1

I am trying to run the below code to search for inactive user accounts in an OU. It seems like the type of variable I'm using may not be able to used with parameters. Does that seem correct and if so what type of variable should I be using?

$scope = "-UsersOnly" 

$accounts = Search-ADAccount -SearchBase "OU=Users,OU=testLab02,DC=test,DC=local" -AccountInactive -TimeSpan ([timespan]7D) $scope
    foreach($account in $accounts){
        If ($noDisable -notcontains $account.Name) {
            Write-Host $account
            #Disable-ADAccount -Identity $account.DistinguishedName -Verbose $whatIf | Export-Csv $logFile
        }
    }

I receive the below error:

enter image description here

Search-ADAccount : A positional parameter cannot be found that accepts argument '-UsersOnly'. At C:\Users\Administrator\Documents\Disable-ADAccounts.ps1:63 char:21 + ... $accounts = Search-ADAccount -SearchBase $OU.DistinguishedName -Accou ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidArgument: (:) [Search-ADAccount], ParameterBindingException + FullyQualifiedErrorId : PositionalParameterNotFound,Microsoft.ActiveDirectory.Management.Commands.SearchADAccount

However, if I run the command manually without variables it works as expected:

Search-ADAccount -SearchBase "OU=Users,OU=testLab02,DC=test,DC=local" -AccountInactive -TimeSpan ([timespan]7D) -UsersOnly

enter image description here

Improve this question
2
  • 1
    Screenshots of PowerShell error messages are really hard on those of us who are colorblind and have trouble seeing the red on blue. Maybe post the text instead? Commented Feb 19, 2020 at 3:02
  • Sorry about that, please see my edit. Commented Feb 19, 2020 at 3:27

1 Answer 1

Reset to default
3

$scope = "-UsersOnly"

You can't pass a (switch) parameter stored in a variable that way - it'll invariably be treated as a (positional) argument, which explains the error you saw; with directly passed arguments, only unquoted, literal tokens such as -UsersOnly are recognized as parameter names.

You can use splatting to pass parameters via variables, which in your case means:

# Define a hash table of parameter values.
# This hash table encodes switch parameter -UsersOnly
$scope = @{ UsersOnly = $true } # [switch] parameters are represented as Booleans

# Note the use of sigil @ instead of $ to achieve splatting
Search-ADAccount @scope -SearchBase "OU=Users,OU=testLab02,DC=test,DC=local" -AccountInactive -TimeSpan ([timespan]7D)

  • $scope is defined as a hash table (@{ ... }) whose entries represent parameter name-value pairs.

    • Here, only one parameter name-value pair is defined:
      • Parameter name -UsersOnly (the entry key must be defined without the - sigil) ...
      • ... with value $true, which for a [switch] (flag) parameter is equivalent to passing the parameter; $false is typically[1] equivalent to omitting it.

  • To pass the parameter values represented by hashtable $scope to a command via splatting, sigil @ instead of $ must be used, i.e, @scope in this case.

[1] A command can technically distinguish between a switch being omitted and it being passed with value $false, and on occasion that results in different behavior, notably with the common -Confirm parameter, where -Confirm:$false overrides the $ConfirmPreference preference variable.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.