变量未定义 – 遍历 AD

huangapple
go评论99阅读模式
英文:

Variable not defined - iterating through AD

问题

我有一个包含4个数字的数组。我的脚本应该遍历AD,只针对extensionAttribute7等于1、2、5或6的已启用帐户。当我运行它时,我收到一条消息:

Get-ADUser: 在表达式中找到变量:$printExtensionAttribute7 未定义。

如果我输出变量,它确实包含这4个数字 - 有什么想法?

  1. $printExtensionAttribute7 = @('1','2','5','6')
  2. $ADUsers = Get-ADUser -server xxx.yyy.net -Filter { enabled -eq $true -and ($printExtensionAttribute7 -contains $_.extensionAttribute7)} -Properties Description, POBox , Office, Department, extensionAttribute7
英文:

I have an array that consists of 4 numbers. My script should iterate through AD, only for enabled accounts where extensionAttribute7 is equal to 1, 2, 5 or 6. When I run it, I get a message

Get-ADUser: Variable: 'printExtensionAttribute7' found in expression: $printExtensionAttribute7 is not defined.

If I output the variable, it does contain the 4 numbers - any ideas?

  1. $printExtensionAttribute7 = @('1','2','5','6')
  2. $ADUsers = Get-ADUser -server xxx.yyy.net -Filter { enabled -eq $true -and ($printExtensionAttribute7 -contains $_.extensionAttribute7)} -Properties Description, POBox , Office, Department, extensionAttribute7

答案1

得分: 1

运算符如-contains-match不受Active Directory筛选器支持,您可以为每个extensionAttribute7构建一个筛选器子句。

  1. $filter = -join @(
  2.     ''(&''                                                  # AND,必须满足所有条件
  3.         ''(!userAccountControl:1.2.840.113556.1.4.803:=2)'' # 启用对象
  4.         ''(|''                                              # OR,必须满足任何一个条件
  5.             1, 2, 5, 6 | ForEach-Object {                 # 遍历每个“extensionAttribute7”的值
  6.                 ''(extensionAttribute7={0})'' -f $_         # 并为每个构建一个筛选器子句
  7.             }
  8.         '')''                                               # 关闭OR
  9.     '')''                                                   # 关闭AND
  10. )
  12. $getADUserSplat = @{
  13.     LDAPFilter = $filter
  14.     Server     = ''xxx.yyy.net''
  15.     Properties = ''Description'', ''POBox'', ''Office'', ''Department'', ''extensionAttribute7'
  16. }
  18. Get-ADUser @getADUserSplat
英文:

Operators like -contains and -match are not supported by the Active Directory Filter, what you can do is construct a filter clause for each extensionAttribute7.

  1. $filter = -join @(
  2.     '(&'                                                  # AND, all conditions must be met
  3.         '(!userAccountControl:1.2.840.113556.1.4.803:=2)' # Enabled object
  4.         '(|'                                              # OR, any of the conditions must be met
  5.             1, 2, 5, 6 | ForEach-Object {                 # loop over each value for "extensionAttribute7"
  6.                 '(extensionAttribute7={0})' -f $_         # and construct a filter clause for each one
  7.             }
  8.         ')'                                               # close OR
  9.     ')'                                                   # close AND
  10. )
  12. $getADUserSplat = @{
  13.     LDAPFilter = $filter
  14.     Server     = 'xxx.yyy.net'
  15.     Properties = 'Description', 'POBox', 'Office', 'Department', 'extensionAttribute7'
  16. }
  18. Get-ADUser @getADUserSplat

huangapple
  • 本文由 发表于 2023年7月13日 19:36:48
  • 转载请务必保留本文链接:https://go.coder-hub.com/76678945.html
  • active-directory
  • powershell
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定