Search code examples
powershellactive-directoryexchange-serverdistribution-list

PS Get/Set-ADGroup issues accepting variable/object input

I'm creating Distribution Lists, and trying to populate the AD Description field. Set-ADGroup appears to be the correct cmdlet for this task, however I'm having trouble using it inside a simple script, or using a variable to pass along the required parameters or objects.

This works:

Get-ADGroup -Identity "CN=My Group Name,OU=Distribution,OU=Groups,DC=subdomain,DC=domain,DC=tld"

But this doesn't:

$GroupDn = Get-Group -Identity "My Group Name" | Select-Object DistinguishedName
Get-ADGroup -Identity $GroupDn

And fails with this error:

get-adgroup : Cannot find an object with identity: '$GroupDn' under: 'DC=subdomain,DC=domain,DC=tld'. At line:1 char:1 + get-adgroup -Identity '$GroupDn' + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : ObjectNotFound: ($GroupDn:ADGroup) [Get-ADGroup], ADIdentityNotFoundException + FullyQualifiedErrorId : ActiveDirectoryCmdlet:Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException,Microsoft.ActiveDirectory.Management.Commands.GetADGroup

$GroupDn is storing this object:

PS D:\Scripts> $groupdn

DistinguishedName
-----------------
CN=My Group Name,OU=Distribution,OU=Groups,DC=subdomain,DC=domain,DC=tld

I assumed this is because Get-ADGroup is expecting string input, but I also know this is Powershell and objects and all that is the magic, the secret sauce, but my roux appears to be lumpy and I'm missing some key point.

So, is string input what I should be handling here? If so, what's the right way to get that DN into a string?

Or what part of the object secret sauce am I missing?

Solution

  • As requested.

    The problem with your code is that it gets the distinghuished name as PSCustomObject with a property called 'DistinghuishedName', where you really want to get this property as String.

    If you change that to (using Exchange Get-Group):

    $GroupDn = Get-Group -Identity "My Group Name" | Select-Object -ExpandProperty DistinguishedName

    or (using ActiveDirectory Get-ADGroup):

    $GroupDn = Get-ADGroup -Identity "My Group Name" | Select-Object -ExpandProperty DistinguishedName

    The variable $GroupDn will then contain just the DistinghuishedName of the group as string that can be used as -Identity parameter for other AD commands.

    Get-ADGroup can also be used in another type of syntax, namely by passing an object through the pipeline. This object needs to have at least one of these properties: DistinguishedName, GUID, SID or SamAccountName.

    $GroupObject = Get-Group -Identity "My Group Name"
$GroupObject | Get-ADGroup

    Using this syntax, you do not need to set the Identity parameter.