locked
Trying to retrieve AD Object properties using the Get-ADuser cmdlet with piped input in the -Identity Parameter RRS feed

  • Question

  • Here is the following PowerShell command I am trying to run but keep getting errors and I am not sure what is missing

    $sAMAccountName=Import-csv -path Z:\PowerShellScripts\Input\username.csv | get-aduser -Identity {$sAMAccountName} -Properties LastlogonDate,Enable

    The Goal is to find the LastlogonDate and Enabled Status of a list of users I was supplied by an application owner

    The .csv file is formatted:

    sAMAccountName

    stmAdairB
    mhhAdamsM
    tmcAllenK
    tmcAllisH
    dhlaltger
    mmcAlvarM

    Here is the error I receive in PowerShell:

    Get-ADUser : Cannot evaluate parameter 'Identity' because its argument input did not produce any output.

    At line:1 char:97

    + ... user -Identity {$sAMAccountName} -Properties LastlogonDate,Enabled

    +                    ~~~~~~~~~~~~~~~~~

        + CategoryInfo          : InvalidArgument: (@{sAMAccountName=wrigc}:PSObject) [Get-ADUser], ParameterBindingException

        + FullyQualifiedErrorId : ScriptBlockArgumentNoOutput,Microsoft.ActiveDirectory.Management.Commands.GetADUser

    Any help would be greatly appreciated just haven't had any luck finding the info I need through searches


    Roland Robinson Roland.Robinson@highpoint-solutions.com

    Wednesday, April 30, 2014 5:01 PM

Answers

  • That error is indicative of the fact that you are not passing a string value to the Identity parameter, but rather a hashtable as referenced by the @{}. You have a collection of sAMAccountName values coming from your CSV that you need to extract. The corrected version is below. Also note that "Enable" is not a valid property. It's "Enabled".

    $sAMAccountNames = Import-csv -path Z:\PowerShellScripts\Input\username.csv 
    $sAMAccountNames | % { Get-ADUser -Identity $_.sAMAccountName -Properties LastlogonDate,Enabled }

    Thursday, May 1, 2014 2:29 PM

All replies

  • That doesn't look like a CSV file. A CSV file would normally look like this:


    "sAMAccountName"
    "stmAdairB"
    "mhhAdamsM"
    "tmcAllenK"
    "tmcAllisH"
    "dhlaltger"
    "mmcAlvarM"

    Then you would also do this:


    import-csv yourcsvfile.csv | foreach-object { get-aduser $_.sAMAccountName -properties LastLogonDate }


    -- Bill Stewart [Bill_Stewart]



    • Edited by Bill_Stewart Thursday, May 1, 2014 3:18 PM Omitted object property
    Wednesday, April 30, 2014 5:04 PM
  • Thanks but I added the quotation marks but still receive same error

    Roland Robinson Roland.Robinson@highpoint-solutions.com

    Wednesday, April 30, 2014 5:07 PM
  • See my revised response.

    -- Bill Stewart [Bill_Stewart]

    Wednesday, April 30, 2014 5:07 PM
  • Bill, thanks for your quick responses but I still get an error when I try your method here is the output:

    Get-ADUser : Cannot bind parameter 'Identity'. Cannot convert value "@{sAMAccountName=stmAdairB}" to type "Microsoft.ActiveDirectory.Management.ADUser". Error: "Cannot convert the

    "@{sAMAccountName=stmAdairB}" value of type "System.Management.Automation.PSCustomObject" to type "Microsoft.ActiveDirectory.Management.ADUser"."

    At line:1 char:88

    + ... ct {get-aduser $_ -properties LastLogonDate,Enabled}

    +                    ~~

        + CategoryInfo          : InvalidArgument: (:) [Get-ADUser], ParameterBindingException

        + FullyQualifiedErrorId : CannotConvertArgumentNoMessage,Microsoft.ActiveDirectory.Management.Commands.GetADUser

    I can verify that the usernames in AD so I am not sure why it says it does not match.


