Lines work at CL, but not in script file

kkoop · April 28, 2025, 4:42pm

I’m pulling a group membership list from an AD account into the variable $groups, and I get a list of SIDs. When I get an individual SID from $groups into a variable $Lgroup, it includes other information and looks like this:

@{SID=S-1-5-21-1771855492-4138186766-173940457-513}

In an attempt to get just the SID into $group I can manually put the above value into $LGroup and use this “Pattern”:

$pattern = '(?<=\=).+?(?=\})'

Then run this line:

$group = [regex]::Match($Lgroup, $pattern).value

the result is $group contains just the SID as I would expect:

S-1-5-21-1771855492-4138186766-173940457-513

However, if I try to do this same thing on each item in $groups through a ForEach loop within a script, I get an error. Here’s my code:

	$SrcUser = "WilsoFC"
	$TgtUser = "SkeltRD"
$Groups=(get-adprincipalgroupmembership $SrcUser | select SID)
 
 $pattern = '(?<=\=).+?(?=\})'
 foreach ($Lgroup in $groups) {
	Write-Host "  Checking $Lgroup "
		$group = [regex]::Match($Lgroup, $pattern).value
	Write-Host "  Truncated is $group"
 }

The error is

 Cannot find an overload for "Match" and the argument count: "2".
 At C:\utils\GroupTest.ps1:26 char:4
 +             $group = [regex]::Matches($Lgroup, $pattern).value
 +             ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     + CategoryInfo          : NotSpecified: (:) [], MethodException
     + FullyQualifiedErrorId : MethodCountCouldNotFindBest

Line 26 is:
$group = [regex]::Match($Lgroup, $pattern).value

Again, I can enter this line at the PS prompt and I get the proper SID into $group without error.

I’m confused.

Can someone un-confuse me?

—K

Olaf · April 28, 2025, 5:12pm

You are overcomplicating this … a lot …

There is no need for the string acrobatics with regex to extract the properties of PowerShell objects.

If you want ONLY a list of SIDs in return of your query you can get this by using -ExpandProperty instead of the implicit -Property.

$Groups = 
    Get-ADPrincipalGroupMembership -Identity $SrcUser | 
        Select-Object -ExpandProperty SID
$Groups

If you want to keep the objects for later use you could “extract” the SIDs where you need it later on with the so called dot notation.

$Groups = 
    Get-ADPrincipalGroupMembership -Identity $SrcUser
$Groups.SID

kkoop · April 28, 2025, 5:30pm

Overcomplicating… yes, it would seem.

Thanks, Olaf. I will re-write per your recommendation and see if I
can make it work.

Much appreciated

—K

kkoop · April 28, 2025, 6:07pm

Thank you, Olaf. Your suggestion sent me right where I needed to be, and with simplicity as well. Here’s what I ended up with, which will go into my final script with minor tweaks:

	$SrcUser = "PeterBT"
	$TgtUser = "SkeltRD"
	$Groups=(get-adprincipalgroupmembership -identity $SrcUser | select-object -ExpandProperty SID)
  
foreach ($group in $groups) {
	$GName = get-adgroup "$group" | select -ExpandProperty name
	Write-Host "  Reading $GName... "
	$GMembers = Get-ADGroupMember -Identity $group | Select -ExpandProperty SamAccountName
	
	if ($GMembers -contains $TgtUser) {
		Write-Host "    Skip $GName, Already a member"
	} Else {
		Write-Host "    Add Target User to $GName"
	}
 }

I have a better understanding of how to get specific pieces of information from the usual commands thanks to your clarification.

Much obliged

—K

Olaf · April 28, 2025, 7:27pm

You’re still overcomplicating this. That’s not how we use PowerShell.

This should be enough though:

$SrcUser = 'PeterBT'
$TgtUser = 'SkeltRD'

$ReferenceUserGroups = 
    Get-ADPrincipalGroupMembership -Identity $SrcUser
$DifferenceUserGroups = 
    Get-ADPrincipalGroupMembership -Identity $TgtUser
$CompareObjectSplat = @{
    ReferenceObject  = $ReferenceUserGroups 
    DifferenceObject = $DifferenceUserGroups 
    Property         = 'SamAccountName'
    IncludeEqual     = $true
}
$ComparisonResult = 
    Compare-Object @CompareObjectSplat

$ComparisonResult  # <-- that's just outputted for a visual reference of the comparison ... it's not needed.

$TargetGroups = 
    $ComparisonResult |
        Where-Object -Property 'SideIndicator' -EQ -Value '<='

Add-ADPrincipalGroupMembership -Identity $TgtUser -MemberOf $TargetGroups

Of course you could use the output for further steps or you could export it in a structured way.

kkoop · April 29, 2025, 2:41pm

Thanks, again, Olaf. As you might suspect, I am fairly new to PS and have no formal training in programming.

I appreciate your clarification and am learning from it. Just getting splatting into my ‘vocabulary’ .

One thing, about ‘not how we use PowerShell’; do you mean to do what I’m doing with this script/process? Or just my over-complicated style?

—K

Topic		Replies	Views
PS loop not finding string in array? PowerShell Help	6	155	May 16, 2024
PowerShell not matching strings PowerShell Help	6	62	March 1, 2025
mashing scripts PowerShell Help	9	100	May 16, 2024
$matches.groups.value of specified length PowerShell Help	8	285	May 16, 2024
Query AD using SID PowerShell Help	3	225	May 16, 2024

Lines work at CL, but not in script file

Related topics