使用变量的Get-ADObject和Where-Object问题

时间:2018-10-28 20:28:44

标签: powershell powershell-v5.0 bitlocker

我想通过Powershell通过提供恢复密钥ID来获取BitLocker恢复密码。我知道这可以通过Active Directory用户和计算机应用程序完成,而这实际上是我要复制的内容。

我目前的流程如下:

  • 提示用户输入恢复密钥ID
  • 获取所有ObjectClass为msFVE-RecoveryInformation的AD对象
  • 通过DistinguishedName过滤这些结果,这应该可以让我获得所需的个人记录。
  • 写出最终的BitLocker恢复密码

我遇到的问题是,在我的Where-Object子句中使用变量时,没有任何结果。如果我在恢复密钥ID中进行硬编码,则可以正常工作。

这是我到目前为止的代码:

$key = (read-host -Prompt "Enter starting portion of recovery key ID (8 Digits)").ToUpper()
$recoveryInformation = Get-ADObject -Filter 'ObjectClass -eq "msFVE-RecoveryInformation"' | Where-Object {$_.DistinguishedName -like "*$key*"}
echo $recoveryInformation

我尝试了几种不同的方法,但它们都以相同的结果结束,在这种情况下,硬编码值可以工作,而变量则不能。这使我相信这是我获得用户输入的方式的一部分,但是我遇到了麻烦。任何帮助将不胜感激。

最终结果

最后,我的代码的问题是我使用的是where-object而不是where。一旦做出更改,一切都会按预期进行。

postanote提供的示例可以提供更好的输出,并且绝对更可靠。最后一个例子是给出最终结果的最佳例子。

1 个答案:

答案 0 :(得分:1)

为什么不仅仅使用专门为获取此信息而设计的内置PowerShell cmdlet?

以下是一些可以直接用于您的用例或进行调整的事情。参见示例5。

Get BitLocker Recovery Information from AD Using PowerShell 

# Example Commands

# 1. Get BitLocker recovery information for a single computer:

Get-BitLockerRecovery computer1

# 2. Get BitLocker recovery information for a list of computers:
Get-BitLockerRecovery "computer1","computer2"

# or

"computer1","computer2" | Get-BitLockerRecovery

# 3. Get BitLocker recovery information for computers in an OU:
Get-ADComputer -Filter { name -like "*" } `
  -SearchBase "OU=Sales,DC=fabrikam,DC=com" |
  Get-BitLockerRecovery

# 4. Get the BitLocker recovery information for a specific password ID:
Get-BitLockerRecovery -PasswordID B1FED823

# 5. Get BitLocker recovery information for all msFVE-RecoveryInformation objects in the current domain:
$filter = "(objectClass=msFVE-RecoveryInformation)"
Get-ADObject -LDAPFilter $filter | ForEach-Object {
  Get-ADPathname (Get-ADPathname $_.DistinguishedName `
  -Format X500Parent) -Format Leaf -ValuesOnly |
  Get-BitLockerRecovery
}

或者在不使用用户传递的键串的情况下测试可变方法时... 

# First ask for a computername
$usrInput = Read-Host "Type in name of computer you want to retrieve the BitLocker recovery information"

# Get the computer object from Active Directory
$objComputer = Get-ADComputer $usrInput

# Find the AD object which match the computername and is of the class "msFVE-RecoveryInformation"
$objADObject = get-adobject -Filter * | Where-Object {$_.DistinguishedName -match $objComputer.Name -and $_.ObjectClass -eq "msFVE-RecoveryInformation"}

# Filter the result so you'll get only the recovery key
(($objADObject.DistinguishedName.Split(",")[0]).split("{")[1]).Substring(0,$trimming.Length-1)

或者这种方法... 

$computers = get-adobject -Filter * | Where-Object {$_.ObjectClass -eq "msFVE-RecoveryInformation"}

$key = (read-host -Prompt "Enter starting portion of recovery key ID").ToUpper()
$records = $computers | where {$_.DistinguishedName -like "*$key*"}

foreach ($rec in $records) {
    $computer = get-adcomputer -identity ($records.DistinguishedName.Split(",")[1]).split("=")[1]
    $recoveryPass = Get-ADObject -Filter {objectclass -eq 'msFVE-RecoveryInformation'} -SearchBase $computer.DistinguishedName -Properties 'msFVE-RecoveryPassword'
    [pscustomobject][ordered]@{
        Computer = $computer
        'Recovery Key ID' = $rec.Name.Split("{")[1].split("}")[0]
        'Recovery Password' = $recoveryPass.'msFVE-RecoveryPassword'
    } | Format-List
}
相关问题
最新问题