search

lazywinadmin / Monitor-ADGroupMembership

PowerShell script to monitor Active Directory groups and send an email when someone is changing the membership
MIT License
264 stars 61 forks source link

WARNING: Method invocation failed because [System.Management.Automation.PSObject] doesn't contain a method named 'op_Addition'. #41

Closed CodyFLee closed 5 years ago

CodyFLee commented 5 years ago

When I attempt to run this script using certain groups that only contain one member, I get the following warnings/error messages:

WARNING: [Monitor-ADGroupMemberShip.ps1][PROCESS] Something went wrong WARNING: Method invocation failed because [System.Management.Automation.PSObject] doesn't contain a method named 'op_Addition'.

I tried this with several different security groups with various types ranging from domain local, global, and universal. If they only have one member, you get that error. I double checked and it also never creates the CSV file in the Output folder.

If I run this on any other group that contains 2 or more users, there is no issue. Same thing with groups with no members; zero issues.

Here is the verbose output when I run it on a group with a single user:

VERBOSE: [Monitor-ADGroupMemberShip.ps1][BEGIN] Active Directory Module VERBOSE: [Monitor-ADGroupMemberShip.ps1][BEGIN] Active Directory module seems loaded VERBOSE: [Monitor-ADGroupMemberShip.ps1][BEGIN] Setting HTML Variables VERBOSE: [Monitor-ADGroupMemberShip.ps1][PROCESS] GROUP: Enterprise Admins... VERBOSE: [Monitor-ADGroupMemberShip.ps1][PROCESS] ActiveDirectory module VERBOSE: [Monitor-ADGroupMemberShip.ps1][PROCESS] GROUP: Enterprise Admins - Querying Membership (AD Module) WARNING: [Monitor-ADGroupMemberShip.ps1][PROCESS] Something went wrong WARNING: Method invocation failed because [System.Management.Automation.PSObject] doesn't contain a method named 'op_Addition'. VERBOSE: [Monitor-ADGroupMemberShip.ps1][END] Script Completed

CodyFLee commented 5 years ago

I believe that I have fixed this issue.

Digging into the problem, it is not using the $Members as an array, thus failing due to only having one match.

I edited the script at line 641 by creating a new line and adding in the following:

$Members = @()

I then edited the old line 641 entry (now line 642) by adding a + sign in front of the = sign: $Members += $MemberObjs | Where-Object {$_.objectClass -eq "user"}| get-aduser -Properties PasswordExpired | Select-Object -Property *,@{ Name = 'DN'; Expression = { $_.DistinguishedName } }

I am now able to run this script with groups containing only one user, or empty groups which will now correctly report when a single user is added.

lazywinadmin commented 5 years ago

Thanks for reporting this @CodyFLee and providing your fix. @revoice1 just fixed this issue in PR #42