Problem with Invoke-Command

This topic contains 4 replies, has 2 voices, and was last updated by Profile photo of T H T H 3 months, 3 weeks ago.

  • Author
    Posts
  • #63244
    Profile photo of T H
    T H
    Participant

    Hello,

    I'm trying to write a script that will get admin users from all AD computers. Unfortunately it appears that get-localgroupmember is bugged out in server 2016/Windows 10 so I've been trying to use a workaround. Here is my code:

    $computers = Get-ADComputer -filter * | Select Name
    
    Invoke-Command -ScriptBlock {
        $global:admins = net localgroup administrators | Where-Object {$_ -and $_ -notmatch "command completed successfully"} | Select-Object -skip 4 | Out-String
        $global:table = New-Object PSObject -Property @{
            Computer = $env:COMPUTERNAME
            Admins = $global:admins
            }
    } -ComputerName $computers
    
    # Save it in XML
    
    $table | Format-List | Export-Clixml $PSScriptRoot\admins.xml
    

    If I remove the -ComputerName parameter it will run perfectly on the local machine but when trying to run it with the parameter I get the following error:

    imgur link

    We've tried moving it in front of the -scriptblock parameter with no luck, does anyone have any ideas?

    Thanks!

    *EDIT* That imgur link isn't really working for me so here is what the error says:

    Invoke-Command: One or more computer names are not valid. If you are trying to pass a URI, use the -ConnectionUri parameter, or pass URI objects instead of strings.
    At Get_localAdminXML.ps1:11 char:1

  • #63249
    Profile photo of Monte Hazboun
    Monte Hazboun
    Participant

    Hi TH,

    The problem here is that your $computers variable contains header information. When you call Get-Member on your $computers variable, it should still have it's original type. You want an array of strings for the -computername parameter so when you populate that variable you want to either expand the property with

    select -expandproperty name

    or dot your property name

    (Get-ADComputer -filter *).name

    Both of these methods will remove the header information from your variable, which is the cause of your error.

  • #63250
    Profile photo of T H
    T H
    Participant

    Hey Monte,

    Thank you for taking the time to reply....unfortunately I'm still getting the same error

    Any other ideas? This has stumped everyone I know haha

    • #63261
      Profile photo of Monte Hazboun
      Monte Hazboun
      Participant

      I would start by running line by line and making sure you're getting the desired output. Your computers variable should have a base type of array and an unrolled type of String when piped to get-member. Make sure that AD isn't returning any computer names with odd characters. I've seen instances where a leading underscore can cause PowerShell to reject a computer name. You're also going to run into a problem returning data from your invoke commands. As far as I know, scope doesn't cross into or out of remote session unless you're using the $using:modifier, which only works into a remote session. You'll need to do a return or Write-Output on your $table variable (which shouldn't need a global scope modifier) in order to return the data correctly.

  • #63273
    Profile photo of T H
    T H
    Participant

    Hey Monte, thank you again for the reply. The problem turned out to be that we have some Linux devices as well as other non-standard machines in the domain which were causing the problem. As we only really needed the info for Windows 10 machines the following worked:

    Get-ADComputer -Filter 'OperatingSystem -like "Windows 10*"' -SearchBase "OU=XX,DC=XX,DC=XX,DC=XX"

    replace XX with appropriate values for your company

You must be logged in to reply to this topic.