我正在处理的PowerShell脚本存在一个有趣的问题,该问题会向我们的组发送一封电子邮件,以通知我们服务器上的证书何时到期。从命令行看,每一行代码都能完美运行,但是在脚本运行时,$ bodyMid变量不会返回Get-ChildItem命令的结果。
代码:
# Extract information from Server Event Logs
$eventLog = Get-EventLog -LogName Application -EntryType Warning -Newest 1 -Source AutoEnrollment | Select EventID, MachineName, EntryType, Source, Message
$eventString = Out-String -InputObject $eventLog
$msgLength = $eventString.length
Write-Host "Length:" $msgLength
Write-Host "Message Body: " $eventString
# Extract the Thumbprint from the Certificate from the Event Logs
$thumbPrint = $eventString.Substring([int]$msgLength-69,69)
Write-Host "Thumbprint String: " $thumbPrint
$thumbPrint = $thumbPrint.Replace(" ", "")
$thumbPrint = $thumbPrint.Replace("'", "")
Write-Host "Processed Thumbprint: " $thumbPrint
# Extract the Certificate information from the Server
$certInfo = Get-ChildItem Cert:\ -Recurse | Where { $_.Thumbprint -eq $thumbPrint} | Select FriendlyName, Thumbprint, DnsNameList, PSPath, NotBefore, NotAfter
$bodyMid = Out-String -InputObject $certInfo
$bodyCount = $bodyMid.length
Write-Host "Mid-Body Count: " $bodyCount
Write-Host "Mid-Body: " $bodyMid
运行时,结果如下:
PS C:\Scripts> .\ServiceNotify.ps1
Length: 543
Message Body:
EventID : 64
MachineName : ADFS-01.contoso.com
EntryType : Warning
Source : AutoEnrollment
Message : The description for Event ID '-2147483584' in Source 'AutoEnrollment' cannot be found. The local computer may not have the
necessary registry information or message DLL files to display the message, or you may not have permission to access them.
The following information is part of the event:'local system', '81 4d 26 bb ef 94 30 25 32 44 e1 c7 bb 51 92 79 8b c6 5d 29'
Thumbprint String: '81 4d 26 bb ef 94 30 25 32 44 e1 c7 bb 51 92 79 8b c6 5d 29'
Processed Thumbprint: 814d26bbef9430253244e1c7bb5192798bc65d29
Mid-Body Count: 0
Mid-Body:
但是当我在脚本外部分配变量并在PowerShell内部一行一行地运行它们时,它将按预期工作:
PS C:\Scripts> $thumbPrint = "814D26BBEF9430253244E1C7BB5192798BC65D29"
PS C:\Scripts> $certInfo = Get-ChildItem Cert:\ -Recurse | Where { $_.Thumbprint -eq $thumbPrint} | Select FriendlyName, Thumbprint, DnsName
List, PSPath, NotBefore, NotAfter
PS C:\Scripts> $bodyMid = Out-String -InputObject $certInfo
PS C:\Scripts> $bodyCount = $bodyMid.length
PS C:\Scripts> Write-Host "Mid-Body Count: " $bodyCount
Mid-Body Count: 352
PS C:\Scripts> Write-Host "Mid-Body: " $bodyMid
Mid-Body:
FriendlyName : DC-WC-Cert-2016-2019
Thumbprint : 814D26BBEF9430253244E1C7BB5192798BC65D29
DnsNameList : {*.contoso.com, contoso.com}
PSPath : Microsoft.PowerShell.Security\Certificate::LocalMachine\My\814D26BBEF9430253244E1C7BB5192798BC65D29
NotBefore : 3/4/2016 11:00:00 AM
NotAfter : 6/4/2019 9:59:59 AM
我不会反对以其他方式执行此操作,但是我试图理解为什么cmdlet无法像我期望的那样在脚本中运行。有什么建议么?谢谢!
答案 0 :(得分:0)
感谢您的输入;我想出了解决方法。指纹还有返回的其他隐藏字符,当将其转储到文本文件中时,可以使用Notepad ++查看输出。要解决此问题,最简单的方法是保留指纹并删除其余的指纹,方法是对脚本进行以下调整:
# Extract the Thumbprint from the Certificate from the Event Logs
$thumbPrintString = $eventString.Substring([int]$msgLength-69,69)
Write-Host "Thumbprint String: " $thumbPrintString
$thumbPrintString = $thumbPrintString.Replace(" ", "")
$thumbPrintString = $thumbPrintString.Replace("'", "")
$thumbPrintString = $thumbPrintString.Replace("`n", "")
$thumbPrintLength = $thumbPrintString.length
$thumbPrint = $thumbPrintString.Substring(0,40)
结果给了我一个干净的指纹,然后在运行Get-ChildItem Cert:\ -Recurse命令时给了我所需的输出。现在,它发出格式化的电子邮件,其中列出了即将过期的证书:
The following event has triggered on ADFS-01:
----------------------------------------------
FriendlyName : DC-WC-Cert-2016-2019
Thumbprint : 814D26BBEF9430253244E1C7BB5192798BC65D29
DnsNameList : {*.contoso.com, contoso.com}
PSPath : Microsoft.PowerShell.Security\Certificate::LocalMachine\My\814D26BBEF9430253244E1C7BB5192798BC65D29
NotBefore : 3/4/2016 11:00:00 AM
NotAfter : 6/4/2019 9:59:59 AM
Please look into this issue as soon as possible. This task will repeat ever 12 hours until resolved.