Powershell Syntax

lipotech used Ask the Experts™
in powershell what is @{} used for?
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Sam JacobsCitrix Technology Professional / Director of TechDev Services, IPM

It is a hash table, which contains one or more key/value pairs.
This is frequently used to pass parameters.
For example, if I wanted to execute a series of commands on a remote computer, I would need to provide the name of the computer, together with a script block (the series of commands to execute). I could use a hash table to do that, and it may look something like this:
        $params = @{
            ComputerName = 'server'
            ScriptBlock = { <series of commands to execute> }
        Invoke-Command @params 

Open in new window

I don't have to use the hash table - I could put all the parameters on the Invoke-Command. Using the hash table makes the code a bit neater.
Qlemo"Batchelor", Developer and EE Topic Advisor
Top Expert 2015

Using a hash table for parameters is one of the less common usuages (less than it should) and called splatting.
@{} creates an empty hash table you add "properties" (in fact it are key/values pairs, as stated correctly above) on the fly. E.g. if processed data needs to be stored in a way you can group together and still have direct access to. I.e.
$var = @{ colour = 'red'; size = 'large' }
$var += @ { location = 'there' }
write-host $var['location']

Open in new window

Often you will see building custom objects with hash tables:
$var = [PSCustomObject] @{ property1 ='value1'; property2 = 'value2' }

Open in new window

lipotechSys Eng


thanks for your responses.  

I have an additional issue in my code.  Attached is the PS script.  I am seeing an invalid token in multiple places - (ie. - I am getting a token error in multiple places.  Example is - At line:16 char:68 + ... ties name, schemaIDGUID | ForEach-Object {$schemaIDGUID.add  ([System.)

See attached file.

PeeterBIT Support Tech

Yeah, I tried the code on my system also .... several errors, multiple issues with spacing etc. ..... after a few edits (removing spaces ..) it now runs without error ... see attached file ...
Most Valuable Expert 2018
Distinguished Expert 2018

The script had all kinds of issues (and do you really want to check each and every object in our AD?).
This should work:
Import-Module ActiveDirectory

# Filter by single user and export to a CSV file.
$User = 'Username'

$schemaIDGUID = @{}
$schemaIDGUID[([guid]'00000000-0000-0000-0000-000000000000')] = 'All'
Get-ADObject -SearchBase (Get-ADRootDSE).schemaNamingContext -LDAPFilter '(schemaIDGUID=*)' -Properties name, schemaIDGUID |
	ForEach-Object {$schemaIDGUID[([System.Guid]$_.schemaIDGUID)] = $_.name}
Get-ADObject -SearchBase "CN=Extended-Rights, $((Get-ADRootDSE).configurationNamingContext)" -LDAPFilter '(objectClass=controlAccessRight)' -Properties name, rightsGUID |
	ForEach-Object {$schemaIDGUID[([System.GUID]$_.rightsGUID)] = $_.name}

#Get a list of AD objects.
$AOs = @()
$AOs += Get-ADOrganizationalUnit -Filter * # | Select-Object -ExpandProperty DistinguishedName
$AOs += Get-ADObject -SearchBase (Get-ADDomain).DistinguishedName -SearchScope Subtree -LDAPFilter '(ObjectClass=*)' # | Select-Object -ExpandProperty DistinguishedName

#Loop through each of the AD objects and retrieve their permissions.
$AOs | ForEach-Object {
	$ao = $_
	Get-Acl -Path "AD:\$($ao.DistinguishedName)" |
		Select-Object -ExpandProperty Access |
		Select-Object -Property `
			@{n='DistinguishedName'; e={$ao.DistinguishedName}},
			@{n='objectTypeName'; e={$schemaIDGUID[$_.objectType]}},
			@{n='inheritedObjectyTypeName'; e={$schemaIDGUID[$_.inheritedObjectType]}},
} | 
	Where-Object {$_.IdentityReference -like "*$($User)*"} | 
	Select-Object DistinguishedName, IdentityReference, ActiveDirectoryRights, IsInherited -Unique |
	Export-Csv -Path "C:\temp\explicit_permission.csv" -NoTypeInformation

Open in new window

Edit: Fixed issue with DistinguishedName missing in the results.
lipotechSys Eng


Thanks, oBdA

The script now runs without errors and a file is created, but the file is empty.  Nothing is getting written to the file.

Most Valuable Expert 2018
Distinguished Expert 2018
Then the user you specified wasn't found.
For a test, download the script again (fixed an issue where the DistinguishedName was missing in the results).
Then set User in line 4 to an empty string, and comment out line 16, so you won't get overwhelmed with results.
Run the script again, and you should get a report with the permissions for all OUs.
lipotechSys Eng


Thanks oBdA - Thanks for your assistance.  I am now able to get all the required data and am able to select groups or specific individuals to get the data on.  Thank you for your assistance.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial