powershell 计算 属性 在计算之前插入变量
powershell calculated property inserting variable before calculation
我已经尝试了一段时间,让我的 $Tenant.Name 变量作为文本插入,而不是作为稍后抓取的变量。
目前我收到以下输出:
租户 1 - AADRoles
租户 1 - 群组
租户 2 - AADRoles
租户 2 - 群组
租户 2 管理员
Tenant2AdminGroup
租户 2 管理员
Tenant2AdminGroup
两个租户都从租户 2 获取角色和组,我猜这是因为计算的 属性 直到最后才计算,然后它将使用最后一个值。我这样做是不是傻了?
我想要实现的是找出 MainTenantUsers 中的用户在我们其他租户中拥有哪些权限和角色。我以为我会通过动态创建 select-object 属性来输出它,但它并没有像我希望的那样工作。
SubTenantUsers 和 MainTenantUsers 变量包含来自 Get-AzureADUser、Get-AzureADDirectoryRole 和 Get-AzureADGroup 的信息,以帮助确定各个用户分配了哪些组和角色。
# Get a list of tenants the user has access to
$Tenants = Get-AzTenant | Where-Object {$_.TenantId -NotMatch $TenantId}
# Get user Roles in other tenants
foreach ($Tenant in $Tenants) {
$null = Connect-AzureAD -TenantId $Tenant.Id
$SubTenantUsers = Get-TenantUsersRolesAndGroups
foreach ($MainTenantUser in $MainTenantUsers) {
### Add tenant to list of tenants the user is a member of
if ($SubTenantUsers.UserPrincipalName -like ('{0}*' -f $MainTenantUser.UserPrincipalName.Replace("@", "_"))) {
$MainTenantUser.AccessibleTenants += $Tenant.Name
}
### Add the users roles and groups in the tenant
$null = Add-Member -InputObject $MainTenantUser -MemberType 'NoteProperty' -Name $Tenant.Name -Force -Value (
[PSCustomObject]@{
Roles = ($SubTenantUsers | Where-Object UserPrincipalName -like ('{0}*' -f $MainTenantUser.UserPrincipalName.Replace("@", "_")) | Select-Object Roles).Roles
Groups = ($SubTenantUsers | Where-Object UserPrincipalName -like ('{0}*' -f $MainTenantUser.UserPrincipalName.Replace("@", "_")) | Select-Object Groups).Groups
}
)
}
}
foreach ($Tenant in $Tenants) {
$properties += @{
Name = "$($Tenant.Name) - AADRoles"
Expression = {($_.($Tenant.Name).'Roles'.'DisplayName' | Sort-Object) -join ', '}
}
$properties += @{
Name = "$($Tenant.Name) - Groups"
Expression = {($_.($Tenant.Name).'Groups'.'DisplayName' | Sort-Object) -join ', '}
}
}
$MainTenantUsers | Sort-Object 'DisplayName' | Select-Object $properties |
Export-Csv -Path "$pathto\output.csv" -Encoding 'UTF8' -NoTypeInformation
我通过改变我用来创建脚本块的方法设法解决了这个问题。
我是从这个切换过来的:
foreach ($Tenant in $Tenants) {
$properties += @{
Name = "$($Tenant.Name) - AADRoles"
Expression = {($_.($Tenant.Name).'Roles'.'DisplayName' | Sort-Object) -join ', '}
}
$properties += @{
Name = "$($Tenant.Name) - Groups"
Expression = {($_.($Tenant.Name).'Groups'.'DisplayName' | Sort-Object) -join ', '}
}
}
对此:
foreach ($Tenant in $Tenants.Name) {
$properties += @{
Name = "$Tenant - AADRoles"
Expression = ([Scriptblock]::Create("(`$_.'$Tenant'.'Roles'.'DisplayName' | Sort-Object) -join ', '"))
}
$properties += @{
Name = "$Tenant - Groups"
Expression = ([Scriptblock]::Create("(`$_.'$Tenant'.'Groups'.'DisplayName' | Sort-Object) -join ', '"))
}
}
我已经尝试了一段时间,让我的 $Tenant.Name 变量作为文本插入,而不是作为稍后抓取的变量。
目前我收到以下输出:
| 租户 1 - AADRoles | 租户 1 - 群组 | 租户 2 - AADRoles | 租户 2 - 群组 |
|---|---|---|---|
| 租户 2 管理员 | Tenant2AdminGroup | 租户 2 管理员 | Tenant2AdminGroup |
两个租户都从租户 2 获取角色和组,我猜这是因为计算的 属性 直到最后才计算,然后它将使用最后一个值。我这样做是不是傻了?
