Hi,
I have this script that is working perfectly when I run it on a on prem AD server without using the ps session.
when I run it locally using ps-session I get the below mentioned errors please advice.
[pre]
#select CSV file that contains the people where the groups needs to be removed
#csv file needs to be a comma separated file
$users = import-csv c:\temp\Csv\toRemove.csv
$date= Get-Date -Format “yyyy-MMM-dd”
$lastworkdate = (get-date).AddDays(-1).ToString(“yyyy-MMM-dd”)
$DisabledOU = “OU=Disabled,OU=Regions,DC=mydomain,DC=com”
$adServer = “cfdc01.mydomain.com”
$cred = Import-Clixml -Path “${env:\userprofile}\paul.Cred”
#sessions
$ADsession = new-PSSession -computername $adServer -Credential $cred
Import-PSSession -Session $ADsession -Module ActiveDirectory -AllowClobber
foreach ($user in $users)
{
$manager = $null
#get manager
$manager = (get-aduser (get-aduser $user.SamAccountName -Properties manager).manager).Name
#get all the groups this user is medpsmber of an paste this in Note section
$groups =Get-ADPrincipalGroupMembership $user.SamAccountName
Set-ADUser $user.samAccountName -Replace @{info=$groups.name -join “r
n”}
Set-ADUser $user.SamAccountName -Replace @{info = $groups.name -join ‘;’}
#remove department and Manager from user Add description and disable account
set-aduser $user.SamAccountName -clear manager, department
set-aduser $user.SamAccountName -Description $description
get-ADUser $user.SamAccountName | Disable-ADAccount
$description = “Disabled by Username.adm on " + $date +” Last workingday " + $lastworkdate + " Manager: "+ $manager
#add date to extension attribute nr15
Set-ADUser –Identity $user.SamAccountName -add @{‘extensionattribute15’=(Get-Date).ToString(“yyyy-MMM-dd”)}
$adgroups = Get-ADPrincipalGroupMembership -Identity $user.SamAccountName
foreach ($singlegroup in $adgroups)
{ # removing all groups except the domain user group pay attention a given group as also 1 samaccountname
if ($singlegroup.SamAccountName -notlike “Domain Users”)
if ($singlegroup.SamAccountName -notlike “Domain Users” -and $singlegroup.SamAccountName -notlike “syncedToAzure”)
{
Remove-ADPrincipalGroupMembership -Identity $user.SamAccountName -MemberOf $singlegroup.SamAccountName -confirm:$false
}
}
#move user to disabled
get-aduser $user.SamAccountName | move-adobject -targetpath $DisabledOU
$user = $null
}
[/pre]
the errors that I get are these
[pre]
Cannot validate argument on parameter ‘Identity’. The argument is null. Provide a valid value for the argument, and then try running the command again.
- CategoryInfo : InvalidData: ( [Get-ADUser], ParameterBindingValidationException
- FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.ActiveDirectory.Management.Commands.GetADUser
- PSComputerName : cfdc01.mydomain.com
The input object cannot be bound to any parameters for the command either because the command does not take pipeline input or the input and its properties do not match any of
the parameters that take pipeline input.
- CategoryInfo : InvalidArgument: (CN=Aaron …,DC=com:PSObject) [Disable-ADAccount], ParameterBindingException
- FullyQualifiedErrorId : InputObjectNotBound,Microsoft.ActiveDirectory.Management.Commands.DisableADAccount
- PSComputerName : cfdc01.mydomain.com
Multiple values were specified for an attribute that can have only one value
- CategoryInfo : NotSpecified: (user:ADUser) [Set-ADUser], ADException
- FullyQualifiedErrorId : ActiveDirectoryServer:8321,Microsoft.ActiveDirectory.Management.Commands.SetADUser
- PSComputerName : cfdc01.mydomain.com
The input object cannot be bound to any parameters for the command either because the command does not take pipeline input or the input and its properties do not match any of
the parameters that take pipeline input.
- CategoryInfo : InvalidArgument: (CN=Aaron …,DC=com:PSObject) [Move-ADObject], ParameterBindingException
- FullyQualifiedErrorId : InputObjectNotBound,Microsoft.ActiveDirectory.Management.Commands.MoveADObject
- PSComputerName : cfdc01.mydomain.com
[/pre]
Weird thing is that most of the script is executed correctly but the actual disabling account is not happening.
Paul