我有一个有趣的问题,我正在处理的PowerShell脚本向我们的小组发送一封电子邮件,让我们知道服务器上的证书即将过期。从命令行,每行代码都能正常工作,但是当脚本运行时,$ bodyMid变量不会返回Get-ChildItem命令的结果。
码:
# Extract information from Server Event Logs
$eventLog = Get-EventLog -LogName Application -EntryType Warning -Newest 1 -Source AutoEnrollment | Select EventID, MachineName, EntryType, Source, Message
$eventString = Out-String -InputObject $eventLog
$msgLength = $eventString.length
Write-Host "Length:" $msgLength
Write-Host "Message Body: " $eventString
# Extract the Thumbprint from the Certificate from the Event Logs
$thumbPrint = $eventString.Substring([int]$msgLength-69,69)
Write-Host "Thumbprint String: " $thumbPrint
$thumbPrint = $thumbPrint.Replace(" ", "")
$thumbPrint = $thumbPrint.Replace("'", "")
Write-Host "Processed Thumbprint: " $thumbPrint
# Extract the Certificate information from the Server
$certInfo = Get-ChildItem Cert:\ -Recurse | Where { $_.Thumbprint -eq $thumbPrint} | Select FriendlyName, Thumbprint, DnsNameList, PSPath, NotBefore, NotAfter
$bodyMid = Out-String -InputObject $certInfo
$bodyCount = $bodyMid.length
Write-Host "Mid-Body Count: " $bodyCount
Write-Host "Mid-Body: " $bodyMid
运行时,结果如下:
PS C:\Scripts> .\ServiceNotify.ps1
Length: 543
Message Body:
EventID : 64
MachineName : ADFS-01.contoso.com
EntryType : Warning
Source : AutoEnrollment
Message : The description for Event ID '-2147483584' in Source 'AutoEnrollment' cannot be found. The local computer may not have the
necessary registry information or message DLL files to display the message, or you may not have permission to access them.
The following information is part of the event:'local system', '81 4d 26 bb ef 94 30 25 32 44 e1 c7 bb 51 92 79 8b c6 5d 29'
Thumbprint String: '81 4d 26 bb ef 94 30 25 32 44 e1 c7 bb 51 92 79 8b c6 5d 29'
Processed Thumbprint: 814d26bbef9430253244e1c7bb5192798bc65d29
Mid-Body Count: 0
Mid-Body:
但是当我在脚本外部分配变量并在PowerShell中运行它们行时,它应该按原样运行:
PS C:\Scripts> $thumbPrint = "814D26BBEF9430253244E1C7BB5192798BC65D29"
PS C:\Scripts> $certInfo = Get-ChildItem Cert:\ -Recurse | Where { $_.Thumbprint -eq $thumbPrint} | Select FriendlyName, Thumbprint, DnsName
List, PSPath, NotBefore, NotAfter
PS C:\Scripts> $bodyMid = Out-String -InputObject $certInfo
PS C:\Scripts> $bodyCount = $bodyMid.length
PS C:\Scripts> Write-Host "Mid-Body Count: " $bodyCount
Mid-Body Count: 352
PS C:\Scripts> Write-Host "Mid-Body: " $bodyMid
Mid-Body:
FriendlyName : DC-WC-Cert-2016-2019
Thumbprint : 814D26BBEF9430253244E1C7BB5192798BC65D29
DnsNameList : {*.contoso.com, contoso.com}
PSPath : Microsoft.PowerShell.Security\Certificate::LocalMachine\My\814D26BBEF9430253244E1C7BB5192798BC65D29
NotBefore : 3/4/2016 11:00:00 AM
NotAfter : 6/4/2019 9:59:59 AM
我不反对以不同的方式执行此操作,但我试图理解为什么cmdlet不像我期望的那样在脚本内部工作。有什么建议?谢谢!
感谢您的投入;我想出了如何解决它。指纹有其他隐藏的字符被返回,我可以看到使用Notepad ++在输出转储到文本文件时查看输出。要解决此问题,最简单的方法是保留指纹并删除其余部分,通过以下对脚本的调整来完成:
# Extract the Thumbprint from the Certificate from the Event Logs
$thumbPrintString = $eventString.Substring([int]$msgLength-69,69)
Write-Host "Thumbprint String: " $thumbPrintString
$thumbPrintString = $thumbPrintString.Replace(" ", "")
$thumbPrintString = $thumbPrintString.Replace("'", "")
$thumbPrintString = $thumbPrintString.Replace("`n", "")
$thumbPrintLength = $thumbPrintString.length
$thumbPrint = $thumbPrintString.Substring(0,40)
结果给了我一个干净的指纹,然后在运行Get-ChildItem Cert:\ -Recurse命令时给了我所需的输出。它现在发送一个格式化的电子邮件,列出即将过期的证书:
The following event has triggered on ADFS-01:
----------------------------------------------
FriendlyName : DC-WC-Cert-2016-2019
Thumbprint : 814D26BBEF9430253244E1C7BB5192798BC65D29
DnsNameList : {*.contoso.com, contoso.com}
PSPath : Microsoft.PowerShell.Security\Certificate::LocalMachine\My\814D26BBEF9430253244E1C7BB5192798BC65D29
NotBefore : 3/4/2016 11:00:00 AM
NotAfter : 6/4/2019 9:59:59 AM
Please look into this issue as soon as possible. This task will repeat ever 12 hours until resolved.