我正在尝试使用powershell ActiveDirectory cmdlet查找具有特定ms-DS-ConsistencyGuid
的用户Get-ADUser
我已经从 Azure AD 收集了一个$string
=YvCLyl0B3E2tjT6gUbW8RA==
,我想基于该,该字符串是使用以下 Azure AD cmdlet 收集的属性的值ImmutableID
PS F:> $test=get-msoluser -UserPrincipalName niklas.jumlin@domain.com | select-object ImmutableID
PS F:> $test
ImmutableId
-----------
YvCLyl0B3E2tjT6gUbW8RA==
我可以成功地将ImmutableID
属性转换为ms-DS-ConsistencyGuid
属性的格式
PS F:> $string=[system.convert]::FromBase64String("YvCLyl0B3E2tjT6gUbW8RA==")
PS F:> $string
98
240
139
202
93
1
220
77
173
141
62
160
81
181
188
68
我还可以将ImmutableID
属性转换为ObjectGuid
属性的格式
PS F:> $bytearray=[system.convert]::frombase64string("YvCLyl0B3E2tjT6gUbW8RA==")
PS F:> [guid]$bytearray
Guid
----
ca8bf062-015d-4ddc-ad8d-3ea051b5bc44
如果我返回用户的ms-DS-ConsistencyGuid
或ObjectGUID
属性,我将得到以下内容:
PS F:> $user=get-aduser niklas.jumlin -Properties ms-DS-ConsistencyGuid | select-object Ms-DS-ConsistencyGuid, ObjectGuid
PS F:> $user
Ms-DS-ConsistencyGuid ObjectGuid
--------------------- ----------
{98, 240, 139, 202...} ca8bf062-015d-4ddc-ad8d-3ea051b5bc44
比较这两个值时,它们都返回相等的回报。
PS F:> if ($user.ObjectGuid -eq $user."MS-DS-ConsistencyGuid") { "ok" }
ok
如果我将各种格式的ImmutableID
值与ObjectGUID
和ms-DS-ConsistencyGuid
进行比较,它们也都返回相等
PS F:> if ($bytearray.guid -eq $user.ObjectGuid) { "ok" }
ok
PS F:> if ($string -eq $user."ms-DS-ConsistencyGuid") { "ok" }
ok
但是在使用Get-ADUser -filter "ms-DS-ConsistencyGuid -eq $string"
搜索用户时,我似乎无法使用不可变ID的值(任何格式(作为我的输入
我尝试过的一些例子:
1
PS F:> get-aduser -filter "ms-ds-consistencyGuid -eq $([GUID]$bytearray)"
get-aduser : Error parsing query: 'ms-ds-consistencyGuid -eq ca8bf062-015d4ddc-ad8d-3ea051b5bc44' Error Message: 'syntax error' at position: '27'.
At line:1 char:1
+ get-aduser -filter "ms-ds-consistencyGuid -eq $([GUID]$bytearray)"
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ParserError: (:) [Get-ADUser], ADFilterParsingException
+ FullyQualifiedErrorId : ActiveDirectoryCmdlet:Microsoft.ActiveDirectory.Management.ADFilterParsingException,Microsoft.ActiveDirectory.Management.Commands.GetADUser
阿拉伯数字
PS F:> get-aduser -filter "ms-ds-ConsistencyGuid -like $([system.convert]::FromBase64String('YvCLyl0B3E2tjT6gUbW8RA==') -join ' ')"
get-aduser : Error parsing query: 'ms-ds-ConsistencyGuid -like 98 240 139 202 93 1 220 77 173 141 62 160 81 181 188 68' Error Message: 'syntax error' at position: '32'.
At line:1 char:1
+ get-aduser -filter "ms-ds-ConsistencyGuid -like $([system.convert]::F ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ParserError: (:) [Get-ADUser], ADFilterParsingException
+ FullyQualifiedErrorId : ActiveDirectoryCmdlet:Microsoft.ActiveDirectory.Management.ADFilterParsingException,Microsoft.ActiveDirectory.Management.Commands.GetADUser
更新:以下内容有效,但我无法弄清楚如何过滤ms-DS-ConsistencyGuid
3
PS F:> get-aduser -filter "objectguid -eq '$([GUID]$bytearray)'"
DistinguishedName : CN=Jumlin Niklas,OU=Users,DC=domain,DC=com
Enabled : True
GivenName : Niklas
Name : Jumlin Niklas
ObjectClass : user
ObjectGUID : ca8bf062-015d-4ddc-ad8d-3ea051b5bc44
SamAccountName : niklas.jumlin
SID : S-1-5-21-1356814742-1182796210-879972363-148862
Surname : Jumlin
UserPrincipalName : niklas.jumlin@domain.com
您可以尝试以下操作:
$string=[system.convert]::FromBase64String("YvCLyl0B3E2tjT6gUbW8RA==")
$hex = -join ($string | %{$_.tostring("X").padleft(2,"0")})
$search = $hex -replace '(..)','$1'
$adUser = Get-AdUser -LDAPFilter "(ms-ds-consistencyguid=$search)"