[英]trying to get all the GPO's related to the OU with invoke command
I have a this set of code:我有一组代码:
#Find the OU with the selected Canonical name and save it to this variable
$OUObject = Invoke-Command -Session $S -ScriptBlock {Get-ADOrganizationalUnit -filter * -Property CanonicalName | Where-Object {$_.CanonicalName -eq $using:listBox2.SelectedItem}}
So after this code i get a an OU stored in a variable $OUObject.所以在这段代码之后,我得到了一个存储在变量 $OUObject 中的 OU。 i now want to get all the gpo's linked to this ou.
我现在想将所有 gpo 链接到这个 ou。 so my next step is this:
所以我的下一步是:
$test = $OUObject.LinkedGroupPolicyObjects
and now $test hold all the gpos linked to its ou.现在 $test 持有所有链接到它的 ou 的 gpos。 problem now is i want to get them by name.
现在的问题是我想按名称获取它们。 so i can do this:
所以我可以这样做:
invoke-command -session $s -scriptblock {get-gpo -guid $test}
but i will get this error: PS C:\WINDOWS\system32> invoke-command -session $s -scriptblock {get-gpo -guid $test} Cannot validate argument on parameter 'Guid'.但我会收到此错误:PS C:\WINDOWS\system32> invoke-command -session $s -scriptblock {get-gpo -guid $test} 无法验证参数“Guid”上的参数。 The argument is null or empty.
参数为 null 或为空。 Provide an argument that is not null or empty, and then try the command again.
提供一个不是 null 或空的参数,然后重试该命令。 + CategoryInfo: InvalidData: (:) [Get-GPO], ParameterBindingValidationException + FullyQualifiedErrorId: ParameterArgumentValidationError,Microsoft.GroupPolicy.Commands.GetGpoCommand + PSComputerName: DC01
+ CategoryInfo: InvalidData: (:) [Get-GPO], ParameterBindingValidationException + FullyQualifiedErrorId: ParameterArgumentValidationError,Microsoft.GroupPolicy.Commands.GetGpoCommand + PSComputerName: DC01
so i look at $test and this is what it holds:所以我看了一下 $test ,这就是它所拥有的:
PS C:\WINDOWS\system32> $test
cn={5873971D-F689-4E83-8AFA-389FDD7F34CD},cn=policies,cn=system,DC=bla,DC=local
cn={2B7F8931-038E-46BC-B1DB-FBFA86097C08},cn=policies,cn=system,DC=bla,DC=local
cn={C74CADA1-B609-44A3-8D3C-F733CF3112E2},cn=policies,cn=system,DC=bla,DC=local
so what i acually need is to past to the get-gpo command only the part inside the cn{..}所以我真正需要的是仅将 cn{..} 内的部分传递给 get-gpo 命令
if i hardcode for example and do this:例如,如果我硬编码并执行此操作:
invoke-command -session $s -scriptblock {get-gpo -guid 5873971D-F689-4E83-8AFA-389FDD7F34CD}
i get the result right.我得到正确的结果。 can anyone help me achive this please?
任何人都可以帮我实现这个吗?
Use the regex -replace
operator to extract the GUID from the DN, then pass the value to Invoke-Command
using the $using:
modifier:使用 regex
-replace
运算符从 DN 中提取 GUID,然后使用$using:
修饰符将值传递给Invoke-Command
:
$GUIDs = $test -replace '^cn=(\{[0-9a-f-]+\}).*$'
Invoke-Command -Session $s { $using:GUIDs |ForEach-Object { Get-GPO -Guid $_ } }
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.