New-ADGroup - Using -join and Variable in a PS cmdlet? - powershell

I've been delving into PS scripting over the last few months and I was attempting to script out AD group creations. Right now, I'm asking the following:
$GroupNameRO = Read-Host -Prompt 'What Read Only AD group name do you want to use'
$GroupNameRW = Read-Host -Prompt 'What Read Write AD group name do you want to use'
$RequestNum = Read-Host -Prompt 'Input the request number for this share'
Then putting it all together here:
New-ADGroup -name $GRPnameRW -path 'OU=Security,OU=Groups,DC=test,DC=local' -groupscope 'global' -Description -join('Request #',$RequestNum)
and finally receiving this error:
New-ADGroup : A positional parameter cannot be found that accepts argument 'System.Object[]'.
At line:1 char:1
+ New-ADGroup -name $GRPnameRW -path 'OU=Security,OU=Groups,DC=test,DC=local' -g ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidArgument: (:) [New-ADGroup], ParameterBindingException
+ FullyQualifiedErrorId : PositionalParameterNotFound,Microsoft.ActiveDirectory.Management.Commands.NewADGroup
Has anyone used the -join within a parameter / am I formatting everything correctly?

... -Description (('Request #',$RequestNum) -join 'something')
You need to do it like this. Think of it this way:
-Description (expression)
because Description has to be a result of an expression we need to enclose the expression in (), everything inside () gets executed first.
And for -join to work we need to feed values into it, so:
(values) -join 'what_are_we_joining_with'
ps. you don't really need () around values you are passing to join in some cases: 'a','b' -join "" works. But I thinks its nicer this way and more intuitive with ().

Your value for the -Description parameter is incorrect. This should get you the result you're looking for:
New-ADGroup -name $GRPnameRW -path 'OU=Security,OU=Groups,DC=test,DC=local' -groupscope 'global' -Description "Request #$RequestNum"

Related

Null troubles with PowerShell AD script for creating new users

Been smooth sailing with creating users for my domain, now I'm trying to set the uidNumber based on what the last 4 digits of the generated objectSid. Might be a simple solution but hoping for some help.
The rest of the code runs fine until we get to the '$last4' variable so I snipped to make it shorter, but if putting the whole script helps, happy to do so.
Import-Module ActiveDirectory
$firstname = Read-Host -Prompt "Please enter the first name"
$lastname = Read-Host -Prompt "Please enter the last name"
$location = Read-Host -Prompt "Please enter user location (LA/NY)"
$path = "OU=Users,OU=$location,OU=GS,DC=random,DC=com"
New-ADUser `
-snip
Add-ADGroupMember `
-Identity "$snip" -Members $username
$user = Get-ADUser -Identity $username
$objectSid = $user.objectSid
$last4DigitsOfObjectSid = $objectSid.Substring($objectSid.Length - 4)
$newUidNumber = "71$last4DigitsOfObjectSid"
Set-ADUser -Identity $username -Replace #{'uidNumber'=$newUidNumber}
Error
You cannot call a method on a null-valued expression.
At C:\Users\Administrator\Desktop\newtry.ps1:31 char:1
$last4DigitsOfObjectSid = $objectSid.Substring($objectSid.Length - 4)
CategoryInfo : InvalidOperation: (:) [], RuntimeException
FullyQualifiedErrorId : InvokeMethodOnNull
objectSid is not an attribute that Get-ADUser returns by default, the attribute you're looking for is just SID. $objectSid in your snippet is actually null, hence the error you're having.
Also, Substring is a String method and SID and objectSid are instances of SecurityIdentifier. This class does not have a Substring method. You would need to refer to the .Value property:
$sid = $user.SID
$last4DigitsOfObjectSid = $sid.Value.Substring($sid.Value.Length - 4)
A much easier way of getting the last 4 digits would be with -replace which will coerce the SecurityIdentifier to a string before replacing:
$sid = $user.SID
$last4DigitsOfObjectSid = $sid -replace '.+(?=.{4}$)'
Or using -split which would also work for SIDs having less than 4 digits:
$last4DigitsOfObjectSid = ($sid -split '-')[-1]

I have been following to try and write a powershell script to add a new group of local user to windows

