Writing to Event Log with PowerShell - System.Object[ ] conversion error

Hi,

I’m trying to write a script that will write an event to the application log when a script is run that finds an account for which delegation has been configured. The code I’ve been trying to get working is this:

$result=Get-ADGroupMember -Identity “Domain Admins” | ForEach-Object {Get-ADUser -Identity $_ -Properties AccountNotDelegated | Where-Object {$_.AccountNotDelegated -eq $false} | Format-Table DistinguishedName,AccountNotDelegated -AutoSize}

If ($result -ne $null) {
Write-EventLog -Logname Application -Source “My Test” -EntryType Warning -EventID 1 -Message $result}

When I run this, I get the error:

“Write-EventLog : Cannot convert ‘System.Object’ to the type ‘System.String’ required by parameter ‘Message’.
Specified method is not supported.”

Does anyone know how I might change this so I can get the output I’m after, without having to first write the data to a text file on the file system? All I’m trying to do is get a list of high level accounts that have delegation configured and log an event on it which the monitoring system can then pick up and alert on.

Thanks

The Format-Table and similar commands output a bunch of objects which are meant to be processed by the Out-* commands. You can’t assign them directly to another command that expects a string, but you can pipe Format-Table to Out-String first:

$result = Get-ADGroupMember -Identity "Domain Admins" |
          ForEach-Object {
              Get-ADUser -Identity $_ -Properties AccountNotDelegated |
              Where-Object {$_.AccountNotDelegated -eq $false}
          } |
          Format-Table DistinguishedName,AccountNotDelegated -AutoSize |
          Out-String

For readability, I’ve split some of your code across multiple lines, and I’ve moved the pipe to Format-Table to be outside of your ForEach-Object loop (which was likely your intention; otherwise you’d end up with a separate table for every user.)

Incidentally, try this and see if it works. Simplifies your code a bit, and it would be faster besides :slight_smile:

$result = Get-ADGroupMember -Identity "Domain Admins" |
          Get-ADUser -Properties AccountNotDelegated -Filter { AccountNotDeleted -eq $false } |
          Format-Table DistinguishedName,AccountNotDelegated -AutoSize |
          Out-String

Thanks Dave Wyatt, much appreciated :slight_smile: