PowerShell remote event log parsing - powershell

I wrote a small script to grab event log entries from a remote machine and write it to a .csv file. The script works when targeting a single machine, but when I try to implement a for loop and loop it over all machines in Active Directory, I get this error:
Method invocation failed because [Microsoft.ActiveDirectory.Management.ADComputer]
does not contain a method named 'op_Addition'.
At Y:\srp.ps1:7 char:143
+ ... | Export-Csv $($computer + ".csv")
+ ~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (op_Addition:String) [], RuntimeException
+ FullyQualifiedErrorId : MethodNotFound
Export-Csv : Cannot validate argument on parameter 'Path'. The argument is null or empty.
Provide an argument that is not null or empty, and then try the command again.
At Y:\srp.ps1:7 char:141
+ ... 0 | Export-Csv $($computer + ".csv")
+ ~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidData: (:) [Export-Csv],
ParameterBindingValidationException
+ FullyQualifiedErrorId : ParameterArgumentValidationError,
Microsoft.PowerShell.Commands.ExportCsvCommand
The error indicates there's a problem with the Export-Csv command, but running the command by itself creates the log files needed. Here is the full script, for reference:
# Gets SRP event log entries from remote machine and writes them to a .csv file
# of the same name.
Write-Output "Running..."
$computers = Get-ADComputer -filter {(Name -like "PC*") -or (Name -like "LT*")}
foreach ($computer in $computers) {
Get-EventLog -LogName Application -Source Microsoft-Windows-SoftwareRestrictionPolicies
-ComputerName $computer -Newest 10 | Export-Csv $($computer + ".csv")
} #end foreach
Write-Host "Done."
Any ideas as to why this error appears when I try to loop over computers in AD?

It looks like Get-ADComputer returns ADComputer objects, but you're passing it to Get-EventLog's ComputerName parameter, which takes a string, as-is. I'm assuming you'll need to grab the name property from the Microsoft.ActiveDirectory.Management.ADComputer object.

Related

How to discard errors of PowerShell ActiveDirectory cmdlets?

I am writing a PowerShell script (in a PowerShell 5.1 environnement) and I need to list all users from groups set in a folder's permissions. But some groups are not relevant so when I try to Get-ADGroupMember on it, I've got an expected error.
To discard this error, I tried the following :
Get-ADGroupMember Fake_Group -Server ad.example.com 2>&1 $null
Get-ADGroupMember Fake_Group -Server ad.example.com 2>&1 | Out-Null
But in both cases, the result is the same : error is displayed.
get-aduser : Cannot find an object with identity: 'Fake_Group' under 'DC=example.com'.
At line:1 char:1
+ Get-ADGroupMember Fake_Group -Server ad.example.com 2>&1 | ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (Fake_Group:ADGroup) [Get-ADGroupMember], ADIdentityNotFoundException
+ FullyQualifiedErrorId : ActiveDirectoryCmdlet:Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException,Microsoft.ActiveDirectory.Management.Commands.GetADGroupMember
So my question is : why is this error still displayed ?
And then, how could I discard this error or is there a better way to list users from groups set in a folder's permissions than just try to Get-ADGroupMember on the whole result of Get-Acl even on no relevant object ?
Because Out-Null does nothing in this regard, you would need to use try/catch statements and might even need to add -ErrorAction Stop as not all errors in AD commands are terminating errors:
Try{
Get-ADGroupMember $GROUPNAME -Server $SEVRER -ErrorAction Stop
#The group is found, do whatever you want here
}Catch{
Write-Host "Some error occured"
}