$user | ForEach {New-MsolUser -DisplayName $.Display name -FirstName $.First name -LastName $.Last name -UserprincipalName $.User principal name -LicenseAssignment $.Licenses -password WXAqa#123 -Office $.officeaddresss -MobilePhone $_.Phone number -UsageLocation "IN"}
it shows this kind of ERROR:
New-MsolUser : A positional parameter cannot be found that accepts argument 'name'.
At line:1 char:18
... | ForEach {New-MsolUser -DisplayName $.Display name -FirstName $.F ...
CategoryInfo : InvalidArgument: (:) [New-MsolUser], ParameterBindingException
FullyQualifiedErrorId : PositionalParameterNotFound,Microsoft.Online.Administration.Automation.NewUser
I think the problem is that the variable names cannot include spaces. I am not sure about the dot at the start as well
Try using
$Display_name
Instead of
$.Display name
Similarly with all other variables of course.

How we can create a New-ADGroup with -OtherAttributes using powershell command?

New-ADGroup -Name 'mygroup1' -GroupScope 0 -OtherAttributes '#{'AttributeLDAPDisplayName'=value}'
I have tried using above command in powershell but returns following exception :
At line:1 char:45
+ New-ADGroup -Name 'mygroup1' -GroupScope 0 -OtherAttributes -Replace ...
+ ~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidArgument: (:) [New-ADGroup], ParameterBindingException
+ FullyQualifiedErrorId : CannotConvertArgumentNoMessage,Microsoft.ActiveDirectory.Management.Commands.NewADGroup```
As suggested by Santiago Squarzon posting it as
answer to help other community members.
If you use quotes in arguments, it will be treated as String. This is not valid for -OtherAttributes as the type of it is hashtable.
So, remove the quotes and include your values to the attribute by replacing value.
For suppose, if you are trying to create an Active Directory group based on Email address your cmdlet should be something like this:
$groupEmail = "user1#gmail.com","user2#gmail.com"
New-ADGroup -Name 'mygroup1' -GroupScope 0 -OtherAttributes #{'mail'=$groupEmail} -Path "CN=Users,OU=Your_OU_Name,DC=Com"
If you are trying to create AD group based on displayName, please check below cmdlet
(NOTE: You can also give the values directly like this):
New-ADGroup -Name 'mygroup1' -GroupScope 0 -OtherAttributes #{'displayName'="Sri","Devi"} -Path "CN=Users,OU=Your_OU_Name,DC=Com"
Make sure whether you are giving correct path or not.
Please check the below references if they are helpful.
References:
https://ss64.com/ps/new-adgroup.html
https://learn.microsoft.com/en-us/powershell/module/activedirectory/new-adgroup?view=windowsserver2022-ps#parameters

update/modify ldap user attribute powershell

My powershell script will update the ldap user attribute for non-Microsoft technology(Active Directory) and i faced some issue on it. This is my reference link for how to update non-Microsoft technology(Active Directory)
This is part of my powershell script
if($time -ne $null)
{
$eD = $time.AddDays(7)
write-host "The date after : "$eD
Set-ADUser xxxxx -AccountExpirationDate $eD
$a = New-Object "System.DirectoryServices.Protocols.DirectoryAttributeModification"
write-host $a
$a.Name = "String1"
write-host $a
$a.Operation = [System.DirectoryServices.Protocols.DirectoryAttributeOperation]::Add
write-host $a
#add values of the attribute
$a.Add("set")
write-host $a
$r.Modifications.Add($a)
$re = $ldapserver.SendRequest($r);
if ($re.ResultCode -ne [System.directoryServices.Protocols.ResultCode]::Success)
{
write-host "Failed!"
write-host ("ResultCode: " + $re.ResultCode)
write-host ("Message: " + $re.ErrorMessage)
}
}
Here are my script output
The date after 7 days : 14/1/2020 11:40:03 AM
0
set
You cannot call a method on a null-valued expression.
At D:\deployment\test_ck.ps1:94 char:25
+ $r.Modifications.Add($a)
+ ~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [], RuntimeException
+ FullyQualifiedErrorId : InvokeMethodOnNull
i cant figure out why $a is having a null value
This is what assigned to $r
$Domain='ou=test,ou=tes1,o=test2'
$fDomain ='(objectClass=User)'
$sDomain = New-Object System.DirectoryServices.Protocols.SearchRequest -ArgumentList $Domain,$fDomain,
$r = (new-object "System.DirectoryServices.Protocols.ModifyRequest")
$r = $sDomain
The simple PowerShell script below uses the Get-ADUser cmdlet from the ActiveDirectory PowerShell module to retrieve all the users in one OU and then iterate the users to set a couple of AD properties.
# Get all users in the Finance OU.
$FinanceUsers = Get-ADUser -Filter * -SearchBase "OU=Finance,OU=UserAccounts,DC=FABRIKAM,DC=COM"
# Iterate the users and update the department and title attributes in AD.
The example uses the Instance parameter of Set-ADUser to update each user in the OU. The parameter allows any modifications made to the ADUser object to go to the corresponding Active Directory object while only updating object properties that have changed.

