Getting Error: Cannot Bind paramater 'Memberof'

Welcome Forums General PowerShell Q&A Getting Error: Cannot Bind paramater 'Memberof'

This topic contains 4 replies, has 3 voices, and was last updated by

 
Participant
3 weeks, 6 days ago.

  • Author
    Posts
  • #114316

    Participant
    Points: 23
    Rank: Member

    Hello, Please help. I'm new to Power shell and I'm having a hard time. I have been working on this same script for weeks. I thought I had it working, but now it can't bind parameter MemberOf.

    Import-Module ActiveDirectory
    $users= Import-Csv -Path "C:\Output\DisableADUsers91718C.csv"

    $DisabledDate = Get-Date
    $LeaveDate = Get-Date -Format "dddd dd MMMM yyyy"
    $DisabledBy = Get-ADUser "$env:username" -properties Mail
    $DisabledByEmail = $DisabledBy.Mail
    $LegalHoldUser = Get-ADuser -Filter * -SearchBase 'ou=LegalHold,dc=xxx,dc=com' -Properties * | Select-object -Expand SamAccountName

    $TargetOU = "ou=Disabled Users,dc=xxx,dc=com"

    foreach ($user in $users)
    {
    $SamAccountName = $User.SamAccountName

    Set-ADUser $User.SamAccountName -Description "Disabled by $($DisabledBy.name) on $DisabledDate per Ticket INC0065513"
    $ADgroups = Get-ADPrincipalGroupMembership -Identity $User.SamAccountName | where { ($_.Name -ne 'Domain Users') -and ($_.Name -ne 'DisabledUsers') }

    If ($LegalHoldUser -contains $User.SamAccountname)
    {
    Remove-ADPrincipalGroupMembership -Identity $($User.SamAccountname) -MemberOf $ADgroups -Confirm:$false

    Add-ADGroupMember -Identity "DisabledUsers" -Members $User.SamAccountName

    Disable-ADAccount -Identity $($User.SamAccountname)
    }
    else
    {
    Remove-ADPrincipalGroupMembership -Identity $($User.SamAccountname) -MemberOf $ADgroups -Confirm:$false

    Add-ADGroupMember -Identity "DisabledUsers" -Members $User.SamAccountName

    Get-AdUser $SamAccountName | Move-ADObject -targetpath $TargetOU

    Disable-ADAccount -Identity $($User.SamAccountname)
    }
    }

    
    Here's the error message:
    Cannot bind parameter 'MemberOf'. Cannot convert value "CN=Okta Concur,OU=Okta Security Groups,OU=Domain Groups,DC=xxx,DC=com" to type "Microsoft.ActiveDirectory.Management.ADGroup". Error: "Cannot convert the "CN=Okta Concur,OU=Okta
    Security Groups,OU=Domain Groups,DC=xxx,DC=com" value of type "Deserialized.Microsoft.ActiveDirectory.Management.ADGroup" to type "Microsoft.ActiveDirectory.Management.ADGroup"."
        + CategoryInfo          : InvalidArgument: (:) [Remove-ADPrincipalGroupMembership], ParameterBindingException
        + FullyQualifiedErrorId : CannotConvertArgumentNoMessage,Microsoft.ActiveDirectory.Management.Commands.RemoveADPrincipalGroupMembership
        + PSComputerName        : GGPDC01
    
    Cannot bind parameter 'MemberOf'. Cannot convert value "CN=REPORTS-SALES,OU=Applications,OU=Domain Groups,DC=mecca,DC=com" to type "Microsoft.ActiveDirectory.Management.ADGroup". Error: "Cannot convert the
    "CN=REPORTS-SALES,OU=Applications,OU=Domain Groups,DC=xxx,DC=com" value of type "Deserialized.Microsoft.ActiveDirectory.Management.ADGroup" to type "Microsoft.ActiveDirectory.Management.ADGroup"."
        + CategoryInfo          : InvalidArgument: (:) [Remove-ADPrincipalGroupMembership], ParameterBindingException
        + FullyQualifiedErrorId : CannotConvertArgumentNoMessage,Microsoft.ActiveDirectory.Management.Commands.RemoveADPrincipalGroupMembership
        + PSComputerName        : GGPDC01
    
    The input object cannot be bound to any parameters for the command either because the command does not take pipeline input or the input and its properties do not match any of the parameters that take pipeline input.
        + CategoryInfo          : InvalidArgument: (CN=Adam Abston,...DC=xxx,DC=com:PSObject) [Move-ADObject], ParameterBindingException
        + FullyQualifiedErrorId : InputObjectNotBound,Microsoft.ActiveDirectory.Management.Commands.MoveADObject
        + PSComputerName        : GGPDC01
    
