I have a script for getting all the members of various AD Groups but recently we have been needed to get more then just the names of the members and need to get various properties such as Title or Office. I tried adjusting my script so that you could input what properties you needed to define but it isn't working as I would like so I was hoping someone might be able to help.
Here is my original script:
$EndDate = (Get-Date).ToString("yyyy-MM-dd_HHmm")
$FileName = $ADGroup '_' $EndDate '_ADGroupReport.csv'
$FilePath = 'P:\Information Technology\IT Reports\' $FileName
function Get-Members {
[CmdletBinding()]
Param(
[Parameter(Mandatory=$true, HelpMessage="Enter a valid AD Group.")]
[string]$ADGroup,
[Parameter(Mandatory=$false, HelpMessage="Enter valid AD Properties seperated by a comma.")]
$Properties
)
process {
if (!$Properties) {
Get-ADGroupmember -identity $ADGroup | select name | Export-Csv -Path $FilePath
} else {
Get-ADGroupmember -identity $ADGroup | where{$_.ObjectClass -eq "user"} | Get-ADUser -Properties '$Properties' | select name, $Properties | Export-Csv -Path $FilePath
}
}
}
$Group = Read-Host -Prompt 'Enter a valid AD Group:'
$Prop = Read-Host -Prompt 'Enter any additional properties needed:'
Get-Members -ADGroup $Group -Properties $Prop
This appears to work in the try phase if I only enter 1 property, but then fails on the finally stage. If I enter multiple properties, such as title,office then it fails at both stages.
The error I get when entering additional properties is below. My assumption is that it doesn't like this as a string and would prefer an array? I am not sure honestly on how to handle this.
Get-ADUser : One or more properties are invalid.
Parameter name: $Properties
At line:10 char:79
... bjectClass -eq "user"} | Get-ADUser -Properties '$Properties' | selec ...
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
CategoryInfo : InvalidArgument: (REDACTED) [Get-ADUser], ArgumentException
FullyQualifiedErrorId : ActiveDirectoryCmdlet:System.ArgumentException,Microsoft.ActiveDirectory.Management.Commands.GetADUser
Before anyone says anything, I am aware the try block will fail if no properties are entered, its only in there for my testing currently.
CodePudding user response:
I could see three issues on your code, first one, single quotes on -Properties '$Properties' will not allow the expansion of the variable $Properties, it would be as passing the literal string.
Should be:
Get-ADUser -Properties $Properties
Second issue, doing this Select-Object Name, $Properties will throw the following exception (assuming $Properties would have been an array):
$properties = 'email', 'title'
[PSCustomObject]@{
Name = 'User'
Email = '[email protected]'
Title = 'Administrator'
} | Select-Object Name, $properties
Cannot convert
System.Object[]to one of the following types {System.String,System.Management.Automation.ScriptBlock}.
You could do something like this so that Name is always included in the $Properties variable:
$properties = ,'name' # => This is hardcoded
$properties = 'email', 'title' # => This is user input
[PSCustomObject]@{
Name = 'User'
Email = '[email protected]'
Title = 'Administrator'
} | Select-Object $properties
Name Email Title
---- ----- -----
User [email protected] Administrator
Third issue is the one pointed out by Theo on his comment, Read-Host will store the user input as string, so, assuming the user is actually using , as delimiter of each property, you can convert the input to an array using -split or .split():
$prop = ,'name'
$prop = (
Read-Host -Prompt 'Enter any additional properties needed'
).Split(',').ForEach('Trim')
Supposing the input was for example email, title:
Enter any additional properties needed: email, title
name
email
title