C Emmons
asked on
How do I reference this object variable?
$ShareSec = Get-WmiObject -Class Win32_LogicalShareSecurity Setting -ComputerName "servername"
ForEach ($ShareS in $ShareSec)
{
$SecurityDescriptor = $ShareS.GetSecurityDescrip tor()
$myCol = @()
ForEach ($DACL in $SecurityDescriptor.Descri ptor.DACL)
{
$myObj = "" | Select Domain, ID, AccessMask, AceType
$myObj.Domain = $DACL.Trustee.Domain
$myObj.ID = $DACL.Trustee.Name
***
My questions is how to reference $DACL.Trustee.name in an get-adobject lookup, such as
$d=get-adobject -filter {name -like $dacl.trustee.name }
The things I've tried either give errors or lose the value and echo the variable name, etc.. I always have difficulty referencing variables especially in braces and quotes, etc.. The end goal is to list group members - when the DACL.trustee.name is a security group. I was planning to check the object class for each DACL - and lookup the membership when the objectclass is group. Knowing the group name alone isn't very helpful.
Thanks for your assistance.
ForEach ($ShareS in $ShareSec)
{
$SecurityDescriptor = $ShareS.GetSecurityDescrip
$myCol = @()
ForEach ($DACL in $SecurityDescriptor.Descri
{
$myObj = "" | Select Domain, ID, AccessMask, AceType
$myObj.Domain = $DACL.Trustee.Domain
$myObj.ID = $DACL.Trustee.Name
***
My questions is how to reference $DACL.Trustee.name in an get-adobject lookup, such as
$d=get-adobject -filter {name -like $dacl.trustee.name }
The things I've tried either give errors or lose the value and echo the variable name, etc.. I always have difficulty referencing variables especially in braces and quotes, etc.. The end goal is to list group members - when the DACL.trustee.name is a security group. I was planning to check the object class for each DACL - and lookup the membership when the objectclass is group. Knowing the group name alone isn't very helpful.
Thanks for your assistance.
Actually, just tested and another way is
Unless you're using a wildcard, you probably want to use -eq instead of -like in the filter.
get-adobject -filter "name -like '$DACL.Trustee.Name'"
Unless you're using a wildcard, you probably want to use -eq instead of -like in the filter.
Since the value is constant for the filter, you should be able to use this too, called a subexpression:
"$dacl.trustee.name" will replace "$dacl" with its string representation, and then append ".trustee.name" as string.
Get-ADObject -filter { name -like "$($dacl.trustee.name)" }
In double quotes you always need to use a subexpression to access properties of objects."$dacl.trustee.name" will replace "$dacl" with its string representation, and then append ".trustee.name" as string.
@Qlemo - have you been able to get that to work? I've tried it and it doesn't work for me. It seems like subexpressions don't work within filter brackets, which I find odd. The second syntax that I listed is like what I use for Get-WmiObject filters, and it doesn't work if I reverse the double and single quotes. The help for AD cmdlets doesn't mention using quotes to surround the filter, though when you look at the help topic about_ActiveDirectory_Filt er, a number of the examples have the filter surrounded by single quotes.
You're right about the subexpression of course, I messed up when I was pasting the command. Should be
You're right about the subexpression of course, I messed up when I was pasting the command. Should be
get-adobject -filter "name -like '$($DACL.Trustee.Name)'"
And what I find odd about that is that you wouldn't expect the subexpression to work within single quotes...
ASKER
I appreciate your help, but I seem unable to get any of these variation to work. I can echo $DACL.Trustee.Name to the screen, or another variable I have used to put this value into, such as $name. They both display as expected. Then, I try the various syntaxes and I don't have any success. Any ideas, do these variation work for you? I've also test get-adobject with an actual name in quotes, omitting variables and that works too. Thanks for your patience.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Ok - that works for me too with samaccountname. Thanks - you've been great!
ASKER
I've requested that this question be closed as follows:
Accepted answer: 0 points for apsutechteam's comment #a40312919
for the following reason:
Multiple answers - and successful execution.
Accepted answer: 0 points for apsutechteam's comment #a40312919
for the following reason:
Multiple answers - and successful execution.
@apsutechteam - Could you reopen the question and (re)select which post(s) helped you as the answer instead of your own? You'll need to click the "request attention" button underneath your question. Thanks.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
@Qlemo - You're right, I should have clicked the Object button. I guess sometimes I'm too hesitant to use it...
That's interesting that AD object properties can be evaluated inside the braces. It's odd that I've never seen any official (or by well-know PS bloggers) mention/explanation of the string variant of -filter. Only time I've seen it used in examples is in about_ActiveDirectory_Filt er as I mentioned before, but the section on filter syntax exclusively describes the scriptblock notation. I'm just curious if you have ever seen the string variant covered?
I think I discovered it kind of by accident. First I had learned about AD cmdlets, then later I was learning about WMI cmdlets (Get-WmiObject in particular) and the filter for that. The help there shows the string variant, and I (not being too well-versed in PS yet) probably thought that all filters should be like that. So for a time I was always using the string variant. After going back into the help for AD cmdlets at some point and reading more extensively on the AD filter syntax is when I started using the scriptblock notation again for AD cmdlets (probably just to be consistent with the documentation I was seeing), but still using the string variant for WMI cmdlets. - I know everyone was curious about this. :)
That's interesting that AD object properties can be evaluated inside the braces. It's odd that I've never seen any official (or by well-know PS bloggers) mention/explanation of the string variant of -filter. Only time I've seen it used in examples is in about_ActiveDirectory_Filt
I think I discovered it kind of by accident. First I had learned about AD cmdlets, then later I was learning about WMI cmdlets (Get-WmiObject in particular) and the filter for that. The help there shows the string variant, and I (not being too well-versed in PS yet) probably thought that all filters should be like that. So for a time I was always using the string variant. After going back into the help for AD cmdlets at some point and reading more extensively on the AD filter syntax is when I started using the scriptblock notation again for AD cmdlets (probably just to be consistent with the documentation I was seeing), but still using the string variant for WMI cmdlets. - I know everyone was curious about this. :)
No, never seen the "string theory" in anything official. I guess "it just works" because PS tries to support with a lot of effort.
My take on that: the string expression is silently converted into a script block, with the vars and subexpression already substituted. There are several other cases where this happens (but can't recall one ATM).
My take on that: the string expression is silently converted into a script block, with the vars and subexpression already substituted. There are several other cases where this happens (but can't recall one ATM).
Answer - http:#a40312383
Assist - http:#a40313226
...and this is why I'm hesitant to object at times. I'd rather the asker take the initiative to select which posts were helpful on their own. Oh well.
Assist - http:#a40313226
...and this is why I'm hesitant to object at times. I'd rather the asker take the initiative to select which posts were helpful on their own. Oh well.
Open in new window