I'm learning Powershell and I'm trying to understand why this isn't working. I verified that -Identity accepts pipeline so I'm guessing its the type of value its passing but I don't understand why this doesn't work
Get-ADUser -Identity (Import-Csv .\GROUP.csv)
GROUP.csv is a file on my desktop which contains a list of SIDs. I can read it with no issues when just doing an Import-Csv .\GROUP.csv. Here is the result
S-1-5-21-583907252-1979792683-725345543-112088
S-1-5-21-583907252-1979792683-725345543-48881
S-1-5-21-583907252-1979792683-725345543-48880
S-1-5-21-583907252-1979792683-725345543-53776
S-1-5-21-583907252-1979792683-725345543-125569
S-1-5-21-583907252-1979792683-725345543-120374
S-1-5-21-583907252-1979792683-725345543-48882
S-1-5-21-583907252-1979792683-725345543-183175
S-1-5-21-583907252-1979792683-725345543-183136
S-1-5-21-583907252-1979792683-725345543-183130
S-1-5-21-583907252-1979792683-725345543-183112
S-1-5-21-583907252-1979792683-725345543-176034
S-1-5-21-583907252-1979792683-725345543-176023
S-1-5-21-583907252-1979792683-725345543-176022
S-1-5-21-583907252-1979792683-725345543-176002
S-1-5-21-583907252-1979792683-725345543-175974
S-1-5-21-583907252-1979792683-725345543-175931
S-1-5-21-583907252-1979792683-725345543-175889
S-1-5-21-583907252-1979792683-725345543-175836
S-1-5-21-583907252-1979792683-725345543-175804
S-1-5-21-583907252-1979792683-725345543-183195
S-1-5-21-583907252-1979792683-725345543-183180
S-1-5-21-583907252-1979792683-725345543-31219
S-1-5-21-583907252-1979792683-725345543-176037
S-1-5-21-583907252-1979792683-725345543-82576
S-1-5-21-583907252-1979792683-725345543-175905
S-1-5-21-583907252-1979792683-725345543-175777
S-1-5-21-583907252-1979792683-725345543-175765
On top of that I can use the Get-ADUser -Identity and that works fine.
Why do I get the following when trying piping the one to the other?
Cannot convert 'System.Object[]' to the type 'Microsoft.ActiveDirectory.Management.ADUser' required by parameter 'Identity'.
Specified method is not supported.
At line:1 char:22
+ Get-ADUser -Identity (Get-Content .\group.txt)
+ ~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidArgument: (:) [Get-ADUser], ParameterBindingException
+ FullyQualifiedErrorId : CannotConvertArgument,Microsoft.ActiveDirectory.Management.Commands.GetADUser
The -identity parameter doesn't accept array as input but it accept pipeline input by value than you can do:
Import-Csv .\GROUP.csv | Get-ADUser
If the name of the first column in .csv file is sid then you can try this option too
(Import-CSV .\Group.csv) | foreach-object { get-aduser -Identity $_.sid }
Related
I want to import a csv, then delete from AD several objects
$ImportComputer = "C:\Users\deng\Desktop\ComputerLastlogondateformatBis.csv"
Import-Module ActiveDirectory
foreach ($Computer in(Import-Csv -Path C:\Users\deng\Desktop\ComputerLastlogondateformatBis.csv))
{
Remove-ADObject -Identity $Computer.'Computer'
these two object exist in AD, but I cannot seem to find out why it is not working.
see below error message:
Remove-ADObject : Cannot find an object with identity: 'fr-borr-mac' under: 'DC=PII,DC=net'.
At C:\Users\deng\OneDrive - Aptus Health\Script\Export.ps1:7 char:1
+ Remove-ADObject -Identity $Computer.'Computer'
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (fr-borr-mac:ADObject) [Remove-ADObject], ADIdentityNotFoundException
+ FullyQualifiedErrorId : ActiveDirectoryCmdlet:Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException,Microsoft.ActiveDirectory.Management.Commands.RemoveADObject
Remove-ADObject : Cannot find an object with identity: 'jlinmacfr' under: 'DC=PII,DC=net'.