    Cannot bind parameter 'MemberOf'. Cannot convert value "CN=Okta Concur,OU=Okta Security Groups,OU=Domain Groups,DC=xxx,DC=com" to type "Microsoft.ActiveDirectory.Management.ADGroup". Error: "Cannot convert the "CN=Okta Concur,OU=Okta
    Security Groups,OU=Domain Groups,DC=xxx,DC=com" value of type "Deserialized.Microsoft.ActiveDirectory.Management.ADGroup" to type "Microsoft.ActiveDirectory.Management.ADGroup"."
        + CategoryInfo          : InvalidArgument: (:) [Remove-ADPrincipalGroupMembership], ParameterBindingException
        + FullyQualifiedErrorId : CannotConvertArgumentNoMessage,Microsoft.ActiveDirectory.Management.Commands.RemoveADPrincipalGroupMembership
        + PSComputerName        : GGPDC01
    
    The input object cannot be bound to any parameters for the command either because the command does not take pipeline input or the input and its properties do not match any of the parameters that take pipeline input.
        + CategoryInfo          : InvalidArgument: (CN=Adam Wright,...DC=xxx,DC=com:PSObject) [Move-ADObject], ParameterBindingException
        + FullyQualifiedErrorId : InputObjectNotBound,Microsoft.ActiveDirectory.Management.Commands.MoveADObject
        + PSComputerName        : GGPDC01
  • #114328

    Participant
    Points: -17
    Rank: Member

    Hi Fred,

    I have not tested your entire your code, but looking at your $ADGroups variable you might need to reference the objects. please see below

    Remove-ADPrincipalGroupMembership -Identity $($User.SamAccountname) -MemberOf $ADgroups.SamAccountName
    
    

    Regards

    Shihan

     

    • #114339

      Participant
      Points: 23
      Rank: Member

      Hi Shihan,

      Thx for your help. I made the change and the script almost works 100%. The only part not working now is the Get-AdUser $User.SamAccountName | Move-ADObject -targetpath $TargetOU. I'm getting error:

      The input object cannot be bound to any parameters for the command either because the command does not take pipeline input or the input and its properties do not match any of the parameters that take pipeline input.
      + CategoryInfo : InvalidArgument: (CN=Adam Abston,...DC=xxx,DC=com:PSObject) [Move-ADObject], ParameterBindingException
      + FullyQualifiedErrorId : InputObjectNotBound,Microsoft.ActiveDirectory.Management.Commands.MoveADObject
      + PSComputerName : GGPDC01

      The input object cannot be bound to any parameters for the command either because the command does not take pipeline input or the input and its properties do not match any of the parameters that take pipeline input.
      + CategoryInfo : InvalidArgument: (CN=Adam Wright,...DC=xxx,DC=com:PSObject) [Move-ADObject], ParameterBindingException
      + FullyQualifiedErrorId : InputObjectNotBound,Microsoft.ActiveDirectory.Management.Commands.MoveADObject
      + PSComputerName : GGPDC01

  • #114334

    Participant
    Points: 153
    Helping Hand
    Rank: Participant

    Some of your logic needs some work. Take a look at the modified code below:

    Import-Module ActiveDirectory
    $users= Import-Csv -Path "C:\Output\DisableADUsers91718C.csv"
    
    $DisabledDate = Get-Date
    $LeaveDate = Get-Date -Format "dddd dd MMMM yyyy"
    #You can use -ExpandProperty to expand a property into a string
    $DisabledByEmail = Get-ADUser -Identity $env:username -Properties Mail | Select -ExpandProperty Mail
    $TargetOU = "ou=Disabled Users,dc=xxx,dc=com"
    
    foreach ($user in $users) {
        $SamAccountName = $User.SamAccountName
        #Get the user one time
        $adUser = Get-ADUser -Filter {SamAccountName -eq $SamAccountName}
        #-Filter will return nothing if a user is not found, so we need to see if the user was found
        if ( $adUser ) {
            
            try {
                #Now you have a user, you can use the pipeline to pass that Identity to all of the commands
                #You also want a try around the process to capture errors
                $adUser | 
                Set-ADUser -Description ('Disabled by {0} on {1} per Ticket {2}' -f $DisabledByEmail,$DisabledDate, $Ticket) -PassThru -ErrorAction Stop |
                Remove-ADPrincipalGroupMembership -MemberOf $ADgroups -Confirm:$false -PassThru -ErrorAction Stop |
                Add-ADPrincipalGroupMembership -MemberOf 'DisabledUsers' -PassThru -ErrorAction Stop
                Disable-ADAccount -ErrorAction Stop
            }
            catch {
                'Failed to update user {0}. {1}' -f $user, $_
            }
    
            if ($adUser.DistinguishedName -notlike '*LegalHold,dc=xxx,dc=com') {
                 try {
                    $adUser | Move-ADObject -Targetpath $TargetOU
                 }
                 catch {
                    'Failed to move user {0}. {1}' -f $user, $_
                 }
            }
        }
        else {
            "User {0} does not exist" -f $user
        }
    }
    

    The code isn't fully tested, but it should be close and hopefully you can follow the logic.

    • #114340

      Participant
      Points: 23
      Rank: Member

      Hi Rob,

      Thx for your help. I copied the script to powershell, but there were breaks after Target OU and breaks after $SamAccountName = $User.SamAccountName.

You must be logged in to reply to this topic.