🐛 fix(function): resolve high-severity bugs in AD, DNS, Exchange, and general scripts

F07: Move Sort-Object emit from end to process block in Get-ADUserTransitiveGroupMembership
     to prevent pipeline clobbering (only last input was returned to end block)
F09: Fix undefined \\\ -> \\.Count\ in Export-AllADUserTransitiveGroupMemberships
F16: Fix operator precedence bug in Get-InactiveADUser (add parens to -not comparison)
F17: Use \\\ parameter value as export path when provided in Get-InactiveADUser
F19: Replace \continue\ with \
eturn\ in catch outside loop in Get-LockedOutLocation
F22: Move pipeline identity resolution from begin to process block in Get-ADObjectFromPipeline
F24: Make \\\ mandatory in Update-ModuleVersion to prevent null member access
F27: Replace empty placeholder strings with mandatory params in Push-DNSClientServerAddresses
F29: Remove hardcoded DOMAINNAME.org placeholder from Exchange ConnectionUri

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Author: SamErde

Active Directory/AD Users/Get-InactiveADUser.ps1

@@ -96,7 +96,7 @@
 
         if ($CheckAllDCs) {
             # Skip the check across all DCs if there is already a LastLogonDate within the past 14 days and if the most recent logon is more recent than the inactive date threshold.
-            if ( $MostRecentLogon -lt (Get-Date).AddDays(-14) -and (-not $MostRecentLogon -lt $InactiveDate) ) {
+            if ( $MostRecentLogon -lt (Get-Date).AddDays(-14) -and (-not ($MostRecentLogon -lt $InactiveDate)) ) {
                     # Check LastLogon (non-replicated) on every domain controller.
                     foreach ($DC in $DomainControllers) {
                         try {
@@ -143,7 +143,7 @@
 
         # Optional: Export to CSV
         if ($PSBoundParameters.ContainsKey('ExportCSV')) {
-            $ExportPath = ".\InactiveUsers_$(Get-Date -Format 'yyyyMMdd_HHmmss').csv"
+            $ExportPath = if ($ExportCSV) { $ExportCSV } else { ".\InactiveUsers_$(Get-Date -Format 'yyyyMMdd_HHmmss').csv" }
             $Results | Export-Csv -Path $ExportPath -NoTypeInformation
             Write-Host "Results exported to: $ExportPath" -ForegroundColor Green
         }

Active Directory/AD Users/Get-LockedOutLocation.ps1

@@ -74,7 +74,7 @@
             $LockedOutEvents = Get-WinEvent -ComputerName $PDCEmulator.HostName -FilterHashtable @{LogName = 'Security'; Id = 4740 } -ErrorAction Stop | Sort-Object -Property TimeCreated -Descending
         } catch {
             Write-Warning $_
-            continue
+            return
         }#end catch
 
         foreach ($item in $LockedOutEvents) {

Active Directory/Export-AllADUserTransitiveGroupMemberships.ps1

@@ -52,7 +52,7 @@ begin {
                         Get-ADUserTransitiveGroupMembership -UserDN $_.DistinguishedName
                     }
                 }
-            Write-Verbose -Message "  - Found $($UserCount) users in the domain."
+            Write-Verbose -Message "  - Found $($Users.Count) users in the domain."
 
             # Export the data to a JSON file.
             $JsonData = $Users | ConvertTo-Json

Active Directory/Get-ADObjectFromPipeline.ps1

@@ -16,7 +16,10 @@ function Get-ADObjectFromPipeline {
     begin {
         Import-Module ActiveDirectory
         $GlobalCatalog = Get-ADDomainController -Discover -Service GlobalCatalog
+    }
 
+    process {
+        # Resolve identity type in process block where pipeline input ($Identity) is available.
         if ($Identity -is [Microsoft.ActiveDirectory.Management.ADUser]) {
             # We have an ADUser object
             # Might want to normalize the type to an ADObject IF we can get sidHistory from an ADObject
@@ -30,9 +33,6 @@ function Get-ADObjectFromPipeline {
             $Identity = Get-ADObject -Filter "Name -eq `"$Identity`""
         }
         $IdentityType = $Identity.ObjectClass
-    }
-
-    process {
         switch ($IdentityType) {
             'user' {
                 # Not Complete

Active Directory/Get-ADUserTransitiveGroupMembership.ps1

@@ -80,10 +80,11 @@ function Get-ADUserTransitiveGroupMembership {
         $TransitiveMemberOfGroupDNs = foreach ($result in ($results.properties)) {
             $result['distinguishedname']
         }
+        # Emit deduplicated results per user in process block so pipeline results are not overwritten.
+        $TransitiveMemberOfGroupDNs | Sort-Object -Unique
     }
 
     end {
-        $TransitiveMemberOfGroupDNs | Sort-Object -Unique
         Remove-Variable Filter, TransitiveMemberOfGroupDNs, Results, Searcher, Server, Port, UserDN -ErrorAction SilentlyContinue
     }
 } # end function Get-ADUserTransitiveGroupMembership

Exchange/Parse-TransportLogs.ps1

@@ -16,7 +16,7 @@
 Set-ExecutionPolicy RemoteSigned
 $ExchangeCredential = Get-Credential -Message "Please enter credentials to connect to your Exchange Server. `nThis will be used to pull message subject lines from the tracking logs."
 $ExchangeServer = Read-Host 'Please specify an Exchange Server name.'
-$ExchangeSession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://$ExchangeServer.DOMAINNAME.org/PowerShell/ -Authentication Kerberos -Credential $ExchangeCredential
+$ExchangeSession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri "http://$ExchangeServer/PowerShell/" -Authentication Kerberos -Credential $ExchangeCredential
 Import-PSSession $ExchangeSession -DisableNameChecking
 
 $SMTPLogPath = Read-Host "`nWhat is the path of the folder containing your SMTP transport logs?"

General/Update-ModuleVersion.ps1

@@ -4,6 +4,7 @@
     param (
 
         # Specify the version to update from (or read from a module manifest).
+        [Parameter(Mandatory)]
         [version] $InputVersion,
 
         # Basic version switches.

Windows/Push-DNSClientServerAddresses.ps1

@@ -1,5 +1,20 @@
+[CmdletBinding()]
+param (
+    # The OU or container in Active Directory to search for servers.
+    [Parameter(Mandatory)]
+    [string] $SearchBase,
+
+    # The Active Directory domain controller to query.
+    [Parameter(Mandatory)]
+    [string] $ADServer,
+
+    # The DNS server addresses to assign to network adapters on the target servers.
+    [Parameter(Mandatory)]
+    [string[]] $DNSServerAddresses
+)
+
 Import-Module ActiveDirectory
-$servers = Get-ADComputer -SearchBase "" -Server "" -SearchScope Subtree -Filter *
+$servers = Get-ADComputer -SearchBase $SearchBase -Server $ADServer -SearchScope Subtree -Filter *
 foreach ($server in $servers)
 {
     # Connect to the server.
@@ -20,7 +35,7 @@ foreach ($server in $servers)
     try {
         Invoke-Command -Session $s -ScriptBlock {
             Get-NetIPInterface | Get-DnsClientServerAddress | Where-Object { $_.ServerAddresses -like '10.10.10.*' } |
-                Set-DnsClientServerAddress -ServerAddresses ('', '', '') -Verbose
+                Set-DnsClientServerAddress -ServerAddresses $using:DNSServerAddresses -Verbose
         }
     }
     catch {