I can't get Powershell StartsWith function to work

I'm trying to create a Powershell script that prints out only certain AD groups from the Folder Permission settings. However for some reason Powershell doesn't recognize StartsWith function.
("C:\folder" | get-acl).Access | ForEach-Object { if (($_.IdentityReference).StartsWith("sl_test")) { continue }; $_ }
When I run this I got errors similar to this for every foreach object:
Method invocation failed because [System.Security.Principal.NTAccount] does not contain a method named 'StartsWith'.
At C:\temp\test.ps1:1 char:56
+ ("C:\folder" | get-acl).Access | ForEach-Object { if (($_.IdentityReference).St ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [], RuntimeException
+ FullyQualifiedErrorId : MethodNotFound
Any suggestions on how to get this to work?
IdentityReference is a [System.Security.Principal.NTAccount]according to your error message.
But .StartWith is a method on the String type. If you call a method, Powershell does no magic for you, AFAIK.
Try ... ($_.IdentityReference) -match "^sl_test" ..., which should do the implicit string conversion.
If you want the string representation of an IdentityReference (regardless of whether it's and NTAccount object or a SID), you can reference the Value property:
$_.IdentityReference.Value.StartsWith('sl_test')
Try:
Get-Acl -Path "C:\folder" | Select-Object -ExpandProperty Access | Where-Object {$_.IdentityReference -like "sl_test*" }
You can customize the output with an additional | Select-Object -Property XY

How to check particular VMware VM is not currently running in the task using PowerShell?

I need to check particular VMware VM is currently in the recent task like CLone_task, Migrate_VMTask,.etc and also skip that VM before VM migration starts..
I have tried the below code:
PS> Get-Task (Get-VM -Name VM1) | Select State
Get-Task : Cannot bind parameter 'Status'. Cannot convert the "nalb00cava3"
value of type "VMware.VimAutomation.ViCore.Impl.V1.Inventory.VirtualMachineImpl"
to type "VMware.VimAutomation.Sdk.Types.V1.TaskState".
At line:1 char:10
+ Get-Task (Get-VM -Name nalb00cava3) | Select State
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidArgument: (:) [Get-Task], ParameterBindingException
+ FullyQualifiedErrorId : CannotConvertArgumentNoMessage,VMware.VimAutomation.ViCore.Cmdlets.Commands.GetTask
This should do what you're looking for, the final pipe is where you would define the specific VM.
Get-Task | ?{$_.ObjectId -match 'VirtualMachine'} | Select #{N='VM';E={(Get-View -Id $_.ObjectId).Name }},State,Description | where {$_.VM -eq "VM1"}
It filters on ObjectId from Get-Task, then referencing the Id, determines the VM names, and finally filters on the VM you define.

Trying to Create a script that will get my filtered list of Get-Adcomputer then run a command on each

Firstly,
I am very new to powershell. Everytime I think i get the logic i go WTF.. If this was bash it would be so easy etc..
what am I trying to do exactly ...
Get all computers from AD that Meet the Xiopwb* criteria. Once i have the list I need to change the permissions on the \\Xiopwb20\Nsiwebroot Directory to ONLY INCLUDE Domain Administrators and A Security group "webadmins"
My Logic:
Get all computers from AD that meet Xio*PWB*
Take just the NAME of objects in that list
for ever "name" in that list do Get-ACL \\Name from list\Nsiwebroot
remove *
add user / group.
What I have:
PS C:\Windows\system32> Get-ADComputer -filter * | Where-Object {$_.Name -like "xiopwb*"} | Select Name | ForEach-Object { Get-Acl \\$_.Name\nsiwebroot}
all up to the "ForEach" works... I get just the names of the PC's that I need etc..
Simple as possible I don't need a 100 line script.
Thanks
** update **
it is double \ its just not showing it... no idea why
Looks like it is doing what I want to a degree. However its spitting out the format funky. #{Name=XIOPWB09}
PS C:\Windows\system32> Get-ADComputer -filter * | Where-Object {$_.Name -like "xiopwb*"} | Select Name | ForEach-Object {get-acl "\\$_\D$\nsiwebroot"}
get-acl : Cannot find path '\#{Name=XIOPWB09}\D$\nsiwebroot' because it does not exist.
At line:1 char:99
+ ... opwb*"} | Select Name | ForEach-Object {get-acl "\$_\D$\nsiwebroot"}
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (:) [Get-Acl], ItemNotFoundException
+ FullyQualifiedErrorId : GetAcl_PathNotFound_Exception,Microsoft.PowerShell.Commands.GetAclCommand
get-acl : Cannot find path '\#{Name=XIOPWB06}\D$\nsiwebroot' because it does not exist.
At line:1 char:99
+ ... opwb*"} | Select Name | ForEach-Object {get-acl "\$_\D$\nsiwebroot"}
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (:) [Get-Acl], ItemNotFoundException
+ FullyQualifiedErrorId : GetAcl_PathNotFound_Exception,Microsoft.PowerShell.Commands.GetAclCommand
"Select Name" returns an Object with Table Header Name. "Select -ExpandProperty Name" is What needed here, which will convert it o String.
Regards,
kvprasoon

