Powershell LDAP Filter with DirectorySearcher - powershell

I am using the DirectorySearcher class to find a single user. The criteria should be that the objectCategory is a user, and that his password is not set to never expires.
After some searching, I have come up with this:
$searcher = New-Object System.DirectoryServices.DirectorySearcher
$searcher.Filter = "(&(objectCategory=User)(samAccountName=$env:username)(!(userAccountControl:1.2.840.113556.1.4.803:=65536)))"
where userAccountControl:1.2.840.113556.1.4.803:=65536 should be for users whose password never expires.
Finally I do:
$user = $searcher.FindOne().GetDirectoryEntry()
But it says that I cannot call a method on a null-valued expression. I think I am using the parentheses correctly. So then could it be that I can't use the ! operator for this?
Also note that I could use the get-aduser command, like so:
get-aduser -filter * -properties samAccountName, PasswordNeverExpires | where { $_.passwordNeverExpires -eq "true" } | where {$_.enabled -eq "true"} | where {$_.samAccountName -eq $env:username}
but in this instance it would be preferable to use the DirectorySearcher instead like shown above.

In fact your code is working, but when the $searcher.FindOne() return nothing, that is to say, when the filter return nothing, the GetDirectoryEntry() method give :
> You cannot call a method on a null-valued expression. At line:1 char:1
> + $searcher.FindOne().GetDirectoryEntry()
> + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> + CategoryInfo : InvalidOperation: (:) [], RuntimeException
> + FullyQualifiedErrorId : InvokeMethodOnNull
Try :
$user = $searcher.FindOne()
if($user -ne $null) {$user.GetDirectoryEntry()} else {write-host "Niet"}

Related

Null troubles with PowerShell AD script for creating new users

Been smooth sailing with creating users for my domain, now I'm trying to set the uidNumber based on what the last 4 digits of the generated objectSid. Might be a simple solution but hoping for some help.
The rest of the code runs fine until we get to the '$last4' variable so I snipped to make it shorter, but if putting the whole script helps, happy to do so.
Import-Module ActiveDirectory
$firstname = Read-Host -Prompt "Please enter the first name"
$lastname = Read-Host -Prompt "Please enter the last name"
$location = Read-Host -Prompt "Please enter user location (LA/NY)"
$path = "OU=Users,OU=$location,OU=GS,DC=random,DC=com"
New-ADUser `
-snip
Add-ADGroupMember `
-Identity "$snip" -Members $username
$user = Get-ADUser -Identity $username
$objectSid = $user.objectSid
$last4DigitsOfObjectSid = $objectSid.Substring($objectSid.Length - 4)
$newUidNumber = "71$last4DigitsOfObjectSid"
Set-ADUser -Identity $username -Replace #{'uidNumber'=$newUidNumber}
Error
You cannot call a method on a null-valued expression.
At C:\Users\Administrator\Desktop\newtry.ps1:31 char:1
$last4DigitsOfObjectSid = $objectSid.Substring($objectSid.Length - 4)
CategoryInfo : InvalidOperation: (:) [], RuntimeException
FullyQualifiedErrorId : InvokeMethodOnNull
objectSid is not an attribute that Get-ADUser returns by default, the attribute you're looking for is just SID. $objectSid in your snippet is actually null, hence the error you're having.
Also, Substring is a String method and SID and objectSid are instances of SecurityIdentifier. This class does not have a Substring method. You would need to refer to the .Value property:
$sid = $user.SID
$last4DigitsOfObjectSid = $sid.Value.Substring($sid.Value.Length - 4)
A much easier way of getting the last 4 digits would be with -replace which will coerce the SecurityIdentifier to a string before replacing:
$sid = $user.SID
$last4DigitsOfObjectSid = $sid -replace '.+(?=.{4}$)'
Or using -split which would also work for SIDs having less than 4 digits:
$last4DigitsOfObjectSid = ($sid -split '-')[-1]

Null-Valued Expression Error in Powershell

I am trying to uninstall a Program via Power Shell but I am getting an error "You cannot call a method on a null valued expression.
PS C:\Users\user> $App = Get-WmiObject -Class Win32_Product | Where-Object{$_.Name -eq "CVF_x64"}
PS C:\Users\user> $App.Uninstall()
You cannot call a method on a null-valued expression.
At line:1 char:1
+ $App.Uninstall()
+ ~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [], RuntimeException
+ FullyQualifiedErrorId : InvokeMethodOnNull
The program is in Programs and Features on control panel, see attached picture below.
List of Apps on Control Panel
Powershell List of Apps
CVF Doesn't show up in Powershell for some reason
looks like your query does not find anything -> empty variable?
$x = $null
$x.uninstall()
result: You cannot call a method on a null-valued expression.
btw. wmi is a thing of the past, use the cim cmdlets, and do the filtering one step earlier:
$name = "MyApp"
get-ciminstance -query "select * from win32_product where name = '$name'"
To identify what the value of the variable name must be simply output this beforehand and identify the exact string:
(get-ciminstance -query "select * from win32_product").name
You could also check the registry:
HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall HKLM:\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall
Get-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\*" -Name DisplayName,DisplayVersion,InstallSource,Publisher,UninstallString
Execute the command in the attribute UninStallString...

