1

I am using a PowerShell Function I have found online that works great. When incorporating into my script that uses it against Windows Servers in a given domain, I export the output to a .csv. It actually does work, however throughout the whole time the script is running I get errors about "InputObject" I just would like to clean that up, but Im not seeing where the issue is. Any help is appreciated. Below are the Function im using, then my script that uses the function, then the error I get.

The Function

Function Get-LocalGroupMembership {
    <#
        .SYNOPSIS
            Recursively list all members of a specified Local group.

        .DESCRIPTION
            Recursively list all members of a specified Local group. This can be run against a local or
            remote system or systems. Recursion is unlimited unless specified by the -Depth parameter.

            Alias: glgm

        .PARAMETER Computername
            Local or remote computer/s to perform the query against.
            
            Default value is the local system.

        .PARAMETER Group
            Name of the group to query on a system for all members.
            
            Default value is 'Administrators'

        .PARAMETER Depth
            Limit the recursive depth of a query. 
            
            Default value is 2147483647.

        .PARAMETER Throttle
            Number of concurrently running jobs to run at a time

            Default value is 10

        
    #>
    [cmdletbinding()]
    Param (
        [parameter(ValueFromPipeline=$True,ValueFromPipelineByPropertyName=$True)]
        [Alias('CN','__Server','Computer','IPAddress')]
        [string[]]$Computername = $env:COMPUTERNAME,
        [parameter()]
        [string]$Group = "Administrators",
        [parameter()]
        [int]$Depth = ([int]::MaxValue),
        [parameter()]
        [Alias("MaxJobs")]
        [int]$Throttle = 10
    )
    Begin {
        $PSBoundParameters.GetEnumerator() | ForEach {
            Write-Verbose $_
        }
        #region Extra Configurations
        Write-Verbose ("Depth: {0}" -f $Depth)
        #endregion Extra Configurations
        #Define hash table for Get-RunspaceData function
        $runspacehash = @{}
        #Function to perform runspace job cleanup
        Function Get-RunspaceData {
            [cmdletbinding()]
            param(
                [switch]$Wait
            )
            Do {
                $more = $false         
                Foreach($runspace in $runspaces) {
                    If ($runspace.Runspace.isCompleted) {
                        $runspace.powershell.EndInvoke($runspace.Runspace)
                        $runspace.powershell.dispose()
                        $runspace.Runspace = $null
                        $runspace.powershell = $null                 
                    } ElseIf ($runspace.Runspace -ne $null) {
                        $more = $true
                    }
                }
                If ($more -AND $PSBoundParameters['Wait']) {
                    Start-Sleep -Milliseconds 100
                }   
                #Clean out unused runspace jobs
                $temphash = $runspaces.clone()
                $temphash | Where {
                    $_.runspace -eq $Null
                } | ForEach {
                    Write-Verbose ("Removing {0}" -f $_.computer)
                    $Runspaces.remove($_)
                }             
            } while ($more -AND $PSBoundParameters['Wait'])
        }

