No results for get-ADGroup in nested forEach-Loops

Welcome Forums General PowerShell Q&A No results for get-ADGroup in nested forEach-Loops

This topic contains 3 replies, has 4 voices, and was last updated by

 
Participant
3 months ago.

  • Author
    Posts
  • #145989

    Participant
    Topics: 1
    Replies: 0
    Points: -9
    Rank: Member
    Good Day fellas,

    today i got a maybe simple problem. I want to use a get-ADGroup command in nested forEach-Loops. But somehow the command results nothing back. The command and Filters are corect, as you can see it at the very bottom after the Loops, the same instruction works there perfectly, for whatever reason.

    $file = "\\Path"
    $data = import-csv $file -delimiter ";" -encoding UTF7 | select -First 5
    
    Measure-Command {ForEach($item in $data )
    {
    $tiefe = $($item.'Tiefe')
    $pfad = $($item.'Pfad')
    $recht = $($item.'Recht')
    $trustee = $($item.'trustee')
    Write-Host "zur Kontrolle: $trustee" -ForegroundColor Green
    
    $LDAPDirectoryService = 'XX_Ip-Adress_XX'
    $DomainDN = 'o=Enterprise'
    
    $LDAPFilter = "cn=$trustee"
    
    $null = [System.Reflection.Assembly]::LoadWithPartialName('System.DirectoryServices.Protocols')
    $null = [System.Reflection.Assembly]::LoadWithPartialName('System.Net')
    
    $LDAPServer = New-Object System.DirectoryServices.Protocols.LdapConnection $LDAPDirectoryService
    $LDAPServer.AuthType = [System.DirectoryServices.Protocols.AuthType]::Anonymous
    $LDAPServer.SessionOptions.ProtocolVersion = 3
    $LDAPServer.SessionOptions.SecureSocketLayer = $false
    
    $Scope = [System.DirectoryServices.Protocols.SearchScope]::Subtree
    $AttributeList = @('*')
    
    $SearchRequest = New-Object System.DirectoryServices.Protocols.SearchRequest -ArgumentList $DomainDN,$LDAPFilter,$Scope,$AttributeList
    
    $groups = $LDAPServer.SendRequest($SearchRequest)
    $groups
    
    #Prüft ob Gruppe existiert
    if($groups.Entries.Count -eq 0)
    {
    Write-Host " Group not found!" `n -Foregroundcolor Red $LDAPFilter
    #Speichert alle nicht gefundenen Gruppen zur manuellen Nachbearbeitung
    Add-Content -Path \\PATH -Value "$LDAPFilter"
    }
    
    foreach ($group in $groups.Entries)
    {
    #Listet alle Member der oben übergebenen Gruppe auf
    $users=$group.attributes['member'].GetValues('string')
    
    $AD_Group = get-ADGroup -Properties Name, Description -Filter 'Name -like "F-KT-*"' | where {$_.Description -like "*$pfad" -and $_.Name.endswith($recht) }
    $AD_Group
    
    foreach ($user in $users)
    {
    
    Write-Host $user
    #Hier den User zur AD Gruppe hinzufügen
    Write-Host "user zur Gruppe hinzufügen $pfad-$recht" -ForegroundColor Red
    
    #Get-ADGroup -Properties Name, Description -Filter 'Name -like "F-KT-*"' #| where {$_.Description -eq "I:\DATA-DE\KT$pfad" -and $_.Name.endswith($recht) }
    Get-ADGroup -Properties Name, Description -Filter 'Name -like "F-KT-*"' | where {$_.Description -like "*$pfad" -and $_.Name.endswith($recht) }
    #Add-ADGroupMember -Identity S-1-5-21-219376080-2991882224-574971396-34759 -Members $user -Whatif
    
    }
    
    }#for-Each
    }#Measure-command
    
    Get-ADGroup -Properties Name, Description -Filter 'Name -like "F-KT-*"' | where {$_.Description -like "*$pfad" -and $_.Name.endswith($recht) }
    
    

    Here, the command works perfectly fine, for whatever reason

  • #146028

    Participant
    Topics: 1
    Replies: 1374
    Points: 1,884
    Helping Hand
    Rank: Community Hero

    Tobias,

    welcome to Powershell.org. There is a curly brace missing in your code – probably for the Measure-Command. Is there a special reason why you're using the builtin cmdlets like Get-ADGroup AND some newly created objects using .net code to access the AD?

    What is it what you're actually trying to do with this code?

    BTW: Sometimes it's easier to ask a question in your native language. If you like – there is a German Powershell Forum at Microsoft.

  • #146193

    Participant
    Topics: 3
    Replies: 8
    Points: 33
    Rank: Member

    Measure brace closing }

  • #146246

    Participant
    Topics: 2
    Replies: 968
    Points: 1,784
    Helping Hand
    Rank: Community Hero

    Unless it's a learning exercise.
    Don't reinvent the wheel. This use case is common and there are many resources to leverage as is or tweak as needed.

    Find Circular Nested Groups
    PowerShell script to find any instances of Circular Nested Groups in the domain.
    https://gallery.technet.microsoft.com/scriptcenter/fa4ccf4f-712e-459c-88b4-aacdb03a08d0

    Get nested group membership – function
    This function will recursively enumerate members of a given group along with nesting level and parent group information. If there is a circular membership, it will be displayed in Comment column.It accepts input from pipeline and works well with get-adgroup.
    https://gallery.technet.microsoft.com/scriptcenter/Get-nested-group-15f725f2

    Powershell Active Directory: Show treeview of nested Group members downstream hierarchy
    http://vcloud-lab.com/entries/active-directory/powershell-active-directory-show-treeview-of-nested-group-members-downstream-hierarchy

    How to find and report nested groups in Active Directory using PowerShell
    How to find and report nested groups in Active Directory using PowerShell

    List nested groups
    https://social.technet.microsoft.com/Forums/en-US/0c4cdd1f-5036-4405-ba33-6d12171e1c80/list-nested-groups

The topic ‘No results for get-ADGroup in nested forEach-Loops’ is closed to new replies.