I am a pretty competent VB/VBscript developer but I swear I am never going to get the hang of Powershell. I run into so many little hang ups for reasons I cannot understand. It is so frustrating.
I’m trying to export some ACL information from my Exchange environment. Take for example the following command:
Get-ExchangeServer | where {$_.IsClientAccessServer -eq $TRUE} | Get-ADPermission
I simply want to export the results of this onscreen information to a CSV file, but I cannot do it!
Running the following gets me a CSV file full of more information and every permission column only contains type information, not the actual information I seek.
Get-ExchangeServer | where {$_.IsClientAccessServer -eq $TRUE} | Get-ADPermission | Export-CSV -NoTypeInformation myfile.csv
In order to trim out unwanted information from the CSV I add a select-object statement to select the columns I want, but the Inherited and Rights column are all blank.
Get-ExchangeServer | where {$_.IsClientAccessServer -eq $TRUE} | Get-ADPermission | Select-Object Identity,User,Deny,Inherited,Rights
Apparently Inherited and Rights are not valid columns, yet they are clearly identified as such in the on-screen output of the command. Using “get-adpermission | get-member” I find the columns I seek are actually IsInherited and AccessRights OR ExtendedRights. Two different columns combine to make up the “Rights” column from the on-screen display???
So I modify my output to select the actual columns I want. This works on-screen, though now the data is in a list format instead of the table provided by the base Get-ADPermission command.
Get-ExchangeServer | where {$_.IsClientAccessServer -eq $TRUE} | Get-ADPermission | Select-Object Identity,User,Deny,IsInherited,AccessRights,ExtendedRights
Try again to export to CSV. Same issue. AccessRights and ExtendedRights columns only contain type information.
Get-ExchangeServer | where {$_.IsClientAccessServer -eq $TRUE} | Get-ADPermission | Select-Object Identity,User,Deny,IsInherited,AccessRights,ExtendedRights | Export-CSV -NoTypeInformation myfile.csv
Research shows I should use the ExpandProperty directive via “Select-Object -ExpandProperty ExtendedRights”, for example. Attempting to factor this into my previous command yields errors.
Get-ExchangeServer | where {$_.IsClientAccessServer -eq $TRUE} | Get-ADPermission | Select-Object Identity,User,Deny,IsInherited, -ExpandProperty AccessRights, -ExpandProperty ExtendedRights
Select-Object : A positional parameter cannot be found that accepts argument ‘System.Object[]‘.
Most examples I find using -ExpandProperty only have people selecting one property when using it. I try that, and it fails!
Get-ExchangeServer | where {$_.IsClientAccessServer -eq $TRUE} | Get-ADPermission | Select-Object -ExpandProperty ExtendedRights
Select-Object : Cannot process argument because the value of argument “obj” is null. Change the value of argument “obj” to a non-null value.
Apparently, when the property doesn’t exist (e.g. not all ACLs have an extended right assigned), there is nothing to expand so it fails. So I modify my query to only return results that HAVE extended rights defined, and now this works.
Get-ExchangeServer | where {$_.IsClientAccessServer -eq $TRUE} | Get-ADPermission | Where {$_.ExtendedRights -ne $Null} | Select-Object -ExpandProperty ExtendedRights
As I need more properties than just the ExtendedRights, I add just one additional column for testing but this fails miserably as well.
Get-ExchangeServer | where {$_.IsClientAccessServer -eq $TRUE} | Get-ADPermission | Where {$_.ExtendedRights -ne $Null} | Select-Object User,-ExpandProperty ExtendedRights
After an extended search I found an example that specifies two properties while expanding one of them, but I notice there is no comma (,) between the properties. Emulating this with my search parameters it works.
Get-ExchangeServer | where {$_.IsClientAccessServer -eq $TRUE} | Get-ADPermission | Where {$_.ExtendedRights -ne $Null} | Select-Object User -ExpandProperty ExtendedRights
While this works, I do not understand why the comma must be removed between the properties in order for this to work. Can Powershell get any more confusing?!
Further, now my column name for ExtendedRights is “RawIdentity”.
As of this point, I still do not have a solution for what I want to do. All I simply want is the exact information printed to the console when running the base “get-adpermission” commandlet exported to CSV. Why is this so difficult in PowerShell???