dsacls - Invalid DN Syntax in powershell
Question
I am trying to modify the servicePrincipalName permission within powershell script using the 'dsacls' command.
I am taking all the dynamic parameter as script arguments.
The script is not working when I form a command with the arguments variable I received. There is something I am missing with string manipulation.
$perStr ='"' + $strDN + '"' + ' /G ' + $DomainNetBIOSName + '\' + $SQLUser + ':RPWP;"servicePrincipalName"'
$ret = dsacls ${perStr}
The above gives an error:
Invalid DN Syntax
When I run with hardcoded values it runs fine.
1 answers
solution1
1 ACCPTED 2017-12-04 22:31:25
When I have a hard time constructing strings to use with external executables I tend to build the entire command and then use Invoke-Expression to run it. Something like this:
$perStr = '& dsacls --% "{0}" /G {1}\{2}:RPWP;"servicePrincipalName"' -f $strDN, $DomainNetBIOSName, $SQLUser
$ret = Invoke-Expression -Command $perStr
The --% will tell it to stop interpreting things beyond that point so it will take all arguments exactly as typed and pass them to the command. See if that works for you, and if not you may want to look at the content of $perStr to make sure that it looks right to you.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.