        #region ScriptBlock
            $scriptBlock = {
            Param ($Computer,$Group,$Depth,$NetBIOSDomain,$ObjNT,$Translate)            
            $Script:Depth = $Depth
            $Script:ObjNT = $ObjNT
            $Script:Translate = $Translate
            $Script:NetBIOSDomain = $NetBIOSDomain
            Function Get-LocalGroupMember {
                [cmdletbinding()]
                Param (
                    [parameter()]
                    [System.DirectoryServices.DirectoryEntry]$LocalGroup
                )
                # Invoke the Members method and convert to an array of member objects.
                $Members= @($LocalGroup.psbase.Invoke("Members"))
                $Counter++
                ForEach ($Member In $Members) {                
                    Try {
                        $Name = $Member.GetType().InvokeMember("Name", 'GetProperty', $Null, $Member, $Null)
                        $Path = $Member.GetType().InvokeMember("ADsPath", 'GetProperty', $Null, $Member, $Null)
                        # Check if this member is a group.
                        $isGroup = ($Member.GetType().InvokeMember("Class", 'GetProperty', $Null, $Member, $Null) -eq "group")
                        If (($Path -like "*/$Computer/*")) {
                            $Type = 'Local'
                        } Else {$Type = 'Domain'}
                        New-Object PSObject -Property @{
                            Computername = $Computer
                            Name = $Name
                            Type = $Type
                            ParentGroup = $LocalGroup.Name[0]
                            isGroup = $isGroup
                            Depth = $Counter
                        }
                        If ($isGroup) {
                            # Check if this group is local or domain.
                            #$host.ui.WriteVerboseLine("(RS)Checking if Counter: {0} is less than Depth: {1}" -f $Counter, $Depth)
                            If ($Counter -lt $Depth) {
                                If ($Type -eq 'Local') {
                                    If ($Groups[$Name] -notcontains 'Local') {
                                        $host.ui.WriteVerboseLine(("{0}: Getting local group members" -f $Name))
                                        $Groups[$Name] += ,'Local'
                                        # Enumerate members of local group.
                                        Get-LocalGroupMember $Member
                                    }
                                } Else {
                                    If ($Groups[$Name] -notcontains 'Domain') {
                                        $host.ui.WriteVerboseLine(("{0}: Getting domain group members" -f $Name))
                                        $Groups[$Name] += ,'Domain'
                                        # Enumerate members of domain group.
                                        Get-DomainGroupMember $Member $Name $True
                                    }
                                }
                            }
                        }
                    } Catch {
                        $host.ui.WriteWarningLine(("GLGM{0}" -f $_.Exception.Message))
                    }
                }
            }

            Function Get-DomainGroupMember {
                [cmdletbinding()]
                Param (
                    [parameter()]
                    $DomainGroup, 
                    [parameter()]
                    [string]$NTName, 
                    [parameter()]
                    [string]$blnNT
                )
                Try {
                    If ($blnNT -eq $True) {
                        # Convert NetBIOS domain name of group to Distinguished Name.
                        $objNT.InvokeMember("Set", "InvokeMethod", $Null, $Translate, (3, ("{0}{1}" -f $NetBIOSDomain.Trim(),$NTName)))
                        $DN = $objNT.InvokeMember("Get", "InvokeMethod", $Null, $Translate, 1)
                        $ADGroup = [ADSI]"LDAP://$DN"
                    } Else {
                        $DN = $DomainGroup.distinguishedName
                        $ADGroup = $DomainGroup
                    }         
                    $Counter++   
                    ForEach ($MemberDN In $ADGroup.Member) {
                        $MemberGroup = [ADSI]("LDAP://{0}" -f ($MemberDN -replace '/','\/'))
                        New-Object PSObject -Property @{
                            Computername = $Computer
                            Name = $MemberGroup.SamAccountName[0]
                            Type = 'Domain'
                            ParentGroup = $NTName
                            isGroup = ($MemberGroup.Class -eq "group")
                            Depth = $Counter
                        }
                        # Check if this member is a group.
                        If ($MemberGroup.Class -eq "group") {              
                            If ($Counter -lt $Depth) {
                                If ($Groups[$MemberGroup.name[0]] -notcontains 'Domain') {
                                    Write-Verbose ("{0}: Getting domain group members" -f $MemberGroup.name[0])
                                    $Groups[$MemberGroup.name[0]] += ,'Domain'
                                    # Enumerate members of domain group.
                                    Get-DomainGroupMember $MemberGroup $MemberGroup.Name[0] $False
                                }                                                
                            }
                        }
                    }
                } Catch {
                    $host.ui.WriteWarningLine(("GDGM{0}" -f $_.Exception.Message))
                }
            }
            #region Get Local Group Members
            $Script:Groups = @{}
            $Script:Counter=0
            # Bind to the group object with the WinNT provider.
            $ADSIGroup = [ADSI]"WinNT://$Computer/$Group,group"
            Write-Verbose ("Checking {0} membership for {1}" -f $Group,$Computer)
            $Groups[$Group] += ,'Local'
            Get-LocalGroupMember -LocalGroup $ADSIGroup
            #endregion Get Local Group Members
        }
        #endregion ScriptBlock
        Write-Verbose ("Checking to see if connected to a domain")
        Try {
            $Domain = [System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()
            $Root = $Domain.GetDirectoryEntry()
            $Base = ($Root.distinguishedName)

