使用变量的 Get-ADObject 和 Where-Object 问题
Issue with Get-ADObject and Where-Object Using a Variable
我想通过提供恢复密钥 ID 通过 powershell 获取 BitLocker 恢复密码。我知道这可以通过 Active Directory 用户和计算机应用程序实现,这实际上是我要重现的内容。
我目前的流程是这样的:
- 提示用户输入恢复密钥 ID
- 获取所有 ObjectClass 为 msFVE-RecoveryInformation 的 AD 对象
- 通过 DistinguishedName 过滤这些结果,这应该允许我获得我想要的个人记录。
- 写出生成的 BitLocker 恢复密码
我 运行 遇到的问题是,在我的 Where-Object 子句中使用变量时,我没有得到任何结果。如果我在恢复密钥 ID 中硬编码,它就可以正常工作。
这是我目前的代码:
$key = (read-host -Prompt "Enter starting portion of recovery key ID (8 Digits)").ToUpper()
$recoveryInformation = Get-ADObject -Filter 'ObjectClass -eq "msFVE-RecoveryInformation"' | Where-Object {$_.DistinguishedName -like "*$key*"}
echo $recoveryInformation
我已经尝试过几种不同的方法,但它们都以相同的结果结束,其中硬编码值有效而变量无效。这让我相信这与我获取用户输入的方式有关,但我碰壁了。任何帮助将不胜感激。
最终结果
最后,我的代码的问题是我使用的是 where-object 而不是 where。进行更改后,一切都按我的预期进行。
postanote 提供的示例提供了更好的输出并且绝对更健壮。最后一个示例是给出我正在寻找的最终结果的最佳示例。
为什么不使用专为获取此信息而设计的内置 PowerShell cmdlet?
这里有一些可以直接使用或针对您的用例进行调整的东西。参见示例 #5。
Get BitLocker Recovery Information from AD Using PowerShell
# Example Commands
# 1. Get BitLocker recovery information for a single computer:
Get-BitLockerRecovery computer1
# 2. Get BitLocker recovery information for a list of computers:
Get-BitLockerRecovery "computer1","computer2"
# or
"computer1","computer2" | Get-BitLockerRecovery
# 3. Get BitLocker recovery information for computers in an OU:
Get-ADComputer -Filter { name -like "*" } `
-SearchBase "OU=Sales,DC=fabrikam,DC=com" |
Get-BitLockerRecovery
# 4. Get the BitLocker recovery information for a specific password ID:
Get-BitLockerRecovery -PasswordID B1FED823
# 5. Get BitLocker recovery information for all msFVE-RecoveryInformation objects in the current domain:
$filter = "(objectClass=msFVE-RecoveryInformation)"
Get-ADObject -LDAPFilter $filter | ForEach-Object {
Get-ADPathname (Get-ADPathname $_.DistinguishedName `
-Format X500Parent) -Format Leaf -ValuesOnly |
Get-BitLockerRecovery
}
或者在测试您的变量方法时不使用用户传入的密钥字符串...
# First ask for a computername
$usrInput = Read-Host "Type in name of computer you want to retrieve the BitLocker recovery information"
# Get the computer object from Active Directory
$objComputer = Get-ADComputer $usrInput
# Find the AD object which match the computername and is of the class "msFVE-RecoveryInformation"
$objADObject = get-adobject -Filter * | Where-Object {$_.DistinguishedName -match $objComputer.Name -and $_.ObjectClass -eq "msFVE-RecoveryInformation"}
# Filter the result so you'll get only the recovery key
(($objADObject.DistinguishedName.Split(",")[0]).split("{")[1]).Substring(0,$trimming.Length-1)
或者这种方法...
