foreach loop gives error CategoryInfo : InvalidData: (:) [Get-ADUser], ParameterBindingValidationException

Question

I am trying to run a cmdlet on each element of a list. but i am getting the error ObjectNotFound: (*@{samAccountName=my_ad_username}*:ADUser) [Get-ADUser], ADIdentityNotFoundException for each element of my list.

Bellow is cmdlet

$users = Get-ADUser -Filter "*" -SearchBase "OU=Europe,DC=myDC,DC=com" | select samAccountName

$fr_all_grp_assigned_to_different_users = Foreach ($user in $users){ 
        #Get-AdUser $user
    } 

Result

> Get-ADUser : Cannot validate argument on parameter 'Identity'. The
> Identity property on the argument is null or empty. At line:6 char:20
> +         Get-aduser $user
> +                    ~~~~~
>     + CategoryInfo          : InvalidData: (:) [Get-ADUser], ParameterBindingValidationException
>     + FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.ActiveDirectory.Management.Commands.GetADUser
> Get-ADUser : Cannot validate argument on parameter 'Identity'. The
> Identity property on the argument is null or empty. At line:6 char:20
> +         Get-aduser $user

Line 6 refers to #Get-AdUser $user

Can anyone help ?

Answer 1

Inside of your loop, you need to provide the SamAccountName value to the -Identity parameter of Get-ADUser .

Get-ADUser -Identity $user.SamAccountName

---

Explanation:

You can execute Get-ADUser by providing values manually to parameters or piping objects into the command and let advanced parameter assignment dynamically map values to parameters. Some parameters are positional in that you don't need to specify the parameter name when running the command with a value(s). These features/concepts exists across most PowerShell commands.

In the case of Get-ADUser Value , Value is automatically mapped to parameter -Identity . -Identity expects one of the following values:

• A distinguished name
• A GUID (objectGUID)
• A security identifier (objectSid)
• A SAM account name (sAMAccountName)

Get-ADUser has a convenient feature where if you pass it a Microsoft.ActiveDirectory.Management.ADUser object type (returned from a directory server) through a pipe or to the -Identity parameter, it will automatically perform a search based on the provided values. If you provide it any other object type, it will not automatically select property values to pass to -Identity . Piping to Select SamAccountName returns a PSCustomObject rather than an ADUser object and then you lose your convenience.

Once you are dealing with objects that are not ADUser , you must provide -Identity with the actual value you want to query. In your case, that leaves you with two options.

Option 1: Select only SamAccountName values in your initial query

With this option, you can make use of the -ExpandProperty or -Expand parameter of Select-Object to return only the values of the target property.

$users = Get-ADUser -Filter * -SearchBase "OU=Europe,DC=myDC,DC=com" |
    Select-Object -ExpandProperty SamAccountName
$fr_all_grp_assigned_to_different_users = Foreach ($user in $users) {
    Get-ADUser $user
}

Option 2: Use Member Access operator ( . ) to directly access the SamAccountName value

With this option you can use the syntax object.Property to retrieve the Property value.

# Using the singular object.Property ($user.SamAccountName)
$users = Get-ADUser -Filter * -SearchBase "OU=Europe,DC=myDC,DC=com" |
    Select-Object SamAccountName
$fr_all_grp_assigned_to_different_users = Foreach ($user in $users) {
    Get-ADUser $user.SamAccountName
}

Starting with PowerShell v3, you can use the same syntax on a collection to return a collection of values ( collection.Property ).

# Using collection.Property ($users.SamAccountName)
# $user contains only a SamAccountName value here
$users = Get-ADUser -Filter * -SearchBase "OU=Europe,DC=myDC,DC=com" |
    Select-Object -ExpandProperty SamAccountName
$fr_all_grp_assigned_to_different_users = Foreach ($user in $users.SamAccountName) {
    Get-ADUser $user
}