Get-ADUser in a ForEach loop not working

Welcome Forums General PowerShell Q&A Get-ADUser in a ForEach loop not working

This topic contains 6 replies, has 4 voices, and was last updated by

js
 
Participant
1 month, 4 weeks ago.

  • Author
    Posts
  • #111692

    Participant
    Points: 0
    Rank: Member

    Hi Everybody,

    I have been racking my brain trying to figure out what every post I read says is straightforward is not working for me.  Simply put I have a txt file which is generated by another department that has UPNs in it.  We have multiple realms in our domain due to migration from a non-AD directory.

    File looks like this

    user@domain1.edu
    user@domain2.edu
    diffuser@domain1.edu
    ....

    I need to populate an AD group.  My code looks like this

    Import-module ActiveDirectory
    $group = "CN=somegroup,OU=someou,DC=edu"
    $updatedUserFile = "D:\userfile.txt"
    Remove-ADGroupMember $group -Members (Get-ADGroupMember $group) -Confirm:$false
    ForEach ($user in ( Get-Content $updatedUserFile)) {
    Get-ADUser -Filter {UserPrincipalName -eq $user} | Add-ADPrincipalGroupMembership -MemberOf $group
    }

    This is running on  a 2016 server with PSVersion 5.1.14393.2430. I get the following errors

    Add-ADPrincipalGroupMembership : Object reference not set to an instance of an object.

    At C:\test.ps1:12 char:57

    + ... ame -eq "$($User)"} | Add-ADPrincipalGroupMembership -MemberOf $group

    +                           ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    + CategoryInfo          : NotSpecified: (:) [Add-ADPrincipalGroupMembership], NullReferenceException

    + FullyQualifiedErrorId : ActiveDirectoryCmdlet:System.NullReferenceException,Microsoft.ActiveDirectory.Management.Commands.AddADPrincipalGroupMembership

    While the Get-ADUser works on a line by itself it fails in the loop. My research leads me to believe am not passing my loop variable correctly so I have tried

    -Filter "UserPrincipalName -eq '$user'"
    -Filter {UserPrincipalName -eq $user}
    -Filter {UserPrincipalName -eq $($user)}
    -Filter {UserPrincipalName -eq '$($user)'}

    and a few other variations.

    Please help

    -Chris

  • #111749
    Jon

    Participant
    Points: 23
    Rank: Member

    I would simplify the code a bit and do this

     

    
    get-content D:\userfile.txt | % {add-adgroupmember -identity $group -members $_}
    
    
    • #111815

      Participant
      Points: 0
      Rank: Member

      Hi Jon,

      Thanks for the help. I'm still getting errors.  I think it's because my file is using UPNs not samAccountNames with your approach. Due to having mixed realms in our environment, I am leaving room for the same username at different realms.  I am using the UPN, because I know they are unique.

      add-adgroupmember : Cannot find an object with identity: 'user@domain.edu                            ' under: 'DC=domain,DC=edu'.

      At line:10 char:35

      + ... $updatedUserFile | % {add-adgroupmember -identity $group -members $_}

      +                           ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

      + CategoryInfo          : ObjectNotFound: (user@domain....               :ADPrincipal) [Add-ADGroupMember], ADIdentityNotFoundException

      + FullyQualifiedErrorId : SetADGroupMember.ValidateMembersParameter,Microsoft.ActiveDirectory.Management.Commands.AddADGroupMember

      -Chris

  • #111751

    Participant
    Points: 527
    Helping Hand
    Rank: Major Contributor

    Check for leading/trailing whitespaces in the text file.
    You can always do a trim() to trim out leading/trailing white spaces.

    $user.Trim()
    • #111820

      Participant
      Points: 0
      Rank: Member

      Hi Kvprasoon,
      Thanks for the suggestion.  I didn't mention that the file gets generated on a Linux system and transfered to Windows.  When I looked at the file in Notepad it looks like a long line with spaces between values and in Wordpad looks normal.  I tried using .trim() but that didn't solve my issue.  Closer inspection of the input file revealed spaces and Unix not Windows new line characters.

      Working now.  Thanks for pointing me in the right direction.

      -Chris

  • #111817
    Jon

    Participant
    Points: 23
    Rank: Member

    Ahhh...I missed that, sorry! Also, make sure you format your code. Instructions are in bold at the top of every reply.

    What about something like this?

    foreach ($user in $updatedUserFile)
    
    {
    
    $foundusers = Get-aduser -filter {userprincipalname -eq $user}
    
    foreach ($founduser in $foundusers)
    
    {
    
    add-adgroupmember -identity $group -members $founduser
    
    }
    
    }
    
    

     

    I don't have a multi domain setup anymore so I can't verify, but I think something like that (with maybe some needed improvements) should work.

     

  • #111832
    js

    Participant
    Points: 202
    Helping Hand
    Rank: Participant

    That's strange. Unix input text files work ok for me in windows powershell scripts. My only problem was "unicode" text produced by Out-File and Infoblox.

You must be logged in to reply to this topic.