Skip to main content

How to pipe data to cmdlets who’s parameters do not accept input via the PowerShell pipeline.

The PowerShell pipeline is one of the key features of PowerShell that allows you to greatly reduce the script code that you need to write to accomplish your goals.  Unfortunately, not all parameters in a cmdlet allow you to feed them data via the PowerShell pipeline. Here is an example.
The Active Directory module has a cmdlet called Add-ADGroupMember.  This cmdlets intended purpose is to add an object, such as a user, to a group in active directory.  The Members parameter is used to add an object to the group.  Here is the help file for this parameter:
PS C:\> get-help Add-ADGroupMember -Parameter Members

-Members <ADPrincipal[]>
    Specifies a set of user, group, and computer objects in a comma-separated
    list to add to a group. To identify each object, use one of the following
    property values. Note: The identifier in parentheses is the LDAP display
    name.
   
      Distinguished Name
        Example:  CN=SaraDavis,CN=Europe,CN=Users,DC=corp,DC=contoso,DC=com
      GUID (objectGUID)
        Example: 599c3d2e-f72d-4d20-8a88-030d99495f20
      Security Identifier (objectSid)
        Example: S-1-5-21-3165297888-301567370-576410423-1103
      SAM Account Name (sAMAccountName)
        Example: saradavis
   
    You can also provide objects to this parameter directly.
   
    The following examples show how to specify this parameter.
   
    This example specifies a user and group to add by specifying the
    distinguished name and the SAM Account Name properties.
      -Members "CN=SaraDavis,CN=employees,CN=Users,DC=contoso,DC=com",
    "saradavisreports"
   
    This example specifies a user and a group object that are defined in the
    current Windows PowerShell session as input for the parameter.
   
      -Members $userObject, $groupObject
   
    The objects specified for this parameter are processed as
    Microsoft.ActiveDirectory.Management.ADPrincipal objects. Derived types,
    such as the following are also received by this parameter.
      Microsoft.ActiveDirectory.Management.ADUser
      Microsoft.ActiveDirectory.Management.ADComputer
      Microsoft.ActiveDirectory.Management.ADServiceAccount
      Microsoft.ActiveDirectory.Management.ADGroup
   
    You cannot pass objects through the pipeline to this parameter.
   
    Required?                    true
    Position?                    2
    Default value               
    Accept pipeline input?       false
    Accept wildcard characters?  false
   

There are two areas to take note of.  First take a look at the second to last line.  Accept pipeline input?   false.  This tells us that we can not pipe user objects to this cmdlet and have them added to the group.  The second is at the top.  This parameter will use one of four different properties to identify the object that you want to make a part of this group:
  • Distinguished Name
  • GUID
  • Security Identifier (SID)
  • SAM Account Name
We will need to provide the cmdlet one of those four from our user object.  Here is the code to do so.
Get-ADUser -Filter 'Name -like "a*"' |
 ForEach-Object {
 Add-ADGroupMember -Identity "IT" -Members $_.SAMAccountName}
First we need to pipe in a set of either user of computer objects to be added to the group.  In this case, I am adding all users whose name starts with an A.  We pipe these objects from the Get-ADUser cmdlet to ForEach-Object.  We need to do this to allow us to provide a value to the Members parameter.  Inside the ForEach-Object script block, provide the Add-ADGroupMember cmdlet.  Set the Identity parameter to the name of the group you are adding objects to.  For the Members parameter, we need to select one of the 4 properties that the Members parameter accepts.  In the example above, I am using the SAMAccountName.  The $_ represents the current object in the pipeline.  $_.SAMAccountName is the SAM Account Name of the current object.  Each time a user object is passed to the ForEach-Object cmdlet, it will add that object to the group.
You can use this method for many cmdlets with parameters that do not accept input via the PowerShell pipeline.  Do your research to understand how to provide the information to the parameters in question or you will have run time errors.

Comments

Popular posts from this blog

With the AD Recycle Bin Turned on, What Happens when you Create a User Account with a Password that does not meet the Password Policy?

This was an interesting observation from one of my Windows Server 2012 classes.  While working with the AD Recycle bin in a lab, one of my students discovered some interesting accounts that were created. When he created user accounts that did not meet password complexity requirements, an account is temporarily made and then deleted.  When a new password is provided that meets the password requirements, then a new account is made. We discovered this in two places.  First off in the Active Directory Administrative Center.  This is what caused the initial confusion.  Take a look.  This is in the Deleted Objects OU. You can see multiple deleted accounts for Test2 and one for Test3.  Test3 is a valid, functioning user account.  Using the PowerShell command Get-ADObject –IncludeDeletedObjects –Filter * –Properties ObjectSID we can see that indeed, two accounts were created, with one of them deleted. Notice the RID portion of the SID is different. ...

Sticky Key problem between Windows Server 2012 and LogMeIn

This week I instructed my first class using Windows Server 2012 accessed via LogMeIn and discovered a Sticky Key problem every time you press the Shift key. Here is my solution to resolve this.  First off, in the Preferences of LogMeIn for the connection to the Windows Server, click General . Change the Keyboard and mouse priority to Host side user and click Apply at the bottom. On the Windows 2012 server, open the Control Panel – Ease of Access – Change how your keyboard works . Uncheck Turn on Sticky Keys . Click Set up Sticky Keys . Uncheck Turn on Sticky Keys when SHIFT is pressed five times . Click OK twice. If you are using Windows Server 2012 as a Hyper-V host, you will need to redo the Easy of Use settings on each guest operating system in order to avoid the Sticky Key Problem. Updated Information: March 20, 2013 If you continue to have problems, Uncheck Turn on Filter Keys .

Backup and Restore AD LDS with DSDBUTIL.exe

Active Directory Lightweight Directory Services allow you to create a directory service that allows applications to have access to user accounts, groups, and authentication similar to Active Directory Domain Services.  The big advantage here is that the schema of the directory service will not be bound by the rules of an Active Directory database.  Exchange 2007/2010, for example, use an instance of AD LDS on the Edge Transport Server to provide for user authentication from the internet.  Because your Active Directory database is not exposed to the internet, this is more secure. Applications will handle most of the dirty work should they require AD LDS.  You may want to make sure the database is being backed up and also have a restore plan in place.  Should the database become corrupt, the application that uses that database will fail.  This document will walk you through backing up and restoring an instance of AD LDS using the dsdbutil.exe command. Fi...