I'm trying to compile a list of groups that have access to a set of computers/servers in our organization, with regards to MSDN license reporting.. :-/
basing my work out of the Hey Scripting Guy's blog post on Local Group Membership: http://blogs.technet.com/b/heyscriptingguy/archive/2013/10/27/the-admin-s-first-steps-local-group-membership.aspx
However, i need to validate the members in more than one group on each server. And here comes the awkward stuff, that I can't remember seeing before: when adding additional parameters to the parameters section of the function, it's unable to get any of the group members.
function Test-LocalSecurityGroups {
[CmdletBinding()]
param(
[parameter(
ValueFromPipeline=$true,
ValueFromPipelineByPropertyName=$true)]
[string[]]$ComputerName = $env:COMPUTERNAME,
[parameter(
ValueFromPipelineByPropertyName=$true)]
[string[]]$Group
)
BEGIN {
Add-Type -AssemblyName System.DirectoryServices.AccountManagement
$ctype = [System.DirectoryServices.AccountManagement.ContextType]::Machine
}
PROCESS{
foreach ($Computer in $ComputerName) {
Write-Verbose "Connecting to $Computer"
$context = New-Object -TypeName System.DirectoryServices.AccountManagement.PrincipalContext -ArgumentList $ctype, $Computer
$idtype = [System.DirectoryServices.AccountManagement.IdentityType]::SamAccountName
$group = [System.DirectoryServices.AccountManagement.GroupPrincipal]::FindByIdentity($context, $idtype, 'Administrators')
$group.Members | select @{N='Server'; E={$computer}}, @{N='Group Name'; E={$group.Name}}, @{N='Domain'; E={$_.Context.Name}}, samaccountName
} # end foreach
} # end PROCESS
}
Here is some examples of usage that does not work (no result returned at all.):
PS D:\> Test-LocalSecurityGroups -ComputerName $env:COMPUTERNAME -Group "Administrator"
PS D:\>
PS D:\> $env:COMPUTERNAME, "Computer1" | Test-LocalSecurityGroups
PS D:\>
PS D:\> $env:COMPUTERNAME, "Computer1" | Test-LocalSecurityGroups -Group "Administrators"
PS D:\>
However, that's even without doing ANYTHING with the Group variable. If i comment out this part:
[parameter(
ValueFromPipelineByPropertyName=$true)]
[string[]]$Group
)
It works fine.. So, can anyone explain to me, why this is happening? I have a larger framework around the whole function aswell, but i get the same issue when it's isolated, so my conclusion is that it's either me forgetting something viable about powershell or there's something wired going on..
There is no errors, the list of users is just empty. I get the same issue while running it from within PowerShell ISE aswell as directly loading it in the shell directly (both dot-sourcing and pasting the function into the shell.
The alternative is doing it with two seperate functions and THEN comparing the results in a third function. But that's really not a good solution, now is it? :-p DRY FTW!