Correct script for creating bulk Distribution lists from CSV file

I am trying to create a bulk of distribution lists, as instructed on technet site.
https://gallery.technet.microsoft.com/How-to-Bulk-create-6be6c82f#content
but i am encountering some errors while trying to work with the script they offered there.
This is my CSV
https://imgur.com/CXGoRIv
And this is the script of working with:
# Create Bulk Distribution Groupsmake CSV file
Import-Csv "C:\Users\user\Desktop\PowerShell\CreateDistributionLists.csv" | foreach {
New-DistributionGroup -Name $_.name -DisplayName $_.displayname –Alias $_.alias -PrimarySmtpAddress $_.PrimarySmtpAddress -RequireSenderAuthenticationEnabled ([boolean] $_.RequireSenderAuthenticationEnabled)}
when i launch the script, i get this error:
A positional parameter cannot be found that accepts argument '->RequireSenderAuthenticationEnabled'.
+ CategoryInfo : InvalidArgument: (:) [New-DistributionGroup], >ParameterBindingException
+ FullyQualifiedErrorId : PositionalParameterNotFound,New->DistributionGroup
+ PSComputerName : server.domain.com
Please Assist.
<<<< UPDATE >>
Edited script as suggested by Matias ( thanks buddy ).
Now i face the same error when launching.
A positional parameter cannot be found that accepts argument '->RequireSenderAuthenticationEnabled:'.
+ CategoryInfo : InvalidArgument: (:) [New-DistributionGroup], >ParameterBindingException
+ FullyQualifiedErrorId : PositionalParameterNotFound,New-DistributionGroup
in the csv , im typing "false" or "FALSE" under the "RequireSenderAuthenticationEnabled" column ,same as initially shown in the screenshot i attached.
To be RequireSenderAuthenticationEnabled to always be false...that will do the work for me, if you can help me edit the script to always be false in this, that will be awesome also, aslong as it work.
for reference, here is the script the way i use it now:
# Create Bulk Distribution Groupsmake CSV file
Import-Csv "C:\Users\user\Desktop\PowerShell\CreateDistributionLists.csv" | foreach {
New-DistributionGroup -Name $_.name -DisplayName $_.displayname –Alias $_.alias -PrimarySmtpAddress $_.PrimarySmtpAddress -RequireSenderAuthenticationEnabled:$([bool]::Parse($_.RequireSenderAuthenticationEnabled))}
<<< UPDATE SEP-03-2019 >>>
i have changed the script as suggested here to the following:
# Create Bulk Distribution Groupsmake CSV file
Import-Csv "C:\Users\user\Desktop\PowerShell\CreateDistributionLists.csv" | foreach {
New-DistributionGroup -Name $_.name -DisplayName $_.displayname –Alias $_.alias -RequireSenderAuthenticationEnabled $false}
Still i am getting the following error:
[PS] C:\users\user\Desktop\PowerShell>.\CreateDistributionLists.ps1
A positional parameter cannot be found that accepts argument '->RequireSenderAuthenticationEnabled'.
+ CategoryInfo : InvalidArgument: (:) [New-DistributionGroup], >ParameterBindingException
+ FullyQualifiedErrorId : PositionalParameterNotFound,New-DistributionGroup
+ PSComputerName : server.domain.com
Any suggestion ?
Thanks.