none
Unable to get GUID from search results RRS feed

  • Question

  • Thank you in advance for your assistance.

    I am making a module for disabling AD accounts when users have been termed. The only changes I have made below is adjusting the OU paths for obvious reasons. Below the code is the error I am receiving, for some reason the $GUID is not getting any information, but when I put the code as a one liner in PS I get a result.

    The Write Host commands was just to test out the '!' on the variable, I didn't know it would work.

    I am new to coding so any thoughts or suggestions on formatting is also welcome as it is easier to fix a mistake then break a habit.

    function Revoke-Account{

        [CmdletBinding()]
        [OutputType([int])]

        Param
        (
            # This USER ID will be used to collect the GUID from AD to prevent the IT Pro from needing the OU
            [parameter(Mandatory=$False)]
            $UserID,

            # This USER Name will be used to collect the GUID from AD to prevent the IT Pro from needing the OU
            [parameter(Mandatory=$False)]
            $UserName

        )

            if ($UserID)
            {

                Write-Host "User ID Has Value"

                $GUID = (Get-ADUser -Identity $UserID).ObjectGUID
                Move-ADObject "$GUID" -TargetPath "OU=Users,OU=DHCORP,DC=Corperate,DC=Com"
                Disable-ADAccount -identity $UserID

            }

            if (!$UserID)    
            {

                Write-Host "User Name Has Value"
                $GUID = (Get-ADUser -SearchBase "OU=Users,OU=DHCORP,DC=Corperate,DC=Com" -Filter {(name -eq "$UserName")}).ObjectGUID
                Disable-ADAccount $GUID.ObjectGUID
                Move-ADObject $GUID -TargetPath "OU=Users,OU=DHCORP,DC=Corperate,DC=Com"
            }

    ----------------------------------------------Error below---------------------------------------------


    Disable-ADAccount : Cannot validate argument on parameter 'Identity'. The argument is null. Supply a non-null argument
    and try the command again.
    At C:\Users\USER\Documents\WindowsPowerShell\Modules\ADTools\ADTools.psm1:69 char:31
    +             Disable-ADAccount $GUID.ObjectGUID
    +                               ~~~~~~~~~~~~~~~~
        + CategoryInfo          : InvalidData: (:) [Disable-ADAccount], ParameterBindingValidationException
        + FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.ActiveDirectory.Management.Commands.DisableAD
       Account

    Tuesday, December 29, 2015 3:16 PM

Answers

  • It is done the same way.  Make the two parameters mandatory but part of different ParameterSets.

    if($userid){ 
        $user=Get-AdUser $userid
    }else{
        $user=Get-AdUser -filter "samaccountname -eq $username"
    }

    if($user){ process user }


    \_(ツ)_/

    • Marked as answer by Rumisglass Tuesday, December 29, 2015 6:09 PM
    Tuesday, December 29, 2015 3:54 PM

All replies

  • Don't use decorations on code that you do not understand.  Most of what you are adding is not needed.

    Start by using this and then add a bit at a time.

    function Revoke-Account {
    	Param(
    		[parameter(Mandatory)]$UserID
    	)
    	
    	Get-ADUser -Identity $UserID |
    		Disable-ADAccount -PassThru|
    		Move-ADObject -TargetPath 'OU=Users,OU=DHCORP,DC=Corperate,DC=Com' -PassTHru
    }
    

    Try to avoid over=complicating things.  Do it simple and add bits as you understand what is happening.


