Getting Error: Cannot Bind paramater 'Memberof'

starlord · October 16, 2018, 4:01pm

Hello, Please help. I’m new to Power shell and I’m having a hard time. I have been working on this same script for weeks. I thought I had it working, but now it can’t bind parameter MemberOf.

Import-Module ActiveDirectory
$users= Import-Csv -Path “C:\Output\DisableADUsers91718C.csv”

$DisabledDate = Get-Date
$LeaveDate = Get-Date -Format “dddd dd MMMM yyyy”
$DisabledBy = Get-ADUser “$env:username” -properties Mail
$DisabledByEmail = $DisabledBy.Mail
$LegalHoldUser = Get-ADuser -Filter * -SearchBase ‘ou=LegalHold,dc=xxx,dc=com’ -Properties * | Select-object -Expand SamAccountName

$TargetOU = “ou=Disabled Users,dc=xxx,dc=com”

foreach ($user in $users)
{
$SamAccountName = $User.SamAccountName

  Set-ADUser $User.SamAccountName -Description "Disabled by $($DisabledBy.name) on $DisabledDate per Ticket INC0065513"
  $ADgroups = Get-ADPrincipalGroupMembership -Identity $User.SamAccountName | where { ($_.Name -ne 'Domain Users') -and ($_.Name -ne 'DisabledUsers') }

  If ($LegalHoldUser -contains $User.SamAccountname)
{
  Remove-ADPrincipalGroupMembership -Identity $($User.SamAccountname) -MemberOf $ADgroups -Confirm:$false

  Add-ADGroupMember -Identity "DisabledUsers" -Members $User.SamAccountName

  Disable-ADAccount -Identity $($User.SamAccountname)
}
 else
{
  Remove-ADPrincipalGroupMembership -Identity $($User.SamAccountname) -MemberOf $ADgroups -Confirm:$false

  Add-ADGroupMember -Identity "DisabledUsers" -Members $User.SamAccountName

  Get-AdUser $SamAccountName | Move-ADObject -targetpath $TargetOU
 
  Disable-ADAccount -Identity $($User.SamAccountname)  
}

}

Here’s the error message:
Cannot bind parameter ‘MemberOf’. Cannot convert value “CN=Okta Concur,OU=Okta Security Groups,OU=Domain Groups,DC=xxx,DC=com” to type “Microsoft.ActiveDirectory.Management.ADGroup”. Error: “Cannot convert the “CN=Okta Concur,OU=Okta
Security Groups,OU=Domain Groups,DC=xxx,DC=com” value of type “Deserialized.Microsoft.ActiveDirectory.Management.ADGroup” to type “Microsoft.ActiveDirectory.Management.ADGroup”.”
+ CategoryInfo : InvalidArgument: ( [Remove-ADPrincipalGroupMembership], ParameterBindingException
+ FullyQualifiedErrorId : CannotConvertArgumentNoMessage,Microsoft.ActiveDirectory.Management.Commands.RemoveADPrincipalGroupMembership
+ PSComputerName : GGPDC01

Cannot bind parameter ‘MemberOf’. Cannot convert value “CN=REPORTS-SALES,OU=Applications,OU=Domain Groups,DC=mecca,DC=com” to type “Microsoft.ActiveDirectory.Management.ADGroup”. Error: “Cannot convert the
“CN=REPORTS-SALES,OU=Applications,OU=Domain Groups,DC=xxx,DC=com” value of type “Deserialized.Microsoft.ActiveDirectory.Management.ADGroup” to type “Microsoft.ActiveDirectory.Management.ADGroup”.”
+ CategoryInfo : InvalidArgument: ( [Remove-ADPrincipalGroupMembership], ParameterBindingException
+ FullyQualifiedErrorId : CannotConvertArgumentNoMessage,Microsoft.ActiveDirectory.Management.Commands.RemoveADPrincipalGroupMembership
+ PSComputerName : GGPDC01

The input object cannot be bound to any parameters for the command either because the command does not take pipeline input or the input and its properties do not match any of the parameters that take pipeline input.
+ CategoryInfo : InvalidArgument: (CN=Adam Abston,…DC=xxx,DC=com:PSObject) [Move-ADObject], ParameterBindingException
+ FullyQualifiedErrorId : InputObjectNotBound,Microsoft.ActiveDirectory.Management.Commands.MoveADObject
+ PSComputerName : GGPDC01

Cannot bind parameter ‘MemberOf’. Cannot convert value “CN=Okta Concur,OU=Okta Security Groups,OU=Domain Groups,DC=xxx,DC=com” to type “Microsoft.ActiveDirectory.Management.ADGroup”. Error: “Cannot convert the “CN=Okta Concur,OU=Okta
Security Groups,OU=Domain Groups,DC=xxx,DC=com” value of type “Deserialized.Microsoft.ActiveDirectory.Management.ADGroup” to type “Microsoft.ActiveDirectory.Management.ADGroup”.”
+ CategoryInfo : InvalidArgument: ( [Remove-ADPrincipalGroupMembership], ParameterBindingException
+ FullyQualifiedErrorId : CannotConvertArgumentNoMessage,Microsoft.ActiveDirectory.Management.Commands.RemoveADPrincipalGroupMembership
+ PSComputerName : GGPDC01

