Problem running Get-ADUser with variable in ForEach loop

PowerShell Help
1

Hi All,

I have file full of userPrincipleName with a single value per line

user1@example.com
user2@example.com
etc…

When I try to add these users to a group I am getting an error. I have tested the commands with a single user successfully so I am confident in the syntax and this should work.

$group = "GroupName"
$updatedUserFile = "D:\user-file.txt"

# Loop through input file to update groups
ForEach ($user in ( Get-Content $updatedUserFile)) {

    # Remove any extra whitespace
    $user.trim()

    # Get AD user object based on FDU NetID and add object to group
    Get-ADUser -Filter {userPrincipalName -eq $user } | Add-ADPrincipalGroupMembership -MemberOf $group

}

user1@example.com
Add-ADPrincipalGroupMembership : Object reference not set to an instance of an object.
At C:\Util\updateMMLab-Authorized-Accounts.ps1:36 char:57
+ ... palName -eq $user } | Add-ADPrincipalGroupMembership -MemberOf $group
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Add-ADPrincipalGroupMembership], NullReferenceException
+ FullyQualifiedErrorId : ActiveDirectoryCmdlet:System.NullReferenceException,Microsoft.ActiveDirectory.Management.Commands.AddADPrincipalGroupMembership

I have tried casting $user to a string as well as assigning it to a variable before using it in the Get-ADUser -Filter commandlet. Neither worked. It seems that the Get-ADUser -Filter isn’t finding the user.

Thank you in advance,

-Chris

 

 

2

Basically, if your user query fails and the user is not found, you are passing a NULL value to Add-ADPrincipalGroupMembership, which is the error you are seeing. You should add a search and error handling to your script:

$group = "GroupName"
$updatedUserFile = "D:\user-file.txt"

# Loop through input file to update groups
ForEach ($user in ( Get-Content $updatedUserFile)) {

    # Remove any extra whitespace
    $user.trim()

    # Get AD user object based on FDU NetID and add object to group
    $adUser = Get-ADUser -Filter {userPrincipalName -eq $user }
    
    if ($user) { 
        try {
            Add-ADPrincipalGroupMembership -MemberOf $group -ErrorAction Stop
            'Successfully updated user {0} group membership for {1}' -f $user, $group
        }
        catch {
            'Failed updated user {0} group membership for {1}' -f $user, $group
        }
    }
    else {
        '{0} was not found in Active Directory' -f $user
    }

}
3

Hi Robert,

Thanks for the quick response. I will implement the error handling. While prepping a test file to use with your solution I noticed that my userPrincipleNames were padded with trailing white space. So to me that means that my trim() is not working. Have you had to solve this before?

-Chris