Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

How do I reference this object variable?

Posted on 2014-09-08
15
Medium Priority
?
269 Views
Last Modified: 2014-09-21
$ShareSec = Get-WmiObject -Class Win32_LogicalShareSecuritySetting -ComputerName "servername"
      
ForEach ($ShareS in $ShareSec)

      {      
            $SecurityDescriptor = $ShareS.GetSecurityDescriptor()
            $myCol = @()
            
            ForEach ($DACL in $SecurityDescriptor.Descriptor.DACL)
            {
                  $myObj = "" | Select Domain, ID, AccessMask, AceType
                  $myObj.Domain = $DACL.Trustee.Domain
                  $myObj.ID = $DACL.Trustee.Name
***
My questions is how to reference $DACL.Trustee.name in an get-adobject lookup, such as

$d=get-adobject -filter {name -like $dacl.trustee.name }
The things I've tried either give errors or lose the value and echo the variable name, etc..  I always have difficulty referencing variables especially in braces and quotes, etc..  The end goal is to list group members - when the DACL.trustee.name is a security group.  I was planning to check the object class for each DACL - and lookup the membership when the objectclass is group. Knowing the group name alone isn't very helpful.

Thanks for your assistance.
0
Comment
Question by:apsutechteam
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 3
  • 3
15 Comments
 
LVL 41

Expert Comment

by:footech
ID: 40310966
The only way I've ever been able to do that is to first assign the value to a variable, and then use that variable in the filter.
$name = $DACL.Trustee.Name
get-adobject -filter {name -like $name }

Open in new window

0
 
LVL 41

Expert Comment

by:footech
ID: 40310972
Actually, just tested and another way is
get-adobject -filter "name -like '$DACL.Trustee.Name'"

Open in new window


Unless you're using a wildcard, you probably want to use -eq instead of -like in the filter.
0
 
LVL 71

Expert Comment

by:Qlemo
ID: 40310975
Since the value is constant for the filter, you should be able to use this too, called a subexpression:
Get-ADObject -filter { name -like "$($dacl.trustee.name)" }

Open in new window

In double quotes you always need to use a subexpression to access properties of objects.
"$dacl.trustee.name" will replace "$dacl" with its string representation, and then append ".trustee.name" as string.
0
Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

 
LVL 41

Expert Comment

by:footech
ID: 40311008
@Qlemo - have you been able to get that to work?  I've tried it and it doesn't work for me.  It seems like subexpressions don't work within filter brackets, which I find odd.  The second syntax that I listed is like what I use for Get-WmiObject filters, and it doesn't work if I reverse the double and single quotes.  The help for AD cmdlets doesn't mention using quotes to surround the filter, though when you look at the help topic about_ActiveDirectory_Filter, a number of the examples have the filter surrounded by single quotes.

You're right about the subexpression of course, I messed up when I was pasting the command.  Should be
get-adobject -filter "name -like '$($DACL.Trustee.Name)'"

Open in new window

And what I find odd about that is that you wouldn't expect the subexpression to work within single quotes...
0
 

Author Comment

by:apsutechteam
ID: 40312235
I appreciate your help, but I seem unable to get any of these variation to work.  I can echo $DACL.Trustee.Name to the screen, or another variable I have used to put this value into, such as $name.  They both display as expected.  Then, I try the various syntaxes and I don't have any success.  Any ideas, do these variation work for you?  I've also test get-adobject with an actual name in quotes, omitting variables and that works too.  Thanks for your patience.
0
 
LVL 41

Accepted Solution

by:
footech earned 1000 total points
ID: 40312383
Yes, I've tested both of the following and they work for me.
$name = $DACL.Trustee.Name
get-adobject -filter {name -like $name}
get-adobject -filter "name -like '$($DACL.Trustee.Name)'"

Open in new window

The only variation for me was that I used samAccountName instead of name since I know that no objects have a name in that format.  So my actual command was
get-adobject -filter "samAccountName -like '$($DACL.Trustee.Name)'"