$computers = get-adobject -Filter * | Where-Object {$_.ObjectClass -eq "msFVE-RecoveryInformation"}
$key = (read-host -Prompt "Enter starting portion of recovery key ID").ToUpper()
$records = $computers | where {$_.DistinguishedName -like "*$key*"}
foreach ($rec in $records) {
$computer = get-adcomputer -identity ($records.DistinguishedName.Split(",")[1]).split("=")[1]
$recoveryPass = Get-ADObject -Filter {objectclass -eq 'msFVE-RecoveryInformation'} -SearchBase $computer.DistinguishedName -Properties 'msFVE-RecoveryPassword'
[pscustomobject][ordered]@{
Computer = $computer
'Recovery Key ID' = $rec.Name.Split("{")[1].split("}")[0]
'Recovery Password' = $recoveryPass.'msFVE-RecoveryPassword'
} | Format-List
}
我想通过提供恢复密钥 ID 通过 powershell 获取 BitLocker 恢复密码。我知道这可以通过 Active Directory 用户和计算机应用程序实现,这实际上是我要重现的内容。
我目前的流程是这样的:
- 提示用户输入恢复密钥 ID
- 获取所有 ObjectClass 为 msFVE-RecoveryInformation 的 AD 对象
- 通过 DistinguishedName 过滤这些结果,这应该允许我获得我想要的个人记录。
- 写出生成的 BitLocker 恢复密码
我 运行 遇到的问题是,在我的 Where-Object 子句中使用变量时,我没有得到任何结果。如果我在恢复密钥 ID 中硬编码,它就可以正常工作。
这是我目前的代码:
$key = (read-host -Prompt "Enter starting portion of recovery key ID (8 Digits)").ToUpper()
$recoveryInformation = Get-ADObject -Filter 'ObjectClass -eq "msFVE-RecoveryInformation"' | Where-Object {$_.DistinguishedName -like "*$key*"}
echo $recoveryInformation
我已经尝试过几种不同的方法,但它们都以相同的结果结束,其中硬编码值有效而变量无效。这让我相信这与我获取用户输入的方式有关,但我碰壁了。任何帮助将不胜感激。
最终结果
最后,我的代码的问题是我使用的是 where-object 而不是 where。进行更改后,一切都按我的预期进行。
postanote 提供的示例提供了更好的输出并且绝对更健壮。最后一个示例是给出我正在寻找的最终结果的最佳示例。
为什么不使用专为获取此信息而设计的内置 PowerShell cmdlet?
这里有一些可以直接使用或针对您的用例进行调整的东西。参见示例 #5。
Get BitLocker Recovery Information from AD Using PowerShell
# Example Commands
# 1. Get BitLocker recovery information for a single computer:
Get-BitLockerRecovery computer1
# 2. Get BitLocker recovery information for a list of computers:
Get-BitLockerRecovery "computer1","computer2"
# or
"computer1","computer2" | Get-BitLockerRecovery
# 3. Get BitLocker recovery information for computers in an OU:
Get-ADComputer -Filter { name -like "*" } `
-SearchBase "OU=Sales,DC=fabrikam,DC=com" |
Get-BitLockerRecovery
# 4. Get the BitLocker recovery information for a specific password ID:
Get-BitLockerRecovery -PasswordID B1FED823
# 5. Get BitLocker recovery information for all msFVE-RecoveryInformation objects in the current domain:
$filter = "(objectClass=msFVE-RecoveryInformation)"
Get-ADObject -LDAPFilter $filter | ForEach-Object {
Get-ADPathname (Get-ADPathname $_.DistinguishedName `
-Format X500Parent) -Format Leaf -ValuesOnly |
Get-BitLockerRecovery
}
或者在测试您的变量方法时不使用用户传入的密钥字符串...
# First ask for a computername
$usrInput = Read-Host "Type in name of computer you want to retrieve the BitLocker recovery information"
# Get the computer object from Active Directory
$objComputer = Get-ADComputer $usrInput
# Find the AD object which match the computername and is of the class "msFVE-RecoveryInformation"
$objADObject = get-adobject -Filter * | Where-Object {$_.DistinguishedName -match $objComputer.Name -and $_.ObjectClass -eq "msFVE-RecoveryInformation"}
# Filter the result so you'll get only the recovery key
(($objADObject.DistinguishedName.Split(",")[0]).split("{")[1]).Substring(0,$trimming.Length-1)
或者这种方法...
$computers = get-adobject -Filter * | Where-Object {$_.ObjectClass -eq "msFVE-RecoveryInformation"}
$key = (read-host -Prompt "Enter starting portion of recovery key ID").ToUpper()
$records = $computers | where {$_.DistinguishedName -like "*$key*"}
foreach ($rec in $records) {
$computer = get-adcomputer -identity ($records.DistinguishedName.Split(",")[1]).split("=")[1]
$recoveryPass = Get-ADObject -Filter {objectclass -eq 'msFVE-RecoveryInformation'} -SearchBase $computer.DistinguishedName -Properties 'msFVE-RecoveryPassword'
[pscustomobject][ordered]@{
Computer = $computer
'Recovery Key ID' = $rec.Name.Split("{")[1].split("}")[0]
'Recovery Password' = $recoveryPass.'msFVE-RecoveryPassword'
} | Format-List
}