locked
PowerShell Script for AD RRS feed

  • General discussion

  • Hi

    I am trying to export the information from multiple groups however the below command is working for individual group but unable to run for multiple groups. May you guide me where i am wrong?

    $groups=get-content "c:\groups.txt" 
    ForEach ($Group in $Groups)
    {
    Get-ADGroupMember -Identity $groups -Recursive | Get-ADUser -Properties * | Select-Object Name, mail, positionid, subdepartment, title, office, @{Name="ManagerEmail";Expression={(get-aduser -property emailaddress $_.manager).emailaddress}},@{Name="ManagerName";Expression={(get-aduser -property displayname $_.manager).displayname}} }| Export-Csv C:\test.csv

    The error is :-

    + ... get-aduser -property displayname $_.manager).displayname}} }| Export- ...
    +                                                                 ~
    An empty pipe element is not allowed.
        + CategoryInfo          : ParserError: (:) [], ParseException
        + FullyQualifiedErrorId : EmptyPipeElement


    Chanchal Sharma


    Friday, December 18, 2020 10:54 AM

All replies

  • Hi,

    You have posted in the dedicated System Center Data Protection Manager forum, I suggest you ask over at the dedicated PowerShell forum over here:
    https://docs.microsoft.com/en-us/answers/topics/windows-server-powershell.html


    PS: Please change the thread type to a question thread.

    (Please don't forget to mark helpful replies as answer, thank you)

    Best regards,
    Leon


    Blog: https://thesystemcenterblog.com LinkedIn:

    Friday, December 18, 2020 10:56 AM
  • Hi Chanchal,

    In your foreach Statement, I've seen an error

    Get-ADGroupMember -Identity $group# and not $groups


    Avoid -Properties * with the Get-ADUser cmdlet. This return a big object to the pipeline (a big collection of objects), to finally select only few properties.

    Respect the logic of the cmdlet. Get-Aduser -property DisplayName $_.manager is not logic. Get-AdUser -Identity $_.manager -property DisplayName is more logic.

    The pb seems to be with the parameter -Identity in your Get-AdUser cmdlet. Get-Help Get-ADUser
        -Identity <ADUser> Specifies an Active Directory user object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute.

    Are you really sure that $_.Manager is the DisplayName of this ADUser ? I don"t think so. Why ? You use -Properties DisplayName with the same cmdlet to add this property that are not included in the default set.

    My advice : Serialize your pb. Cut your single command-line and test cmdlet by cmdlet.

    To do this, use a single Group.

    Get-ADGroupMember -Identity MyGroup -Recursive #look the default set return.

    Get-ADGroupMember -Identity MyGroup -Recursive | Get-ADUser # look the default set, then add the additionnal properties you would like to have

    # Probably only mail, positionid, subdepartment, title, office, and Manager not in the default

    # At this step, you could look the result. If you have all necessary properties, it will be ok for the next treatment : Custom Label with Select-Object cmdlet

    Put all these treatments in a var (i.e. $Users) and use this var to pipepline to Export-Csv cmdlet (don't forget -NoTypeInformation parameter).Why ? 2 main reasons :

    More human readable

    you can use later in your script the var $Users for another use (it's not the case in your script version). i.e. : export  also in a html file, do some treatments, ...Hope this help

    Regards

    Olivier

    Saturday, December 26, 2020 12:14 PM