变量未定义 – 遍历 AD

huangapple
go评论61阅读模式
英文:

Variable not defined - iterating through AD

问题

我有一个包含4个数字的数组。我的脚本应该遍历AD,只针对extensionAttribute7等于1、2、5或6的已启用帐户。当我运行它时,我收到一条消息:

Get-ADUser: 在表达式中找到变量:$printExtensionAttribute7 未定义。

如果我输出变量,它确实包含这4个数字 - 有什么想法?

$printExtensionAttribute7 = @('1','2','5','6')
$ADUsers = Get-ADUser -server xxx.yyy.net -Filter { enabled -eq $true -and ($printExtensionAttribute7 -contains $_.extensionAttribute7)} -Properties Description, POBox , Office, Department, extensionAttribute7
英文:

I have an array that consists of 4 numbers. My script should iterate through AD, only for enabled accounts where extensionAttribute7 is equal to 1, 2, 5 or 6. When I run it, I get a message

Get-ADUser: Variable: 'printExtensionAttribute7' found in expression: $printExtensionAttribute7 is not defined.

If I output the variable, it does contain the 4 numbers - any ideas?

$printExtensionAttribute7 = @('1','2','5','6')
$ADUsers = Get-ADUser -server xxx.yyy.net -Filter { enabled -eq $true -and ($printExtensionAttribute7 -contains $_.extensionAttribute7)} -Properties Description, POBox , Office, Department, extensionAttribute7

答案1

得分: 1

运算符如-contains-match不受Active Directory筛选器支持,您可以为每个extensionAttribute7构建一个筛选器子句。

$filter = -join @(
    ''(&''                                                  # AND,必须满足所有条件
        ''(!userAccountControl:1.2.840.113556.1.4.803:=2)'' # 启用对象
        ''(|''                                              # OR,必须满足任何一个条件
            1, 2, 5, 6 | ForEach-Object {                 # 遍历每个“extensionAttribute7”的值
                ''(extensionAttribute7={0})'' -f $_         # 并为每个构建一个筛选器子句
            }
        '')''                                               # 关闭OR
    '')''                                                   # 关闭AND
)

$getADUserSplat = @{
    LDAPFilter = $filter
    Server     = ''xxx.yyy.net''
    Properties = ''Description'', ''POBox'', ''Office'', ''Department'', ''extensionAttribute7'
}

Get-ADUser @getADUserSplat
英文:

Operators like -contains and -match are not supported by the Active Directory Filter, what you can do is construct a filter clause for each extensionAttribute7.

$filter = -join @(
    '(&'                                                  # AND, all conditions must be met
        '(!userAccountControl:1.2.840.113556.1.4.803:=2)' # Enabled object
        '(|'                                              # OR, any of the conditions must be met
            1, 2, 5, 6 | ForEach-Object {                 # loop over each value for "extensionAttribute7"
                '(extensionAttribute7={0})' -f $_         # and construct a filter clause for each one
            }
        ')'                                               # close OR
    ')'                                                   # close AND
)

$getADUserSplat = @{
    LDAPFilter = $filter
    Server     = 'xxx.yyy.net'
    Properties = 'Description', 'POBox', 'Office', 'Department', 'extensionAttribute7'
}

Get-ADUser @getADUserSplat

huangapple
  • 本文由 发表于 2023年7月13日 19:36:48
  • 转载请务必保留本文链接:https://go.coder-hub.com/76678945.html
  • active-directory
  • powershell
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定