    Roland Robinson Roland.Robinson@highpoint-solutions.com

    Thursday, May 1, 2014 1:38 PM
  • That error is indicative of the fact that you are not passing a string value to the Identity parameter, but rather a hashtable as referenced by the @{}. You have a collection of sAMAccountName values coming from your CSV that you need to extract. The corrected version is below. Also note that "Enable" is not a valid property. It's "Enabled".

    $sAMAccountNames = Import-csv -path Z:\PowerShellScripts\Input\username.csv 
    $sAMAccountNames | % { Get-ADUser -Identity $_.sAMAccountName -Properties LastlogonDate,Enabled }

    Thursday, May 1, 2014 2:29 PM
  • You don't need to include the enabled property as its a default property for Get-ADUser.

    LastlogonDate is a subset of LastLogonTimeStamp.

    Please read the following article which explains the difference between Lastlogon and LastLogonTimeStamp, before you start.

    http://social.technet.microsoft.com/wiki/contents/articles/22461.understanding-the-ad-account-attributes-lastlogon-lastlogontimestamp-and-lastlogondate.aspx

    Thursday, May 1, 2014 3:12 PM
  • Anthony Guimelli is correct; I omitted the property name from my code. I added it to my response.


    -- Bill Stewart [Bill_Stewart]


    Thursday, May 1, 2014 3:19 PM
  • Here's an advanced function which should return the lastlogon across domain controllers (I've amended it to include the enabled property).

    Function Get-LastLogon {
        <#
        .SYNOPSIS
        Returns LastLogon information
        .DESCRIPTION
        Queries the LastLogin information for a user across domain controllers and returns the highest (latest) value
        .EXAMPLE
        Get-LastLogon User
        .EXAMPLE
        Get-LastLogon -Identity User
        .EXAMPLE
        Get-ADUser User | Get-LastLogon
        .EXAMPLE
        Get-LastLogon User1, User2
        .EXAMPLE
        Get-ADGroupMember "Domain Admins" | Get-LastLogon
        .PARAMETER users
        List of users - pipeline can be used
        #>
        
        [CmdletBinding()]
        param
        (
        [Parameter(Position= 0,
                    Mandatory=$True,
                        ValueFromPipeline=$True,
                            HelpMessage='What user would you like to find the last logon for?')]
        $identity
    	)
        
        Begin {}
        
        Process {
        
            Foreach ($account in $identity) {
        
                $dateStamp = $null
                $domainController =$null
    
                Get-ADDomainController -Filter * | Foreach {
    
                    $dc = $_.HostName
                    
                    $user = Get-ADUser $account -Properties LastLogon -server $dc | Select-Object samAccountName, enabled, @{n='LastLogon';e={[DateTime]::FromFileTime($_.LastLogon)}}
                    
                    $lastLogon = $user.LastLogon
                    
                    If ($dateStamp -le $lastlogon)
                        {
                        $dateStamp = $lastlogon
                        $domainController = $dc
                        }
                    
                } # End of ForEach
            
                $properties = @{
                samAccountName=$user.samAccountName;
                enabled=$user.enabled
                LastLogon=$dateStamp;
                DomainController=$domainController
                
                }
            
                Write-Output (New-Object -TypeName PSObject -Prop $properties)
            
            } # End of ForEach
    
        } # End of Process
            
        End {}          
                
    } # End of Function
    You can then run...

    Import-CSV ".\users.csv" | % {Get-LastLogon $_.samaccountname}

    or...

    Import-CSV ".\users.csv" | % {Get-LastLogon $_.samaccountname} | Export-CSV ".\report.csv" -noType
    • Edited by Newbie Jones Thursday, May 1, 2014 3:43 PM Export-CSV
    Thursday, May 1, 2014 3:34 PM
  • You do not need to do this:
    Write-Output (New-Object -TypeName PSObject -Prop $properties)

    It is identical tothis:
    New-Object -TypeName PSObject -Prop $properties

    Adding Write-Output by passes the Out-Default which is used in the pipeline so things will tend to behave oddly.

    Out-Default allows the pipeline full control.


    ¯\_(ツ)_/¯

    Thursday, May 1, 2014 6:18 PM