I am trying to run the below code to search for inactive user accounts in an OU. It seems like the type of variable I'm using may not be able to used with parameters. Does that seem correct and if so what type of variable should I be using?
$scope = "-UsersOnly"
$accounts = Search-ADAccount -SearchBase "OU=Users,OU=testLab02,DC=test,DC=local" -AccountInactive -TimeSpan ([timespan]7D) $scope
foreach($account in $accounts){
If ($noDisable -notcontains $account.Name) {
Write-Host $account
#Disable-ADAccount -Identity $account.DistinguishedName -Verbose $whatIf | Export-Csv $logFile
}
}
I receive the below error:
Search-ADAccount : A positional parameter cannot be found that accepts argument '-UsersOnly'. At C:\Users\Administrator\Documents\Disable-ADAccounts.ps1:63 char:21 + ... $accounts = Search-ADAccount -SearchBase $OU.DistinguishedName -Accou ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidArgument: (:) [Search-ADAccount], ParameterBindingException + FullyQualifiedErrorId : PositionalParameterNotFound,Microsoft.ActiveDirectory.Management.Commands.SearchADAccount
However, if I run the command manually without variables it works as expected:
Search-ADAccount -SearchBase "OU=Users,OU=testLab02,DC=test,DC=local" -AccountInactive -TimeSpan ([timespan]7D) -UsersOnly
$scope = "-UsersOnly"
You can't pass a (switch) parameter stored in a variable that way - it'll invariably be treated as a (positional) argument, which explains the error you saw; with directly passed arguments, only unquoted, literal tokens such as -UsersOnly
are recognized as parameter names.
You can use splatting
to pass parameters via variables, which in your case means:
# Define a hash table of parameter values.
# This hash table encodes switch parameter -UsersOnly
$scope = @{ UsersOnly = $true } # [switch] parameters are represented as Booleans
# Note the use of sigil @ instead of $ to achieve splatting
Search-ADAccount @scope -SearchBase "OU=Users,OU=testLab02,DC=test,DC=local" -AccountInactive -TimeSpan ([timespan]7D)
$scope
is defined as a hash table
(@{ ... }
) whose entries represent parameter name-value pairs.
-UsersOnly
(the entry key must be defined without the -
sigil) ...$true
, which for a [switch]
(flag) parameter is equivalent to passing the parameter; $false
is typically[1] equivalent to omitting it.To pass the parameter values represented by hashtable $scope
to a command via splatting
, sigil @
instead of $
must be used, i.e, @scope
in this case.
[1] A command can technically distinguish between a switch being omitted and it being passed with value $false
, and on occasion that results in different behavior, notably with the common -Confirm
parameter, where -Confirm:$false
overrides the $ConfirmPreference
preference variable.