            # Use the NameTranslate object.
            $Script:Translate = New-Object -comObject "NameTranslate"
            $Script:objNT = $Translate.GetType()

            # Initialize NameTranslate by locating the Global Catalog.
            $objNT.InvokeMember("Init", "InvokeMethod", $Null, $Translate, (3, $Null))

            # Retrieve NetBIOS name of the current domain.
            $objNT.InvokeMember("Set", "InvokeMethod", $Null, $Translate, (1, "$Base"))
            [string]$Script:NetBIOSDomain =$objNT.InvokeMember("Get", "InvokeMethod", $Null, $Translate, 3)  
        } Catch {Write-Warning ("{0}" -f $_.Exception.Message)}         
        
        #region Runspace Creation
        Write-Verbose ("Creating runspace pool and session states")
        $sessionstate = [system.management.automation.runspaces.initialsessionstate]::CreateDefault()
        $runspacepool = [runspacefactory]::CreateRunspacePool(1, $Throttle, $sessionstate, $Host)
        $runspacepool.Open()  
        
        Write-Verbose ("Creating empty collection to hold runspace jobs")
        $Script:runspaces = New-Object System.Collections.ArrayList        
        #endregion Runspace Creation
    }

    Process {
        ForEach ($Computer in $Computername) {
            #Create the powershell instance and supply the scriptblock with the other parameters 
            $powershell = [powershell]::Create().AddScript($scriptBlock).AddArgument($computer).AddArgument($Group).AddArgument($Depth).AddArgument($NetBIOSDomain).AddArgument($ObjNT).AddArgument($Translate)
           
            #Add the runspace into the powershell instance
            $powershell.RunspacePool = $runspacepool
           
            #Create a temporary collection for each runspace
            $temp = "" | Select-Object PowerShell,Runspace,Computer
            $Temp.Computer = $Computer
            $temp.PowerShell = $powershell
           
            #Save the handle output when calling BeginInvoke() that will be used later to end the runspace
            $temp.Runspace = $powershell.BeginInvoke()
            Write-Verbose ("Adding {0} collection" -f $temp.Computer)
            $runspaces.Add($temp) | Out-Null
           
            Write-Verbose ("Checking status of runspace jobs")
            Get-RunspaceData @runspacehash   
        }
    }
    End {
        Write-Verbose ("Finish processing the remaining runspace jobs: {0}" -f (@(($runspaces | Where {$_.Runspace -ne $Null}).Count)))
        $runspacehash.Wait = $true
        Get-RunspaceData @runspacehash
    
        #region Cleanup Runspace
        Write-Verbose ("Closing the runspace pool")
        $runspacepool.close()  
        $runspacepool.Dispose() 
        #endregion Cleanup Runspace    
    }
}

Set-Alias -Name glgm -Value Get-LocalGroupMembership

My Script

$Servers = Get-ADComputer `
    -searchbase ‘OU=RDS Servers,OU=Production,OU=Servers,DC=xxx,DC=xxxx,DC=xxx’ `
    -properties OperatingSystem -Filter * | `
    Where-Object {$_.operatingsystem -Like "*Windows*"} | select name 

foreach ($Server in $Servers) {
    Get-LocalGroupMembership -Computername $Server.Name | `
        Export-Csv D:\Scripts\ServerLocalAdmin\Reports\LocalAdmins.csv `
        -Append -NoTypeInformation 
}

The Error I get

Export-Csv : Cannot bind argument to parameter 'InputObject' because it is null.
At D:\Scripts\ServerLocalAdmin\ServerLocalAdmin.ps1:5 char:87
+ ... rver.Name | Export-Csv D:\Scripts\ServerLocalAdmin\Reports\LocalAdmin ...
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidData: (:) [Export-Csv], ParameterBindingValidationException
    + FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,Microsoft.PowerShell.Commands.Exp 
   ortCsvCommand
 
Export-Csv : Cannot bind argument to parameter 'InputObject' because it is null.
At D:\Scripts\ServerLocalAdmin\ServerLocalAdmin.ps1:5 char:87
+ ... rver.Name | Export-Csv D:\Scripts\ServerLocalAdmin\Reports\LocalAdmin ...
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidData: (:) [Export-Csv], ParameterBindingValidationException
    + FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,Microsoft.PowerShell.Commands.Exp 
   ortCsvCommand
Improve this question

