我正在尝试显示一个脚本的输出,该脚本在域控制器中搜索在我创建的GUI中已锁定到标签中并且遇到问题的帐户中的帐户。我已经能够做到这一点,而我使用的其他脚本没有任何问题,但是这个脚本有些不同,我是一个完全新手,并且一直在努力寻找答案。在Powershell中单独运行脚本时,它以美观,易于使用的格式输出信息,但我无法将其放入标签中。
#LOCKOUT TRACE BUTTON
$Button16 = New-Object system.Windows.Forms.Button
$Button16.text = "Lockout Trace"
$Button16.width = 85
$Button16.height = 30
$Button16.location = New-Object
System.Drawing.Point(105,113)
$ErrorActionPreference = 'SilentlyContinue'
$Button16.Add_Click(
{
$Label2.Text = ""
Import-Module ActiveDirectory
$UserName = $($TextBox1.Text)
#Get DCs
$PDC = (Get-ADDomainController -Discover -Service PrimaryDC).Name
$DCs = (Get-ADDomainController -Filter *).Name
#Get user info
$UserInfo = Get-ADUser -Identity $UserName
#Search PDC for lockout events with ID 4740
$LockedOutEvents = foreach ($DC in $DCs) { Get-WinEvent -ComputerName $DC
-FilterHashtable @{LogName='Security';Id=4740} -ErrorAction Stop | Sort-
Object -Property TimeCreated -Descending }
#Parse and filter out lockout events
Foreach($Event in $LockedOutEvents)
{
If($Event | Where {$_.Properties[2].value -match $UserInfo.SID.Value})
{
$Event | Select-Object -Property @(
@{Label = 'User'; Expression = {$_.Properties[0].Value}}
@{Label = 'DomainController'; Expression = {$_.MachineName}}
@{Label = 'EventId'; Expression = {$_.Id}}
@{Label = 'LockoutTimeStamp'; Expression = {$_.TimeCreated}}
@{Label = 'Message'; Expression = {$_.Message -split "`r" | Select -
First 1}}
@{Label = 'LockoutSource'; Expression = {$_.Properties[1].Value}}
)
}}
$Label2.Text = ("User = $($_.Properties[0].Value)
DomainController = $($_.MachineName)
EventID = $($_.ID)
LockoutTimeStamp = $($_.TimeCreated)
Message = $($_.Message -split "`r" | Select -First 1)
LockoutSource = $($_.Properties[1].Value)")
}
)
$main_form.Controls.Add($Button16)
在提供的代码中,它按预期在自己的行上返回“ User =“” DomainController =“” Event ID =“等。如果我将“ $ Label2.Text =”放在“ Foreach($ LockedOutEvents)中的$ Event”之前,则所有数据都将返回到Label中,但是它们都连续一行。我希望在创建的标签中在自己的单独行上输出数据点,因此我想向天才们寻求帮助。这个网站回答了我有关此旅程的多个问题,希望能有另一个问题。预先感谢。
答案 0 :(得分:0)
您显示的代码有时在换行符的任意位置中断。我希望这只是尝试在问题中进行格式化。
对于我想要的东西,可能最好的方法是不使用Label对象在表单中显示结果,而是使用带有滚动条的多行TextBox,以便您知道返回的值始终适合表单。
目前,我已经将$Label2保留了下来,但是将您的$Button16.Add_Click()重塑为:
$Button16.Add_Click({
$Label2.Text = ""
$UserName = $TextBox1.Text
# Try and get the user object from the name entered in the textbox
$UserInfo = Get-ADUser -Identity $UserName
if (!$UserInfo) {
$Label2.Text = "$UserName not found!"
return
}
# Get DCs
## $PDC = (Get-ADDomainController -Discover -Service PrimaryDC).Name
$DCs = (Get-ADDomainController -Filter *).Name
# Search DC's for lockout events with ID 4740
$LockedOutEvents = foreach ($DC in $DCs) {
Get-WinEvent -ComputerName $DC -FilterHashtable @{LogName='Security';Id=4740} -ErrorAction SilentlyContinue |
Where {$_.Properties[2].value -match $UserInfo.SID} |
Sort-Object -Property TimeCreated -Descending
}
if ($LockedOutEvents) {
# Parse and filter out lockout events. Collect the outputted string(s) in a variable
# use 'Format-List | Out-String' to collect nicely formatted text
$events = $LockedOutEvents | ForEach-Object {
($_ | Select-Object -Property @(
@{Name = 'User'; Expression = {$_.Properties[0].Value}}
@{Name = 'DomainController'; Expression = {$_.MachineName}}
@{Name = 'EventId'; Expression = {$_.Id}}
@{Name = 'LockoutTimeStamp'; Expression = {$_.TimeCreated}}
@{Name = 'Message'; Expression = {$_.Message -split '\r?\n' | Select-Object -First 1}}
@{Name = 'LockoutSource'; Expression = {$_.Properties[1].Value}}
) | Format-List | Out-String).Trim()
}
# join the collected output and insert that into the label
$Label2.Text = $events -join ([Environment]::NewLine * 2)
}
else {
$Label2.Text = "No Lockout events found for user $UserName"
}
})
Import-Module ActiveDirectory行可以移至脚本的第一行。
希望这会有所帮助