Search code examples
powershellloggingactive-directorywindows-server-2012

My Powershell Script Does Not Write Output to Logfile

My Powershell script works well enough for what I want to achieve. It polls the entered in name and places that user's groups in an array. That array loops until it deletes all listed groups. Domain Users is the only group left, but that is polled by "Get-ADPrincipalGroupMembership," not "Get-ADUser." "Domain Users" is the group the user's email ties into. Once all groups are removed from their account, they are permanently disabled, but they can still access their email for paystub information until we delete their account entirely.

That said, I'm unable to write the script's group removal output to a logfile. Ideally, this will be a .log file, but a .csv file fails as well. What am I missing? The script successfully runs without error, but nothing writes to the log file of my choice.

Here is my script:

#Requires -Module ActiveDirectory
Import-Module ActiveDirectory

function Disable-ADUser{
    $msg = 'Do you want to remove a user from all Security groups? [Y/N]'

    do { 
        $response = Read-Host -Prompt $msg

        if ($response -eq 'y') { # Beginning of if statment

            #Asks user via a text prompt to ender the firstname and lastname of the end user to remove
            $firstName = Read-Host "Please provide the First name of the User"
            $lastName = Read-Host "Please provide the Last name of the User"

            #The uesr's samaccoutname is found by searching exactly for the user's first name and lastname given in the above prompts
            $samName = Get-ADUser -Filter "GivenName -eq '$firstName' -and Surname -eq '$lastName'"| Select-Object -ExpandProperty 'SamAccountName' 

            #All of the user's groups are queried based on their sam name
            $listGroups = Get-ADUser -Identity $samName -Properties MemberOf | Select-Object -ExpandProperty MemberOf

            #All of the user's groups are placed in an array
            [System.Collections.ArrayList]$groupsArray = @($listGroups)

            #Every group in the groupsArray is cycled through
                foreach ($group in $groupsArray) {

                    #A text output is displayed before the user is removed from each group listed in the above array
                    #Once all groups have been cycled through, the for loop stops looping

                    Start-Transcript -Path Y:\Scripts\remove_user_groups.log
                    Write-Host "Removing $samName " -f green -NoNewline; Write-Host  "from $group" -f red 
                    Remove-ADGroupMember -Identity $group -Members $samName
                    Stop-Transcript
                    }
        } # End of if statement


    } until ($response -eq 'n')
}

Disable-ADUser
Solution

  • Here is the solution that worked.

    Write-Host "Removing $samName " -f green -NoNewline
Write-Host  "from $group" -f red 
$OutputLine="Removing $samName from $group"
                    
Out-File -FilePath Y:\Scripts\remove_user_groups.log -InputObject $OutputLine -Append
Remove-ADGroupMember -Identity $group -Members $samName