Author Posts

September 25, 2017 at 8:20 pm

I am creating a script that will schedule the removal and addition of existing members in a particular group. I am able to create the new tasks, but I run into an error when launching the arguments.

I have no idea how to add an argument to a powershell script.

Script1

$user = Read-Host "Enter the username."
$group = "Users"
$members = Get-ADGroupMember -Identity $group -Recursive | Select -ExpandProperty Name

If ($members -contains $user) {
      Write-Host "$user exists in the group"
 } Else {
        Write-Host "$user not exists in the group"
}
If ($members -contains $user) {
      $StartDate = Read-Host "Start of Vacation. MM.dd.yyyy"
      $EndDate = Read-Host "End of Vaction. MM.dd.yyyy"
      $PSRemove = New-ScheduledTaskAction -Execute "PowerShell.exe" -Argument "-File C:\PS\Remove.ps1 -user1 '$user'"
      $PSAdd = New-ScheduledTaskAction -Execute "PowerShell.exe" -Argument "-File C:\PS\Add.ps1 -user1 '$user'"
      $TaskStart = New-ScheduledTaskTrigger -Once -At $StartDate
      $TaskEnd = New-ScheduledTaskTrigger -Once -At $EndDate
      $TaskSettings = New-ScheduledTaskSettingsSet
      $CreateStart = New-ScheduledTask -Action $PSRemove -Trigger $TaskStart -Settings $TaskSettings
      $CreateEnd = New-ScheduledTask -Action $PSAdd -Trigger $TaskEnd -Settings $TaskSettings
      Register-ScheduledTask "\RTO\$user Start $StartDate" -InputObject $CreateStart
      Register-ScheduledTask "\RTO\$user Start $EndDate" -InputObject $CreateEnd 
      }

Remove

$user1 = $args
$username = Get-ADUser -Filter{displayName -like $user1 -and SamAccountName -notlike "admin-*" -and Enabled -eq $True} -Properties SamAccountName
Remove-ADGroupMember "Users" $username

Add

$user1 = $args[0]
$username = Get-ADUser -Filter{displayName -like $user1 -and SamAccountName -notlike "admin-*" -and Enabled -eq $True} -Properties SamAccountName
Add-ADGroupMember "Users" $username

September 25, 2017 at 8:53 pm

You really want to declare a Param() block versus using $args. You then use parameters exactly the same as with any other PowerShell command, either providing the -parameterName or listing arguments positionally.

September 26, 2017 at 1:05 pm

I added the param block to the add and remove scripts. But when I run the command I receive the following error:

C:\WINDOWS\system32>Powershell.exe -File c:\ps\remove.ps1 -user1 'joe schmoe'
Remove-ADGroupMember : Cannot validate argument on parameter 'Members'. The argument is null or empty. Provide an
argument that is not null or empty, and then try the command again.
At C:\ps\remove.ps1:6 char:44
+ Remove-ADGroupMember "Users" $username
+                                            ~~~~~~~~~
    + CategoryInfo          : InvalidData: (:) [Remove-ADGroupMember], ParameterBindingValidationException
    + FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.ActiveDirectory.Management.Commands.RemoveADG
   roupMember

It looks as if the argument is now passing to the script, but something in the script isn't using the $username variable the way I think it should work. Any suggestions?

Remove

param
(
$user1
)
$username = Get-ADUser -Filter{displayName -like "$user1" -and SamAccountName -notlike "admin-*" -and Enabled -eq $True} -Properties SamAccountName
Remove-ADGroupMember "Users" $username

Add

param
(
$user1
)
$username = Get-ADUser -Filter{displayName -like $user1 -and SamAccountName -notlike "admin-*" -and Enabled -eq $True} -Properties SamAccountName
Add-ADGroupMember "Users" $username

September 26, 2017 at 1:28 pm

I think you'd be better off using named parameters with all of your commands, rather than positional ones. That's considered a best practice.

You need to validate whether $username has anything in it – I suspect it doesn't based on your error.

You might also consider “Learn PowerShell Scripting in a Month of Lunches.” You're starting down a kind of bad path in how you're coding and it'd help get you in a better place, and help you understand the shells debugging tools for problems like this one.

September 26, 2017 at 1:50 pm

$username has nothing in it. When I test the command outside of the script and use write-host to verify the variables it shows nothing. If I was to replace the $user1 variable with a name the command runs without issue. So it would seem that $user1 is the broken part of the script.

I have the book sitting on my desk, I just havn't opened it yet. Haven't had time. I guess now is a good time to start.

September 26, 2017 at 11:09 pm

Looks like you are trying to launch PowerShell.exe from a command line.

They way you are doing it here, -user1 is being seen as a parameter of Powershell.exe, not as a parameter in your remove.ps1 script

Powershell.exe -File c:\ps\remove.ps1 -user1 'joe schmoe'

Try doing it this way

powershell.exe -command "& c:\ps\remove.ps1 -user1 'joe schmoe'"

Or just do it from a PowerShell console rather than a command line and specify the script with the parameters

c:\ps\remove.ps1 -user1 'joe schmoe'

September 28, 2017 at 7:54 pm

I found the solution to the issue.

I moved the $username variable process over to the "Vacation.ps1" script. This allowed me to bypass that process after the fact.
Now the issue I have is being able to schedule the tasks to run without being logged in.

$username = Get-ADUser -Filter{displayName -like $user -and SamAccountName -notlike "admin-*" -and Enabled -eq $True} -Properties SamAccountName | select -ExpandProperty SamAccountName
      $PSRemove = New-ScheduledTaskAction -Execute "PowerShell.exe" -Argument "-File C:\PS\RTO\RemoveRemoteAccess.ps1 -user $username"
      $PSAdd = New-ScheduledTaskAction -Execute "PowerShell.exe" -Argument "-File C:\PS\RTO\AddRemoteAccess.ps1 -user $username"