Powershell script:Loop/Array not retrieving all AD Get Commands information: error "cannot bid parameter identity"
Solution 1:
Here's a more precise explanation of what's going on:
That error means that the Identity parameter, which is the first positional parameter of Get-AD* commands, has an invalid type. In general it's a good idea to include exact, complete error messages, but in this case I can see that there's only one command that has an Identity parameter, Get-ADGroupMemeber, and you're supplying $group as the identity.
The problem is that $group is not an object type that the Identity parameter of Get-ADGroupMember can accept. Why? Because although the Identity property can accept ADGroup objects, and Get-ADGroup returns an array of ADGroup objects, Select-Object returns an array of PSCustomObjects with NoteProperties corresponding to the selected properties. So, by piping the output of Get-ADGroup through select, you're assigning an array of PSCustomObjects to $Groups, and in each iteration of the foreach loop you're supplying a member of that array as the Identity argument, hence the error.
That's the problem. The solution depends on what you're trying to accomplish, which isn't entirely clear.
You can resolve the error by simply moving | select [...]
from the Get-ADGroup statement on the second line to the $GroupArr += $group
line, as suggested in Tim Ferrill's answer. However, I don't think that will give you the results you want, for two reasons:
-
You're combining results from different object types in the same CSV file. Get-ADGroup returns ADGroup objects, and Get-ADGroupMembers returns ADPrincipal objects (which can represent user, computer, or group objects). So, the CSV file will have, for each group, one line representing the group followed lines representing each member of that group.
Maybe that's what you want, but I suspect not, because that's an odd set of data to represent in a CSV files, since generally CSV files aren't intended to be ordered, and there's nothing in the data which will distinguish between lines representing groups and lines representing group members. Also, if you have any nested groups, you'll have duplicate entries, because any group that is a member any other groups will be listed once as a group and once for each group of which it is a member.
-
There is no "GroupName" property, either in Active Directory or in the objects returned by Get-AD* commands. The value of the GroupName property in each PSCustomObject returned by your select statements would be an empty ADPropertyValueCollection, which would show up in table format as
{}
(empty collection symbol) and in the CSV file as"Microsoft.ActiveDirectory.Management.ADPropertyValueCollection"
.I think it's a safe assumption that you don't want the CSV file to have a column that contains the exact same meaningless value for every entry. Also, logically it doesn't make sense to me that you'd want a GroupName column in entries representing groups when you already have a Name column, because for those entries Name would contain the name of the group.
If I had to guess, I'd guess that what you want is a CSV file with a line representing each group member, with columns for the member's sAMAccountName, distinguishedName, and name properties, and a GroupName column containing the name of the group it is a member of (which would mean that for security principals that are members of multiple groups, there would be multiple entries, each one with a different GroupName).
However, that's just an inference. If you can be more specific about what kind of output you're looking for, I can explain how to accomplish that.