我想要实现的是找出 MainTenantUsers 中的用户在我们其他租户中拥有哪些权限和角色。我以为我会通过动态创建 select-object 属性来输出它,但它并没有像我希望的那样工作。
SubTenantUsers 和 MainTenantUsers 变量包含来自 Get-AzureADUser、Get-AzureADDirectoryRole 和 Get-AzureADGroup 的信息,以帮助确定各个用户分配了哪些组和角色。
# Get a list of tenants the user has access to
$Tenants = Get-AzTenant | Where-Object {$_.TenantId -NotMatch $TenantId}
# Get user Roles in other tenants
foreach ($Tenant in $Tenants) {
$null = Connect-AzureAD -TenantId $Tenant.Id
$SubTenantUsers = Get-TenantUsersRolesAndGroups
foreach ($MainTenantUser in $MainTenantUsers) {
### Add tenant to list of tenants the user is a member of
if ($SubTenantUsers.UserPrincipalName -like ('{0}*' -f $MainTenantUser.UserPrincipalName.Replace("@", "_"))) {
$MainTenantUser.AccessibleTenants += $Tenant.Name
}
### Add the users roles and groups in the tenant
$null = Add-Member -InputObject $MainTenantUser -MemberType 'NoteProperty' -Name $Tenant.Name -Force -Value (
[PSCustomObject]@{
Roles = ($SubTenantUsers | Where-Object UserPrincipalName -like ('{0}*' -f $MainTenantUser.UserPrincipalName.Replace("@", "_")) | Select-Object Roles).Roles
Groups = ($SubTenantUsers | Where-Object UserPrincipalName -like ('{0}*' -f $MainTenantUser.UserPrincipalName.Replace("@", "_")) | Select-Object Groups).Groups
}
)
}
}
foreach ($Tenant in $Tenants) {
$properties += @{
Name = "$($Tenant.Name) - AADRoles"
Expression = {($_.($Tenant.Name).'Roles'.'DisplayName' | Sort-Object) -join ', '}
}
$properties += @{
Name = "$($Tenant.Name) - Groups"
Expression = {($_.($Tenant.Name).'Groups'.'DisplayName' | Sort-Object) -join ', '}
}
}
$MainTenantUsers | Sort-Object 'DisplayName' | Select-Object $properties |
Export-Csv -Path "$pathto\output.csv" -Encoding 'UTF8' -NoTypeInformation
我通过改变我用来创建脚本块的方法设法解决了这个问题。
我是从这个切换过来的:
foreach ($Tenant in $Tenants) {
$properties += @{
Name = "$($Tenant.Name) - AADRoles"
Expression = {($_.($Tenant.Name).'Roles'.'DisplayName' | Sort-Object) -join ', '}
}
$properties += @{
Name = "$($Tenant.Name) - Groups"
Expression = {($_.($Tenant.Name).'Groups'.'DisplayName' | Sort-Object) -join ', '}
}
}
对此:
foreach ($Tenant in $Tenants.Name) {
$properties += @{
Name = "$Tenant - AADRoles"
Expression = ([Scriptblock]::Create("(`$_.'$Tenant'.'Roles'.'DisplayName' | Sort-Object) -join ', '"))
}
$properties += @{
Name = "$Tenant - Groups"
Expression = ([Scriptblock]::Create("(`$_.'$Tenant'.'Groups'.'DisplayName' | Sort-Object) -join ', '"))
}
}