Author Posts

July 26, 2018 at 12:32 pm

Good Afternoon,

I have some code that selects a number of users to add them into an AD security group, if I use -whatif on 'Add-QADGroupMember' the PSObject I create is correct and just writes the SAMAccountName to a CSV. If I remove the -whatif parameter and actually carry out the action to add the user to the AD security group then it writes the entire user object (all attributes) to the CSV but I am not sure why?

Please could you help, here is the code:

Add-PSSnapin Quest.ActiveRoles.ADManagement | Out-Null
Connect-QADService "Domain" | Out-Null

$GroupName = 'MyADGroupName'
$CurrentGroupMembers =  Get-QADGroupMember -Identity $GroupName | ? {$_.ObjectClass -eq 'user'} | Select-Object -ExpandProperty SamAccountName

# Get Random List of Users (100)

$Items = Get-QADUser -SearchRoot "Domain/OU" -SizeLimit 0 | ? {$CurrentGroupMembers -notcontains $_.SamAccountName}  | Sort-Object -Property Name | Sort-Object{Get-Random} | Select-Object -First 100

$CustomOutput = ForEach ($Item in $Items) {
    $User = Get-QADUser -Identity $Item.SAMAccountName
    Add-QADGroupMember -Identity $GroupName -Member $User -proxy
     New-Object PSObject -Property @{
        SamAccountName = $Item.samAccountName
     }
} 

$CustomOutput | Export-Csv c:\users\myuser\desktop\$(Get-Date -Format 'ddMMyyyy').csv -NoClobber -NoTypeInformation

Thanks very much for any help you can provide

July 26, 2018 at 1:07 pm

Because that's the output of the New- command.

July 26, 2018 at 1:14 pm

Hi Don,

Could you explain a bit more please,

if line 13 is:

Add-QADGroupMember -Identity $GroupName -Member $User -proxy -whatif

then my $CustomObject variable is of type PSObject and just contains the SAMAccountNames in a list that gets written to CSV

if line 13 is:

Add-QADGroupMember -Identity $GroupName -Member $User -proxy

then my $CustomObject variable is of type array and contains all user attributes in a list that gets written to CSV

Thanks for your help so far

July 26, 2018 at 1:17 pm

Does the Add-QADGroupMember command output anything when you test it alone? If so, you may need to explicitly discard the output.
Also, I wouldn't recommend making a PSObject like that. PSObjects are primarily a wrapper type used in a lot of backend powershell code. Items passing to the output stream or through the pipeline are wrapped in a PSObject wrapper in most cases, and if it's already a PSObject they can end up... a bit odd, sometimes.

Instead, this is much quicker and more versatile:

# Rather than this:
New-Object PSObject -Property @{
        SamAccountName = $Item.samAccountName
     }
# Do this:
[PSCustomObject]@{
    SamAccountName = $Item.SamAccountName
}

July 26, 2018 at 1:29 pm

Whatever gets written to the pipeline will end up in your CSV. When New-QADGroupMember runs, what's it output?

If you need to suppress the output of a command, pipe it to Out-Null.

July 26, 2018 at 1:32 pm

Hi Joel,

I have modified the code to use the more versatile method of creating a PSObject but this has not fixed it unfortunately.

What I can tell you is that when using the -whatif parameter my $CustomOutput is of type PSObject, but if I omit -whatif then my $CustomOutput is of type System.Array?

If I run the 'Add-QADGroupMember' command on its own it looks like it returns the full user object that it is performing the operation on in an array so maybe that is what is causing the problem?

Thanks for any further insight you can provide

July 26, 2018 at 1:40 pm

That fixed it, thanks very much Don. I suppose what I did not understand is that I thought the PSCustomObject I create only contained one field but then I realise I create the $CustomObject variable above the loop so it will contain anything that is output via a command that is run within the loop.

I added the following comment after 'Out-Null' to the code to ensure I remember it next time:

$CustomOutput = ForEach ($Item in $Items) {
    Add-QADGroupMember -Identity $GroupName -Member $Item.SamAccountName -proxy | Out-Null #Required to strip any output the command generates when run so that it is not included in the $CustomOutput variable
         [PSCustomObject] @{
        SamAccountName = $Item.samAccountName
     }
} 

$CustomOutput | Export-Csv c:\users\user\desktop\$(Get-Date -Format 'ddMMyyyy').csv -NoClobber -NoTypeInformation