At C:\Users\deng\OneDrive - Aptus Health\Script\Export.ps1:7 char:1
+ Remove-ADObject -Identity $Computer.'Computer'
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Content of the CSV below:
Computer
--------
fr-borr-mac
jlinmacfr
Could anyone give input on this?
The -Identity parameter on the *-ADObject commands expect either a DistinguishedName or Guid value. If you are wanting to work with SamAccountName or some other attribute, you should consider using the *-ADComputer or using -Filter to find your objects.
# Using Remove-ADObject
Remove-ADObject -Filter "SamAccountName -eq '$($Computer.Computer)'"
# Using Remove-ADComputer
Remove-ADComputer -Identity $Computer.Computer
Alternatively, you can use Get-ADComputer or Get-ADObject to retrieve your object first and then pipe that into Remove-ADObject.
Get-ADObject -Filter "SamAccountName -eq '$($Computer.Computer)'" | Remove-ADObject
See the Remove-ADObject documentation for the following excerpt regarding explicitly binding to -Identity:
Specifies an Active Directory object by providing one of the following
property values. The identifier in parentheses is the Lightweight
Directory Access Protocol (LDAP) display name for the attribute. The
acceptable values for this parameter are:
A distinguished name
A GUID (objectGUID)
For piping an object into Remove-ADObject, the following excerpt applies, which is why you can use a Get-AD* command and pipe the result into the Remove-ADObject:
This parameter can also get this object through the pipeline or you
can set this parameter to an object instance.
Derived types, such as the following, are also accepted:
Microsoft.ActiveDirectory.Management.ADGroup
Microsoft.ActiveDirectory.Management.ADUser
Microsoft.ActiveDirectory.Management.ADComputer
Microsoft.ActiveDirectory.Management.ADServiceAccount
Microsoft.ActiveDirectory.Management.ADFineGrainedPasswordPolicy
Microsoft.ActiveDirectory.Management.ADDomain
I have a super simple script that I swear I use almost every day, but for some unknown reason my $_. variable is null.
Could someone please spot check it? there is only one column in the CSV I am importing, however it has no header so i don't know if that is what is causing it.
$results = import-csv C:\####\####\####\finddestinguishednamesof.csv | foreach-object {
Get-ADGroup $_. -Properties SamAccountName,DistinguishedName
}
$results | select SamAccountName,DistinguishedName |
Export-Csv C:\Users\laruemi\Desktop\test.csv -NoTypeInformation
I keep getting this error and do not know why.
Get-ADGroup : Cannot validate argument on parameter 'Identity'. The Identity property on the argument is null or empty.
At C:\Users\laruemi\Desktop\getdestinguishedname.ps1:2 char:13
+ Get-ADGroup $_. -Properties SamAccountName,DistinguishedName
+ ~~
+ CategoryInfo : InvalidData: (:) [Get-ADGroup], ParameterBindingValidationException
+ FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.ActiveDirectory.Management.Commands.GetADGroup
The list of CSV's I am importing is just a list of SAMAccountNames with no header. i dont think that should cause this error, but it might. Can someone please give me a sanity check?
#{DisplayName=Firstname Lastname} needs to be just 'Firstname Lastname' because get-mailbox -identity '#{DisplayName=Firstname Lastname} won't work.
I've tried using the -replace cmdlet to remove text.
$Olduser = Get-MsolUser -all | Where-Object {$_.BlockCredential -eq $True -and $_.isLicensed -eq $false} | Select-Object displayName,userPrincipalName,BlockCredential,isLicensed
$OldUser | fl *
Using the -replace, I expected that the output will be without '#{DisplayName}'
Cannot process argument transformation on parameter 'Identity'. Cannot convert value "#{DisplayName=X X}" to type "Microsoft.Exchange.Configuration.Tasks.MailboxIdParameter". Error: "Cannot conve
rt the "#{DisplayName=X X}" value of type "Deserialized.Selected.Microsoft.Online.Administration.User" to type "Microsoft.Exchange.Configuration.Tasks.MailboxIdParameter"."
