1

My Powershell script works well enough for what I want to achieve. It polls the entered in name and places that user's groups in an array. That array loops until it deletes all listed groups. Domain Users is the only group left, but that is polled by "Get-ADPrincipalGroupMembership," not "Get-ADUser." "Domain Users" is the group the user's email ties into. Once all groups are removed from their account, they are permanently disabled, but they can still access their email for paystub information until we delete their account entirely.

That said, I'm unable to write the script's group removal output to a logfile. Ideally, this will be a .log file, but a .csv file fails as well. What am I missing? The script successfully runs without error, but nothing writes to the log file of my choice.

Here is my script:

#Requires -Module ActiveDirectory Import-Module ActiveDirectory function Disable-ADUser{ $msg = 'Do you want to remove a user from all Security groups? [Y/N]' do { $response = Read-Host -Prompt $msg if ($response -eq 'y') { # Beginning of if statment #Asks user via a text prompt to ender the firstname and lastname of the end user to remove $firstName = Read-Host "Please provide the First name of the User" $lastName = Read-Host "Please provide the Last name of the User" #The uesr's samaccoutname is found by searching exactly for the user's first name and lastname given in the above prompts $samName = Get-ADUser -Filter "GivenName -eq '$firstName' -and Surname -eq '$lastName'"| Select-Object -ExpandProperty 'SamAccountName' #All of the user's groups are queried based on their sam name $listGroups = Get-ADUser -Identity $samName -Properties MemberOf | Select-Object -ExpandProperty MemberOf #All of the user's groups are placed in an array [System.Collections.ArrayList]$groupsArray = @($listGroups) #Every group in the groupsArray is cycled through foreach ($group in $groupsArray) { #A text output is displayed before the user is removed from each group listed in the above array #Once all groups have been cycled through, the for loop stops looping Start-Transcript -Path Y:\Scripts\remove_user_groups.log Write-Host "Removing $samName " -f green -NoNewline; Write-Host "from $group" -f red Remove-ADGroupMember -Identity $group -Members $samName Stop-Transcript } } # End of if statement } until ($response -eq 'n') } Disable-ADUser
Improve this question
1
  • The way this is written transcription will overwrite the file every time it's restarted. If you stick with transcription you should probably add the -Append parameter. Commented Jul 30, 2020 at 17:48

3 Answers 3

Reset to default
1

Here is the solution that worked.

Write-Host "Removing $samName " -f green -NoNewline Write-Host "from $group" -f red $OutputLine="Removing $samName from $group" Out-File -FilePath Y:\Scripts\remove_user_groups.log -InputObject $OutputLine -Append Remove-ADGroupMember -Identity $group -Members $samName
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

Windows Server 2012 is most probably using Powershell 4. Start-Transcript ignores Write-Host in powershell Versions before 5. Use Write-Output instead.

You might aswell use the -Verbose parameter for Remove-ADGroupMember.

Improve this answer

3 Comments

I double-checked, and we're using PowerShell v5.1.
Write-Host only writes to the screen not to a file if that is what you are after. If you need that to write to a file, then use Write-Output as suggested or use PowerShell redirects to a file. See the help docs on redirects or use Out-File/Export-Csv. You have to send the variable(s) value to the file if you want that data.
But the user confirmed the PowerShell version is 5.1, where Write-Host is a wrapper around Write-Information by default. So stream 6 should get caught by transcription. It tested good on my 5.1 instance. However, if you want to write to a file, just write to a file with the typical commands like Out--File etc... If you also want to write to the screen then also use Write-Host. Note: Later versions of transcription add a lot of command meta-data, so you might make your log a little more readable unless that was wanted in the first place...
0

If you are trying to write the output of the cmdlet to a file, you can do this...

#Every group in the groupsArray is cycled through foreach ($group in $groupsArray) { #A text output is displayed before the user is removed from each group listed in the above array #Once all groups have been cycled through, the for loop stops looping Write-Host "Removing $samName " -f green -NoNewline; Write-Host "from $group" -f red Remove-ADGroupMember -Identity $group -Members $samName | Out-File -FilePath 'Y:\Scripts\remove_user_groups.log' -Append }

Also, there is no real reason to have this on the same line:

Write-Host "Removing $samName " -f green -NoNewline; Write-Host "from $group" -f red

... as this is not a one-liner. It is just all code on one line.

This is more prudent:

Write-Host 'Removing $samName ' -f green -NoNewline Write-Host 'from $group' -f red

... and that screen output would still be on the same line. As a best practice. Use single quotes for simple strings, double for expansion, and some formatting use cases.

Improve this answer

1 Comment

Thanks, but that didn't work either. What solved the issue was to put the direct information to a string, which I piped to Out-File. Only then did it work. Plus I had to change all Write-Host curly brackets from single to double for this to work.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.