Solved

Where, Variables and Functions in Powershell

Posted on 2016-09-16
3
45 Views
Last Modified: 2016-09-19
Hi
I have this function, that should reveal all user accounts with some given letter combinations in the Description og Info field in AD.
Function RevealClearTextPassword([Array]$search){


    $words = $search -split ","


    foreach($word in $words){
        
        $list = $list += "(`$_.Description -like `"*$word*`" -OR `$_.info -like `"*$word*`") -OR "
    }

    $list = $list.substring(0,$list.Length-5)
    Get-ADUser -filter * -Properties enabled, Description, Info | Where{$list} | ft samaccountname,enabled,description,info -AutoSize
    
}

Open in new window

When I run the Function like this:
RevealClearTextPassword pwd,pw,kode,pass

Open in new window

it returns ALL users in the AD no matter what is written in the two fields.
Why is that?

If I write out the Get-ADUser line it looks ok:
Get-ADUser -filter * -Properties enabled, Description, Info | Where{($_.Description -like "*pwd*" -OR $_.info -like "*pwd*") -OR ($
_.Description -like "*pw*" -OR $_.info -like "*pw*") -OR ($_.Description -like "*kode*" -OR $_.info -like "*kode*") -OR ($_.Descrip
tion -like "*pass*" -OR $_.info -like "*pass*")} | ft samaccountname,enabled,description,info -AutoSize

Open in new window

As far as I can see it should work, but it doesn't.
0
Comment
Question by:Kasper Katzmann
3 Comments
 
LVL 40

Accepted Solution

by:
Subsun earned 250 total points
ID: 41801439
When you mention Where{$list}, PowerShell consider it as a variable not a expression/condition. Until $list is not equal to $null the where condition is always considered as true.  That why the result has all users.

Change Where{$list} to Where{Invoke-Expression $list} and see if it works for you

You can also construct a pattern and use -Match to achieve the same..
Try..
Function RevealClearTextPassword([Array]$search){
  $words = ($search -Split ",") -join "|"
    Get-ADUser -filter * -Properties enabled, Description, Info | 
      ? {$_.Description -Match $words -OR $_.info -match $words} | 
    FT samaccountname,enabled,description,info -AutoSize
}

Open in new window

0
 
LVL 40

Assisted Solution

by:footech
footech earned 250 total points
ID: 41801836
As an alternative to Subsun's, if you change lines 12 and 13 as below it should work.
$list = [scriptblock]::Create( ($list.substring(0,$list.Length-5)) )
    Get-ADUser -filter * -Properties enabled, Description, Info | Where $list | ft samaccountname,enabled,description,info -AutoSize

Open in new window

0
 

Author Closing Comment

by:Kasper Katzmann
ID: 41804345
There is one word for people like you... geniuses
Both worked - thanks
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is a PowerShell web interface I use to manage some task as a network administrator. Clicking an action button on the left frame will display a form in the middle frame to input some data in textboxes, process this data in PowerShell and display…
Synchronize a new Active Directory domain with an existing Office 365 tenant
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

790 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question