update/modify ldap user attribute powershell

My powershell script will update the ldap user attribute for non-Microsoft technology(Active Directory) and i faced some issue on it. This is my reference link for how to update non-Microsoft technology(Active Directory)
This is part of my powershell script
if($time -ne $null)
{
$eD = $time.AddDays(7)
write-host "The date after : "$eD
Set-ADUser xxxxx -AccountExpirationDate $eD
$a = New-Object "System.DirectoryServices.Protocols.DirectoryAttributeModification"
write-host $a
$a.Name = "String1"
write-host $a
$a.Operation = [System.DirectoryServices.Protocols.DirectoryAttributeOperation]::Add
write-host $a
#add values of the attribute
$a.Add("set")
write-host $a
$r.Modifications.Add($a)
$re = $ldapserver.SendRequest($r);
if ($re.ResultCode -ne [System.directoryServices.Protocols.ResultCode]::Success)
{
write-host "Failed!"
write-host ("ResultCode: " + $re.ResultCode)
write-host ("Message: " + $re.ErrorMessage)
}
}
Here are my script output
The date after 7 days : 14/1/2020 11:40:03 AM
0
set
You cannot call a method on a null-valued expression.
At D:\deployment\test_ck.ps1:94 char:25
+ $r.Modifications.Add($a)
+ ~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [], RuntimeException
+ FullyQualifiedErrorId : InvokeMethodOnNull
i cant figure out why $a is having a null value
This is what assigned to $r
$Domain='ou=test,ou=tes1,o=test2'
$fDomain ='(objectClass=User)'
$sDomain = New-Object System.DirectoryServices.Protocols.SearchRequest -ArgumentList $Domain,$fDomain,
$r = (new-object "System.DirectoryServices.Protocols.ModifyRequest")
$r = $sDomain
The simple PowerShell script below uses the Get-ADUser cmdlet from the ActiveDirectory PowerShell module to retrieve all the users in one OU and then iterate the users to set a couple of AD properties.
# Get all users in the Finance OU.
$FinanceUsers = Get-ADUser -Filter * -SearchBase "OU=Finance,OU=UserAccounts,DC=FABRIKAM,DC=COM"
# Iterate the users and update the department and title attributes in AD.
The example uses the Instance parameter of Set-ADUser to update each user in the OU. The parameter allows any modifications made to the ADUser object to go to the corresponding Active Directory object while only updating object properties that have changed.

positional parameter cannot be found that accepts argument

if ($mbcb1.Checked -eq $true) {$dgr = "-AutoStart"}
if ($mbcb2.Checked -eq $true) {$dgrc = "-AutoComplete"}
if ($mbcb3.Checked -eq $true) {$dgren = "-NotificationEmails"}
New-MigrationBatch -Name $mbnd -SourceEndpoint $mbcx -TargetDeliveryDomain $mbtdd -CSVData ([System.IO.File]::ReadAllBytes("$cmbcsvfile")) $dgr $dgrc $dgren admin#admin.com
Error :
A positional parameter cannot be found that accepts argument '-Autostart'.
+ CategoryInfo : InvalidArgument: (:) [New-MigrationBatch], ParameterBindingException
+ FullyQualifiedErrorId : PositionalParameterNotFound,New-MigrationBatch
+ PSComputerName : ps.outlook.com
if i given direct input its working but passing as variable throwing error.
If you want to optionally specify parameters, use splatting:
$OptionalParameters = #{
AutoStart = $mbcb1.Checked
AutoComplete = $mbcb2.Checked
}
if ($mbcb3.Checked) {
$OptionalParameters["NotificationEmails"] = 'admin#admin.com'
}
New-MigrationBatch -Name $mbnd -SourceEndpoint $mbcx -TargetDeliveryDomain $mbtdd -CSVData ([System.IO.File]::ReadAllBytes("$cmbcsvfile")) #OptionalParameters
We simply build a hashtable with the parameter names and their arguments, and then supply it to the cmdlet as an argument (but like #name instead of $name), and then the parser will turn each entry in the hashtable into a named parameter in the form -key:value.
Finally, the $mbcb3.Checked -eq $true comparison is redundant, since Checked (assuming that $mbcb3 is a checkbox) is already either $true or $false
See the about_Splatting help file for more details about parameter splatting

New-ADGroup - Using -join and Variable in a PS cmdlet?

I've been delving into PS scripting over the last few months and I was attempting to script out AD group creations. Right now, I'm asking the following:
$GroupNameRO = Read-Host -Prompt 'What Read Only AD group name do you want to use'
$GroupNameRW = Read-Host -Prompt 'What Read Write AD group name do you want to use'
$RequestNum = Read-Host -Prompt 'Input the request number for this share'
Then putting it all together here:
New-ADGroup -name $GRPnameRW -path 'OU=Security,OU=Groups,DC=test,DC=local' -groupscope 'global' -Description -join('Request #',$RequestNum)
and finally receiving this error:
New-ADGroup : A positional parameter cannot be found that accepts argument 'System.Object[]'.
At line:1 char:1
+ New-ADGroup -name $GRPnameRW -path 'OU=Security,OU=Groups,DC=test,DC=local' -g ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidArgument: (:) [New-ADGroup], ParameterBindingException
+ FullyQualifiedErrorId : PositionalParameterNotFound,Microsoft.ActiveDirectory.Management.Commands.NewADGroup
Has anyone used the -join within a parameter / am I formatting everything correctly?
... -Description (('Request #',$RequestNum) -join 'something')
You need to do it like this. Think of it this way:
-Description (expression)
because Description has to be a result of an expression we need to enclose the expression in (), everything inside () gets executed first.
And for -join to work we need to feed values into it, so:
(values) -join 'what_are_we_joining_with'
ps. you don't really need () around values you are passing to join in some cases: 'a','b' -join "" works. But I thinks its nicer this way and more intuitive with ().
Your value for the -Description parameter is incorrect. This should get you the result you're looking for:
New-ADGroup -name $GRPnameRW -path 'OU=Security,OU=Groups,DC=test,DC=local' -groupscope 'global' -Description "Request #$RequestNum"