2 Answers 2

Reset to default
1

You just need to change this:

foreach ($Server in $Servers)
{
    Get-LocalGroupMembership -Computername $Server.Name |
    Export-Csv D:\Scripts\ServerLocalAdmin\Reports\LocalAdmins.csv -Append -NoTypeInformation
}

For this:

foreach ($Server in $Servers)
{
    $localMembership = Get-LocalGroupMembership -Computername $Server.Name
    
    if($localMembership)
    {
        $localMembership | Export-Csv D:\Scripts\ServerLocalAdmin\Reports\LocalAdmins.csv -Append -NoTypeInformation
    }
}

Or this:

foreach ($Server in $Servers)
{
    $localMembership = Get-LocalGroupMembership -Computername $Server.Name
    
    if(-not $localMembership){continue}

    $localMembership | Export-Csv D:\Scripts\ServerLocalAdmin\Reports\LocalAdmins.csv -Append -NoTypeInformation
}

The error you're getting is, as mentioned in the answer provided by @Zucchini is because the function is returning a $null value for some of your servers. To reproduce the error you can just try:

PS /~> $null | Export-Csv test.csv
Export-Csv : Cannot bind argument to parameter 'InputObject' because it is null.
At line:1 char:9
+ $null | Export-Csv test.csv
+         ~~~~~~~~~~~~~~~~~~~
...

It is worth mentioning that appending the result to the CSV on each loop iteration is highly inefficient, the less Disk I/O your script has the faster it will run :)

So, this is one example of how you can make your script run a bit faster:


$result = [system.collections.generic.list[pscustomobject]]::new()

foreach ($Server in $Servers)
{
    $localMembership = Get-LocalGroupMembership -Computername $Server.Name
    
    if($localMembership)
    {
        $result.Add($localMembership)
    }
}

$result | Export-Csv D:\Scripts\ServerLocalAdmin\Reports\LocalAdmins.csv -NoTypeInformation

Edit:

Here is a working example, the function is returning null values everywhere.

$result = [system.collections.generic.list[pscustomobject]]::new()

foreach ($Server in $Servers)
{
    $localMembership = Get-LocalGroupMembership -Computername $Server.Name
    
    foreach($i in $localMembership|?{$_})
    {
        $result.Add([pscustomobject]@{
            Name=$i.Name
            Depth=$i.Depth
            ParentGroup=$i.ParentGroup
            Type=$i.Type
            ComputerName=$i.ComputerName
            isGroup=$i.isGroup
        })
    }
}

$result | Export-Csv D:\Scripts\ServerLocalAdmin\Reports\LocalAdmins.csv -NoTypeInformation
Improve this answer
Sign up to request clarification or add additional context in comments.

9 Comments

I will give this a try tomorrow and let you know, I appreciate the help.
So I ran through each of your suggestions. For the first, I get the same issue as I did with my original script. For the second suggestion I get the same behavior as well. For your third suggestion that you mentioned would speed it up, I do not get any of the errors, however the output is not right. It looked like the below...
"Count","Length","LongLength","Rank","SyncRoot","IsReadOnly","IsFixedSize","IsSynchronized" "178","178","178","1","System.Object[]","False","True","False" "185","185","185","1","System.Object[]","False","True","False"
Im going to try and test running through a list of servers from a csv file that I know are connecting. The OU I am testing with has a total of 13 servers. Ultimately I will be running through another OU that contains close to 1500 servers. I know some of the issue might be WinRM. Its a battle trying to make sure the connections are allowed over multiple subnets and firewalls. Ill work with our network team more on that.
And I get the same errors when importing servers I know are connecting from a .csv file. So it doesnt seem to be an issue with servers it cant connect to. It must be something in the function itself I am assuming. At the end of the day I know it works, was just hoping to speed it up with eliminating the errors. I have run it against all of my servers once and it takes about 12 hours. Over all this function is amazing breaking out all users added to the Local Admin groups.
|
0

Since you are iterating through an object containing your servers, and we don't have access to that data, maybe you should try adding an output in the foreach loop to see which items in the object are the problem. It could sound like the Get-LocalGroupMembership is returning a null value for some of your servers.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.