Solved

Problems Adding Devices from File Using Add-ADGroupMember

Posted on 2016-10-17
7
37 Views
Last Modified: 2016-10-19
I had question open for this same issue ( https://www.experts-exchange.com/questions/28976646/Error-Importing-Computer-Accounts-From-a-Text-File-using-Add-ADGroupMember.html)  before which Yo_Bee helped with with and did get it working. Thanks Yo_Bee!!!  

 When I tried to run the script again this morning. I am getting the following error..

Get-ADComputer : Cannot convert 'System.Object[]' to the type 'Microsoft.ActiveDirectory.Management.ADComputer'
required by parameter 'Identity'. Specified method is not supported.
At C:\AddingDevicesFromFileToGroup.ps1:9 char:33
+ $DN = (Get-ADComputer -Identity $devices).distinguishedname
+                                 ~~~~~~~~
    + CategoryInfo          : InvalidArgument: (:) [Get-ADComputer], ParameterBindingException
    + FullyQualifiedErrorId : CannotConvertArgument,Microsoft.ActiveDirectory.Management.Commands.GetADComputer

In my text file as soon as I narrow down my list to one device it works. It is almost like the foreach loop in not working

Import-Module ActiveDirectory

$devices = Get-Content 'C:\workstations.txt'
$grp = (Get-ADGroup -Identity '8021xEnabledDevices').distinguishedname

Foreach ($dn in $devices)

{
$DN = (Get-ADComputer -Identity $devices).distinguishedname

Add-ADGroupMember -Identity $grp -Members $dn}

Open in new window

0
Comment
Question by:compdigit44
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
7 Comments
 
LVL 41

Expert Comment

by:Adam Brown
ID: 41846969
The $DN = line is trying to pull the entire array in. Also, it's replacing the value of the $dn object you are creating in ($dn in $devices)

Try this out:
Import-Module ActiveDirectory

$devices = Get-Content 'C:\workstations.txt'
$grp = (Get-ADGroup -Identity '8021xEnabledDevices').distinguishedname

Foreach ($device in $devices)

{
$DN = (Get-ADComputer -Identity $device).distinguishedname

Add-ADGroupMember -Identity $grp -Members $dn}

Open in new window

0
 
LVL 85

Expert Comment

by:oBdA
ID: 41846970
You got somewhat confused concerning the variables ...
Import-Module ActiveDirectory

$devices = Get-Content 'C:\workstations.txt'
$grp = (Get-ADGroup -Identity '8021xEnabledDevices').distinguishedname

Foreach ($device in $devices) {
	$DN = (Get-ADComputer -Identity $device).distinguishedname
	Add-ADGroupMember -Identity $grp -Members $DN
}

Open in new window

0
 
LVL 20

Author Comment

by:compdigit44
ID: 41849298
Thank you both so very much... I must be tied and missing the but how does this different from the syntax I was using before?

I am trying to understanding this so I can become better in Powershell
0
Are You Headed to Black Hat USA 2017?

Getting ready for Black Hat next week? Kick things off with the WatchGuard Badge Challenge and test your puzzle and cipher skills. Do you have what it takes to earn our limited edition Firebox Badge? Get started today - https://crimsonthorn.net

 
LVL 85

Accepted Solution

by:
oBdA earned 500 total points
ID: 41849486
Everything was fine up until and including line 6:
Foreach ($dn in $devices)
Then came line 9 with two errors:
$DN = (Get-ADComputer -Identity $devices).distinguishedname
1. You already used $dn as loop variable, and you're reassigning it here as $DN.
2. You used the $devices array (containing the contents of 'C:\workstations.txt') instead of the loop variable as Identity for Get-ADComputer.

Alternatively, you can fill an array with the members and add them in one go:
Import-Module ActiveDirectory

$devices = Get-Content 'C:\workstations.txt'
$grp = (Get-ADGroup -Identity '8021xEnabledDevices').distinguishedname

$Members = @()
Foreach ($device in $devices) {
	$Members += (Get-ADComputer -Identity $device).distinguishedname
}
Add-ADGroupMember -Identity $grp -Members $Members

Open in new window


Finally, since you can use samAccountName as member identity, and a computer's samAccountName is its host name with a trailing $, you can even do without the Get-ADComputer to speed things up:
Import-Module ActiveDirectory

$grp = (Get-ADGroup -Identity '8021xEnabledDevices').distinguishedname
$Members = Get-Content 'C:\workstations.txt' | ForEach-Object {$_ + "`$"}

Add-ADGroupMember -Identity $grp -Members $Members

Open in new window

0
 
LVL 20

Author Comment

by:compdigit44
ID: 41850036
Wow great explaination and thank you very much.. I ran the script this morning using whatif first and worked perfect. Once I removed whatif I go the error message below

Get-ADComputer : Cannot bind parameter 'Identity' to the target. Exception setting "Identity": "Cannot validate
argument on parameter: 'Identity'. The argument is null or empty. Supply an argument that is not null or empty and
then try the command again."

The odd part if even though I got this error for each device on the list. It did end of adding them to the group?  Any thoughts on why I got the error?
0
 
LVL 85

Expert Comment

by:oBdA
ID: 41850048
Could be empty lines in devices.txt; how as that file generated? If in doubt, check with Notepad++ and "View > Show Symbol >  Show End Of Line" enabled.
0
 
LVL 20

Author Comment

by:compdigit44
ID: 41850075
good point...

I did a copy and paste of text from Excel so it could have extra  return characters...
0

Featured Post

IoT Devices - Fast, Cheap or Secure…Pick Two

The IoT market is growing at a rapid pace and manufacturers are under pressure to quickly provide new products. Can you be sure that your devices do what they're supposed to do, while still being secure?

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
Had a business requirement to store the mobile number in an environmental variable. This is just a quick article on how this was done.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

632 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question