    \_(ツ)_/

    Tuesday, December 29, 2015 3:35 PM
  • That was the plan with my original code, the second phase is allowing us to search for user accounts by the name or SamAccountName value of the get-aduser results. which is why I started expanding my knowledge and ham fisting the code above.
    • Edited by Rumisglass Tuesday, December 29, 2015 3:43 PM
    Tuesday, December 29, 2015 3:43 PM
  • It is done the same way.  Make the two parameters mandatory but part of different ParameterSets.

    if($userid){ 
        $user=Get-AdUser $userid
    }else{
        $user=Get-AdUser -filter "samaccountname -eq $username"
    }

    if($user){ process user }


    \_(ツ)_/

    • Marked as answer by Rumisglass Tuesday, December 29, 2015 6:09 PM
    Tuesday, December 29, 2015 3:54 PM
  • So the two Parameters would look like this?

    function Revoke-Account{

        [CmdletBinding()]
        [OutputType([int])]

        Param
        (
            # This USER ID will be used to collect the GUID from AD to prevent the IT Pro from needing the OU
            [parameter(Mandatory=$True)]
            $UserID
        )
        
        Param
        (
            # This USER Name will be used to collect the GUID from AD to prevent the IT Pro from needing the OU
            [parameter(Mandatory=$True)]
            $UserName

        )

    Tuesday, December 29, 2015 4:21 PM
  • If you are going to just keep posting the same broken code what can I do.

    You are just guessing and badly.

    Start by readin about advanced functions.

    https://technet.microsoft.com/en-us/library/hh847806.aspx

    Why add CmdletBinnding and Outputtype what you do not have a clue ass to how yu can use them.  YOU care just adding lines that make it harder for you to understand how this works.

    https://technet.microsoft.com/en-us/library/hh847743.aspx

    You also have a design issue.   How do you plan to tell the user how to apply the correct argument?

    You cannot have two Param statements. Read the help to see how to use ParameterSets.


    \_(ツ)_/

    Tuesday, December 29, 2015 4:31 PM
  • Here is a starter:

    function Revoke-Account {
    	Param(
    		[parameter(
    				ParameterSetName = 'UserID',
    				Mandatory
    		)]$UserID,
    		[parameter(
    			ParameterSetName='UserName',
    			Mandatory
    		)]$UserName
    	
    	)
    	
    	if($PSCmdlet.ParameterSetName -eq 'UserID'){
    		$user=Get-ADUser -Identity $UserID
        }
    	
    	if($user){
    		$user|Disable-ADAccount -PassThru|
    		Move-ADObject -TargetPath 'OU=Users,OU=DHCORP,DC=Corperate,DC=Com' -PassTHru
        }
    }
    
    


    \_(ツ)_/

    Tuesday, December 29, 2015 4:37 PM
  • You should also note the SaaAccountName is the same as UserID.  Why do you need it twice?

    \_(ツ)_/

    Tuesday, December 29, 2015 4:44 PM
  • This is the kind of answer I am normally looking for when posting to these sites. I would like to know where I can find the answers to my questions not just handed fixed lines of code. I will read through what you have provided and rebuild.

    As for this code 

    {function Revoke-Account{

        [CmdletBinding()]
        [OutputType([int])

    I was following through Microsoft's video tutorial on Powershell and was under the impression those are required to build functions. As stated previously I am a new PS programmer, I have just started experimenting with what I can and cannot do.

    Finally I am making the var $UserID to make it more readable for my users. I understand that the SamAccountName is the same as UserID but there are some people in my company that would not know what that was.


    • Edited by Rumisglass Tuesday, December 29, 2015 5:02 PM
    Tuesday, December 29, 2015 5:01 PM
  • I recommend that you start with the basics before trying to use advanced functions.

    https://technet.microsoft.com/en-us/scriptcenter/dd793612.aspx

    Also take time to learn how to use AD and what the AD objects and properties are.  "Identity" is CN (Name), SamAccountName, USERID, distinguishedname and other things.  You do not need to use "Filter" on any of these.


    \_(ツ)_/

    Tuesday, December 29, 2015 5:12 PM
  • The unfortunate thing is I am required to learn on the fly as this project is work related/required, I will review the basics and start applying them as I go. Thanks again for all the assistance, rest assured I will continue seeking help with my poorly written code :-D
    Tuesday, December 29, 2015 6:08 PM