Powershell PSCustomobject issue

michaellopez3 · 2025-07-08T23:52:53.090Z

Hello. So I have this code:

$lockout1 = Search-ADAccount -LockedOut -server DC1602.orion.universe.lcl | Select-Object *
$lockout3 = foreach($entry in $lockout1.samaccountname)
{
Get-aduser -filter "samaccountname -eq '$entry'" -properties * | select-object name, samaccountname, title, displayname, lockedout, enabled, passwordexpired 
}

$list = [pscustomobject]@{
        Name = $lockout1.name
        SamAccountName = $lockout3.samaccountname
        Title = $lockout3.title    
        DisplayName = $lockout3.displayname
        Lockedout = $lockout1.LockedOut
        Enabled = $lockout3.enabled
        PasswordExpired = $lockout3.passwordexpired
    } 
$list

That returns this output:

image577×137 3.95 KB

How can I set it so that the output doesn’t appear as comma-separated underneath the individual headings?

Doing a format-table -autosize doesn’t work. Google searches haven’t yielded any answers.

Let me know if you have any suggestions. Thanks!

Neally · 2025-07-09T03:00:19.268Z

it basically has multiple entries, so another foreach, or you write it better.

e.g.

$lockout1 = Search-ADAccount -LockedOut -Server 'DC1602.orion.universe.lcl'

foreach ($entry in $lockout1.samaccountname) {
    $AD = $null
    $AD = Get-aduser -Identity $entry -properties title, displayname,lockedout,passwordexpired | 
    select-object name, samaccountname, title, displayname, lockedout, enabled, passwordexpired

    [pscustomobject]@{
        Name            = $AD.name
        SamAccountName  = $AD.samaccountname
        Title           = $AD.title    
        DisplayName     = $AD.displayname
        Lockedout       = $AD.LockedOut
        Enabled         = $AD.enabled
        PasswordExpired = $AD.passwordexpired
    } 
}

adminofthings · 2025-07-09T05:43:47.531Z

Removing all the $List stuff should output the desired results and store it in $lockout3

michaellopez3 · 2025-07-11T21:44:08.889Z

michaellopez3:

| select-object name, samaccountname, title, displayname, lockedout, enabled, passwordexpired

Ok but there’s a little catch here…

Within my pscutomobject code, there’s this:

$list = [pscustomobject]@{
        **Name = $lockout1.name**
        SamAccountName = $lockout3.samaccountname
        Title = $lockout3.title    
        DisplayName = $lockout3.displayname
        **Lockedout = $lockout1.LockedOut**
        Enabled = $lockout3.enabled
        PasswordExpired = $lockout3.passwordexpired
    }

Two of the entries are pointing to a different variable.

I’ve been noticing in my current job that sometimes the get-aduser and the search-adaccount’s lockedout entries aren’t always consistent with each other (very odd.)

Neally · 2025-07-11T22:05:53.337Z

Two of the entries are pointing to a different variable

Right, why ?
‘get-aduser’ has all the info you are asking for.

yes, I’d expect that to return odd results as if multiple people are locked out, e.g $lockout1.name will return multiple names as you are looking at the collection. Don’t do that.

spiceuser-rq6k · 2025-07-11T22:43:01.472Z

This is probably dumb but if you just want to be lazy just add -replace ‘,’, ‘’ after each entry, like

Name = $lockout1.name -replace ‘,’, ‘’
SamAccountName = $lockout3.samaccountname -replace ‘,’, ‘’

although i don’t know if it will work with an array

Evan7191 · 2025-07-12T12:19:58.604Z

The -replace operator works on arrays. It will apply to each element without requiring a loop to iterate through them.

michaellopez3 · 2025-07-17T17:26:44.854Z

I ultimately ended up using this code:

$lockout1 = Search-ADAccount -LockedOut -server DC1602.orion.universe.lcl | Select-Object SamAccountName, lockedout
$lockout3 = foreach($entry in $lockout1.samaccountname)
{
Get-aduser -filter "samaccountname -eq '$entry'" -properties * | select-object name, @{N='SamAccountName';E={$_.samaccountname}}, title, displayname, enabled, passwordexpired 
}
$joinobjects2 = $lockout1 | join-object ($lockout3) -on "SamAccountName" | select-object Name, SamAccountName, title, displayname, lockedout, enabled, passwordexpired 
write-output $joinobjects2 | format-table -autosize

Joinobject is a third party module. (PowerShell Gallery | Join-Object 2.0.3)

Seems as if pscustomobject wasn’t quite what I was seeking, unfortunately.

adminofthings · 2025-07-17T20:41:16.379Z

Get-ADUser returns the LockedOut attribute. I don’t see why you need Join-Object.

michaellopez3 · 2025-07-17T22:45:49.049Z

Correct. However within my organization sometimes the Get-Aduser and the Search AD-account lockedout fields’ results aren’t consistent with each other. Additionally, Get-aduser contains more columnar information than Search AD-account and I needed to merge that information together into one report.

adminofthings · 2025-07-18T00:32:02.135Z

So which lockout value do you prioritize when there is a conflict?

michaellopez3 · 2025-07-18T20:57:51.413Z

Search AD-account from what I’ve seen. It’s hit and miss though.