locked
why this concatenation fails? RRS feed

  • Question

  • i have AD groups named xxx16up, yyy16up, zzz16up. what i'm trying to do is if:

    • AD user is grade level 16 and up
    • AD user is not yet a member of said group

    the script will add the AD user to the corresponding group based on company codes xxx, yyy, zzz.

    $list = Import-CSV "C:\update12Apr2018.csv"
    ForEach ($company in $list) {
      $myList = ( Get-ADGroup "$($company.comp)16up" ).DistinguishedName
    
        if ( ([INT]$_.level -ge 16) -and (Get-ADUser -LDAPFilter "(!(memberof=$myList))" )) {
            Add-ADGroupMember -Identity "$($company.comp)16up" -Members $company.samAccountName
        }
    }

    the part highlighted in bold does not work as is. but if i take it out from the right-hand side of the assignment operator and run it by itself it has no problems. it produces the corresponding group of either xxx16up, yyy16up, or zzz16up.

    when it's in the right-hand side of the assignment operator, it gave below error:

    Get-ADGroup : Cannot find an object with identity: '16up' under: 'DC=ACME,DC=com'. At line:1 char:33 + ... ch ($company in $list) { ( Get-ADGroup "$($company.comp)16up" ).Disti ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : ObjectNotFound: (16up:ADGroup) [Get-ADGroup], ADIdentityNotFoundException + FullyQualifiedErrorId : ActiveDirectoryCmdlet:Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException,Microsoft.ActiveDirectory.Manag ement.Commands.GetADGroup

    i was able to narrow down the problem to when there is an assignment operation and that is when it acts as if the concatenation failed.

    Monday, April 16, 2018 9:09 AM

Answers

  • Hi,

    Perhaps you could try concatenate the group name before the get-adgroup command.

    $list = Import-CSV "C:\update12Apr2018.csv"
    ForEach ($company in $list) {
      $grpname = $company.comp + "16up"
      $myList = ( Get-ADGroup $grpname ).DistinguishedName
        if ( ([INT]$_.level -ge 16) -and (Get-ADUser -LDAPFilter "(!(memberof=$myList))" )) {
            Add-ADGroupMember -Identity "$($company.comp)16up" -Members $company.samAccountName
        }
    }


    Kind Regards Don

    • Marked as answer by Reno Mardo Tuesday, April 17, 2018 11:36 AM
    Tuesday, April 17, 2018 9:58 AM
  • hi,

    tried that and still gives same error when that assignment line comes. but what made it work is i changed the quotation mark to single quote!

    $grpname = $company.comp + '16up'

    that was the problem. i wasn't able to notice that before.

    your suggestion is what tipped me off :-) thanks.

    • Marked as answer by Reno Mardo Tuesday, April 17, 2018 11:36 AM
    Tuesday, April 17, 2018 11:35 AM

All replies

  • Hi,

    Perhaps you could try concatenate the group name before the get-adgroup command.

    $list = Import-CSV "C:\update12Apr2018.csv"
    ForEach ($company in $list) {
      $grpname = $company.comp + "16up"
      $myList = ( Get-ADGroup $grpname ).DistinguishedName
        if ( ([INT]$_.level -ge 16) -and (Get-ADUser -LDAPFilter "(!(memberof=$myList))" )) {
            Add-ADGroupMember -Identity "$($company.comp)16up" -Members $company.samAccountName
        }
    }


    Kind Regards Don

    • Marked as answer by Reno Mardo Tuesday, April 17, 2018 11:36 AM
    Tuesday, April 17, 2018 9:58 AM
  • hi,

    tried that and still gives same error when that assignment line comes. but what made it work is i changed the quotation mark to single quote!

    $grpname = $company.comp + '16up'

    that was the problem. i wasn't able to notice that before.

    your suggestion is what tipped me off :-) thanks.

    • Marked as answer by Reno Mardo Tuesday, April 17, 2018 11:36 AM
    Tuesday, April 17, 2018 11:35 AM