+ CategoryInfo : InvalidData: (:) [Get-Mailbox], ParameterBindin...mationException
+ FullyQualifiedErrorId : ParameterArgumentTransformationError,Get-Mailbox
+ PSComputerName : outlook.office365.com
You are passing an object type with properties to a parameter (-Identity) that expects just a value. As a result, PowerShell converts that object into a string, which results in the value #{DisplayName=Firstname Lastname}. If you access the DisplayName property before passing it into the -Identity parameter, your issue will be resolved.
Get-Mailbox -Identity $OldUser.DisplayName
# Or
$OldUser.DisplayName | Get-Mailbox
You can replicate a similar behavior by typing the following at the console:
[string]$OldUser
I created a new custom attribute like: newattribute1, but when I want to change the value in PowerShell, I got an error.
Set-ADUser -Identity test1 -newattribute1 123as
The error message:
Set-ADUser : A parameter cannot be found that matches parameter name
'newattribute1'.
At line:1 char:29
+ Set-ADUser -Identity test1 -newattribute1 123as
+ ~~~~~~~~~~~~~~
+ CategoryInfo : InvalidArgument: (:) [Set-ADUser], ParameterBindingException
+ FullyQualifiedErrorId : NamedParameterNotFound,Microsoft.ActiveDirectory.Management.Commands.SetADUser
I always use:
Set-ADUser -identity <username> -replace #{CustomAttribute="YourData"}
By using the replace function, you can specify the custom attribute that you created. It an easy way to change attributes which cannot be specified by the cmdlet itself. This doesn't only work for custom attributes, you can use the replace function for attributes such as phone number. Anything that the cmdlet doesn't let you modify by default.
On a bit of a side note, you can't just make up parameters to add to an existing cmdlet like you had -newattribute1 123as.
You will need to modify a copy of the ADUser object, then write the copy back using the -Instance parameter of Set-ADUser:
$user = Get-ADUser -Identity $samaccountname -Properties *
$user.YourCustomAttribute = $NewCustomAttributeValue
Set-ADUser -Instance $User
See Get-Help Set-ADUser.
Im trying to add multiple compuers (from a txt file) to be part of a certain security group.
sample from input.txt
COL7DM2CP1
COLC5RNDP1
using the following powershell input:
Get-Content C:\Scripts\input.txt | Add-ADPrincipalGroupMembership -MemberOf 'AMATU.SCCM.Office2010.Std'
however im getting the following outpout error:
Add-ADPrincipalGroupMembership : Cannot find an object with identity: 'COL7DM2CP1' under: 'DC=actuant,DC=pri'.
At C:\Scripts\Add bulk ADcomputer to group.ps1:1 char:36
+ Get-Content C:\Scripts\input.txt | Add-ADPrincipalGroupMembership -MemberOf 'AMA ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (COL7DM2CP1:ADPrincipal) [Add-ADPrincipalGroupMembership], ADIdentityN
otFoundException
+ FullyQualifiedErrorId : SetADPrincipalGroupMembership:ProcessRecordOverride,Microsoft.ActiveDirectory.Manageme
nt.Commands.AddADPrincipalGroupMembership
The issue is that the Add-PrinicpalGroupMembership does not know what object you are looking for. It does not query AD for the simple computername, it assumes the FQDN. If you wanted to pass it just a name, you'll need to give it's full AD Distinguished Name.
An easy way around this is to use Get-ADcomputer and pass that to Add-PrinicpalGroupMembership
Get-Content C:\Scripts\input.txt | Get-ADComputer | Add-ADPrincipalGroupMembership -MemberOf 'AMATU.SCCM.Office2010.Std'