PowerShell Newb - Cannot convert

I'm learning Powershell and I'm trying to understand why this isn't working. I verified that -Identity accepts pipeline so I'm guessing its the type of value its passing but I don't understand why this doesn't work
Get-ADUser -Identity (Import-Csv .\GROUP.csv)
GROUP.csv is a file on my desktop which contains a list of SIDs. I can read it with no issues when just doing an Import-Csv .\GROUP.csv. Here is the result
S-1-5-21-583907252-1979792683-725345543-112088
S-1-5-21-583907252-1979792683-725345543-48881
S-1-5-21-583907252-1979792683-725345543-48880
S-1-5-21-583907252-1979792683-725345543-53776
S-1-5-21-583907252-1979792683-725345543-125569
S-1-5-21-583907252-1979792683-725345543-120374
S-1-5-21-583907252-1979792683-725345543-48882
S-1-5-21-583907252-1979792683-725345543-183175
S-1-5-21-583907252-1979792683-725345543-183136
S-1-5-21-583907252-1979792683-725345543-183130
S-1-5-21-583907252-1979792683-725345543-183112
S-1-5-21-583907252-1979792683-725345543-176034
S-1-5-21-583907252-1979792683-725345543-176023
S-1-5-21-583907252-1979792683-725345543-176022
S-1-5-21-583907252-1979792683-725345543-176002
S-1-5-21-583907252-1979792683-725345543-175974
S-1-5-21-583907252-1979792683-725345543-175931
S-1-5-21-583907252-1979792683-725345543-175889
S-1-5-21-583907252-1979792683-725345543-175836
S-1-5-21-583907252-1979792683-725345543-175804
S-1-5-21-583907252-1979792683-725345543-183195
S-1-5-21-583907252-1979792683-725345543-183180
S-1-5-21-583907252-1979792683-725345543-31219
S-1-5-21-583907252-1979792683-725345543-176037
S-1-5-21-583907252-1979792683-725345543-82576
S-1-5-21-583907252-1979792683-725345543-175905
S-1-5-21-583907252-1979792683-725345543-175777
S-1-5-21-583907252-1979792683-725345543-175765
On top of that I can use the Get-ADUser -Identity and that works fine.
Why do I get the following when trying piping the one to the other?
Cannot convert 'System.Object[]' to the type 'Microsoft.ActiveDirectory.Management.ADUser' required by parameter 'Identity'.
Specified method is not supported.
At line:1 char:22
+ Get-ADUser -Identity (Get-Content .\group.txt)
+ ~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidArgument: (:) [Get-ADUser], ParameterBindingException
+ FullyQualifiedErrorId : CannotConvertArgument,Microsoft.ActiveDirectory.Management.Commands.GetADUser
The -identity parameter doesn't accept array as input but it accept pipeline input by value than you can do:
Import-Csv .\GROUP.csv | Get-ADUser
If the name of the first column in .csv file is sid then you can try this option too
(Import-CSV .\Group.csv) | foreach-object { get-aduser -Identity $_.sid }