The input object cannot be bound to any parameters for the command either because the command does not take pipeline input or the input and its properties do not match any of the parameters that take pipeline input.
+ CategoryInfo : InvalidArgument: (CN=Adam Wright,…DC=xxx,DC=com:PSObject) [Move-ADObject], ParameterBindingException
+ FullyQualifiedErrorId : InputObjectNotBound,Microsoft.ActiveDirectory.Management.Commands.MoveADObject
+ PSComputerName : GGPDC01

shihanpietersz · October 16, 2018, 5:23pm

Hi Fred,

I have not tested your entire your code, but looking at your $ADGroups variable you might need to reference the objects. please see below

Remove-ADPrincipalGroupMembership -Identity $($User.SamAccountname) -MemberOf $ADgroups.SamAccountName

Regards

Shihan

rob-simmers · October 16, 2018, 7:03pm

Some of your logic needs some work. Take a look at the modified code below:

Import-Module ActiveDirectory
$users= Import-Csv -Path "C:\Output\DisableADUsers91718C.csv"

$DisabledDate = Get-Date
$LeaveDate = Get-Date -Format "dddd dd MMMM yyyy"
#You can use -ExpandProperty to expand a property into a string
$DisabledByEmail = Get-ADUser -Identity $env:username -Properties Mail | Select -ExpandProperty Mail
$TargetOU = "ou=Disabled Users,dc=xxx,dc=com"

foreach ($user in $users) {
    $SamAccountName = $User.SamAccountName
    #Get the user one time
    $adUser = Get-ADUser -Filter {SamAccountName -eq $SamAccountName}
    #-Filter will return nothing if a user is not found, so we need to see if the user was found
    if ( $adUser ) {
        
        try {
            #Now you have a user, you can use the pipeline to pass that Identity to all of the commands
            #You also want a try around the process to capture errors
            $adUser | 
            Set-ADUser -Description ('Disabled by {0} on {1} per Ticket {2}' -f $DisabledByEmail,$DisabledDate, $Ticket) -PassThru -ErrorAction Stop |
            Remove-ADPrincipalGroupMembership -MemberOf $ADgroups -Confirm:$false -PassThru -ErrorAction Stop |
            Add-ADPrincipalGroupMembership -MemberOf 'DisabledUsers' -PassThru -ErrorAction Stop
            Disable-ADAccount -ErrorAction Stop
        }
        catch {
            'Failed to update user {0}. {1}' -f $user, $_
        }

        if ($adUser.DistinguishedName -notlike '*LegalHold,dc=xxx,dc=com') {
             try {
                $adUser | Move-ADObject -Targetpath $TargetOU
             }
             catch {
                'Failed to move user {0}. {1}' -f $user, $_
             }
        }
    }
    else {
        "User {0} does not exist" -f $user
    }
}

The code isn’t fully tested, but it should be close and hopefully you can follow the logic.

starlord · October 16, 2018, 8:51pm

Hi Shihan,

Thx for your help. I made the change and the script almost works 100%. The only part not working now is the Get-AdUser $User.SamAccountName | Move-ADObject -targetpath $TargetOU. I’m getting error:

The input object cannot be bound to any parameters for the command either because the command does not take pipeline input or the input and its properties do not match any of the parameters that take pipeline input.
+ CategoryInfo : InvalidArgument: (CN=Adam Abston,…DC=xxx,DC=com:PSObject) [Move-ADObject], ParameterBindingException
+ FullyQualifiedErrorId : InputObjectNotBound,Microsoft.ActiveDirectory.Management.Commands.MoveADObject
+ PSComputerName : GGPDC01

The input object cannot be bound to any parameters for the command either because the command does not take pipeline input or the input and its properties do not match any of the parameters that take pipeline input.
+ CategoryInfo : InvalidArgument: (CN=Adam Wright,…DC=xxx,DC=com:PSObject) [Move-ADObject], ParameterBindingException
+ FullyQualifiedErrorId : InputObjectNotBound,Microsoft.ActiveDirectory.Management.Commands.MoveADObject
+ PSComputerName : GGPDC01

starlord · October 16, 2018, 10:19pm

Hi Rob,

Thx for your help. I copied the script to powershell, but there were breaks after Target OU and breaks after $SamAccountName = $User.SamAccountName.

Topic		Replies	Views
Trouble with [Microsoft.ActiveDirectory.Management.ADGroup] in a parameter. PowerShell Help	1	188	November 3, 2015
Can't Get Get-AdPrincipalGroupMembership -Identity cmdlet to work PowerShell Help	6	235	October 18, 2018
Losing brain cells over script - members is null? PowerShell Help	1	174	June 7, 2023
Error trying to parse AD groups into individual members PowerShell Help	7	198	September 20, 2019
Please Help: Can't Get Move-ADObject to work PowerShell Help	7	198	October 18, 2018

Getting Error: Cannot Bind paramater 'Memberof'

Related Topics