Problem with Invoke-Command

Hello,

I’m trying to write a script that will get admin users from all AD computers. Unfortunately it appears that get-localgroupmember is bugged out in server 2016/Windows 10 so I’ve been trying to use a workaround. Here is my code:

$computers = Get-ADComputer -filter * | Select Name

Invoke-Command -ScriptBlock {
    $global:admins = net localgroup administrators | Where-Object {$_ -and $_ -notmatch "command completed successfully"} | Select-Object -skip 4 | Out-String
    $global:table = New-Object PSObject -Property @{
        Computer = $env:COMPUTERNAME
        Admins = $global:admins
        }
} -ComputerName $computers

# Save it in XML

$table | Format-List | Export-Clixml $PSScriptRoot\admins.xml

If I remove the -ComputerName parameter it will run perfectly on the local machine but when trying to run it with the parameter I get the following error:

imgur link

We’ve tried moving it in front of the -scriptblock parameter with no luck, does anyone have any ideas?

Thanks!

EDIT That imgur link isn’t really working for me so here is what the error says:

Invoke-Command: One or more computer names are not valid. If you are trying to pass a URI, use the -ConnectionUri parameter, or pass URI objects instead of strings.
At Get_localAdminXML.ps1:11 char:1

Hi TH,

The problem here is that your $computers variable contains header information. When you call Get-Member on your $computers variable, it should still have it’s original type. You want an array of strings for the -computername parameter so when you populate that variable you want to either expand the property with

select -expandproperty name

or dot your property name

(Get-ADComputer -filter *).name

Both of these methods will remove the header information from your variable, which is the cause of your error.

Hey Monte,

Thank you for taking the time to reply…unfortunately I’m still getting the same error

Any other ideas? This has stumped everyone I know haha

I would start by running line by line and making sure you’re getting the desired output. Your computers variable should have a base type of array and an unrolled type of String when piped to get-member. Make sure that AD isn’t returning any computer names with odd characters. I’ve seen instances where a leading underscore can cause PowerShell to reject a computer name. You’re also going to run into a problem returning data from your invoke commands. As far as I know, scope doesn’t cross into or out of remote session unless you’re using the $using:modifier, which only works into a remote session. You’ll need to do a return or Write-Output on your $table variable (which shouldn’t need a global scope modifier) in order to return the data correctly.

Hey Monte, thank you again for the reply. The problem turned out to be that we have some Linux devices as well as other non-standard machines in the domain which were causing the problem. As we only really needed the info for Windows 10 machines the following worked:

Get-ADComputer -Filter ‘OperatingSystem -like “Windows 10*”’ -SearchBase “OU=XX,DC=XX,DC=XX,DC=XX”

replace XX with appropriate values for your company