Finding the Required Parameters in Parameter Sets

Every once and a while, a good mystery can be fun. For IT Professionals taking a class, not so much. During my last PowerShell class, one of my students made an observation in a help file. The Cmdlet in question was Set-ADUser. Take a look at the help information on these two parameters.

-Identity <ADUser>
        Specifies an Active Directory user object by providing one of the following property values. The identifier in parentheses is the LDAP display name for the attribute. The acceptable values for this parameter are:

        -- A Distinguished Name
        -- A GUID (objectGUID)
        -- A Security Identifier (objectSid)
        -- A SAM Account Name (sAMAccountName)

        Required?                    true
        Position?                    1
        Default value
        Accept pipeline input?       True (ByValue)
        Accept wildcard characters? false

Notice how both are “required” but we do not have to use both of them. There is our mystery. This behavior is because they are in different parameters sets. A parameter set is created when the author of the cmdlet adds functionality in which some of the parameters cannot be used at the same time as other parameters. If you use a parameter that is in a parameter set other than the default set, then all the parameters that are not part of the new set are filtered out of TAB completion and the ISE intellisense. The problem is that the help files do not make note of which parameter set these parameters are a part of. I decided to play around a little bit and create a cmdlet that uncovers this mystery.

100

101

102

103

104

105

106

107

108

109

110

Function Get-RequiredParameters

{

Param (

$Cmdlet

)

# Get all the parameters from the source.

$Sets = Get-help $Cmdlet -full |

Select -ExpandProperty Syntax |

Select -ExpandProperty SyntaxItem

# Create the object template for the output.

$Object = New-Object -TypeName PSObject -Property @{

Set = $Null

Parameter = $Null

Required = $False

}

# Get the Parameter Sets from the Source

$CMD = Get-Command -Name $Cmdlet

$SetNames = $Cmd.ParameterSets.Name

# Used to cycle through the Parameter sets

# whiel creating the output.

$Index = 0

ForEach ($Set in $Sets)

{

$Items = $Set

ForEach ($Item in $Items)

{

ForEach ($P in $Item.Parameter)

{

$Obj = $Object

$Obj.Set = $SetNames[$Index]

$Obj.Parameter = $P.Name

$Obj.Required = $P.Required

Write-Output $Obj

}

$Index++

}

.SYNOPSIS

Displays all parameter Sets and the required parameters of a Cmdlet

.DESCRIPTION

Displays all parameter Sets and the required parameters of a Cmdlet.

This will help to clear up any confusion as to why a help files says

that a parameter is required, when it may not be.

.PARAMETER Cmdlet

The name of the cmdlet (or script) that you want to view the parameter

information from.

.Example

Get-RequiredParameters -Cmdlet Measure-object

Parameter Required Set

--------- -------- ---

Property false GenericMeasure

Average false GenericMeasure

InformationAction false GenericMeasure

InformationVariable false GenericMeasure

InputObject false GenericMeasure

Maximum false GenericMeasure

Minimum false GenericMeasure

Sum false GenericMeasure

Property false TextMeasure

Character false TextMeasure

IgnoreWhiteSpace false TextMeasure

InformationAction false TextMeasure

InformationVariable false TextMeasure

InputObject false TextMeasure

Line false TextMeasure

Word false TextMeasure

Displays the parameter information for each parameter set of Measure-Object

.Example

Get-RequiredParameters -Cmdlet Set-ADUser | where Required -eq $True

Parameter Required Set

--------- -------- ---

Identity true Identity

Instance true Instance

Displays only the parameters that are required in each parameter set,

.NOTES

===============================================================================

== Cmdlet: Get-RequiredParameters ==

== Author: Jason A. Yoder ==

== Company: MCTExpert of Arizona ==

== Date: December 3, 2015 ==

== Version: 1.0.0.0 ==

== Legal: The user assumes all responsibility and liability for the usage of ==

== this PowerShell code. MCTExpert of Arizona, Its officers, shareholders, ==

== owners, and their relatives are not liable for any damages. As with all ==

== code, review it and understand it prior to usage. It is recommended that ==

== this code be fully tested and validated in a test environment prior to ==

== usage in a production environment. ==

== ==

== Does this code make changes: NO ==

===============================================================================

}

Where did a User’s Account Get Locked Out?

Updated: May 15, 2015 When this article was originally published, two extra carriage returns were add causing the code to malfunction. The code below is correct. My client for this week’s PowerShell class had a really interesting question. They needed to know where an account is being locked out at. OK, interesting. Apparently users hop around clients and forget to log off, leading to eventual lock out of their accounts. The accounts can be unlocked, but are then relocked after Active Directory replication. This problem is solved in two parts. The first one is to modify the event auditing on the network. The second part is resolved with PowerShell. The first part involves creating a group policy that will encompass your Domain Controllers. In this GPO, make these changes. Expand Computer Configuration \ Policies \ Windows Settings \ Security Settings \ Advanced Audit Policy Configuration \ Audit Policies \ Account Management Double click User Account Management C...

Jason Yoder, MCT

Search This Blog

Finding the Required Parameters in Parameter Sets

Labels

Comments

Popular posts from this blog

How to list all the AD LDS instances on a server

How to run GPResult on a remote client with PowerShell

Where did a User’s Account Get Locked Out?