powershell - 在 Get-ADUser 筛选器参数中传递字符串会导致错误 - 在 pscustomobject 中找不到属性

Question

我正在尝试创建新的 Active Directory 用户，但首先我使用 Get-ADUser 验证该用户不存在。 我从人力资源部门导入用户数据并构建自定义属性:

$newUsers = Import-Csv $csvFile |
            Select-Object -Property @{n='EmpNum';e={$_.'Employee Number'}},
                @{n='UPN';e={$_.'Email Address'}},
                @{n='Alias';e={$_.'Email Address'.Split("@")[0]}} #### etc

当我循环访问 CSV 文件中的对象时，我使用 UPN 属性在 Active Directory 中搜索用户:

foreach ($newUser in $newUsers) {
    $exists = Get-ADUser -Filter {UserPrincipalName -eq $newUser.UPN} -Properties * -Server $adServer -Credential $adCred 
    ...
}

过滤器导致错误:

Get-ADUser : Property: 'UPN' not found in object of type:
'System.Management.Automation.PSCustomObject'. At
C:\Users\bphillips.NEWHOPEOFIN\Dropbox\Powershell\NewHire\AddNewDSP.ps1:50
char:15
+     $exists = Get-ADUser -Filter {UserPrincipalName -eq $newUser.UPN} -Propertie ...

我尝试这样做: -Filter {UserPrincipalName -eq $("$newUser.UPN") 但这没有帮助；我收到另一个错误

Get-ADUser : Cannot process argument because the value of argument
"path" is not valid. Change the value of the "path" argument and run
the operation again. At
C:\Users\bphillips.NEWHOPEOFIN\Dropbox\Powershell\NewHire\AddNewDSP.ps1:50
char:15
+     $exists = Get-ADUser -Filter {UserPrincipalName -eq $("$newUser.UPN")} -Prop ...

$newUser 是一个字符串，所以我不明白为什么它会导致问题。对 UserPrincipalName 进行硬编码(如“[email protected] ”)可以，但 $newUser.UPN 不起作用。**

PS C:\> $newUser.UPN.GetType()

IsPublic IsSerial Name                                     BaseType
-------- -------- ----                                     --------
True     True     String                                   System.Object

和

PS C:\> $newUser.UPN | gm

   TypeName: System.String

$newUser.UPN 包含有效的字符串值

PS C:\> $newUser.UPN
<a href="https://stackoverflow.com/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="bdc4cdd2cdd8fdd2c8cfded2d0cddcd3c493d3d8c9" rel="noreferrer noopener nofollow">[email protected]</a>

我需要做什么才能将 $newUser.UPN 识别为过滤器参数的字符串？这是怎么回事，我不明白？

Answer 1

BNF for filter query strings不允许表达式作为比较中的第二个操作数，仅允许值(强调我的):

Syntax:
The following syntax uses Backus-Naur form to show how to use the PowerShell Expression Language for this parameter.

<filter> ::= "{" <FilterComponentList> "}"
<FilterComponentList> ::= <FilterComponent> | <FilterComponent> <JoinOperator> <FilterComponent> | <NotOperator> <FilterComponent>
<FilterComponent> ::= <attr> <FilterOperator> <value> | "(" <FilterComponent> ")"
<FilterOperator> ::= "-eq" | "-le" | "-ge" | "-ne" | "-lt" | "-gt"| "-approx" | "-bor" | "-band" | "-recursivematch" | "-like" | "-notlike"
<JoinOperator> ::= "-and" | "-or"
<NotOperator> ::= "-not"
<attr> ::= <PropertyName> | <LDAPDisplayName of the attribute>
<value>::= <compare this value with an <attr> by using the specified <FilterOperator>>

将要比较的属性值放入变量中，并在比较中使用该变量。您可能还想将过滤器定义为实际字符串，只是为了清楚起见(尽管过滤器看起来不是脚本 block )。

$upn = $newUser.UPN
$exists = Get-ADUser -Filter "UserPrincipalName -eq '$upn'" ...