pointing to 'dom1'. I thought that might be the source of issue. I have copied the Powershell output below showing the error messages.
In the domain dom1.ad.state.company.com dom1\brownd2.admin.dom1 is a direct member of...
Name
----
DOM1-G-ITS-DS-Company Services
DOM1PGUELFP00003-Exmerge-R
DOMPGUELFP00003-Exmerge-C
ITSPPTBOSHFS003-FSSHARE-C
Domain Users
In the domain dom2.ad.state.company.com dom1\brownd2.admin.dom1 is a direct member of...
Get-QADGroup : 0000202B: RefErr: DSID-03100742, data 0, 1 access points
ref 1: 'dom1.ad.state.company.com'
At C:\TestScripts\tGet-UserAllMemberships.ps1:24 char:6
+ Get-QADGroup -service $domain -Credential $cred -Containsmember $userAcc | ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Get-QADGroup], DirectoryAccessException
+ FullyQualifiedErrorId : Quest.ActiveRoles.ArsPowerShellSnapIn.DirectoryAccess.DirectoryAccessException,Quest.ActiveRoles.ArsPowerShel
lSnapIn.Powershell.Cmdlets.GetGroupCmdlet
In the domain dom3.ad.state.company.com dom1\brownd2.admin.dom1 is a direct member of...
Get-QADGroup : 0000202B: RefErr: DSID-03100742, data 0, 1 access points
ref 1: 'dom1.ad.state.company.com'
At C:\TestScripts\tGet-UserAllMemberships.ps1:24 char:6
+ Get-QADGroup -service $domain -Credential $cred -Containsmember $userAcc | ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Get-QADGroup], DirectoryAccessException
+ FullyQualifiedErrorId : Quest.ActiveRoles.ArsPowerShellSnapIn.DirectoryAccess.DirectoryAccessException,Quest.ActiveRoles.ArsPowerShel
lSnapIn.Powershell.Cmdlets.GetGroupCmdlet
There is a similar set of errors for each domain that I am checking. I have not posted the full list of error messages.
If I change the order of the domains in the array, the errors and the results of the one successful domain just change order to match the array. I thought that it might just be successful for the first iteration of the loop. Not the case though.
I know that the account is a member of groups in Dom2 and not in any groups in Dom3. If I take the commands out of the foreach loop and run individual for each domain in the console I do get the expected results. Based on the individual results, I had thought that this would be straight forward example to do in a loop, but I am not connecting correctly to the domains.
What can I change?
Here is a solution using System.DirectoryServices.AccountManagement Namespace, adapted to PowerShell from C# code. It's a kind of recursive solution. In Find Recursive Group Membership (Active Directory) using C#, I give a recursive solution (using basic ADSI avaible from PowerShell 1.0) that also works with distribution groups.
# Retreiving a principal context for the administrator on the Global Catalog
Add-Type -AssemblyName System.DirectoryServices.AccountManagement
$domainContext = New-Object DirectoryServices.AccountManagement.PrincipalContext([DirectoryServices.AccountManagement.ContextType]::Domain, "VMESS01:3268" , "administrator", "adminPasswd")
# Retreive the groups
try {
$userPrincipal = [DirectoryServices.AccountManagement.UserPrincipal]::FindByIdentity($domainContext, "jpb")
$groups = $userPrincipal.GetAuthorizationGroups()
foreach($group in $groups)
{
$group.name;
}
}
finally {
$pc.domainContext()
}

Powershell: How to pass variable correctly to command

I apologize if I butchered the terminology for this, and understand I'm very new to PowerShell. I have read over some of the guides and this concept is clearly not getting through to me.
Concept:
I want to remove a mobile device from a user in Exchange 2010
Identify user from input
Create variable from input of the PhoneID
Remove the Phone using phoneID variable
I believe my problem is in how I'm passing this data to the next command. I know the appended "#[Identity " that get's added should be removed and I remember reading something about how when you pass data like this Powershell has no context? Here is my very simple script.
Script
Add-PSSnapin Microsoft.Exchange.Management.PowerShell.E2010
. $env:ExchangeInstallPath\bin\RemoteExchange.ps1
Connect-ExchangeServer -auto
$PU = Read-Host "Enter Username"
$did = get-activesyncdevice -mailbox $PU | Select-Object identity
Remove-ActiveSyncDevice -Identity $did
Error
My error is as follows, and I've tried to research what I'm doing wrong but I'm just not getting it :-( , I replaced the actual output for the account with XX.
Remove-ActiveSyncDevice : Cannot bind parameter 'Identity'. Cannot convert value "#{Identity=XX" to type
"Microsoft.Exchange.Configuration.Tasks.ActiveSyncDeviceIdParameter". Error: "Cannot convert the "#{Identity=XX}" value of type
"Selected.Microsoft.Exchange.Data.Directory.SystemConfiguration.ActiveSyncDevice" to type "Microsoft.Exchange.Configuration.Tasks.ActiveSyncDeviceIdParameter"."
At line:1 char:35
+ Remove-ActiveSyncDevice -Identity $did
+ ~~~~
+ CategoryInfo : InvalidArgument: (:) [Remove-ActiveSyncDevice], ParameterBindingException
+ FullyQualifiedErrorId : CannotConvertArgumentNoMessage,Microsoft.Exchange.Management.Tasks.RemoveMobileDevice
Any help or advice on this would be amazing!
When you use Select-Object and give it just one property name, you get and object with just one property. But even though it only has one property, you still have to reference that one property by name:
Add-PSSnapin Microsoft.Exchange.Management.PowerShell.E2010
. $env:ExchangeInstallPath\bin\RemoteExchange.ps1
Connect-ExchangeServer -auto
$PU = Read-Host "Enter Username"
$did = get-activesyncdevice -mailbox $PU | Select-Object identity
Remove-ActiveSyncDevice -Identity $did.identity