Open in new window

0
 

Author Comment

by:apsutechteam
ID: 40312919
Ok - that works for me too with samaccountname.  Thanks - you've been great!
0
 

Author Comment

by:apsutechteam
ID: 40313134
I've requested that this question be closed as follows:

Accepted answer: 0 points for apsutechteam's comment #a40312919

for the following reason:

Multiple answers - and successful execution.
0
 
LVL 41

Expert Comment

by:footech
ID: 40313003
@apsutechteam - Could you reopen the question and (re)select which post(s) helped you as the answer instead of your own?  You'll need to click the "request attention" button underneath your question.  Thanks.
0
 
LVL 71

Assisted Solution

by:Qlemo
Qlemo earned 1000 total points
ID: 40313226
Advanced stuff ahead ...

After some deep-dive investigation, using objects representing something different than simple types (string, number) does not work inside of the script block notation for -filter (using the curly brackets).
With exception of AD objects, that is. Objects listed in get-help about_ActiveDirectory_ObjectModel are supported, and can be used directly including all their properties:
$adusr = Get-AdObject -identity 'cn=Qlemo Demo, cn=Users, dc=domain, dc=com'
Get-AdObject -Filter { name -eq $adusr.name }

Open in new window


The string variant of -filter is parsed exactly like a string first, so string literals (like the evaluated object content) have to be enclosed in single or double quotes.
The whole filter string needs to be enclosed in double quotes to allow string replacement by PowerShell. If the outmost quotes are double quotes, everything inside looking like a variable or subexpression (i.e. starting with dollar sign) will be evaluated.
Other quotes (single or double) inside those double quotes are just quotes, not restricting the replacement, with exception of the backquote as escape character, of course.
This leads to something like
    "property -eq '$($obj.property.property)'"
or
    "property -eq ""$($obj.property.property)"" "
or
    "property -eq `"$($obj.property.property)`" "


I hope that illuminates the background why some expressions work seamlessly.
0
 
LVL 41

Expert Comment

by:footech
ID: 40313333
@Qlemo - You're right, I should have clicked the Object button.  I guess sometimes I'm too hesitant to use it...

That's interesting that AD object properties can be evaluated inside the braces.  It's odd that I've never seen any official (or by well-know PS bloggers) mention/explanation of the string variant of -filter.  Only time I've seen it used in examples is in about_ActiveDirectory_Filter as I mentioned before, but the section on filter syntax exclusively describes the scriptblock notation.  I'm just curious if you have ever seen the string variant covered?

I think I discovered it kind of by accident. First I had learned about AD cmdlets, then later I was learning about WMI cmdlets (Get-WmiObject in particular) and the filter for that.  The help there shows the string variant, and I (not being too well-versed in PS yet) probably thought that all filters should be like that.  So for a time I was always using the string variant.  After going back into the help for AD cmdlets at some point and reading more extensively on the AD filter syntax is when I started using the scriptblock notation again for AD cmdlets (probably just to be consistent with the documentation I was seeing), but still using the string variant for WMI cmdlets.    - I know everyone was curious about this.  :)
0
 
LVL 71

Expert Comment

by:Qlemo
ID: 40313393
No, never seen the "string theory" in anything official. I guess "it just works" because PS tries to support with a lot of effort.
My take on that: the string expression is silently converted into a script block, with the vars and subexpression already substituted. There are several other cases where this happens (but can't recall one ATM).
0
 
LVL 41

Expert Comment

by:footech
ID: 40325857
Answer - http:#a40312383

Assist - http:#a40313226

...and this is why I'm hesitant to object at times.  I'd rather the asker take the initiative to select which posts were helpful on their own.  Oh well.
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The Nano Server Image Builder helps you create a custom Nano Server image and bootable USB media with the aid of a graphical interface. Based on the inputs you provide, it generates images for deployment and creates reusable PowerShell scripts that …
A quick Powershell script I wrote to find old program installations and check versions of a specific file across the network.
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question