Powershell - Unable to pass variable to commandlet - powershell

When I'm holding a variable and passing it to a commandlet I am getting inconsistent results. Maybe I am just plain using variables in powershell incorrectly? If there were a way to see exactly the line of code my Visual Studio Code was sending at runtime that would be helpful.
My code returns a $null object when executing those first two filters. I've confirmed that $username actually does contain the string "userLoginName" but it doesn't seem to pass to the Get-ADUser commandlet correctly.
PS C:\> $username = "userLoginName"
PS C:\> Get-ADUser -Filter {SAMAccountName -eq "$($username)"}
PS C:\> Get-ADUser -Filter {SAMAccountName -eq "$username"}
PS C:\> Get-ADUser -Filter {SAMAccountName -eq "userLoginName"}
Why is it that only the third -filter command runs successfully? The first two return $null, not a UserNotFound kind of exception or anything. What am I doing wrong here? Do I just have no concept of how to use variables in powershell (yes)? Sorry for being a noob, but thank you for your time.

See this post. The AD calls' -Filter parameter doesn't like taking in string variables as part of a ScriptBlock for some reason (you can read the post more for more info). But passing -Filter as a String should work.
Get-ADUser -Filter "SAMAccountName -eq '$username'"
Alternatively, if you're just wanting to lookup an AD user with the SAMAccountName, you can just do Get-ADUser -Identity $username. That's probably easier. The benefit (or sometimes the consequence) of using the -Filter parameter is that, like you discovered, it won't throw an exception if a user is not found. If you use the -Identity parameter, it WILL throw an exception if a user is not found.

Related

Assistance needed with PowerShell Script for Get-ADUser

I am trying to write a basic PowerShell script to Get-ADUser using the UserPrincipleName property. I have tried various items and all of them fail. I have tried
Get-ADUser -Properties {UserPrincipleName -eq "somename#domain.com"}
and have also tried
Get-ADUSer -Properties "someuser#domain.com"
I just am failing to understand how the -properties parameters relates to the UPN.

Powershell - How to get the GUID from a security group to assign acl

I might be missing something, but I am trying to get the GUID from a security group to assign some delegated permissions.
I have a basic code see below;
$guidmap = get-adgroup -Filter "name -like 'MyOU'" -Properties * | select objectguid
Write-host "Here is what you need: " $guidmap
Not sure why I can't seem to resolve the GUID on this.
The thing to remember is that Powershell is very much an object-based language. One of your best debugging tools will be the Get-Member cmdlet. In this case, it turns out that the output from Select-Object is still an object of type ADGroup (specifically, Selected.Microsoft.ActiveDirectory.Management.ADGroup), when what you want is apparently either a System.GUID or a System.String.
If you want a System.GUID, try
$GUIDMap = (Get-ADGroup -Filter "Name -like 'MyOU'" -Properties ObjectGUID).ObjectGUID
or if you want a System.String, use
$GUIDMap = (Get-ADGroup -Filter "Name -like 'MyOU'" -Properties ObjectGUID).ObjectGUID.GUID
(Incidentally, if you're retrieving the information for a single specific group, you don't need to use the -Filter parameter and expression; you can use -Identity instead - Get-ADGroup -Identity MyOU -Properties ObjectGUID...)

cmdlet to variable not being accepted

Should be a very simple script but having issues getting the output from the get-aduser to be recognized as a variable, among other things. I've tried every format of quotes and brackets I can think of but can't get a proper output. The script is just querying a specific user and exporting the AD groups to a folder named for their department, then into a text file using the name and title.
$usertocheck = Read-Host -Prompt 'Input user to check'
$depttoadd = Get-AdUser -Filter {samAccountName -eq "$usertocheck"} -Properties Department |
Select-Object -expand Department
New-Item -ItemType Directory -Force -Path "C:\Users\Public\Desktop\UserRecords\$depttoadd\"
Get-ADPrincipalGroupMembership $usertocheck | select name |
Out-File -FilePath "C:\Users\Public\Desktop\UserRecords\$($usertocheck)_$($titlelookup).txt"
Any hints would be appreciated.
It works for me, when I remove the quotes around $usertocheck in the below line ($usertocheck is a string already, so no need for quotes)
$depttoadd = Get-AdUser -Filter {samAccountName -eq $usertocheck} -Properties Department |
As a side note, you could also access the department property of the object returned by Get-AdUser like so
$depttoadd = $(Get-AdUser -Filter {samAccountName -eq $usertocheck} -Properties Department).Department
Acessing the properties of an object is from my experience the more reliable and cleaner way of getting the output you want, rather than using 'Select-Object'.
Hope this helps.

Trouble retrieving Active Directory computer description

When I run:
$computer = Get-ADComputer -SearchBase 'OU="Windows 7 Machines",OU="Devices",dc=blah,dc=Local' -Filter 'name -like "computerName"' -Properties Description
I'm able to get the AD description using
$computer.Description
My question is: how do I get the computer description without using the -Properties Description argument?
$computer = Get-ADComputer -SearchBase 'OU="Windows 7 Machines",OU="Devices",dc=blah,dc=Local' -Filter 'name -like "computerName"'
How do I get the description from the $computer variable here?
With Get-ADComputer or some other LDAP query tools? You don't.
Specifying -Properties Description is what tells the Get-ADComputer cmdlet to request the description field from the LDAP server. If you don't specifically request it, the LDAP server does not send it in the response back to the cmdlet. You must specify any fields you want beyond the defaults, and description is not a default field.
I mean sure, ok, you could say -Properties *, and that technically answers your question, but then you're asking for every property (this is bad; it takes much longer).

Cannot use variable with Get-User -Filter in Exchange Management Console

I cannot seem to use variable in the situation below.
[PS] C:\>Get-User -Filter {SamAccountName -eq "Test.Smith"}
Name RecipientType
---- -------------
Test Smith UserMailbox
[PS] C:\>$SamAccountName = "Test.Smith"
[PS] C:\>Get-User -Filter {SamAccountName -eq $SamAccountName}
[PS] C:\>echo $SamAccountName
Test.Smith
[PS] C:\>
You can see the command works fine when I type out the name, but not when I use a variable. Thanks!
I don't have access to this cmdlet, are you sure it takes a scriptblock and not a string? If it takes a string try this:
Get-User -Filter "SamAccountName -eq $SamAccountName"
If it really takes a scriptblock try:
Get-User -Filter {SamAccountName -eq $SamAccountName}.GetNewClosure()
As seen in the comments, add single quotes around the variables, or your filter result has incorrect syntax.
Get-User -Filter "SamAccountName -eq '$SamAccountName'"
When passing parameters directly you can just pass the variable. But in this case you are building a properly formatted query string, and the single quotes are part of that.
When you get a full answer, don't leave it as a comment... create it as a full answer.