Dynamic Select-Object arguments

I am componsing a powershell form which will allow our technicians to specific an AD ou and then via checkboxes, select AD user paramerters they want to see in the report.

‘SamAccountName’ ‘EmailAddress’ ‘Enabled’, ‘LastLogonDate’

The user can select one or all options. I will then run a Get-aduser command agains the OU the technician specifies and then pipe that to Select-Object with the parameters the user specifies.

This is the part I am having a problem with since I can’t pipe to an expression, so I am not sure how to capture the items a user ‘may’ select.

I first query each CheckBox and then if it is selected, add it to an array. Here is an example of the SamAccountName (LoginName) checkbox and that I add it to the $objects array.

if ($checkboxLoginName.Checked -eq $true)
$Objects += "SamAccountName"
Write-Host "LoginName is checked"


From here, I can take the number of items in the $Ojects list ($Objects.Length) and then reference each via a loop, but then I am not sure how to build the Select-Oject command that Get-ADuser will pipe to. I can create a full string string by iterating through the $Objects list and building a full string that looks like “Select-object SamAccountName, EmailAddress, Enabled, LastLogon” and then tie that to a variable, but that fails when I run Get-aduser and try to pipe to the $variable containing that string.

Is there a better way of going about this then initially using an array or parameter objects?

Hey Brian,

If I understand correctly you are trying to do what I have below?

$Filter = 'Name', 'Department', 'Title'
Get-ADUSer Jason.Robertson -Properties $Filter | Select-Object $Filter

Retrieving the LastLogon has one small gotcha. This attribute is not propagated to fellow domain controllers, so if you care about the accuracy of LastLogon then take a look at the code I use:

Import-Module ActiveDirectory

# get domain controller serving the current session. Obtain the site of the current session from the logon server.
$site = get-addomainController -Server $env:logonserver.TrimStart("\")

# get list of domain controllers that service the site of this current session.
$dcs = Get-ADDomainController -Filter { Site -like $site.site }

# get list of User OUs (for future use)
#$userOUs = Get-ADOrganizationalUnit -Filter {name -like '*'} |?{$_.distinguishedname -match 'user'} |select name,distinguishedname

# $users = Get-ADUser -Filter {(Enabled -eq $True) -and (logoncount -gt 0)} -Properties DisplayName,Description,userPrincipalName,DistinguishedName,SamAccountName,enabled,LogonCount
# For testing purposes use the statement below and comment out the statement above.
$users = (get-aduser -Identity $env:UserName -properties *)

ForEach ($user in $users) {
    # When there are 2 or more domain controllers we need to query each one to grab the "LastLogon" value. This attribute is not propagated to fellow domain controllers.
    $logonStamps = foreach ($dc in $dcs) { $user | get-adobject -server $dc.hostname -properties lastlogon }

    # If we sort the array descendingly then the largest value is in the [0] spot and we have the most current "LastLogon"
    $logonstamps = $logonstamps | sort lastlogon -descending

    #Note: "LastLogon" is INT64 and needs to be converted to DateTime so that humans can understand the values.
    $logonTime = [datetime]::FromFileTime($logonstamps[0].lastlogon)

    # Pick out the stuff you want to display for each user.
        DisplayName    = $user.DisplayName
        Enabled        = $User.Enabled
        SamAccountName = $User.SamAccountName
        DistName       = $user.DistinguishedName
        logonCount     = $user.LogonCount 
        lastLogon      = $logontime
    } #end of hashTable

    $LogonStamps = $null
} #end of foreach user