PowerShell Splatting

Sign up to access this lesson

Click here to sign up and get access to this lesson!

Saving Progress...

PowerShell splatting is a method of passing a series of parameters to a command in a “single unit”. Splatting can make your code more human-readable and more accessible. In this lesson, we are going to look at how we can use splatting to simplify the code we use to create new Active Directory users - but keep in mind splatting can be used in any circumstance where you pass multiple parameters.

We are going to use the “Windows Server 2016 AD” lab from the IT Playground (link here). Launch the lab, log in to the Domain Controller and open the PowerShell ISE.

Once you’ve logged in, let’s take a look at what creating a new AD user account on a single line looks like:

New-ADUser -Name "Joe Friday" -GivenName “Joe” -Surname “Friday” -UserPrincipalName “joe.friday@serveracademy.com” -SamAccountName “joe.friday” -EmailAddress “joe@serveracademy.com” -Description “This is the users description” -OfficePhone “123-123-1234” -Path "OU=Domain Users,OU=ServerAcademy,DC=ServerAcademy,DC=local"  -ChangePasswordAtLogon $true -AccountPassword $(ConvertTo-SecureString "Password!@#" -AsPlainText -Force) -Enabled $true

....Not very easy to read and definitely NOT easy to work with or modify at a later date. We could employ the use of backticks (`) to add each parameter on a new line. In PowerShell when you add the backtick, it allows you to continue the same command on a new line. You need to add a backtick for each new line that you want to add. It is much easier to read than a long one single line of code:

New-ADUser -Name "Joe Friday" `

           -GivenName “Joe” `

           -Surname “Friday” `

           -UserPrincipalName “joe.friday@serveracademy.com” `

           -SamAccountName “joe.friday” `

           -EmailAddress “joe@serveracademy.com” `

           -Description “This is the users description” `

           -OfficePhone “123-123-1234” `

           -Path "OU=Domain Users,OU=ServerAcademy,DC=ServerAcademy,DC=local" `

           -ChangePasswordAtLogon $true `

           -AccountPassword $(ConvertTo-SecureString "Password!@#" -AsPlainText -Force) `

           -Enabled $true

Now let’s take a look at splatting and why that could be beneficial. First, we need to create a variable in the following format:

$parameters = @{}

Inside of the braces, we will put the name of our parameter, followed by the equals (=) character and finally the value. So something like this:

$parameters = @{

           Name = “Joe Friday”

}

We can repeat this for all the parameters like so:

$parameters = @{

           Name=  "Joe Friday"

           GivenName = “Joe”

           Surname = “Friday”

           UserPrincipalName = “joe.friday@serveracademy.com”

           SamAccountName = “joe.friday”

           EmailAddress = “joe@serveracademy.com”

           Description = “This is the users description”

           OfficePhone = “123-123-1234”

           Path = "OU=Domain Users,OU=ServerAcademy,DC=ServerAcademy,DC=local"

           ChangePasswordAtLogon = $true

           AccountPassword = $(ConvertTo-SecureString "Password!@#" -AsPlainText -Force)

           Enabled = $true

}

Now if we echo the $parameters variable, we get something like this:

What is cool is we can later access each individual parameter, such as the email address:

That could come in helpful later on depending on what type of scripting you want to do. But to use this variable to create a new AD user, we simply run the command with the splatting variable like so:

Sign up to access the rest of this lesson

You must either log in or sign up to access this lesson.

Saving Progress...

0 0 votes
Lesson Rating
Subscribe
Notify of
2 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
profile avatar
Jason Campbell(@jasonc)
Member
Points: 249
1 month ago

Wouldn’t it be better to call the input of the password into a variable via read-host -AsSecureString? That way the password is not stored in a txt file in input in clear.

$FirstName = Read-Host “Enter first name”
$LastName = Read-host “Enter last name”
$password = Read-Host “Enter Password” -AsSecureString
$sam = $FirstName + “.” + $LastName
$ou = “OU=DomainUsers,OU=JC-01A,DC=main,DC=local”
$domain = “@main.local”

$Starter = @{
  Name = $FirstName + ” ” + $LastName
  DisplayName = $FirstName + ” ” + $LastName
  GivenName = $FirstName
  Surname = $LastName
  SamAccountName = $sam
  UserPrincipalName = $sam + $domain
  Path = $ou
  EmailAddress = $sam + $domain
  Enabled = $false
}

New-ADUser @Starter

profile avatar
Ricardo P(@ricardop)
Admin
Power Student
Points: 17376
Reply to  Jason Campbell
1 month ago

Hi profile avatar Jason Campbell

That’s right. We should avoid using plain text strings in the script or from the command line. The plain text can show up in event logs and command history logs. It is just for simplicity when doing the lesson.

Ricardo

Administration and Automation with Windows PowerShell

0%

0/1 Lessons

Course Introduction

• 5min

0 / 2 lessons complete

Getting Started with Windows PowerShell

• 42min

0 / 7 lessons complete

Getting Help and Finding Commands

• 39min

0 / 6 lessons complete

PowerShell Command Syntax

• 33min

0 / 5 lessons complete

PowerShell Objects and Properties

• 35min

0 / 6 lessons complete

The PowerShell Pipeline

• 24min

0 / 2 lessons complete

PowerShell Providers

• 30min

0 / 5 lessons complete

PowerShell Arrays and Variables

• 28min

0 / 4 lessons complete

PowerShell Loops

• 19min

0 / 3 lessons complete

PowerShell Conditional Statements

• 11min

0 / 1 lessons complete

On Premises Lab Setup

• 36min

0 / 8 lessons complete

Basic Domain Administration with Windows PowerShell

• 2hr 27min

0 / 10 lessons complete

Send Emails with PowerShell

• 22min

0 / 2 lessons complete

PowerShell Desired State Configuration (DSC) Basics

• 1hr 48min

0 / 6 lessons complete

Course Conclusion

• 1min

0 / 1 lessons complete